Web Infrastructure: Difference between revisions

From The Munich Maker Lab's Wiki
Jump to navigation Jump to search
← Older edit
VisualWikitext
No edit summary
mNo edit summary
 
(87 intermediate revisions by 3 users not shown)
Line 1: Line 1:
<div style="background-color:#FFFFFF; padding: 1.2rem; margin-top: 0.5em; border: 1px solid #c8ccd1; border-top-color:#FF6347; border-top-width: .4rem; border-radius: .20rem; box-shadow: 2px 2px #F7F8F9;">
Some documentation on MuMaLab's web infrastructure stuff.
<big><center>[[Image:Attention.png|50px]]     Warning: The contents of this page are hopelessly outdated and need to be updated. For now, check #it-infrastructure in Slack in case you want to know anything specifc. </center></big> </div>
 
== Current Tasks ==
Checkout: [[Working Group IT]]
 
== Hosts ==
We currently have 3 VMs at Hetzner:
 
* mars.munichmakerlab.de ([[Mars]])
* jupiter.munichmakerlab.de
* saturn.munichmakerlab.de
 
=== Saturn ===


Some documentation on MuMaLab's web infrastructure stuff.
* docker containers are started via systemd or via docker compose (configs in /data/ path) => target everything with docker compose with separated /data/ and /config/ folder.
* cronjob added for cleanup of old docker images
* docker deamon resource limit via systemd slice (/etc/systemd/system/docker.slice)
* Firewall: ufw => check via ''sudo ufw status verbose'' (does not include docker. This would need addtional hacks like [https://github.com/chaifeng/ufw-docker this], but it had no benefits so far with the reverse proxy we already use)


