Web Infrastructure
Jump to navigation
Jump to search
Some documentation on MuMaLab's web infrastructure stuff.
Current Tasks
Checkout: Working Group IT
Hosts
We currently have 3 VMs at Hetzner:
- mars.munichmakerlab.de (Mars)
- jupiter.munichmakerlab.de
- saturn.munichmakerlab.de
Saturn
- docker containers are started via systemd or via docker compose (configs in /data/ path) => target everything with docker compose with separated /data/ and /config/ folder.
- cronjob added for cleanup of old docker images
- docker deamon resource limit via systemd slice (/etc/systemd/system/docker.slice)
- Firewall: ufw => check via sudo ufw status verbose (does not include docker. This would need addtional hacks like this, but it had no benefits so far with the reverse proxy we already use)
Services
UpTimeDashboard: https://stats.uptimerobot.com/RB3yLiI0HC
| Service Name | Hostname | Functionality | Server | native/docker | status | Source |
|---|---|---|---|---|---|---|
| Website | www.munichmakerlab.de | Just Website, compare Github for details | saturn | docker | productive | Github Website |
| Wiki | wiki.munichmakerlab.de | Media wiki for knowledge sharing and documentation | saturn | docker | productive | |
| Nodered | nodered.munichmakerlab.deAdmin: https://nodered.munichmakerlab.de/admin/ | Automation like spacestatus, Slack Bots etc. | satrun | docker | productive | Node-RED |
| Log | log.munichmakerlab.de | Blog - only Archive, since we switched to mastodon as "blog" and link it to our website. | Tumblr | - | only archive function | |
| Etherpad | pad.munichmakerlab.de | Colaboration text tool | saturn | docker | productive | Latest version: ether/etherpad-lite |
| Mailinglisten | lists.munichmakerlab.de | Mailman 2 | mars | native | productive | |
| @munichmakerlab.de | Mailserver
Details: Mars Version postfix: 3.4.23 |
mars | native | productive | ||
| Roombooking | rooms.munichmakerlab.de | Original for reserving rooms during covid | jupiter | docker | deactivated | BookedSchedular |
| Slack Inviter | chat.munichmakerlab.de or slack.munichmakerlab.de | Self invite capability for our slack | saturn | docker | productive | rauchg/slackin |
| Space Status | status.munichmakerlab.de | Button in the lab to mark space as open/closed on slack/homepage | saturn | docker | productive | Github Spacestatus |
| Eclipse Mosquitto (MQTT) | mqtt.munichmakerlab.de | MQTT to use for other servicesservices like status etc. Compare MuMaBus | saturn | docker | productive | Eclipse Mosquitto |
| Nextcloud | nextcloud.munichmakerlab.de | Document sharing, calendar | saturn | docker | experimental | |
| Traefik Reverseproxy Dashboard | http://traefik.munichmakerlab.de/dashboard/ | Dashboard of Reverse proxy for other services | saturn | docker | productive | |
| Authentik/Keyloak SSO | sso.munichmakerlab.de | SSO for other services | saturn | docker | experimental | https://github.com/goauthentik/authentik |
| Tickets (old) | tickets.mumalab.org | Ticket system for workshops and events | German | - | productive | https://github.com/pretix/pretix |
| Tickets | tickets.munichmakerlab.de | Ticket system for workshops and events | saturn | docker | experimental | https://github.com/pretix/pretix |
| Wiki Staging | wiki-staging.munichmakerlab.de | Wiki for testing (temporary) | saturn | docker | Todo | |
| Influx DB | influxdb.munichmakerlab.de | DB for particles sensor (temporary) | saturn | docker | experimental | https://hub.docker.com/_/influxdb |
| Grafana | monitoring.munichmakerlab.de | Grafana Dashboard for metrics and logs | saturn | docker | productive | |
| Prometheus | metrics.munichmakerlab.de | Prometheus Metrics Endpoint. Exposed via Traefik for debugging purpose. Basic Auth | saturn | docker | productive | |
| Calender | calendar.munichmakerlab.de | Widget for showing our multiple calenders | saturn | docker | productive | https://hub.docker.com/r/niccokunzmann/open-web-calendar
https://github.com/niccokunzmann/open-web-calendar?tab=readme-ov-file |
SSO
Single Sign on with Authentik
Groups:
!to be done
| Group | Access to | Details |
|---|---|---|
| Member | ||
| IT | ||
Influxdbv2
For storing data from sensors. Mostly for fun and testing purpose.
Data come from:
| Source | Bucket | User | Tags |
|---|---|---|---|
| Airrohr-NG | lab-environment-data | airrohr-service-user | |
| Node-Red - Spacestatus | lab-environment-data | Lab Status API Token | |
Website
Static website at https://munichmakerlab.de deployed via Github Actions
Wiki
MediaWiki at https://wiki.munichmakerlab.de/
Links
- MediaWiki book: https://workingwithmediawiki.com/book/ (really good resource for managing media wiki)
Details
- Account creation: Create your own account, needs to be confirmed by an adm
- Add user to admin group:
- Go to Special:UserRights.
- Enter the username.
- Add user to the "sysop" (admin) group.
- Grant rights to confirm accounts:
- On Special:UserRights, add user to "accountcreator" and/or "bureaucrat" groups if needed for account confirmations or advanced rights.
- For Extension:ConfirmAccount, add to "confirmaccount" group.
- Confirm an account request:
- Go to Special:ConfirmAccounts.
- Review pending requests.
- Approve or reject requests as appropriate.
Plugins and special configurations
| Extension | Reason | Details | |
|---|---|---|---|
| https://www.mediawiki.org/wiki/Extension:CrawlerProtection | Wiki was overloaded from crawlers | "Expensive" pages to load are only accessible after login | |
Maintenance
We had a bit of a spam problem in the past, easiest way to fix it currently is to clean them up in the database directly.
update mw_account_requests set acr_rejected = DATE_FORMAT(NOW(),"%Y%m%d%H%i%S"), acr_user = 1, acr_comment = "Spam, no confirmed mail address", acr_deleted = 1 where acr_email_authenticated is null and acr_rejected is null and acr_registration < now() - interval 7 day; update mw_account_requests set acr_rejected = DATE_FORMAT(NOW(),"%Y%m%d%H%i%S"), acr_user = 1, acr_comment = "Spam", acr_deleted = 1 where acr_rejected is null and acr_registration < now() - interval 7 day; update mw_account_requests set acr_rejected = DATE_FORMAT(NOW(),"%Y%m%d%H%i%S"), acr_user = 1, acr_comment = "Spam", acr_deleted = 1 where acr_rejected is null;
Status
Space status at https://status.munichmakerlab.de
MuMaBus
Space Automation, see MuMaBus for details
- MQTT at saturn.munichmakerlab.de
Slack
Chat, with bridge to IRC
- Application in itself is SaaS. Check for contact person: List of Contacts
IRC bridge is powered by RelayBot, hosted on ???
