Webserver configuration

This is a document detailing our current webserver setup. It is intended to help anyone wishing to improve or maintain our online infrastructure.

Overview

  • The webserver is based on Debian
  • NFTables for our firewall
  • Crowdsec for IP banning
  • Caddy for our frontend web proxy
  • SystemD and linux groups to manage our web services
  • PostgreSQL as our database

Base Debian setup

sshd config tweaks

  • Disable password login

Firewall configuration

NFTables setup

TODO: Steps to enable NFTables SystemD service

TODO: insert our NFTables config here

Crowdsec setup

Caddy setup

TODO: Caddy installation

TODO: Group configuration

Database setup

Adding new webservers

TODO: Expand on the following

  • Creating a directory (with permissions, groups, sticky bits etc.)
  • Clone the repository
  • Create SystemD configs (copy example configs here)
  • Add Caddy host

Additional stuff:

  • Database connection
  • resources/webserver
  • Last modified: 17 hours ago
  • by samp20