User Tools

Site Tools

Trace:
projects:base-infrastructure

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
projects:base-infrastructure [2017-09-10 13:42]
trinitor [Wireless] 		projects:base-infrastructure [2018-05-13 08:58] (current)
trinitor [gitlab]
Line 2: Line 2:
  
 ===== Overview ===== ===== Overview =====
-The space needs infrastructure to be operational. \\+The base needs infrastructure to be operational. \\
 One key basic needs of every human beeing besides a room, power, water and Mate is of cause Internet One key basic needs of every human beeing besides a room, power, water and Mate is of cause Internet
  
-When we had the go to move into the room there was already a Internet connectionand we are allowed to use it. \\+When we had the go to move into the room there was already a Internet connection and we are allowed to use it. \\
 The three parties in the building should be segmented from each other. The three parties in the building should be segmented from each other.
  
 The resulting infrastructure description should be generic and the concept usable by other Hackerspaces or even smaller companies. The resulting infrastructure description should be generic and the concept usable by other Hackerspaces or even smaller companies.
  
-===== Current/Old Environment ===== +===== Concept ======
- +
-Description of the setup when we started +
- +
-<code> +
- +------------------+ +
-                  | +
-     Fritzbox     | +
-                  | +
- +------------------+ +
-           | +
-           | +
- +------------------+ +
-                  | +
-     QNAP         | +
-                  | +
-        +---------+ +
-        | pfSense | +
-        |   VM    | +
- +------------------+ +
-               | +
-               | +
- +------------------+ +
-                  | +
-  Netgear Switch +
-                  | +
- +------------------+ +
-</code> +
- +
-Fritzbox is connected to one port of a Qnap. \\ +
-The Qnap hosts a pfSense VM which is dual homed on both available NICs \\ +
-The internal Network is behind the pfSense. \\ +
-The equipment is in the base, but shouldn't be there in the future to separate the three flats in the building \\ +
- +
-Everything was connected to the Switch somehow. +
-There is at least one network connection to the other flats. Ther are more switches and Access Points. +
- +
-===== New Environment ======+
  
 The WAN port of the Fritzbox is unusable, because it is only usable for DSL. We have FTTB \\ The WAN port of the Fritzbox is unusable, because it is only usable for DSL. We have FTTB \\
Line 57: Line 20:
 New highlevel layout New highlevel layout
 <code> <code>
-                            +------------+ +                           +-------------+ 
-                             Fritzbox +                             Fritzbox 
-                            +-+----+----++ +                           | 192.168.1.1 | 
-                              |    |    | +                           +-+----+----+-
-           +------------------+    |    +---------------------+ +                             |    |    | 
-           |                                                +          +------------------+    |    +-----------------------+ 
- 3rd floor |              2nd+floor|                1st+floor | +          |                                                  
-           |                                                +3rd floor |              2nd floor|                   1st+floor| 
-+----------+---------+     +-------+------+          +--------+-----------+ +          |                                                  |USB-NIC (vmbr1, external) 
-       QNAP             WLAN Router |            Proxmox Server   | +          |                                                  
-   192.168.1.31        | 192.168.1.20 |          |    192.168.1.11    | ++---------+---------+   +---------+---------+   +--------------+--------------------------------------+ 
-   +---------------+          NAT              |    +---------------+ +   WLAN Router         WLAN Router    |   |                                                     
-   | 192.168.1.30  |     +--------------+             |  192.168.1.10 +  192.168.1.30        192.168.1.20    |                 +------------------+------------------+ 
-|    |    +------+   |                                  |    +------+   | +       NAT        |          NAT        |                 |192.168.1.10 vmbr1|192.168.1.11 vmbr1| 
-|    |   pfSense VM                                     pfSense VM  +|  192.168.30.0/24  |    192.168.20.0/24  |      Proxmox    |     +------+         +------+     
-      +------+                                 |    |    +------+   ++-------------------+   +-------------------+   192.168.11.10 |    pfSense VM    |     rproxy01     
-   |192.168.30.0/24                                 |               | +                                                    vmbr0         +------+         +------+     
-+------------+-------+                               +----+----+--+-------+ +                                                              |192.168.10.1 vmbr0                 | 
-                                                             |  +                                                |               |192.168.11.1 vmbr2|                  
-             |                                    +------------+  +---------------+ +                                                              +------------------+------------------+ 
-    +--------+-------+                            |                               | +                                                                                                    
-    | Netgear Switch |             192.168.10.0/24|                               |192.168.11.0/24 +                                                +-----------+---+-------------------------------------+ 
-                   |                            |                               | +                                                              | 
-    +----------------+                  +---------+------+                +-------+------+ +                            Virtual Servers (vmbr2, servers)|   |Onboard-NIC (vmbr0, Internal) 
-                                        | Virtual Switch |                |    Switch    | +                                                            |   | 
-                                        +-------+--+-----+                +-----+---+----+ +                                                 +----------+   +----------------+ 
-                                                |  |                            |   | +                                                 |                               | 
-                                           +----+  +----+                 +-----+   +-----+ +                                  192.168.10.0/24|                               |192.168.11.0/24 
-                                           |            |                               | +                                                 |                               | 
-                                +----------+--+   +-----+-------+    +----+-----+   +-----+----+ +                                        +--------+-------+               +-------+------+ 
-                                |   auth VM      chat VM    |       AP      | Freifunk | +                                        | Virtual Switch |               |    Switch    | 
-                                |192.168.10.11|   |192.168.10.12|                        +                                        +------+--+------+               +-----+---+----+ 
-                                +-------------+   +-------------+    +----------+   +----------++                                               |  |                            |   | 
 +                                          +----+  +----+                 +-----+   +-----+ 
 +                                          |            |                               | 
 +                               +----------+--+   +-----+-------+   +-----+------+  +-----+------+ 
 +                               |   auth VM      chat VM    |       AP       Freifunk  
 +                               |192.168.10.11|   |192.168.10.12|   |192.168.11.3            
 +                               +-------------+   +-------------+   +------------+  +------------+
  
