Metainformationen zur Seite
  •  

Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

Beide Seiten der vorigen RevisionVorhergehende Überarbeitung
Nächste Überarbeitung		Vorhergehende Überarbeitung
server:dwb [2025/01/14 09:38] walbaumserver:dwb [2025/10/23 10:51] (aktuell) – [Externe Verbindungseinstellungen für Endbenutzer (z.B. über DiversityCollection / Client): smns.diversityworkbench.de Port 7878] schuhmann
Zeile 1: Zeile 1:
 +====== Externe Verbindungseinstellungen für Endbenutzer (z.B. über DiversityCollection / Client): smns.diversityworkbench.de Port 7878 ======
 +Download der Clients: https://www.diversityworkbench.de/manual/dwb_latest/modules/index.html
 +
 ====== DWB im SMNS ====== ====== DWB im SMNS ======
  
-  ; OS : Linux Debian 12  +; OS : Linux Debian 12 ; Hostname : lserver-dwb01 ; IP DMZ : 172.31.13.31 ; User : dwbdebby ; Passwort : <decrypt>U2FsdGVkX18LX4h/SQIKwZiSgSlkAeYHqb8K04oLOPNUb25lXhHeawJHgS1bBrLK</decrypt>
-  ; Hostname : lserver-dwb01  +
-  ; IP DMZ : 172.31.13.31 +
-  ; User : dwbdebby  +
-  ; Passwort : <decrypt>U2FsdGVkX18LX4h/SQIKwZiSgSlkAeYHqb8K04oLOPNUb25lXhHeawJHgS1bBrLK</decrypt>+
  
 ===== Systemsetup ===== ===== Systemsetup =====
  
 Zwei redundante Server (Komponenten doppelt aufgeführt):\\ Zwei redundante Server (Komponenten doppelt aufgeführt):\\
-{{:server:dwb-hardware.png|}}+{{:server:dwb-hardware.png}}
  
 ===== Festplatte/Partitionierung ===== ===== Festplatte/Partitionierung =====
  
-Installation Debian auf 8TB (7,7) NVMe nvme0n1, Bilder liegen in /var/log/installer/.\\+Installation Ubuntu auf 8TB (7,7) NVMe nvme0n1, Bilder liegen in /var/log/installer/.\\
 LVM (Logical Volume Manager) mit Verschlüsselung.\\ LVM (Logical Volume Manager) mit Verschlüsselung.\\
 \\ \\
Zeile 207: Zeile 206:
   mssql-network:   mssql-network:
     driver: bridge     driver: bridge
 +
 </code> </code>
  
Zeile 313: Zeile 313:
  
 <WRAP round box 100% center> <WRAP round box 100% center>
 +
 <code> <code>
 #Bypass an der DMZ vorbei #Bypass an der DMZ vorbei
Zeile 326: Zeile 327:
     gateway 172.31.13.254     gateway 172.31.13.254
     dns-nameservers 172.31.13.254     dns-nameservers 172.31.13.254
 +
 </code> </code>
 +
 </WRAP> </WRAP>
  
Zeile 333: Zeile 336:
 <code> <code>
 systemctl restart networking systemctl restart networking
 +
 </code> </code>
  
Zeile 339: Zeile 343:
 <code> <code>
 ip link set dev eno2np1 up ip link set dev eno2np1 up
 +
 </code> </code>
  
 IP hinzufügen: IP hinzufügen:
 +
 <code> <code>
 ip address add 172.31.13.31/24 dev enp129s0f1np1 ip address add 172.31.13.31/24 dev enp129s0f1np1
 +
 </code> </code>
  
 IP entfernen: IP entfernen:
 +
 <code> <code>
 ip address del 172.31.13.31/24 dev enp129s0f1np1 ip address del 172.31.13.31/24 dev enp129s0f1np1
 +
 </code> </code>
  
Zeile 355: Zeile 364:
 <code> <code>
 ip addr show ip addr show
 +
 </code> </code>
  
