Title Text
My personal Infrastructure
Jonathan Seth Mainguy
@Bandwidth
Feb 19th, 2020
Title Text
What does it consist of?
Two physical nodes with Hetzner in Germany which host most of the services.
One vm with linode (they give out $50 credit for free at conferences) for dns and vpn
One vm with buyvm.net (best lowendbox.com type provider) for dns and vpn
Title Text
What does it cost?
Buyvm - $3.50 a month. 1 cpu, 1 gig ram, 20gb disk, unlimited traffic, supposedly they ignore dmca and piracy letters.
Linode - $5 a month. 1 cpu, 1 gig ram, 25 gig disk, 1 TB Transfer
Hetzner - €65.55 ($70.72) a month. 16 cpus, 64gb ram, 12tb disk, unlimited traffic
Total
about $80 a month depending on euro conversion price.
Title Text
Why the two vm's?
I host my own DNS servers.
Best practice is to have three or more.
I wanted them to be geographically spread out.
I also wanted them on three different providers, in case one provider disappears or shuts me down.
The third dns server is hosted on a vm on the physical box with hetzner.
Title Text
you host your own dns eh?
Factual. I run nsd3. I chose nsd because when I got started my vm's were around 128mb of ram and I needed it to be as small as possible.
I make the changes with vi, on ns1, and then sync the changes to the other nameservers with a bash script.
Title Text
vpsaddict?
I was pretty addicted to trying out new vm providers for a bit, and though I might blog about it (never did). I also wanted to get a t-shirt from he.net and figured a new domain to use with ipv6 would keep me from breaking jmainguy.com
Title Text
How many domains do you use?
jmainguy.com - Personal blog
vpsaddict.com - domain for the nameservers, pretty under utilized
standouthost.com - my old minecraft business, physical infrastructre goes under this domain.
soh.re - short url for minecraft business, now it is my open source profile domain. Most of my external services are hosted under soh.re
Title Text
Services huh?
After the Snowden leaks, I started taking hosting my own services more seriously. I don't like to rely on other providers as much as I can.
I used https://prism-break.org/en/ to come up with ideas of things to host.
Title Text
ZNC / sohbot
Title Text
Nextcloud
A self hosted alternative to dropbox. Allows me to sync photos taken with my phones easily.
nextcloud.soh.re
Title Text
Docker registry
push.soh.re/hub.soh.re
Title Text
Prosody
xmpp chat servers / alternative to Aol instant messenger.
Title Text
whois over http
whois.soh.re
Service I wrote to provide a whois query over http, to get around firewalls at work.
Title Text
ez.soh.re
custom application written for family business. To export data from one application, and format it for input into another.
https://github.com/Jmainguy/patient_csv_to_xml
Title Text
statuscode.soh.re
Sinatra app I wrote to explain what http status codes mean, since I have no intention of memorizing them.
Title Text
etherpad.soh.re
I personally use it for storing recipes and lists of things to do.
Title Text
soh.re
Portfolio type website, drops you into a full bash shell, uses soh-router which I wrote.
Title Text
pulp.soh.re
RPM repository for rpms I build.
Title Text
mail.soh.re
VM running the Kolab Groupware product to enable me to host my own mail server.
Title Text
keenan.soh.re
VM for my buddy to ssh into, and run https://github.com/Jmainguy/ibsdns from - to enable dynamic IP hostname for his house.
Title Text
Various websites
I have an apache server on web01.standouthost.com vm running many websites.
cats.soh.re
coastie.soh.re
graceproviders.com
hey.soh.re
ip.jmainguy.com
jmainguy.com
madowynn.soh.re
panel.standouthost.com
southridingagent.com
standouthost.com
vpsaddict.com
Title Text
Various websites
Title Text
le.soh.re
VM that runs letsencrypt certbot-auto to generate new certificates
Title Text
LetsEncrypt Setup
Cron runs once a night, checks a list of hostnames to see if the expire anytime soon, if a new cert is needed, replaces haproxy.cfg with one that points all web traffic at le.soh.re vm, restarts haproxy, ssh's into the vm and runs cert-bot to get a new cert, scp's the certs back to phy01, replaces haproxy.cfg with original, restarts haproxy
Title Text
OpenVPN
Have a server on linode and buyvm's, as well as in a VM hosted on phy02.standouthost.com - forward connections to it via iptables
Title Text
Backup trilug's pilot
pilot.soh.re is a VM living on phy02.standouthost.com. pilot.trilug.org rsync's its entire disk to this vm once a day. So I always have a live copy of no more than 24 hours old, of pilot.
Title Text
Backup Everything
I have a cronjob on each box in germany, that runs an ansible task to back everything up to a local directory, and then rsync that directory to the other physical box in germany. So both boxes have all the essential data, in raid 1, from both boxes. If I lose a box, I still have all my data, if I lose both boxes, its gone.
Title Text
blockcopy.sh
Title Text
Backups
backup_dirs:
- /etc/ssl/
- /opt/
- /home/
- /etc/haproxy/
backup_files:
- /etc/sysconfig/iptables
all vms
mysql
Title Text
Questions?
Title Text
My personal infrastructure
By jsmainguy
My personal infrastructure
Jmainguy's personal infrastructure
