--- tags: sysadmin, config, server, hetzner title: Hetzner Server --- # Hetzner Server for LesGrandsVoisins The hosting for the video-conference website is on a server provided by [Hetzner](https://hetzner.com). The admin panel for that server is here: https://console.hetzner.cloud/projects/401593/servers/5466053/overview It serves: * [VC](https://hackmd.io/@lesgrandsvoisins/SJs4b0dO8) * [Covid19](https://hackmd.io/@lesgrandsvoisins/Sy3RFCZYI) IPv4: `159.69.191.8` IPv6: `2a01:4f8:c17:bf88::` It is a Debian 10 Server. Developer and Admin users are: * `chris2fr` * `mmokhi` System Users: * `prosody` - lua5.2 - for the Prosody server, part of Jitsi * `www-data` - nginx worker * `jvb` - java for Jitsi Video Bridge * `jicofo`- java for Jitsi Conference Focus * `root` - nginx master, sshd, dchclient ## Installed Software root@debian-2gb-fsn1-1:~# apt-get install python-certbot-nginx ## systemctl * prosody * nginx * jitsi-videobridge2 ## NGINX Master User: root Worker user: www-data ### covid19.lesgrandsvoisins.fr Nginx server for [covid19.lesgrandsvoisins.fr](https://hackmd.io/@lesgrandsvoisins/Sy3RFCZYI) ### default ### vc.lesgrandsvoisins.fr.conf NGINX server for [VC](https://hackmd.io/@lesgrandsvoisins/SJs4b0dO8) ## Let's Encrypt ### Procedure for installing `# certbot-auto renew` certificate and chain have been saved at: /etc/letsencrypt/live/vc.lgv.lol/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/vc.lgv.lol/privkey.pem cert will expire on 2020-07-17. ### Chrontab Elements ## Journal This is a sysadmin journal to note work we do, notably in integrations. ### 2020-05-02 systemctl status covid19web /lib/systemd/system/covid19web.service Jekyll installation here: /var/www/jekyll Git Repositories here: /var/git/ * lesgrandsvoisins.configmagic - a few config scripts * wwwlesgrandsvoisinsfr - the Jekyll website for lesgrandsvoisins.fr/.fr ### 2020-04-30 #### Trying for Gollum aptitude install ruby-gollum-lib aptitude install gpg2 gpg2 --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 7D2BAF1CF37B13E2069D6956105BD0E739499BDB \curl -sSL https://get.rvm.io | bash -s stable root@debian-2gb-fsn1-1:/opt/gollum# su - root@debian-2gb-fsn1-1:~# rvm install ruby-head apt-get install ruby ruby-dev make zlib1g-dev libicu-dev build-essential git cmake gem install gollum ### 2020-04-28 `git config --global core.editor "vim"` #### Installing Screen (don't scream, please) `root@debian-2gb-fsn1-1:~# aptitude install screen` #### Now Doing some Shady Stuff in Prosody (please, still don't scream) doubled Prosody configuration for vc.lesgrandsvoisins.fr with auth.vchat.mann.fr in config file ending in vc.lesgrands.voisins.fr.lua. ```bash vi /etc/prosody/conf.avail/vc.lesgrandsvoisins.fr.cfg.lua # From root@debian-2gb-fsn1-1:~# prosodyctl cert generate auth.vchat.mann.fr ln -s /var/lib/prosody/auth.vchat.mann.fr.key /etc/prosody/certs/ ln -s /var/lib/prosody/auth.vchat.mann.fr.crt /etc/prosody/certs/ ``` #### Correcting a Jitsi-Meet error ``` Apr 28 11:24:06 mod_component info Disconnecting component, <stream:error> is: <stream:error><host-unknown xmlns='urn:ietf:params:xml:ns:xmpp-streams'/><text xmlns='urn:ietf:params:xml:ns:xmpp-streams'>jitsi-videobridge.vc.lesgrandsvoisins.fr does not match any configured external components</text></stream:error> Apr 28 11:24:06 jcp5570a14950c0 info component disconnected: nil (false) Apr 28 11:24:08 speakerstats.vc.lesgrandsvoisins.fr:speakerstats_component warn A module has been configured that triggers external events. Apr 28 11:24:08 speakerstats.vc.lesgrandsvoisins.fr:speakerstats_component warn Implement this lib to trigger external events. ``` I couldn't find any reference to jitsi-videobridge.vc.lesgrandsvoisins.fr anywhere. #### Correcting BOSH For more information about DNS configuration please see https://prosody.im/doc/dns Checking certificates... Checking certificate for focus.vchat.mann.fr Certificate: /etc/prosody/certs/vchat.mann.fr.crt Not valid for server-to-server connections to focus.vchat.mann.fr. Checking certificate for conference.vchat.mann.fr Certificate: /etc/prosody/certs/vchat.mann.fr.crt Not valid for server-to-server connections to conference.vchat.mann.fr. Checking certificate for speakerstats.vchat.mann.fr Certificate: /etc/prosody/certs/vchat.mann.fr.crt Not valid for server-to-server connections to speakerstats.vchat.mann.fr. Checking certificate for auth.vchat.mann.fr Certificate: /etc/prosody/certs/auth.vchat.mann.fr.crt Checking certificate for internal.auth.vchat.mann.fr Certificate: /etc/prosody/certs/auth.vchat.mann.fr.crt Checking certificate for conferenceduration.vchat.mann.fr Certificate: /etc/prosody/certs/vchat.mann.fr.crt Not valid for server-to-server connections to conferenceduration.vchat.mann.fr. Checking certificate for conferenceduration.vc.lesgrandsvoisins.fr Certificate: /etc/prosody/certs/vc.lesgrandsvoisins.fr.crt Checking certificate for