 </code> </code>
Line 98: Line 67:
 This is the shared network and it belongs to the building itself. \\ This is the shared network and it belongs to the building itself. \\
 The Fritzbox itself is managed by trinitor \\ The Fritzbox itself is managed by trinitor \\
-Be biggest challenge will the the fight for port forwarding. \\ 
-A shared webserver in the shared network as a reverse proxy could solve the 80/443 fight. \\ 
-Will be done when we have the need. 
  
 Every floor can have 10 static IPs in the shared network \\ Every floor can have 10 static IPs in the shared network \\
Line 132: Line 98:
 |192.168.11.4  |accesspoint01 |freifunk AP | |192.168.11.4  |accesspoint01 |freifunk AP |
 |192.168.11.10 |virt01        |proxmox server | |192.168.11.10 |virt01        |proxmox server |
 +|192.168.11.11 |virt02        |proxmox server |
 +|192.168.11.20 |music01       |RuneAudio RPi |
 ^Virtual Machines ^^^ ^Virtual Machines ^^^
 +|192.168.1.11  |rproxy01      |nginx reverse proxy |
 |192.168.10.11 |auth01        |UCS | |192.168.10.11 |auth01        |UCS |
 |192.168.10.12 |chat01        |rocket chat | |192.168.10.12 |chat01        |rocket chat |
  
-==== Virtualisation ====+==== Virtualisation (main) ====
 There are some options (ESXi, XenServer, oVirt, ...), but the simplest one seems to be Proxmox. \\ There are some options (ESXi, XenServer, oVirt, ...), but the simplest one seems to be Proxmox. \\
 An old Dell Notebook with an additional USB NIC will be used for now. \\ An old Dell Notebook with an additional USB NIC will be used for now. \\
Line 148: Line 117:
 ^Bridges (virtual switches) ^^ ^Bridges (virtual switches) ^^
 |vmbr0 |Internal Bridge, eno1, 192.168.11.10 | |vmbr0 |Internal Bridge, eno1, 192.168.11.10 |
-|vmbr1 |External Bridge, enx9ceb, 192.168.1.11 |+|vmbr1 |External Bridge, enx9ceb, no IP assigned |
 |vmbr2 |Server Bridge, no NIC connected, no IP assigned | |vmbr2 |Server Bridge, no NIC connected, no IP assigned |
  
