Webserver configuration
This is a document detailing our current webserver setup. It is intended to help anyone wishing to improve or maintain our online infrastructure.
Overview
- The webserver is based on Debian
- NFTables for our firewall
- Crowdsec for IP banning
- Caddy for our frontend web proxy
- SystemD and linux groups to manage our web services
- PostgreSQL as our database
Base Debian setup
sshd config tweaks
- Disable password login
Firewall configuration
NFTables setup
TODO: Steps to enable NFTables SystemD service
TODO: insert our NFTables config here
Crowdsec setup
Caddy setup
TODO: Caddy installation
TODO: Group configuration
Database setup
Adding new webservers
TODO: Expand on the following
- Creating a directory (with permissions, groups, sticky bits etc.)
- Clone the repository
- Create SystemD configs (copy example configs here)
- Add Caddy host
Additional stuff:
- Database connection