====== Webserver configuration ====== This is a document detailing our current webserver setup. It is intended to help anyone wishing to improve or maintain our online infrastructure. ===== Overview ===== * The webserver is based on Debian * NFTables for our firewall * Crowdsec for IP banning * Caddy for our frontend web proxy * SystemD and linux groups to manage our web services * PostgreSQL as our database ===== Base Debian setup ===== ==== sshd config tweaks ==== * Disable password login ===== Firewall configuration ===== ==== NFTables setup ==== TODO: Steps to enable NFTables SystemD service TODO: insert our NFTables config here ==== Crowdsec setup ==== ===== Caddy setup ===== TODO: Caddy installation TODO: Group configuration ===== Database setup ===== ===== Adding new webservers ===== TODO: Expand on the following * Creating a directory (with permissions, groups, sticky bits etc.) * Clone the repository * Create SystemD configs (copy example configs here) * Add Caddy host Additional stuff: * Database connection