Line 158: Line 127:
 Management: \\ Management: \\
 [[https://192.168.11.10:8006]] [[https://192.168.11.10:8006]]
 +
 +==== Virtualisation (secondary) ====
 +There is also a second Proxmox server with only one NIC. \\
 +It is running on a MacMini and will only be turned on if needed to safe power. \\
 +
 +Proxmox runs on Apple Hardware, but there are some driver issues. \\
 +Disable modules: \\
 +<code>
 +cat >> /etc/modprobe.d/pve-blacklist.conf <<EOF                               
 +blacklist pcspkr
 +blacklist b43
 +EOF
 +</code>
 +
 +don't enable readondriver (which breaks to console) \\
 +vi /etc/defaults/grub
 +<code>
 +GRUB_CMDLINE_LINUX_DEFAULT="nomodeset debug"
 +</code>
 +update-grub
 +
 +Management: \\
 +[[https://192.168.11.11:8006]]
  
 ==== Firewall ==== ==== Firewall ====
Line 201: Line 193:
  
 Groups: \\ Groups: \\
-  * delegate 
-    * devbase_delegate_rocketchat_access 
-      * members: devbase_role_members, devbase_role_guest 
-    * devbase_delegate_wiki_members 
-      * members: devbase_role_members 
-    * devbase_delegate_wiki_orgas 
-      * devbase_role_orgas 
-    * devbase_delegate_wireless_access 
-      * members: devbase_role_members 
-      * Radius: allow access enabled 
   * roles   * roles
     * devbase_role_admins     * devbase_role_admins
Line 220: Line 202:
       * members: trinitor       * members: trinitor
     * devbase_role_orgas     * devbase_role_orgas
-      * members: trinitor+      * members: trinitor, ... 
 +  * delegation groups 
 +    * devbase_delegate_wireless_access 
 +      * members: devbase_role_members 
 +      * Radius: allow access enabled 
 +    * devbase_delegate_rocketchat_access 
 +      * members: devbase_role_members, devbase_role_guest 
 +    * devbase_delegate_wiki_members 
 +      * members: devbase_role_members 
 +    * devbase_delegate_wiki_orgas 
 +      * devbase_role_orgas 
 + 
 +LDAP: \\ 
 +  * create service account (per system) 
 +    * Lastname: s-systemname 
 +    * Username: s-systemname 
 +    * Options 
 +      * Kerberos principal 
 +      * POSIX account 
 +      * Samba account 
 +    * test 
 +      * Install Apache Directory Studio 
 +        * Hostname: auth01.devbase.org 
 +        * Port: 389 
 +        * Encryption: StartTLS 
 +        * Bind DN: cn=s-systemname,cn=users,dc=devbase,dc=org 
 +        * Bind Password: xxx
  
 Management: \\ Management: \\
 [[https://192.168.10.11]] [[https://192.168.10.11]]
- 
  
 ==== Wireless ==== ==== Wireless ====
Line 241: Line 248:
  
 === Access Point Config === === Access Point Config ===
-|SSID                    |/dev/base | +|SSID                    |/dev/base     
-|Version                 |WPA2 | +|Version                 |WPA2          
-|Encryption              |AES |+|Encryption              |AES           |
 |Radius Server IP        |192.168.10.11 | |Radius Server IP        |192.168.10.11 |
-|Radius Port             |1812 | +|Radius Port             |1812          
-|Radius Password         |xxx | +|Radius Password         |xxx           
-|Group Key Update Period |0 |+|Group Key Update Period |0             |
  
 === UCS Config === === UCS Config ===
Line 253: Line 260:
 <code> <code>
 client 192.168.11.3 { client 192.168.11.3 {
-        secret=***+        secret=xxx
         shortname=ap01         shortname=ap01
 } }
Line 266: Line 273:
   * systemctl enable snap.rocketchat-server.rocketchat-server.service   * systemctl enable snap.rocketchat-server.rocketchat-server.service
   * systemctl status snap.rocketchat-server.rocketchat-server.service   * systemctl status snap.rocketchat-server.rocketchat-server.service
 +
 +LDAP: \\
 +  * Administration -> LDAP
 +    * Enable: yes
 +    * Login Fallback: True
 +    * Host: auth01.devbase.org
 +    * Port: 389
 +    * Encryption: StartTLS
 +    * CA Cert: -----BEGIN CERTIFICATE----- ...
 +    * Reject: Unauthorized
 +    * Domain Base: dc=devbase,dc=org
 +    * Use Custom Domain Search
 +<code>
 +{"filter": "(&(objectCategory=person)(objectclass=user)(memberOf:1.2.840.113556.1.4.1941:=CN=devbase_delegate_access_rocketchat,CN=Groups,DC=devbase,DC=org)(sAMAccountName=#{username}))", "scope": "sub", "userDN": "cn=s-rocketchat,cn=users,dc=devbase,dc=org", "password": "xxx"}
 +</code>
 +    * enable LDAP user group filter: false
 +    * Username Field: sAMAccountName
 +    * Unique Identifier Field: objectGUID,ibm-entryUUID,GUID,dominoUNID,nsuniqueId,uidNumber,cn
 +    * Sync Data: True
 +    * Sync User Avatar: True
 +    * User Data Field Map: {"cn":"name", "userPrincipalName":"email"}
 +    * Merge existing users: False
 +    * Import LDAP users: True
  