vc.lesgrandsvoisins.fr Certificate: /etc/prosody/certs/vc.lesgrandsvoisins.fr.crt Checking certificate for speakerstats.vc.lesgrandsvoisins.fr Certificate: /etc/prosody/certs/vc.lesgrandsvoisins.fr.crt Checking certificate for internal.auth.vc.lesgrandsvoisins.fr Certificate: /etc/prosody/certs/auth.vc.lesgrandsvoisins.fr.crt Checking certificate for conference.vc.lesgrandsvoisins.fr Certificate: /etc/prosody/certs/vc.lesgrandsvoisins.fr.crt Checking certificate for vchat.mann.fr Certificate: /etc/prosody/certs/vchat.mann.fr.crt Checking certificate for localhost Certificate: /etc/prosody/certs/localhost.crt Not valid for client connections to localhost. Not valid for server-to-server connections to localhost. Checking certificate for focus.vc.lesgrandsvoisins.fr Certificate: /etc/prosody/certs/vc.lesgrandsvoisins.fr.crt Checking certificate for auth.vc.lesgrandsvoisins.fr Certificate: /etc/prosody/certs/auth.vc.lesgrandsvoisins.fr.crt For more information about certificates please see https://prosody.im/doc/certificates #### Starting the COVID19.lesgrandsvoisins.fr server after reboot I think there is a missing startup service. root@debian-2gb-fsn1-1:~# apt-get install locate ### 2020-04-27 #### Getting everything working again Will copy back two modified config files from /root/etcopy: * NGINX * PROSODY Modified `./jitsi/meet/vc.lesgrandsvoisins.fr-config.js` Will restart and check services: ``` # in root@debian-2gb-fsn1-1:/etc# systemctl restart nginx jitsi-videobridge2 prosody systemctl status nginx jitsi-videobridge2 prosody ``` Done #### Putting in place ETCKEEPER ETC KEEP Will help us track changes. Uses GIT. Store in /etc/.git, /etc/.etckeepter. Configed in /etc/etckeeper. `etckeeper` is one command, such as `etckeeper commit "some message"`, but `git` can also be used, as in `git log`. ```bash # from root@debian-2gb-fsn1-1:/etc# aptitude install etckeeper etckeeper init etckeeper commit "All Working here: vc.lesgrandsvoisns.fr and covid19.lesgrandsvoisins.fr" etckeeper vcs log ``` Documentation on etckeeper is here: https://etckeeper.branchable.com/ #### Fixing PROSODY certificate problem There is a virtual host configuration Warning. ``` root@debian-2gb-fsn1-1:/etc# systemctl status prosody ● prosody.service - Prosody XMPP Server Loaded: loaded (/lib/systemd/system/prosody.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2020-04-27 08:13:01 CEST; 22min ago Docs: https://prosody.im/doc Main PID: 11577 (lua5.2) Tasks: 1 (limit: 65000) Memory: 17.1M CGroup: /system.slice/prosody.service └─11577 lua5.2 /usr/bin/prosody Apr 27 08:13:01 debian-2gb-fsn1-1 systemd[1]: Started Prosody XMPP Server. Apr 27 08:13:02 debian-2gb-fsn1-1 prosody[11577]: portmanager: Error binding encrypted port for https: No certificate present in SSL/TLS configuration for https port 5281 Apr 27 08:13:02 debian-2gb-fsn1-1 prosody[11577]: portmanager: Error binding encrypted port for https: No certificate present in SSL/TLS configuration for https port 5281 ``` There is an IPv6 Misconfiguration ``` root@debian-2gb-fsn1-1:/etc# prosodyctl check Checking config... Done. Checking DNS for host vc.lesgrandsvoisins.fr... vc.lesgrandsvoisins.fr AAAA record points to unknown address 2a01:4f8:c17:bf88:: Host vc.lesgrandsvoisins.fr does not seem to resolve to this server (IPv6) Only some targets for vc.lesgrandsvoisins.fr appear to resolve to this server. [...] Checking certificate for localhost Certificate: /etc/prosody/certs/vc.lesgrandsvoisins.fr.crt Not valid for client connections to localhost. ``` Moved all configuration for the virtual host out of the virtual host and into the global configuration. ```bash # From root@debian-2gb-fsn1-1:/etc# git diff f5d4c232455b98a0c2ac8fff511e7b5fd2a14c0c 4932ee111849cd76694c47ad1975a28481af46f4 ``` #### Setting up vchat.mann.fr reverse proxy for vc.lesgrandsvoisins.fr There is the story of `location /http-bind`, but I also think there is the issues of: * / * port 4443 * port 10000 I am also proxy-forwarding in internal on an external domain. #### Broke Something Again I guess I should go back to `f5d4c232455b98a0c2ac8fff511e7b5fd2a14c0c` or `4932ee111849cd76694c47ad1975a28481af46f4` #### Installing Gollum I like Gollum and wonder if it can be used in conjunction with a markdown editor, even Elephant. https://github.com/gollum/gollum/wiki/Installation `apt install ruby-gollum-lib` ### 2020-04-26 @chris2fr Added vchat.mann.fr and broke everything. I think this is the problem in `/etc/jitsi/meet/vc.lesgrandsvoisins.fr-config.js`: ``` // bosh: '//vc.lesgrandsvoisins.fr/http-bind', bosh: '//<!--# echo var="http_host" -->/<!--# echo var="subdir" default="" -->http-bind' ``` ### 2020-04-25 @mmokhi Installed covid19.lesgrandsvoisins.fr ### 2020-04-20 @mmokhi Fixed vc.lesgrandsvoisins.fr ### 2020-04-19 @chris2fr Migrated vc.lgv.lol to vc.lesgrandsvoisins.fr Broke everything. ### 2020-04-18 @mmokhi Installed vc.lgv.lol