 <WRAP center round box 100%> <WRAP center round box 100%>
 +
 <code> <code>
 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
Zeile 407: Zeile 418:
     inet6 fe80::646e:ccff:feb4:cfee/64 scope link     inet6 fe80::646e:ccff:feb4:cfee/64 scope link
        valid_lft forever preferred_lft forever        valid_lft forever preferred_lft forever
 +
 </code> </code>
 +
 </WRAP> </WRAP>
  
 ==== Firewallregeln ==== ==== Firewallregeln ====
  
-<code>sudo iptables -S</code>+<code> 
 +sudo iptables -S 
 + 
 +</code>
  
 <WRAP center round box 100%> <WRAP center round box 100%>
 +
 <code> <code>
 *filter *filter
Zeile 518: Zeile 535:
 -A DOCKER -i br-b3f2654f0e35 -j RETURN -A DOCKER -i br-b3f2654f0e35 -j RETURN
 -A DOCKER ! -i br-e51ea62201df -p tcp -m tcp --dport 5432 -j DNAT --to-destination 172.18.0.2:1433 -A DOCKER ! -i br-e51ea62201df -p tcp -m tcp --dport 5432 -j DNAT --to-destination 172.18.0.2:1433
 +
 </code> </code>
 +
 </WRAP> </WRAP>
  
Zeile 524: Zeile 543:
  
 Regel hinzufügen, z.B.: Regel hinzufügen, z.B.:
 +
 <code> <code>
 iptables -A INPUT -i eno2np1 -p tcp --dport 7878 -j ACCEPT iptables -A INPUT -i eno2np1 -p tcp --dport 7878 -j ACCEPT
 +
 </code> </code>
  
 Speicherbar machen: Speicherbar machen:
 +
 <code> <code>
 sudo apt-get update sudo apt-get update
 sudo apt-get install iptables-persistent sudo apt-get install iptables-persistent
 +
 </code> </code>
  
 Backup Existing Rules: Backup Existing Rules:
 +
 <code> <code>
-sudo iptables-save > ~/iptables_backup.txt+sudo iptables-save> ~/iptables_backup.txt 
 </code> </code>
  
-Mehr dazu: https://wiki.ubuntuusers.de/iptables/ +Mehr dazu: [[https://wiki.ubuntuusers.de/iptables/|https://wiki.ubuntuusers.de/iptables/]]\\
-\\ +
-\\+
 === IP Blacklist aus München === === IP Blacklist aus München ===
- 
 <code> <code>
 +
 sudo iptables -A INPUT -s 108.181.2.0/24 -j DROP sudo iptables -A INPUT -s 108.181.2.0/24 -j DROP
 sudo iptables -A INPUT -s 108.181.24.0/24 -j DROP sudo iptables -A INPUT -s 108.181.24.0/24 -j DROP
Zeile 571: Zeile 594:
 sudo iptables -A INPUT -s 45.140.17.52 -j DROP sudo iptables -A INPUT -s 45.140.17.52 -j DROP
 sudo iptables -A INPUT -s 45.130.145.28 -j DROP sudo iptables -A INPUT -s 45.130.145.28 -j DROP
 +
 </code> </code>
-\\ + 
-===== fail2ban =====+===== fail2ban - läuft noch nicht richtig =====
  
 <code> <code>
Zeile 641: Zeile 665:
 </code> </code>
  
-===== Backups einspielen =====+===== Backups in die DWB einspielen =====
  
 Backups auf den Server kopieren: Backups auf den Server kopieren:
Zeile 749: Zeile 773:
  
 In /opt/dwb-backup läuft backup_script.sh und erstellt jede Nacht um 0:00 Uhr ein Komplettabbild der Datenbank in /mnt/mssql_data/backup/full/, jede volle Stunde zwischen 7:00 und 18:00 Uhr ein inkrementelles Abbild in /mnt/mssql_data/backup/diff/. Für dieses Skript müssen auf dem Server mssql-tools installiert werden! In /opt/dwb-backup läuft backup_script.sh und erstellt jede Nacht um 0:00 Uhr ein Komplettabbild der Datenbank in /mnt/mssql_data/backup/full/, jede volle Stunde zwischen 7:00 und 18:00 Uhr ein inkrementelles Abbild in /mnt/mssql_data/backup/diff/. Für dieses Skript müssen auf dem Server mssql-tools installiert werden!
 +
 <code> <code>
 #!/bin/bash #!/bin/bash
Zeile 764: Zeile 789:
  