 Login: \\ Login: \\
 [[http://192.168.10.12:3000/]] [[http://192.168.10.12:3000/]]
  
-==== Chat (Matrix====+==== Reverse Proxy ==== 
 +There will be multiple services on the internal network with need certificates \\ 
 +Lets encrypt should be used when possible \\ 
 + 
 +port 80 will point to one server \\ 
 + 
 +Fritzbox configuration: 
 +  * forward port 80 and 443 to 192.168.1.11 
 + 
 +fw01.devbase.org configuration 
 +  * Firewall -> NAT 
 +  * new 
 +    * Interface: WAN 
 +    * Destination: WAN address 
 +    * Destination port rang: 3000 - 3000 
 +    * Redirect target IP: 192.168.10.12 
 +    * Redirect target port: 3000 
 +  * Firewall -> Rules -> WAN 
 +  * move newly created NAT rule to the right place in the ruleset 
 +  * don't forget to save and activate 
 + 
 +Server Configuration: 
 +  * Install Ubuntu 16.04 LTS 
 +  * vi /etc/network/interfaces 
 +<code> 
 +iface ens18 inet static 
 +  address 192.168.1.11/24 
 +  gateway 192.168.1.1 
 +  dns-nameservers 192.168.1.1 
 +</code> 
 +  * apt-get install software-properties-common 
 +  * add-apt-repository ppa:certbot/certbot 
 +  * apt-get update 
 +  * apt-get install certbot nginx 
 +  * mkdir /var/www/chat_devbase_org 
 +  * vi /etc/nginx/sites-available/chat_devbase_org 
 +<code> 
 +server { 
 +    listen 80; 
 +    server_name chat.devbase.org; 
 +    index index.html index.htm; 
 +    location / { 
 +        alias /var/www/chat_devbase.org/; 
 +    } 
 +
 + 
 +server { 
 +    #client_max_body_size 80M; 
 +    listen 443 ssl default_server; 
 +    server_name chat.devbase.org; 
 + 
 +    ssl          on; 
 +    ssl_certificate /etc/letsencrypt/live/chat.devbase.org/fullchain.pem; 
 +    ssl_certificate_key /etc/letsencrypt/live/chat.devbase.org/privkey.pem; 
 + 
 +    location / { 
 +        proxy_set_header X-Real-IP $remote_addr; 
 +        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
 +        proxy_set_header Host $http_host; 
 +        proxy_set_header X-NginX-Proxy true; 
 +        proxy_pass http://192.168.1.10:3000; 
 +        proxy_redirect off; 
 +    } 
 +
 +</code> 
 +  * ln -s /etc/nginx/sites-available/chat_devbase_org /etc/nginx/sites-enabled 
 +  * systemctl restart nginx.service 
 +  * certbot certonly --webroot -w /var/www/chat_devbase.org -d chat.devbase.org 
 +  * systemctl restart nginx.service 
 +  * echo "* 3 * * * root certbot renew" >> /etc/crontab 
 + 
 +==== VPN ==== 
 + 
 +=== Certificate ==== 
 +  * pfsense 
 +  * System -> Cert Manager 
 +  * New CA 
 +    * Create an internal CA 
 +    * key length 4096 
 +    * Digest Algorithm 256bit 
 +    * common name fw01.devbase.org 
 + 
 +  * ssh auth01.devbase.org 
 +  * vi /etc/freeradius/clients.conf 
 +<code> 
 +client 192.168.11.1 { 
 + secret=xxx 
 + shortname=fw01 
 +
 +</code> 
 +    * systemctl restart freeradius.service 
 + 
 +  * System -> User Manager 
 +  * Authentiction Servers 
 +    * Name: auth01.devbase.org radius 
 +    * IP: 192.168.10.11 
 +    * shared secret: xxx 
 + 
 +  * VPN -> OpenVPN 
 +  * Wizard 
 +  * Type: Radius 
 +  * Radius Server: auth01.devbase.org radius 
 +  * new server certificate 
 +    * name: vpn.devbase.org 
 +    * key length: 4096 
 +  * Server Setup 
 +    * Interface: WAN 
 +    * Protocol: UDP 
 +    * local port: 1194 
