My personal Infrastructure
Jonathan Seth Mainguy
@Bandwidth
Feb 19th, 2020
What does it consist of?
Two physical nodes with Hetzner in Germany which host most of the services.
One vm with linode (they give out $50 credit for free at conferences) for dns and vpn
One vm with buyvm.net (best lowendbox.com type provider) for dns and vpn
What does it cost?
Buyvm - $3.50 a month. 1 cpu, 1 gig ram, 20gb disk, unlimited traffic, supposedly they ignore dmca and piracy letters.
Linode - $5 a month. 1 cpu, 1 gig ram, 25 gig disk, 1 TB Transfer
Hetzner - €65.55 ($70.72) a month. 16 cpus, 64gb ram, 12tb disk, unlimited traffic
Total
about $80 a month depending on euro conversion price.
Why the two vm's?
I host my own DNS servers.
Best practice is to have three or more.
I wanted them to be geographically spread out.
I also wanted them on three different providers, in case one provider disappears or shuts me down.
The third dns server is hosted on a vm on the physical box with hetzner.
you host your own dns eh?
Factual. I run nsd3. I chose nsd because when I got started my vm's were around 128mb of ram and I needed it to be as small as possible.
I make the changes with vi, on ns1, and then sync the changes to the other nameservers with a bash script.
vpsaddict?
I was pretty addicted to trying out new vm providers for a bit, and though I might blog about it (never did). I also wanted to get a t-shirt from he.net and figured a new domain to use with ipv6 would keep me from breaking jmainguy.com
How many domains do you use?
jmainguy.com - Personal blog
vpsaddict.com - domain for the nameservers, pretty under utilized
standouthost.com - my old minecraft business, physical infrastructre goes under this domain.
soh.re - short url for minecraft business, now it is my open source profile domain. Most of my external services are hosted under soh.re
Services huh?
After the Snowden leaks, I started taking hosting my own services more seriously. I don't like to rely on other providers as much as I can.
I used https://prism-break.org/en/ to come up with ideas of things to host.
ZNC / sohbot
Nextcloud
A self hosted alternative to dropbox. Allows me to sync photos taken with my phones easily.
nextcloud.soh.re
Docker registry
push.soh.re/hub.soh.re
Prosody
xmpp chat servers / alternative to Aol instant messenger.
whois over http
whois.soh.re
Service I wrote to provide a whois query over http, to get around firewalls at work.
ez.soh.re
custom application written for family business. To export data from one application, and format it for input into another.
https://github.com/Jmainguy/patient_csv_to_xml
statuscode.soh.re
Sinatra app I wrote to explain what http status codes mean, since I have no intention of memorizing them.
etherpad.soh.re
I personally use it for storing recipes and lists of things to do.
soh.re
Portfolio type website, drops you into a full bash shell, uses soh-router which I wrote.
pulp.soh.re
RPM repository for rpms I build.
mail.soh.re
VM running the Kolab Groupware product to enable me to host my own mail server.
keenan.soh.re
VM for my buddy to ssh into, and run https://github.com/Jmainguy/ibsdns from - to enable dynamic IP hostname for his house.
Various websites
I have an apache server on web01.standouthost.com vm running many websites.
cats.soh.re
coastie.soh.re
graceproviders.com
hey.soh.re
ip.jmainguy.com
jmainguy.com
madowynn.soh.re
panel.standouthost.com
southridingagent.com
standouthost.com
vpsaddict.com
Various websites
le.soh.re
VM that runs letsencrypt certbot-auto to generate new certificates
LetsEncrypt Setup
Cron runs once a night, checks a list of hostnames to see if the expire anytime soon, if a new cert is needed, replaces haproxy.cfg with one that points all web traffic at le.soh.re vm, restarts haproxy, ssh's into the vm and runs cert-bot to get a new cert, scp's the certs back to phy01, replaces haproxy.cfg with original, restarts haproxy
OpenVPN
Have a server on linode and buyvm's, as well as in a VM hosted on phy02.standouthost.com - forward connections to it via iptables
Backup trilug's pilot
pilot.soh.re is a VM living on phy02.standouthost.com. pilot.trilug.org rsync's its entire disk to this vm once a day. So I always have a live copy of no more than 24 hours old, of pilot.
Backup Everything
I have a cronjob on each box in germany, that runs an ansible task to back everything up to a local directory, and then rsync that directory to the other physical box in germany. So both boxes have all the essential data, in raid 1, from both boxes. If I lose a box, I still have all my data, if I lose both boxes, its gone.
blockcopy.sh
Backups
backup_dirs:
- /etc/ssl/
- /opt/
- /home/
- /etc/haproxy/
backup_files:
- /etc/sysconfig/iptables
all vms
mysql
Questions?