Web Infrastructure
Jump to navigation
Jump to search
Some documentation on MuMaLab's web infrastructure stuff.
Current Tasks
Checkout: Working Group IT
Hosts
We currently have 3 VMs at Hetzner:
- mars.munichmakerlab.de (Mars)
- jupiter.munichmakerlab.de
- saturn.munichmakerlab.de
Saturn
- docker containers are started via systemd or via docker compose (configs in /data/ path) => target everything with docker compose with separated /data/ and /config/ folder.
- cronjob added for cleanup of old docker images
- docker deamon resource limit via systemd slice (/etc/systemd/system/docker.slice)
- Firewall: ufw => check via sudo ufw status verbose (does not include docker. This would need addtional hacks like this, but it had no benefits so far with the reverse proxy we already use)
Services
| Service Name | Hostname | Functionality | Server | native/docker | status | Source |
|---|---|---|---|---|---|---|
| Service Up Check | UpTimeDashboard: https://stats.uptimerobot.com/RB3yLiI0HC | Checks from external, if our services are reachable. Login via monitoring Email Account | uptimerobot.com | - | productive | |
| Website | www.munichmakerlab.de | Just Website, compare Github for details | saturn | docker | productive | Github Website |
| Wiki | wiki.munichmakerlab.de | Media wiki for knowledge sharing and documentation | saturn | docker | productive | |
| Nodered | nodered.munichmakerlab.deAdmin: https://nodered.munichmakerlab.de/admin/ | Automation like spacestatus, Slack Bots etc.
Login via Github Org. Config in settings.js |
satrun | docker | productive | Node-RED |
| Log | log.munichmakerlab.de | Blog - only Archive, since we switched to mastodon as "blog" and link it to our website. | Tumblr | - | only archive function | |
| Etherpad | pad.munichmakerlab.de | Colaboration text tool | saturn | docker | productive | Latest version: ether/etherpad-lite |
| Mailinglisten | lists.munichmakerlab.de | Mailman 3 | in-berlin.de | - | productive | |
| @munichmakerlab.de | Mailserver | in-berlin.de | - | productive | ||
| Slack Inviter | chat.munichmakerlab.de or slack.munichmakerlab.de | Self invite capability for our slack | saturn | docker | productive | rauchg/slackin |
| Space Status | status.munichmakerlab.de | Button in the lab to mark space as open/closed on slack/homepage | saturn | docker | productive | Github Spacestatus |
| Eclipse Mosquitto (MQTT) | mqtt.munichmakerlab.de | MQTT to use for other servicesservices like status etc. Compare MuMaBus | saturn | docker | productive | Eclipse Mosquitto |
| Nextcloud | nextcloud.munichmakerlab.de | Document sharing, calendar | saturn | docker | experimental | |
| Traefik Reverseproxy Dashboard | http://traefik.munichmakerlab.de/dashboard/ | Dashboard of Reverse proxy for other services | saturn | docker | productive | |
| Authentik/Keyloak SSO | sso.munichmakerlab.de | SSO for other services | saturn | docker | experimental | https://github.com/goauthentik/authentik |
| Tickets | tickets.munichmakerlab.de | Ticket system for workshops and events | saturn | docker | experimental | https://github.com/pretix/pretix |
| Wiki Staging | wiki-staging.munichmakerlab.de | Wiki for testing (temporary) | saturn | docker | Todo | |
| Influx DB | influxdb.munichmakerlab.de | DB for particles sensor (temporary) | saturn | docker | experimental | https://hub.docker.com/_/influxdb |
| Grafana | monitoring.munichmakerlab.de | Grafana Dashboard for metrics and logs | saturn | docker | productive | |
| Prometheus | metrics.munichmakerlab.de | Prometheus Metrics Endpoint. Exposed via Traefik for debugging purpose. Basic Auth | saturn | docker | productive | |
| Calender | calendar.munichmakerlab.de | Widget for showing our multiple calenders | saturn | docker | Todo | https://hub.docker.com/r/niccokunzmann/open-web-calendar
https://github.com/niccokunzmann/open-web-calendar?tab=readme-ov-file |
SSO
Single Sign on with Authentik
Groups:
!to be done
| Group | Access to | Details |
|---|---|---|
| Member | ||
| IT | ||
Influxdbv2
For storing data from sensors. Mostly for fun and testing purpose.
Data come from:
| Source | Bucket | User | Tags |
|---|---|---|---|
| Airrohr-NG | lab-environment-data | airrohr-service-user | |
| Node-Red - Spacestatus | lab-environment-data | Lab Status API Token | |
Website
Static website at https://munichmakerlab.de deployed via Github Actions
Wiki
MediaWiki at https://wiki.munichmakerlab.de/
Links
- MediaWiki book: https://workingwithmediawiki.com/book/ (really good resource for managing media wiki)
Details
Plugins and special configurations
| Extension | Reason | Details | |
|---|---|---|---|
| https://www.mediawiki.org/wiki/Extension:CrawlerProtection | Wiki was overloaded from crawlers | "Expensive" pages to load are only accessible after login | |
Maintenance
We had a bit of a spam problem in the past, easiest way to fix it currently is to clean them up in the database directly.
update mw_account_requests set acr_rejected = DATE_FORMAT(NOW(),"%Y%m%d%H%i%S"), acr_user = 1, acr_comment = "Spam, no confirmed mail address", acr_deleted = 1 where acr_email_authenticated is null and acr_rejected is null and acr_registration < now() - interval 7 day; update mw_account_requests set acr_rejected = DATE_FORMAT(NOW(),"%Y%m%d%H%i%S"), acr_user = 1, acr_comment = "Spam", acr_deleted = 1 where acr_rejected is null and acr_registration < now() - interval 7 day; update mw_account_requests set acr_rejected = DATE_FORMAT(NOW(),"%Y%m%d%H%i%S"), acr_user = 1, acr_comment = "Spam", acr_deleted = 1 where acr_rejected is null;
Status
Space status at https://status.munichmakerlab.de
MuMaBus
Space Automation, see MuMaBus for details
- MQTT at saturn.munichmakerlab.de
Slack
Chat, with bridge to IRC
- Application in itself is SaaS. Check for contact person: List of Contacts
IRC bridge is powered by RelayBot, hosted on ???