== Services ==
== Services ==


{| class="wikitable sortable"
{| class="wikitable sortable"
! Service Name !! Hostname !! Server !! nativ/docker
! Service Name !! Hostname  
!Functionality!! Server !! native/docker !! status
!Source
|-
| Website || [https://www.munichmakerlab.de www.munichmakerlab.de]
|Just Website, compare Github for details|| saturn || docker || productive
|[https://github.com/munichmakerlab/website Github Website]
|-
| Wiki || [https://wiki.munichmakerlab.de wiki.munichmakerlab.de]
|Media wiki for knowledge sharing and documentation|| saturn || docker || productive
|
|-
| Nodered || [https://nodered.munichmakerlab.de nodered.munichmakerlab.de]Admin: [https://nodered.munichmakerlab.de/admin/ https://nodered.munichmakerlab.de/admi]<nowiki/>[https://nodered.munichmakerlab.de/admin/ n/]
|Automation like spa<nowiki/>cestatus, Slack Bots etc.|| satrun || docker || productive
|[https://hub.docker.com/r/nodered/node-red Node-RED]
|-
| Log || [https://log.munichmakerlab.de log.munichmakerlab.de]
|Blog|| Tumblr || - || productive
|
|-
| Etherpad || [https://pad.munichmakerlab.de pad.munichmakerlab.de]
|Colaboration text tool|| saturn||docker||productive
|Latest version: [https://github.com/ether/etherpad-lite ether/etherpad-lite]
|-
| Mailinglisten||[https://lists.munichmakerlab.de lists.munichmakerlab.de]
|Mailman 2||mars||native||productive
|
|-
|Mail
|@munichmakerlab.de
|Mailserver
Details: [[Mars]]
Version postfix: 3.4.23
|mars
|native
|productive
|
|-
|Roombooking
|[https://rooms.munichmakerlab.de rooms.munichmakerlab.de]
|Original for reserving rooms during covid||jupiter||docker||deactivated
|[https://github.com/LibreBooking/app BookedSchedular]
|-
| Slack Inviter||[https://slack.munichmakerlab.de slack.munichmakerlab.de]
|Self invite capability for our slack||saturn||docker ||productive
|[https://github.com/rauchg/slackin rauchg/slackin]
|-
|Space Status
|[https://status.munichmakerlab.de status.munichmakerlab.de]
|Button in the lab to mark space as open/closed on slack/homepage||saturn||docker||productive
|[https://github.com/munichmakerlab/spacestatus Github Spacestatus]
|-
|Eclipse Mosquitto (MQTT)||[https://mqtt.munichmakerlab.de mqtt.munichmakerlab.de]
|MQTT to use for other servicesservices like status etc. Compare [[MuMaBus]]||saturn||docker||productive
|[https://hub.docker.com/_/eclipse-mosquitto Eclipse Mosquitto]
|-
|Nextcloud||[https://nextcloud.munichmakerlab.de nextcloud.munichmakerlab.de]
|Document sharing, calendar||saturn||docker||experimental
|
|-
|-
| Website || www.munichmakerlab.de || mars || nativ
|Traefik Reverseproxy||[https://saturn.munichmakerlab.de/dashboard/ saturn.munichmakerlab.de/dashboard/] <br> (might be disabled)
|Reverse proxy for other services||saturn||docker||productive
|
|-
|-
| Wiki || wiki.munichmakerlab.de || jupiter || nativ
|Authentik SSO
|sso.munichmakerlab.de
|SSO for other services
|saturn
|docker
|experimental
|https://github.com/goauthentik/authentik
|-
|-
| Nodered || nodered.munichmakerlab.de || jupiter || docker
|Tickets (old)
|tickets.mumalab.org
|Ticket system for workshops and events
|German
| -
|productive
|https://github.com/pretix/pretix
|-
|-
| Log || log.munichmakerlab.de || Tumblr || -
|Tickets
|tickets.munichmakerlab.de
|Ticket system for workshops and events
|saturn
|docker
|experimental
|https://github.com/pretix/pretix
|-
|-
| Etherpad || pad.munichmakerlab.de || mars || docker
|Wiki Staging
|wiki-staging.munichmakerlab.de
|Wiki for testing (temporary)
|saturn
|docker
|Todo
|
|-
|-
| Mailinglisten || lists.munichmakerlab.de || mars || nativ
|Influx DB
|influxdb.munichmakerlab.de
|DB for particles sensor (temporary)
|saturn
|docker
|experimental
|https://hub.docker.com/_/influxdb
|-
|-
| Roombooking || rooms.munichmakerlab.de || jupiter || docker
|<s>ToolJet</s>
|<s>tooljet.munichmakerlab.de</s>
|<s>Store member and token, who has which safet course etc. Might be replaced by authentik directly</s>
|<s>saturn</s>
|<s>docker</s>
|<s>Todo</s>
|<s>https://github.com/ToolJet/ToolJet</s>
|-
|-
| Slack Inviter || slack.munichmakerlab.de || jupiter || docker
|Grafana
|monitoring.munichmakerlab.de
|Grafana Dashboard
|saturn
|docker
|experimental
|
|-
|-
| Space Status || status.munichmakerlab.de || mars || nativ
|Prometheus
|metrics.munichmakerlab.de
|Prometheus Metrics Endpoint. Only temporarily exposed via Traefik for debugging purpose
|saturn
|docker
|experimental
|
|-
|-
| MQTT || mqtt.munichmakerlab.de || jupiter || nativ
|Grafana Loki?
<s>Elastic Stack</s>
|logging.munichmakerlab.de
|Grafana Loki
|saturn
|docker
|Todo
|
|}
|}


Externally hosted, and to be transfered into MuMaLab Infrastructure
=== SSO ===
* Tickets (https://tickets.mumalab.org/courses/)
Single Sign on with Authentik
* Calendar -> Google Calender -> NextCloudt
* ToolJet (OpenUnitState)


Planned Services
Groups:
* NextCloud
* evtl Ticket System


Details unclear
!to be done
* InfoBeamer
{| class="wikitable"
|+
!Group
!Access to
!Details
|-
|Member
|
|
|-
|IT
|
|
|-
|
|
|
|}


== Website ==
=== Influxdbv2 ===
Wordpress at https://munichmakerlab.de
For storing data from sensors. Mostly for fun and testing purpose.  
* Access via HTTP is redirected to HTTPS
* Hosted on mars.munichmakerlab.de


