W6GKD: Difference between revisions
Brian Wilson (talk | contribs) Created page with "W6GKD is my call sign and it's also the name of a virtual server that hosts w6gkd.radio Currently it runs Debian 11 The rood address w6gkd.radio is proxied in Cloudflare. F..." |
Brian Wilson (talk | contribs) |
||
(8 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
W6GKD is my call sign and it's also the name of a virtual server that hosts | W6GKD is my call sign and it's also the name of a virtual server that hosts services for me. | ||
Currently it runs Debian 11 | Currently it runs Debian 11 | ||
Some hostnames supported here are proxied in Cloudflare. For direction connection via ssh use w6gkd.wildsong.biz | |||
For direction connection via ssh use w6gkd. | |||
== History == | == History == | ||
2021-12-24 Provisioned at Debian 10.04 then upgraded immediately to Bullseye (Debian 11) | 2024-01-09 I am out of RAM and out of disk space and out of swap space, I could upgrade again to 2 GB and 40GB at $10/month but it just staves off feature creep. Instead I will do some relocating. I don't even have enough disk space to increase swap space right now. | ||
2022-04-24 Upgraded to CS-2 machine, giving me 1GB RAM and 30GB filespace. ($2.5 -> $4/month) | |||
2021-12-24 Provisioned at Debian 10.04 then upgraded immediately to Bullseye (Debian 11) | |||
== Cloudflare Zero Trust == | |||
I need to move some resources off of this virtual machine because I am running out of space. I can use a third party proxy to relocate services to other servers. The proxy could be the [https://www.cloudflare.com/plans/zero-trust-services/#overview Cloudflare Zero Trust] service. I should be able to completely eliminate the Varnish cache and reverse proxy running on this host and then I can move my wiki to an [[Oracle Cloud]] VM and then put a database replica on [[Bellman]]. | |||
{| class="wikitable" | |||
|+ | |||
!What runs here? | |||
!Can I move it? | |||
!Where? | |||
!Notes | |||
|- | |||
|ssh | |||
|no | |||
| | |||
|use a different dns name to access it | |||
|- | |||
|wiki | |||
|yes | |||
|Oracle | |||
|Requires PHP and MySQL Replicate database on Bellman. Use webhooks to back up files. | |||
|- | |||
|hupi.org | |||
|yes | |||
|Oracle | |||
|Requires PHP | |||
|- | |||
|smtp | |||
|no | |||
| | |||
|not worth it | |||
|- | |||
|imap | |||
|no | |||
| | |||
|not worth it | |||
|- | |||
|Varnish | |||
|no | |||
| | |||
| | |||
|} | |||
==== WARP ==== | |||
Install a WARP client on Android it's called "Cloudflare One Agent", there is a separate WARP client but you don't need that. | |||
WARP is the client side of a Zero Trust VPN client but routes all traffic from the device it's installed on through a proxy operated by Cloudflare. I put it on my tablet and my laptop. The laptop version allows selective use; this means I can decide which web sites get tunneled and which go direct. | |||
== Enabled swap == | |||
While I wait for the CS-1 to CS-2 upgrade, and while experiencing lockups due to memory exhaustion, | |||
I enabled swap. | |||
https://help.ubuntu.com/community/SwapFaq#What_is_swappiness_and_how_do_I_change_it.3F | |||
fallocate -l 1g /mnt/1GiB.swap | |||
chmod 600 /mnt/1GiB.swap | |||
mkswap /mnt/1GiB.swap | |||
swapon /mnt/1GiB.swap | |||
echo '/mnt/1GiB.swap swap swap defaults 0 0' | sudo tee -a /etc/fstab | |||
free | |||
total used free shared buff/cache available | |||
Mem: 471680 276880 15992 1884 178808 180696 | |||
Swap: 1048572 67156 981416 | |||
^^^^^ yep - doing "docker-compose up" hits swap space. | |||
== Packages installed == | == Packages installed == | ||
sudo | sudo | ||
certbot | |||
python-certbot-dns-cloudflare-doc | |||
python3-certbot-dns-cloudflare | |||
postfix | |||
postgrey | |||
Docker installed from https://docs.docker.com/engine/install/debian/ | Docker installed from https://docs.docker.com/engine/install/debian/ | ||
Line 22: | Line 93: | ||
Since https://w6gkd.radio/ is proxied through Cloudflare I did not have to set up HTTPS. | Since https://w6gkd.radio/ is proxied through Cloudflare I did not have to set up HTTPS. | ||
This is convenient. But it means traffic between Cloudflare and Tektonic is not encrypted yet. | This is convenient. But it means traffic between Cloudflare and Tektonic is not encrypted yet. | ||
== Resources == | |||
Download WARP clients for Cloudflare Zero Trust [https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/download-warp/ here]. | |||
[[Category:Radio]] | [[Category:Radio]] |
Latest revision as of 16:16, 10 January 2024
W6GKD is my call sign and it's also the name of a virtual server that hosts services for me.
