Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/pviotti/vps

A simple recipe for file synchronization and password management on a virtual private server (VPS)
https://github.com/pviotti/vps

azure bitwarden caddyserver nextcloud selfhosted vps

Last synced: 1 day ago
JSON representation

A simple recipe for file synchronization and password management on a virtual private server (VPS)

Host: GitHub
URL: https://github.com/pviotti/vps
Owner: pviotti
Created: 2020-08-23T20:49:50.000Z (about 4 years ago)
Default Branch: master
Last Pushed: 2024-11-05T22:56:38.000Z (9 days ago)
Last Synced: 2024-11-05T23:34:33.678Z (9 days ago)
Topics: azure, bitwarden, caddyserver, nextcloud, selfhosted, vps
Language: F#
Homepage:
Size: 25.4 KB
Stars: 7
Watchers: 2
Forks: 1
Open Issues: 10
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        # VPS

This repo holds scripts and configuration files to [self-host] some web services

such as [Bitwarden] and [Nextcloud] on a private server.

The goal is to have a *simple* (as in: concise, programmatic and declarative),

cheap and secure setup to handle file synchronization

and credential management for a few users (e.g. <10).

## VPS on Azure

Prerequisites





Azure CLI - and select the right Azure subscription: az login; az account set --subscription "NameOfSubscription"



 .NET

 


In the `vms` folder is a [Farmer] script that creates a virtual machine

on Azure with this specs:

 - [SKU][azure-vm-sku]: Standard B2s 2vCPUs, 4GB RAM, 60GB SSD (~20€/mo as of 8/2020)

 - [region][azure-regions]: North Europe

 - OS: Ubuntu 20.04

To create the virtual machine, change directory to `vms` and:

 1. copy `env.example` to `.env` and edit it as suitable for

 username, password, host and resource name

 2. issue: `make deploy`. The script will deploy the VM and

 generate the related ARM template json file.

 A setup script similar to `setup-vm.sh` will be executed upon deployment

 to install required tools (e.g. Docker, etc)

 3. setup passwordless authentication

    - copy your public key to the VM: `ssh-copy-id -i ~/.ssh/mypub.key user@server`

    - editing the following settings in `/etc/ssh/sshd_config` on the VM: `PasswordAuthentication no`;

    `ChallengeResponseAuthentication no`; `UsePAM no`.

    Then restart sshd: `sudo systemctl restart ssh`.

 4. set up start and stop VM automation during off hours as described [here][vm-automation], and make the VM IP static (*TODO: automate*)

## Applications

Prerequisites

This setup assumes you own a DNS domain, and you've made its

"A Record"s for naked domain ("@") and subdomains ("*")

point to the VM's public IP.

Failing that, you'll still be able to run the applications,

but Caddy will have issues creating the certificates to use

for the HTTPS connections.

Notice that while Azure virtual machines have a public DNS

name (e.g. name.region.cloudapp.azure.net), their DNS setting

does not allow using subdomains, so it won't work.

The `apps` directory contains a Docker Compose file

to run Bitwarden and Nextcloud (with its MariaDB database) behind [Caddy] reverse proxy.

At the end of the instructions

 - Nextcloud will be reachable at `https://nc.` and `https://`

 - Bitwarden will be reachable at `https://bw.`

To deploy the applications:

  1. copy the app directory to your server (or clone this repo)

  2. change to `apps` folder, copy `env.example` to `.env` and edit it as suitable

  3. run `make up`. You can follow the progress of the setup by issuing `make log`.

## Maintenance

### Applications upgrade

To upgrade the applications just issue:

    docker-compose pull

    docker-compose down

    docker-compose up -d

Or, more cautiously, issue the same commands but for one application at a time,

e.g.`docker-compose pull nextcloud`.

Beware that some applications require additional steps when upgrading

between major versions, so make sure to read their upgrade documentation too.

## :construction_worker: To do

 - add instructions for adding Prometheus and Graphana to monitor

 host VM, Docker and applications

 - add instructions for backup

 - automate the remaining manual steps of VM creation

## References

 - [best practices for Docker Compose][docker-compose]

 [azure-vm-sku]: https://docs.microsoft.com/en-us/azure/virtual-machines/sizes

 [azure-regions]: https://azure.microsoft.com/en-us/global-infrastructure/geographies/#overview

 [vm-automation]: https://learn.microsoft.com/en-us/azure/azure-functions/start-stop-vms/overview

 [bitwarden]: https://bitwarden.com/

 [nextcloud]: https://nextcloud.com/

 [self-host]: https://en.wikipedia.org/wiki/Self-hosting_(web_services)

 [azure-cli]: https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest

 [dotnet]: https://dotnet.microsoft.com/

 [farmer]: https://compositionalit.github.io/farmer/

 [caddy]: https://caddyserver.com/

 [docker-compose]: https://nickjanetakis.com/blog/best-practices-around-production-ready-web-apps-with-docker-compose