== Wiki ==
MediaWiki at https://wiki.munichmakerlab.de/
* Access via HTTP is redirected to HTTPS
* Hosted on jupiter.munichmakerlab.de
* Create your own account, needs to be confirmed by an admin


=== Maintenance ===
Data come from:
{| class="wikitable"
|+
!Source
!Bucket
!User
!Tags
|-
|[[Airrohr-NG]]
|lab-environment-data
|airrohr-service-user
|
|-
|
|
|
|
|-
|
|
|
|
|}
 
===Website===
Static website at https://munichmakerlab.de
 
===Wiki===
MediaWiki at https://wiki.munichmakerlab.de/
*Create your own account, needs to be confirmed by an admin
 
====Maintenance====
We currently have a bit of a spam problem, easiest way to fix it currently is to clean them up in the database directly.
We currently have a bit of a spam problem, easiest way to fix it currently is to clean them up in the database directly.
<pre>
<pre>
Line 63: Line 229:
</pre>
</pre>


== Status ==
===Status===
Space status at https://status.munichmakerlab.de
Space status at https://status.munichmakerlab.de
* Access possible via HTTP and HTTPS
*Details at [[StartYourEngines]]
* Hosted on mars.munichmakerlab.de
* Details at [[StartYourEngines]]


== MuMaBus ==
===MuMaBus===
Space Automation, see [[MuMaBus]] for details
Space Automation, see [[MuMaBus]] for details
* MQTT at jupiter.munichmakerlab.de
*MQTT at saturn.munichmakerlab.de


== Slack ==
===Slack ===
Chat, with bridge to IRC
Chat, with bridge to IRC
* Application in itself  is SaaS, we have a 50 seat community license. Talk to [[User:Tarwin|tarwin]] or [[User:Tiefpunkt|tiefpunkt]]
*Application in itself  is SaaS. Talk to [[User:Tarwin|tarwin]] or [[User:Tiefpunkt|tiefpunkt]]
* IRC bridge is powered by [https://github.com/munichmakerlab/RelayBot RelayBot], hosted on ???
* IRC bridge is powered by [https://github.com/munichmakerlab/RelayBot RelayBot], hosted on ???


== Etherpad ==
===Additional Services===
* Hosted on mars.munichmakerlab.de
*[https://munichmakerlab.de/calendar.ics Calendar as iCal]
 
*ical2email. Sends reminder emails for events to mailing list, using the wordpress calendar. Python script running daily on vps02.thearrow.de
== Additional Services ==
* [https://munichmakerlab.de/calendar.ics Calendar as iCal]
* ical2email. Sends reminder emails for events to mailing list, using the wordpress calendar. Python script running daily on vps02.thearrow.de


*
[[Category:Infrastructure]]
[[Category:Infrastructure]]

Latest revision as of 14:46, 10 April 2025

Some documentation on MuMaLab's web infrastructure stuff.

Current Tasks

Checkout: Working Group IT

Hosts

We currently have 3 VMs at Hetzner:

  • mars.munichmakerlab.de (Mars)
  • jupiter.munichmakerlab.de
  • saturn.munichmakerlab.de

Saturn

  • docker containers are started via systemd or via docker compose (configs in /data/ path) => target everything with docker compose with separated /data/ and /config/ folder.
  • cronjob added for cleanup of old docker images
  • docker deamon resource limit via systemd slice (/etc/systemd/system/docker.slice)
  • Firewall: ufw => check via sudo ufw status verbose (does not include docker. This would need addtional hacks like this, but it had no benefits so far with the reverse proxy we already use)

Services

Service Name Hostname Functionality Server native/docker status Source
Website www.munichmakerlab.de Just Website, compare Github for details saturn docker productive Github Website
Wiki wiki.munichmakerlab.de Media wiki for knowledge sharing and documentation saturn docker productive
Nodered nodered.munichmakerlab.deAdmin: https://nodered.munichmakerlab.de/admin/ Automation like spacestatus, Slack Bots etc. satrun docker productive Node-RED
Log log.munichmakerlab.de Blog Tumblr - productive
Etherpad pad.munichmakerlab.de Colaboration text tool saturn docker productive Latest version: ether/etherpad-lite
Mailinglisten lists.munichmakerlab.de Mailman 2 mars native productive
Mail @munichmakerlab.de Mailserver

