going-flying.com gemini git repository
da3e67122a7f6beccd39bf2113203a6ec8370b01 - Matthew Ernisse - 1647741845
new post
diff --git a/users/mernisse/articles/25.gmi b/users/mernisse/articles/25.gmi new file mode 100644 index 0000000..4f51a78 --- /dev/null +++ b/users/mernisse/articles/25.gmi @@ -0,0 +1,52 @@ +--- +Title: Re: What do you self host? +Date: 03/19/2022 21:37 +In-Reply-To: gemini://jdj.golf/gemlog/what-do-you-self-host.gmi + +I was browsing recent items on Antenna[1] recently and came across +a couple replies to JDJ's[2] question about self hosting. I have +found the label a bit odd since I came across it a few years ago +since I've run public services on systems dating back to when all +I had was a 14400kbps demand-dial connection and unless you were +a business or a school you hosted services yourself. + +With that much history as you may expect the answer is a bit complex. +You may be best served by looking at the network overview page on my +website[3] for some more information but here we go. + +=> [1] gemini://warmedal.se/~antenna/ +=> [2] gemini://ew.srht.site/en/2022/20220319-re-self-hosting.gmi +=> [3] https://www.going-flying.com/network.html + +# Services +* IP routing (OSPF, BGP) and firewalling (pf), layer 3 VPN across several sites and mobile clients (iked) +* Authoritative and caching recursive DNS resolvers (ISC BIND and some Unbound) +* Several web sites of varying forms (Apache HTTPD) +* Audio streams (icecast2) +* Video streams +* Gemini (Molly Brown) +* Stratum 2/3 NTP depending on if the GPS receiver has a lock +* DHCP (OpenBSD's base dhcpd) +* LDAP (OpenLDAP) +* RADIUS (FreeRADIUS) +* e-mail (Postfix, rspamd, mailman, dovecot today, previously spamassassin and amavis, previously previously sendmail) +* Plenty of internal file services mostly using NFS + +# Systems +I used to run things out of my house but gave that up at some point in the +early 2000's. I have a combination of cloud servers that provide geographic +redundancy for a physical server at a colocation facility that does most of +the heavy lifting. Internal services are served from the house but they +are exposed to the Internet via a layer 3 VPN link to the colocation facility. + +# Applications +There are many applications running, of which many are bespoke creations. +Everything is tended to by either Puppet or Ansible these days because I'm +growing less interested in the day to day in my advancing age. Authentication +is handled by an LDAP database that is replicated to multiple sites. I have +an internal multi-level certificate authority that issues certificates for +clients and servers and is automatically trusted. Telemetry and health data +is collected by collectd and sent to InfluxDB to be processed by Grafana. +This includes my bespoke 915MHz sensor network. There is a mariadb (nee mysql) +and postgres database server for applications that need them. +