Currently it runs Debian 11
Some hostnames supported here are proxied in Cloudflare. For direction connection via ssh use w6gkd.wildsong.biz
History
2024-01-09 I am out of RAM and out of disk space and out of swap space, I could upgrade again to 2 GB and 40GB at $10/month but it just staves off feature creep. Instead I will do some relocating. I don't even have enough disk space to increase swap space right now.
2022-04-24 Upgraded to CS-2 machine, giving me 1GB RAM and 30GB filespace. ($2.5 -> $4/month) 2021-12-24 Provisioned at Debian 10.04 then upgraded immediately to Bullseye (Debian 11)
Cloudflare Zero Trust
I need to move some resources off of this virtual machine because I am running out of space. I can use a third party proxy to relocate services to other servers. The proxy could be the Cloudflare Zero Trust service. I should be able to completely eliminate the Varnish cache and reverse proxy running on this host and then I can move my wiki to an Oracle Cloud VM and then put a database replica on Bellman.
What runs here? | Can I move it? | Where? | Notes |
---|---|---|---|
ssh | no | use a different dns name to access it | |
wiki | yes | Oracle | Requires PHP and MySQL Replicate database on Bellman. Use webhooks to back up files. |
hupi.org | yes | Oracle | Requires PHP |
smtp | no | not worth it | |
imap | no | not worth it | |
Varnish | no |
WARP
Install a WARP client on Android it's called "Cloudflare One Agent", there is a separate WARP client but you don't need that.
WARP is the client side of a Zero Trust VPN client but routes all traffic from the device it's installed on through a proxy operated by Cloudflare. I put it on my tablet and my laptop. The laptop version allows selective use; this means I can decide which web sites get tunneled and which go direct.
Enabled swap
While I wait for the CS-1 to CS-2 upgrade, and while experiencing lockups due to memory exhaustion, I enabled swap.
https://help.ubuntu.com/community/SwapFaq#What_is_swappiness_and_how_do_I_change_it.3F
fallocate -l 1g /mnt/1GiB.swap chmod 600 /mnt/1GiB.swap mkswap /mnt/1GiB.swap swapon /mnt/1GiB.swap echo '/mnt/1GiB.swap swap swap defaults 0 0' | sudo tee -a /etc/fstab
free total used free shared buff/cache available Mem: 471680 276880 15992 1884 178808 180696 Swap: 1048572 67156 981416 ^^^^^ yep - doing "docker-compose up" hits swap space.
Packages installed
sudo certbot python-certbot-dns-cloudflare-doc python3-certbot-dns-cloudflare postfix postgrey
Docker installed from https://docs.docker.com/engine/install/debian/
I stood up an instance of nginx to get things tested using the command
docker run --name w6gkd -v /home/bwilson/html:/usr/share/nginx/html:ro -p 80:80 -d nginx
Since https://w6gkd.radio/ is proxied through Cloudflare I did not have to set up HTTPS. This is convenient. But it means traffic between Cloudflare and Tektonic is not encrypted yet.
Resources
Download WARP clients for Cloudflare Zero Trust here.