Details: Mars Version postfix: 3.4.23

mars native productive
Roombooking rooms.munichmakerlab.de Original for reserving rooms during covid jupiter docker deactivated BookedSchedular
Slack Inviter slack.munichmakerlab.de Self invite capability for our slack saturn docker productive rauchg/slackin
Space Status status.munichmakerlab.de Button in the lab to mark space as open/closed on slack/homepage saturn docker productive Github Spacestatus
Eclipse Mosquitto (MQTT) mqtt.munichmakerlab.de MQTT to use for other servicesservices like status etc. Compare MuMaBus saturn docker productive Eclipse Mosquitto
Nextcloud nextcloud.munichmakerlab.de Document sharing, calendar saturn docker experimental
Traefik Reverseproxy saturn.munichmakerlab.de/dashboard/
(might be disabled) 		Reverse proxy for other services saturn docker productive
Authentik SSO sso.munichmakerlab.de SSO for other services saturn docker experimental https://github.com/goauthentik/authentik
Tickets (old) tickets.mumalab.org Ticket system for workshops and events German - productive https://github.com/pretix/pretix
Tickets tickets.munichmakerlab.de Ticket system for workshops and events saturn docker experimental https://github.com/pretix/pretix
Wiki Staging wiki-staging.munichmakerlab.de Wiki for testing (temporary) saturn docker Todo
Influx DB influxdb.munichmakerlab.de DB for particles sensor (temporary) saturn docker experimental https://hub.docker.com/_/influxdb
ToolJet tooljet.munichmakerlab.de Store member and token, who has which safet course etc. Might be replaced by authentik directly saturn docker Todo https://github.com/ToolJet/ToolJet
Grafana monitoring.munichmakerlab.de Grafana Dashboard saturn docker experimental
Prometheus metrics.munichmakerlab.de Prometheus Metrics Endpoint. Only temporarily exposed via Traefik for debugging purpose saturn docker experimental
Grafana Loki?

Elastic Stack

logging.munichmakerlab.de Grafana Loki saturn docker Todo

SSO

Single Sign on with Authentik

Groups:

!to be done

Group Access to Details
Member
IT

Influxdbv2

For storing data from sensors. Mostly for fun and testing purpose.


Data come from:

Source Bucket User Tags
Airrohr-NG lab-environment-data airrohr-service-user

Website

Static website at https://munichmakerlab.de

Wiki

MediaWiki at https://wiki.munichmakerlab.de/

  • Create your own account, needs to be confirmed by an admin

Maintenance

We currently have a bit of a spam problem, easiest way to fix it currently is to clean them up in the database directly. 

update mw_account_requests set acr_rejected = DATE_FORMAT(NOW(),"%Y%m%d%H%i%S"), acr_user = 1, acr_comment = "Spam, no confirmed mail address", acr_deleted = 1 where acr_email_authenticated is null and acr_rejected is null and acr_registration < now() - interval 7 day;

update mw_account_requests set acr_rejected = DATE_FORMAT(NOW(),"%Y%m%d%H%i%S"), acr_user = 1, acr_comment = "Spam", acr_deleted = 1 where acr_rejected is null and acr_registration < now() - interval 7 day;

update mw_account_requests set acr_rejected = DATE_FORMAT(NOW(),"%Y%m%d%H%i%S"), acr_user = 1, acr_comment = "Spam", acr_deleted = 1 where acr_rejected is null;

Status

Space status at https://status.munichmakerlab.de

MuMaBus

Space Automation, see MuMaBus for details

  • MQTT at saturn.munichmakerlab.de

Slack

Chat, with bridge to IRC

Additional Services

  • Calendar as iCal
  • ical2email. Sends reminder emails for events to mailing list, using the wordpress calendar. Python script running daily on vps02.thearrow.de
Retrieved from "https://wiki.munichmakerlab.de/index.php?title=Web_Infrastructure&oldid=8157"