     IGNORE_DB="tempdb model"     IGNORE_DB="tempdb model"
-    DB_LIST=$(sqlcmd -S 172.32.23.31,5432 -U BackupAdmin -P '}Cg5+~W7Hyye&6T%uy' -h -1 -Q 'SET NOCOUNT ON;SELECT name FROM sys.databases;')+    DB_LIST=$(sqlcmd -S 172.31.13.31,5432 -U BackupAdmin -P 'StrongPassword!123' -h -1 -Q 'SET NOCOUNT ON;SELECT name FROM sys.databases;')
     for db in $DB_LIST     for db in $DB_LIST
     do     do
Zeile 777: Zeile 802:
         if [ "$skipdb" = "-1" ]; then         if [ "$skipdb" = "-1" ]; then
             SQL_FILE="${db}_full_${NOW}"             SQL_FILE="${db}_full_${NOW}"
-            sqlcmd -S 172.32.23.31,5432 -U BackupAdmin -P '}Cg5+~W7Hyye&6T%uy' -Q "BACKUP DATABASE [${db}] TO DISK=N'${BACKUP_PATH}/full/${SQL_FILE}.bak' WITH NAME='Full backup of ${db}',INIT,COMPRESSION,CHECKSUM,FORMAT"+            sqlcmd -S 172.31.13.31,5432 -U BackupAdmin -P 'StrongPassword!123' -Q "BACKUP DATABASE [${db}] TO DISK=N'${BACKUP_PATH}/full/${SQL_FILE}.bak' WITH NAME='Full backup of ${db}',INIT,COMPRESSION,CHECKSUM,FORMAT"
             if [ $? -eq 0 ]             if [ $? -eq 0 ]
             then             then
-                printf "${SQL_FILE}.bak written" >> $LOG_FILE+                printf "${SQL_FILE}.bak written">> $LOG_FILE
                 chmod g+r "${BACKUP_PATH_HOST}/full/${SQL_FILE}.bak"                 chmod g+r "${BACKUP_PATH_HOST}/full/${SQL_FILE}.bak"
             else             else
-                printf "WARNING: An error occured while attempting to write {$db}" >> $LOG_FILE+                printf "WARNING: An error occured while attempting to write {$db}">> $LOG_FILE
             fi             fi
         fi         fi
Zeile 797: Zeile 822:
  
     IGNORE_DB="tempdb master model"     IGNORE_DB="tempdb master model"
-    DB_LIST=$(sqlcmd -S 172.32.23.31,5432 -U BackupAdmin -P '}Cg5+~W7Hyye&6T%uy' -h -1 -Q 'SET NOCOUNT ON;SELECT name FROM sys.databases;')+    DB_LIST=$(sqlcmd -S 172.31.13.31,5432 -U BackupAdmin -P 'StrongPassword!123' -h -1 -Q 'SET NOCOUNT ON;SELECT name FROM sys.databases;')
     for db in $DB_LIST     for db in $DB_LIST
     do     do
Zeile 810: Zeile 835:
         if [ "$skipdb" = "-1" ]; then         if [ "$skipdb" = "-1" ]; then
             SQL_FILE="${db}_diff_${NOW}"             SQL_FILE="${db}_diff_${NOW}"
-            sqlcmd -S 172.32.23.31,5432 -U BackupAdmin -P '}Cg5+~W7Hyye&6T%uy' -Q "BACKUP DATABASE [${db}] TO DISK=N'${BACKUP_PATH}/diff/${SQL_FILE}.bak' WITH NAME='diff backup of ${db}',DIFFERENTIAL"+            sqlcmd -S 172.31.13.31,5432 -U BackupAdmin -P 'StrongPassword!123' -Q "BACKUP DATABASE [${db}] TO DISK=N'${BACKUP_PATH}/diff/${SQL_FILE}.bak' WITH NAME='diff backup of ${db}',DIFFERENTIAL"
             if [ $? -eq 0 ]             if [ $? -eq 0 ]
             then             then
-                printf "${db}.bak written" >> $LOG_FILE+                printf "${db}.bak written">> $LOG_FILE
                 chmod g+r "${BACKUP_PATH_HOST}/diff/${SQL_FILE}.bak"                 chmod g+r "${BACKUP_PATH_HOST}/diff/${SQL_FILE}.bak"
             else             else
-                printf "WARNING: An error occured while attempting to write ${SQL_FILE}" >> $LOG_FILE+                printf "WARNING: An error occured while attempting to write ${SQL_FILE}">> $LOG_FILE
             fi             fi
         fi         fi
Zeile 823: Zeile 848:
     rm "${BACKUP_PATH_HOST}/diff/.in_process"     rm "${BACKUP_PATH_HOST}/diff/.in_process"
 } }
- 
  
 if [ "$1" = "full"  ]; then if [ "$1" = "full"  ]; then
     LOG_FILE="${BACKUP_PATH_HOST}/full/backup-db_${NOW}.log"     LOG_FILE="${BACKUP_PATH_HOST}/full/backup-db_${NOW}.log"
-    printf "Start full backup of MSSQL Server lserver-dwb01: $(date "+%F %T")" > $LOG_FILE+    printf "Start full backup of MSSQL Server lserver-dwb01: $(date "+%F %T")"> $LOG_FILE
     sqlserver_dwb_full     sqlserver_dwb_full
-    printf "Finish backup utility: $(date "+%F %T")\n\n" >> "$LOG_FILE"+    printf "Finish backup utility: $(date "+%F %T")\n\n">> "$LOG_FILE"
 fi fi
 if [ "$1" = "diff"  ]; then if [ "$1" = "diff"  ]; then
     LOG_FILE="${BACKUP_PATH_HOST}/diff/backup-db_`date "+%u"`.log"     LOG_FILE="${BACKUP_PATH_HOST}/diff/backup-db_`date "+%u"`.log"
-    echo "Start differential backup of MSSQL Server lserver-dwb01: $(date "+%F %T")" >> $LOG_FILE+    echo "Start differential backup of MSSQL Server lserver-dwb01: $(date "+%F %T")">> $LOG_FILE
     sqlserver_dwb_diff     sqlserver_dwb_diff
-    printf "Finish backup utility: $(date "+%F %T")\n\n" >> "$LOG_FILE"+    printf "Finish backup utility: $(date "+%F %T")\n\n">> "$LOG_FILE"
 fi fi
 +
 </code> </code>
  
 Crontab (crontab -e) mit PATH, sonst ist 'sqlcmd' nicht bekannt: Crontab (crontab -e) mit PATH, sonst ist 'sqlcmd' nicht bekannt:
 <code> <code>
 +
 PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/opt/mssql-tools/bin PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/opt/mssql-tools/bin
  
-0 0 * * * /opt/dwb-backup/backup_script.sh full > /var/log/backup_script_full.log 2>&+0 0 * * * /opt/dwb-backup/backup_script.sh full> /var/log/backup_script_full.log 2>&
-0 7-18 * * * /opt/dwb-backup/backup_script.sh diff > /var/log/backup_script_diff.log 2>&1+0 7-18 * * * /opt/dwb-backup/backup_script.sh diff> /var/log/backup_script_diff.log 2>&1 
 </code> </code>
  
 ===== Prometheus Daten ===== ===== Prometheus Daten =====
  
-Die Healthdaten des Servers werden via [[server:nodeex|Node Exporter]] an [[server:prometheus|Prometheus]] auf Hetzner freigegeben.+Die Healthdaten des Servers werden via [[:server:nodeex|Node Exporter]] an [[:server:prometheus|Prometheus]] auf Hetzner freigegeben. 
 +