 +    * Tunnel Network: 192.168.12.0/24 
 +  * Firewall rules 
 +    * Firewall Rule: checked 
 +    * OpenVPN rule: checked 
 + 
 +  * Install pfsense package openvpn-client-export 
 +  * VPN -> OpenVPN 
 +  * Client Export 
 +    * Host Name Resolution: Other 
 +      * Hostname: vpn.devbase.org 
 +    * Verify Server CN: Do not verify 
 +    * Use Random Local Port: checked 
 +  * export config 
 + 
 +  * Rulebase for OpenVPN 
 +    * allow * to LAN NET 
 +    * allow * to Server NET 
 +    * allow * to * 53 UDP 
 +    * allow * to trusted sites 
 +    * allow * to ICMP 
 +    * block * to * 
 + 
 +==== nextcloud ==== 
 +  * install Ubuntu 16.04 LTS 
 +  * configure network 
 +  * apt update && sudo apt upgrade 
 +  * apt-get install apache2 mariadb-server libapache2-mod-php7.0 
 +  * apt-get install php7.0-gd php7.0-json php7.0-mysql php7.0-curl php7.0-mbstring php7.0-intl php7.0-mcrypt php-imagick php7.0-xml php7.0-zip php7.0-ldap 
 +  * mkdir /opt/install && cd /opt/install 
 +  * wget "https://download.nextcloud.com/server/releases/nextcloud-12.0.2.tar.bz2" 
 +  * tar xf nextcloud*.tar.bz2 
 +  * mv nextcloud /var/www/ 
 +  * chown -R www-data.www-data /var/www/nextcloud/ 
 +  * cat >/etc/apache2/sites-available/nextcloud.conf <<EOF 
 +<code> 
 +Alias /nextcloud "/var/www/nextcloud/" 
 +  
 +<Directory /var/www/nextcloud/> 
 +   Options +FollowSymlinks 
 +   AllowOverride All 
 +  
 +   <IfModule mod_dav.c> 
 +     Dav off 
 +   </IfModule> 
 +  
 +   SetEnv HOME /var/www/nextcloud 
 +   SetEnv HTTP_HOME /var/www/nextcloud 
 +</Directory> 
 +EOF 
 +  * ln -s /etc/apache2/sites-available/nextcloud.conf /etc/apache2/sites-enabled/ 
 +  * mysql_secure_installation 
 +    * mysql -u root -p 
 +      * CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY 's3cret'; 
 +      * CREATE DATABASE nextcloud; 
 +      * GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost'; 
 +  * cat >> /etc/php/7.0/apache2/php.ini <<EOF 
 +<code> 
 +opcache.enable=1 
 +opcache.enable_cli=1 
 +opcache.interned_strings_buffer=8 
 +opcache.max_accelerated_files=10000 
 +opcache.memory_consumption=128 
 +opcache.save_comments=1 
 +opcache.revalidate_freq=1 
 +EOF 
 +</code> 
 +  * systemctl restart apache2.service 
 +  * browse to http://192.168.10.14/nextcloud/ 
 +    * enter new user credentials for admin user 
 +    * configure database 
 +  * enable apps:  
 +    * calendar 
 +    * contacts 
 +    * deck 
 +    * tasks 
 +    * LDAP user and group backend 
 +      * Admin -> LDAP 
 +        * Advanced  
 +          * Turn off SSL certificate validation = checked 
 +        * Server 
 +          * Server: ldaps:/ /auth01.devbase.org:636  
 +          * User: cn=s-nextcloud,cn=users,dc=devbase,dc=org 
 +          * Base DN: dc=devbase,dc=org 
 +        * Users 
 +          * persons 
 +        * Login Attributes 
 +          * LDAP user 
 +        * Group 
 +          * devbase_delegate_access_nextcloud 
 + 
 +==== gitlab ==== 
 +  * install Ubuntu 16.04 LTS 
 +  * configure network 
 +  * apt update && sudo apt upgrade 
 +  * sudo apt-get install -y curl openssh-server ca-certificates 
 +  * curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.deb.sh | sudo bash 
 +  * sudo echo en_US.UTF-8 UTF-8 > /etc/locale.gen 
 +  * sudo locale-gen en_US.UTF-8 
