{"id":67,"date":"2018-02-05T13:13:33","date_gmt":"2018-02-05T18:13:33","guid":{"rendered":"http:\/\/genr8.pw\/blog\/?p=67"},"modified":"2018-02-05T14:07:02","modified_gmt":"2018-02-05T19:07:02","slug":"sysadmin-server-linux","status":"publish","type":"post","link":"https:\/\/genr8.pw\/blog\/2018\/02\/05\/sysadmin-server-linux\/","title":{"rendered":"SysAdmin \/ Server \/ Linux"},"content":{"rendered":"<p>I am currently deploying my\u00a0<a href=\"https:\/\/www.vultr.com\/?ref=7305525\">cloud servers @ Vultr.com<\/a>\u00a0&#8211; this is one of them.<\/p>\n<p>They have locations in New Jersey, its about 12ms ping to them from my Comcast Cable.<\/p>\n<p>I set up a blank Debian 9 server, SSH&#8217;ed in, ssh-keygen to generate RSA keys for passwordless login, setup sudo. Then its ready to go for whatever software. A good idea is to set up LetsEncrypt now and switch over from self-signed snakeoil certs.<\/p>\n<p><span style=\"text-decoration: underline;\">Software Used on Server:<br \/>\n<\/span>Apache2, MySql\/MariaDB, PHP, Nextcloud, WordPress, Webmin\/Usermin, Postfix (Mail SMTP server as send only), OpenVPN<\/p>\n<p><span style=\"text-decoration: underline;\">OpenVPN a tunnel from my Freenas server to my pfsense router:<br \/>\n<\/span>Established an OpenVPN site-to-site tunnel between my PFsense router and the cloud server. Use OpenVPN config to push a static route. Once the interfaces and networks were up, I needed IPtables to forward the traffic. The goal is to map the internal 192.168.1.1 services onto the public interface.<br \/>\nThis means we route a private subnet 192.168.1.1\/24 over the VPN iface 10.8.0.1. The system has to be configured with iptables to masquerade it. And additionally forward the port over, in this case we kept the same dport number to make life easier.\u00a0At this point I can access internal 192.168.1.2-4 resources on the public cloud server hosted at my domain name.<br \/>\n(This likely could have been done with SSH too but I didnt do that)<\/p>\n<p><span style=\"text-decoration: underline;\">OpenVPN Remote Access Server &#8211; Cloud VPN host:<br \/>\n<\/span>Uses the OpenVPN Windows Client app to connect in client\/server mode. On the server, we generated SSL\/TLS keys for the server and the client, and shared them with each client over a secure side-channel (tar.gz over SCP). This &#8220;Server&#8221; config differs from &#8220;site-to-site with Shared secret&#8221; as we used previously above. We can choose to automatically push the default gateway and new DNS records, or not, to provide one-click VPN accessibility to a single host running Windows (or Linux\/OSX are supported) &#8211; it will then DHCP a new IP from the VPN pool (make sure port 67 is allowed from the VPN network 10.8.0.1\/24 etc), and if new default gateways and routes are automatically pushes, then IMMEDIATELY the user will show up as existing in a new IP\/location of the VPN.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I am currently deploying my\u00a0cloud servers @ Vultr.com\u00a0&#8211; this is one of them. They have locations in New Jersey, its about 12ms ping to them from my Comcast Cable. I set up a blank Debian 9 server, SSH&#8217;ed in, ssh-keygen to generate RSA keys for passwordless login, setup sudo. Then its ready to go for &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/genr8.pw\/blog\/2018\/02\/05\/sysadmin-server-linux\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;SysAdmin \/ Server \/ Linux&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-67","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/pa73B2-15","jetpack-related-posts":[],"jetpack_likes_enabled":true,"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/genr8.pw\/blog\/wp-json\/wp\/v2\/posts\/67","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/genr8.pw\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/genr8.pw\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/genr8.pw\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/genr8.pw\/blog\/wp-json\/wp\/v2\/comments?post=67"}],"version-history":[{"count":3,"href":"https:\/\/genr8.pw\/blog\/wp-json\/wp\/v2\/posts\/67\/revisions"}],"predecessor-version":[{"id":83,"href":"https:\/\/genr8.pw\/blog\/wp-json\/wp\/v2\/posts\/67\/revisions\/83"}],"wp:attachment":[{"href":"https:\/\/genr8.pw\/blog\/wp-json\/wp\/v2\/media?parent=67"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/genr8.pw\/blog\/wp-json\/wp\/v2\/categories?post=67"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/genr8.pw\/blog\/wp-json\/wp\/v2\/tags?post=67"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}