Title Text

My personal Infrastructure

Jonathan Seth Mainguy

@Bandwidth

Feb 19th, 2020

Title Text

What does it consist of?

Two physical nodes with Hetzner in Germany which host most of the services.

 

One vm with linode (they give out $50 credit for free at conferences) for dns and vpn

One vm with buyvm.net (best lowendbox.com type provider) for dns and vpn

Title Text

What does it cost?

Buyvm - $3.50 a month. 1 cpu, 1 gig ram, 20gb disk, unlimited traffic, supposedly they ignore dmca and piracy letters.

 

Linode - $5 a month. 1 cpu, 1 gig ram, 25 gig disk, 1 TB Transfer


Hetzner - €65.55 ($70.72) a month. 16 cpus, 64gb ram, 12tb disk, unlimited traffic

 

Total

about $80 a month depending on euro conversion price.

 

Title Text

Why the two vm's?

I host my own DNS servers.

Best practice is to have three or more.

I wanted them to be geographically spread out.

I also wanted them on three different providers, in case one provider disappears or shuts me down.

The third dns server is hosted on a vm on the physical box with hetzner.

Title Text

you host your own dns eh?

Factual. I run nsd3. I chose nsd because when I got started my vm's were around 128mb of ram and I needed it to be as small as possible.

I make the changes with vi, on ns1, and then sync the changes to the other nameservers with a bash script.
 

Title Text

vpsaddict?

I was pretty addicted to trying out new vm providers for a bit, and though I might blog about it (never did). I also wanted to get a t-shirt from he.net and figured a new domain to use with ipv6 would keep me from breaking jmainguy.com

Title Text

How many domains do you use?

jmainguy.com - Personal blog
vpsaddict.com - domain for the nameservers, pretty under utilized

standouthost.com - my old minecraft business, physical infrastructre goes under this domain.

soh.re - short url for minecraft business, now it is my open source profile domain. Most of my external services are hosted under soh.re

Title Text

Services huh?

After the Snowden leaks, I started taking hosting my own services more seriously. I don't like to rely on other providers as much as I can.

I used https://prism-break.org/en/ to come up with ideas of things to host.

Title Text

ZNC / sohbot

Title Text

Nextcloud

A self hosted alternative to dropbox. Allows me to sync photos taken with my phones easily.

nextcloud.soh.re

Title Text

Docker registry

push.soh.re/hub.soh.re

Title Text

Prosody

xmpp chat servers / alternative to Aol instant messenger.

Title Text

whois over http

whois.soh.re

Service I wrote to provide a whois query over http, to get around firewalls at work.

https://github.com/Jmainguy/http_whois

Title Text

ez.soh.re

custom application written for family business. To export data from one application, and format it for input into another.
https://github.com/Jmainguy/patient_csv_to_xml

Title Text

statuscode.soh.re

Sinatra app I wrote to explain what http status codes mean, since I have no intention of memorizing them.

https://github.com/Jmainguy/openshift-statuscode

Title Text

etherpad.soh.re

I personally use it for storing recipes and lists of things to do.

Title Text

soh.re

Portfolio type website, drops you into a full bash shell, uses soh-router which I wrote.

https://github.com/Jmainguy/soh.re

Title Text

pulp.soh.re

RPM repository for rpms I build.

Title Text

mail.soh.re

VM running the Kolab Groupware product to enable me to host my own mail server.

Title Text

keenan.soh.re

VM for my buddy to ssh into, and run https://github.com/Jmainguy/ibsdns from - to enable dynamic IP hostname for his house.

Title Text

Various websites

I have an apache server on web01.standouthost.com vm running many websites.

cats.soh.re

coastie.soh.re

graceproviders.com

hey.soh.re

ip.jmainguy.com

jmainguy.com

madowynn.soh.re

panel.standouthost.com

southridingagent.com

standouthost.com

vpsaddict.com

Title Text

Various websites

Title Text

le.soh.re

VM that runs letsencrypt certbot-auto to generate new certificates

Title Text

LetsEncrypt Setup

Cron runs once a night, checks a list of hostnames to see if the expire anytime soon, if a new cert is needed, replaces haproxy.cfg with one that points all web traffic at le.soh.re vm, restarts haproxy, ssh's into the vm and runs cert-bot to get a new cert, scp's the certs back to phy01, replaces haproxy.cfg with original, restarts haproxy

Title Text

OpenVPN

Have a server on linode and buyvm's, as well as in a VM hosted on phy02.standouthost.com - forward connections to it via iptables

Title Text

Backup trilug's pilot

pilot.soh.re is a VM living on phy02.standouthost.com. pilot.trilug.org rsync's its entire disk to this vm once a day. So I always have a live copy of no more than 24 hours old, of pilot.

Title Text

Backup Everything

I have a cronjob on each box in germany, that runs an ansible task to back everything up to a local directory, and then rsync that directory to the other physical box in germany. So both boxes have all the essential data, in raid 1, from both boxes. If I lose a box, I still have all my data, if I lose both boxes, its gone.

Title Text

blockcopy.sh

Title Text

Backups

backup_dirs:
 - /etc/ssl/
 - /opt/
 - /home/
 - /etc/haproxy/

backup_files:
 - /etc/sysconfig/iptables

all vms

mysql

Title Text

Questions?

Title Text

Thank you.

 

Twitter: @standouthost

Cool Website: https://soh.re

Github: https://github.com/Jmainguy/

 

Made with Slides.com