Server Setup

This server is hosted on prgmr.com, a VPS provider based on xen virtualization technology, and targeted at advanced users. This server is installed through a custom console, which provides access to a bunch of pre-installed OS images as well as some netboot installers for common Linux distributions and the {Free,Open,Net}BSD operating systems. Main Menu - <server> Current status: <server> is running. Wiki at http://wiki.prgmr.com Please contact support@prgmr.com with any issues accessing your machine. Read more...

Disk Layout

This box has 15G of storage. Since it is important that it uses full disk encryption, there is a small unencrypted /boot partition which stores the Linux kernel and the initramfs, a special filesystem which contains the basic utilities that allow the server to boot, unlock the encrypted disk, and mount the filesystem root /. The disk partition layout is below: root@<server># lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT xvda 202:0 0 15G 0 disk |-xvda1 202:1 0 731M 0 part /boot |-xvda2 202:2 0 1K 0 part `-xvda5 202:5 0 14. Read more...

Backing It Up

An important part of server administration (and computer use in general) is making regular backups. While setting up and testing a new server or web application, the easiest and often cheapest starting point is to back up the project to the development machine (in this case my laptop), and then regularly backup the data onto external hard drives, although this is not an appropriate backup strategy for production. This can easily be automated with shell scripting. Read more...

Database Creation

Nextcloud requires a database backend. It is capable of using SQLite, PostgreSQL, or MySQL / MariaDB. The installation on this server has been configured to use MariaDB as this is the best supported option. root@<server># mysql_secure_installation This script helps secure the installation by giving the opportunity to supply a strong root password for the mysql process, removing anonymous test users, dissallowing remote root login and removing the usecured ‘test’ database. Read more...

Hardening Nextcloud

This server hosts both this website and an installation of Nextcloud 13 at fog.vincible.space. In an effort to lock down the Nextcloud installation, I have tuned certain settings in addition to the general server setup. The domain vincible.space and all of its subdomains are served via TLS and also preloaded, meaning that all connections to any resources served over this domain must be encrypted. The connections to the Nextcloud installation must come from a whitelisted domain, currently only fog. Read more...