 +  * LC_ALL="en_US.UTF-8" 
 +  * LC_CTYPE="en_US.UTF-8" 
 +  * sudo EXTERNAL_URL="http://gitlab.devbase.org" apt-get install gitlab-ee 
 +  * browse to http://git.devbase.org -> set root password 
 +  * vi /etc/gitlab/gitlab.rb 
 +<code> 
 +gitlab_rails['ldap_enabled'] = false 
 +gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' 
 +  main: # 'main' is the GitLab 'provider ID' of this LDAP server 
 +    label: 'LDAP' 
 +    host: 'auth01.devbase.org' 
 +    port: 389 
 +    uid: 'sAMAccountName' 
 +    bind_dn: 'CN=s-gitlab,CN=Users,DC=devbase,DC=org' 
 +    password: 'mylittlepassword' 
 +    encryption: 'start_tls' # "start_tls" or "simple_tls" or "plain" 
 +    verify_certificates: false 
 +    active_directory: true 
 +    allow_username_or_email_login: false 
 +    lowercase_usernames: false 
 +    block_auto_created_users: false 
 +    base: 'CN=Users,DC=devbase,DC=org' 
 +#     user_filter: '' 
 +EOS 
 +</code> 
 +  * gitlab-ctl reconfigure 
 +  * gitlab-rake gitlab:ldap:check 
 + 
 +==== Music ==== 
 +Background music should not be interrupted by rebooting clients or phones leaving the building. \\ 
 +A dedicated client should play the music and controllable by all kind of devices. 
 + 
 +  * download runeaudio for RPi 
 +  * flash to SD card and boot 
 +  * browse http://ip 
 +    * settings 
 +      * hostname: music01 
 +      * airplay: on 
 +      * airplay name: music01 
 +      * UPnP: on 
 +      * UPnP name: music01 
 +  * ssh root@ip 
 +    * passwd 
 +    * cat >> /etc/mpd.conf <<EOF 
 +<code> 
 +audio_output { 
 +   type            "httpd" 
 +   name            "My HTTP Stream" 
 +   encoder         "flac"       # optional, vorbis or lame 
 +   port            "8000" 
 +   bind_to_address "0.0.0.0"    # optional, IPv4 or IPv6 
 +   quality         "5.0"        # do not define if bitrate is defined 
 +   # bitrate         "128"      # do not define if quality is defined 
 +   format          "44100:16:1" 
 +   max_clients     "0"          # optional 0=no limit 
 +
 +EOF 
 +</code> 
 +  * Library 
 +    * Webradio 
 +      * http://trance-high.rautemusik.fm 
 +      * http://house-high.rautemusik.fm 
 +      * http://stream03.uzic.ch:9010 
 + 
 +Management: \\ 
 +[[http://music01.devbase.org]] 
 + 
 +==== Ubiquiti Controller ==== 
 +To manage the Unfi WiFi access points a Controller is needed 
 +  * Install Ubuntu 16.04 LTS 
 +  * echo 'deb http://www.ubnt.com/downloads/unifi/debian stable ubiquiti' | sudo tee /etc/apt/sources.list.d/100-ubnt-unifi.list 
 +  * apt-key adv --keyserver keyserver.ubuntu.com --recv 06E85760C0A52C50 
 +  * apt-get install unifi 
 +  * https://<ip>:8443 
 +==== Wiki ==== 
 + 
 +==== Matrix - testing only ====
   * Install Ubuntu 16.04 LTS   * Install Ubuntu 16.04 LTS
   * apt update && sudo apt upgrade   * apt update && sudo apt upgrade
Line 291: Line 604:
 Public DNS Recort for federation Public DNS Recort for federation
 SRV matrix_tcp.devbase.org  SRV matrix_tcp.devbase.org 
- 
-==== VPN ==== 
- 
-==== nextcloud ==== 
- 
-==== Wiki ==== 
-the wiki could also be hosted internally. No external server required, Data not stored somewhere 
- 
projects/base-infrastructure.1505050948.txt.gz · Last modified: 2017-09-10 13:42 by trinitor

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki