- vor 2 Monaten
- #38c3
#38c3 Decentralize YouTube
Dokus über digitales künstliche Intelligenz Social Media, die besten Comedy-Serien
Facebook: http://www.facebook.com/tarifguard
http://www.kiez-deal.de
Dokus über digitales künstliche Intelligenz Social Media, die besten Comedy-Serien
Facebook: http://www.facebook.com/tarifguard
http://www.kiez-deal.de
Kategorie
🤖
TechnikTranskript
00:00Andreas and Sebastian will explain to us today how we can set up a Nextcloud server
00:22and run from home and how we can be a bit more self-sufficient and better at handling our data.
00:36And now a big round of applause for Sebastian and Andreas and then we can get started.
00:45You have already tried to give the lecture before and now you have to be very quick,
00:49So let's try to get started right now. Let's get started!
00:52Yes, hello. The Internet is full of good services, practical services that we all always like to use,
01:04For example, services that allow you to edit files online, share them with people, and so on.
01:11All great stuff. The problem is, well, we've already learned one problem,
01:15namely, that they all have a terrible login flow. The second is that you usually have to sell your soul,
01:21by signing such terms and conditions. That's why we thought in 2020, we'd just do it ourselves.
01:30and have started to think about a setup at home to provide for our immediate neighborhood,
01:37That's about 50 people, an infrastructure with Nextcloud for managing files, sharing files
01:44and create calendars for shared spaces.
01:49Right, exactly.
01:52Yes, what is a Nextcloud?
01:57So we are planning to give a beginner’s talk here, so we wanted to show you briefly again,
02:02what do we actually want to achieve here?
02:03So this is what Nextcloud looks like. It's a service where you can upload files relatively easily using drag and drop.
02:10It is user-managed, which means that everyone can have their own workspace,
02:14can only have the files there for himself.
02:16But you can also form groups or share files with other users, edit them together, so you can do a lot of things.
02:22and it is very expandable, so up here you can see a small approach, so there is here,
02:28I don't know how many of you can know here, oh, okay, nothing, very good.
02:31So there is a whole bar of apps and plug-ins up there, which is very expandable,
02:36For example, you can also integrate calendars, create calendars, integrate emails,
02:43Create surveys, all sorts of things, always either for yourself or shared with others.
02:50So much in brief.
02:52Yes, let's skip that, exactly.
03:00When we decided to do this talk, we were forced to
03:04and that is actually the most valuable thing about this talk preparation,
03:09that we have built and expanded our setup over the years,
03:13had to go through it again step by step and see,
03:16So how to actually build it step by step and then we documented it.
03:21That means there is a repo where we really step by step with every Bash line,
03:27that have to be carried out, and there are not so many,
03:31how to achieve the result we show you here.
03:34And we'll show you the repo at the very end, so stay tuned.
03:37In this lecture we would explain all the steps at a high level
03:44and not go into detail about how exactly to install it.
03:49But this is all very well documented, I claim.
03:51Exactly.
03:55Yes, if you start something like that, you end up with a Linux server
03:59and has learned how to set up services quite easily
04:03and either provides it to others or to oneself.
04:05And that is the beginning of a journey, we wrote there.
04:08So once you have that, it's a bit addictive,
04:11So you will find more use cases.
04:15Exactly, let’s start with our Nextcloud.
04:16Exactly, I would now like to tell you a little bit about the tools,
04:20that we have selected.
04:22Basically, we are in the DevOps area here,
04:24So how do I do hosting? There is a very, very large selection
04:27of support technologies.
04:29We have now tried to choose the simplest possible setup
04:32with as few tools as possible, so that you are not completely overwhelmed by the whole thing.
04:36This is not necessarily the best if I want to run 50 Nextclouds now,
04:40but we are concerned with this use case,
04:41You can start your own lab environment at home.
04:44That means, as simple as possible, you have a setup,
04:47You can also add other things to it modularly
04:49and it was important that you had a secure perimeter.
04:52So basically everything that is accessible from the Internet must be secure
04:56and that was basically our goal.
05:00You can also find a bit more details in the repro.
05:04And to the initial situation, we now assume
05:07For example, you already have some hardware lying around,
05:09So an old notebook, which you can then use as a server,
05:11So, the simplest possible introduction.
05:13And you basically need another device as an admin machine,
05:16you can then surf the websites,
05:18So the Nextcloud itself or the help website, I would say,
05:22for the auxiliary tools.
05:24And we assume basic knowledge of computer science.
05:27This is basic knowledge that is always a bit difficult to define.
05:31We tried to make everything as simple as possible.
05:33We have all the commands that need to be executed,
05:35are all in the repo, you can have a look there,
05:37if you want to copy it.
05:37But at least to have seen such a command line,
05:41would be quite good.
05:44Exactly, and then, that was the starting point for the final state.
05:47So our final state is, we have set up 38c3.fun here as a test.
05:54I'll scroll through a bit and maybe you'll see it.
05:56Yes.
05:57Namely, there is this official Nextcloud scan,
05:59In principle, you can have internet-accessible Nextclouds scanned,
06:02whether they are safe.
06:03It checks, yes, a few settings,
06:07whether it is encrypted,
06:08the setup, so also, yes,
06:10HTTP header stuff.
06:12And specifically it has the Latest Patch Level
06:14and is the version still okay.
06:16And if you follow our repo,
06:18then in principle an A-plus page comes out.
06:20So according to this check, things aren't getting any better.
06:23This is not all about security,
06:25but that is what the manufacturer
06:26has provided.
06:28And the most important thing is,
06:30if you want to do something like that,
06:31So it definitely has to be patched.
06:34Exactly.
06:36So, then Nextcloud All-in-One was also briefly mentioned.
06:40This is from,
06:41There is Nextcloud GmbH,
06:42that's so Open Core,
06:44So Nextcloud is open source
06:45and there is this company,
06:46which maintains this open source code.
06:50And they have a recommended minimal setup.
06:52This is this all-in-one,
06:53you can see that here.
06:55When we started in 2020,
06:57that didn't exist yet.
06:58That must be a great setup.
07:01It's a batteries-included thing.
07:03So I install something
07:04and then everything happens automatically underneath,
07:07as far as we have seen so far.
07:10We just don’t have that,
07:11We're not talking about it here either.
07:14Exactly, yes.
07:17So, okay.
07:17And then,
07:18Unfortunately, we don’t have much time,
07:19so we have to go through a bit.
07:21Just to give an overview of the system landscape.
07:23So what do we want to build?
07:24The basic idea is,
07:26you are practically sitting here at home,
07:28behind your Fritzbox.
07:29The Fritzbox is connected to the Internet,
07:31So it doesn’t have to be a Fritzbox,
07:32could also be a different router.
07:34And from there there is in principle
07:36a port forwarding
07:36on port 443
07:38into the system landscape.
07:40And the system landscape consists once
07:42from the hardware down here,
07:44So that's the notebook.
07:46We have on the notebook
07:47an Ubuntu installed.
07:49On Ubuntu itself
07:50then Git runs,
07:52Docker and Jenkins.
07:53So Git is for pulling repos,
07:55i.e. source code management.
07:57It is already preinstalled on Ubuntu.
07:59Docker is a container virtualization solution,
08:02We'll go into that in more detail later.
08:03This is the runtime environment,
08:04in which all applications run.
08:06And Jenkins is a tool
08:08to automate jobs.
08:10So the Jenkins will later
08:11automatically patching
08:13always undertake for us.
08:15And up here in the application layer
08:16we once had the
08:17Nginx Proxy Manager.
08:19It is there to
08:20that he takes care of
08:21SSL certificate management,
08:22so that I have HTTPS,
08:25with Let's Encrypts,
08:26so free.
08:27I have Nextcloud myself,
08:28that is in principle
08:29the application,
08:30that we want now.
08:30And Nextcloud still has
08:31a Postgres database on board.
08:34With Nextcloud,
08:35the photos and so on,
08:36that we upload,
08:37they are all directly
08:38on the hard drive.
08:39But metadata like user
08:41or last login
08:43and passwords
08:44are all in the Postgres database.
08:45Exactly, then hardware.
08:49Yes, exactly.
08:50So much for the theory.
08:52Exactly, we start
08:53with the hardware selection.
08:55So there,
08:55that hangs a bit now
08:56from
08:57naturally,
08:58what you want to do
08:59and what you might
09:00already have there.
09:01So,
09:02you don't have to go directly
09:03with the super perfect
09:04Start server setup.
09:06Once you
09:07wants to try it out,
09:08then maybe it is enough,
09:09and you may have
09:09a notebook still at home,
09:11what you no longer need,
09:12Maybe that's enough for now.
09:14So this now, for example,
09:15what we just saw,
09:17the Nextcloud,
09:18that I have shown,
09:1938c3 Fun,
09:20that was now in preparation
09:21this talk,
09:22we have that again
09:23at Kleinerzeigen
09:24bought for 80 euros.
09:26So it also performs
09:27somewhat.
09:29Yes,
09:30there are just two variants
09:31from our experience.
09:33So either you start something,
09:34do it once,
09:35to have tried it
09:36and then you turn
09:37the next side project,
09:38then you have it
09:40didn't take long.
09:40or you find it fun
09:43and continues to use it,
09:45then of course you think,
09:46Afterwards I would have
09:46uses better hardware.
09:49Yes,
09:49For us it was more the latter.
09:50So minimal,
09:51let's say,
09:52green bubble,
09:53old notebook,
09:55with a Raspberry Pi
09:56Theoretically, that's also possible.
09:58However, we would advise against this,
09:59Experience has shown that
10:00too little power.
10:02So it should be
10:02at least notebook hardware.
10:05Exactly.
10:06Where did we start
10:07back then four years ago?
10:10At that time we
10:11a system morning,
10:13System,
10:15a SOC,
10:16i.e. a mainboard
10:18bought with chip soldered
10:19and a server chassis.
10:24This has a total
10:24Cost 550 euros.
10:26But of these,
10:27200 Euro hard drives,
10:298 terabytes.
10:30Now it depends on
10:30whether you want that
10:31or not.
10:32More precise components
10:32you can find in the repo
10:33check again.
10:34Meanwhile it has
10:37get more use cases.
10:38So we now have
10:39meanwhile also
10:39for multiple households
10:41a streaming server,
10:42Median server on it
10:43and it is just
10:43a general lab environment.
10:45So you can
10:46just about anything.
10:46Once you
10:47a Linux server
10:47in the network,
10:48then you will find
10:48Use cases for this.
10:51Yes, so we are
10:53with our hardware
10:54very good so far
10:55came around the corner.
10:55So exactly,
10:56now we have again
10:56this short list,
10:57not too detailed.
10:58So at the very top
10:58is a gaming CPU,
11:00halfway middle class,
11:01current.
11:02This is some generic
11:05CPU benchmark.
11:07The second line
11:08is our CPU,
11:08which we are currently
11:09in use.
11:10The third line
11:11is the laptop,
11:12what we bought.
11:13So they are
11:13quite close together,
11:14but of course
11:15in a different size class
11:16as a gaming CPU.
11:17But you don't need it.
11:19And then you see,
11:19why we use the Raspberry
11:20not recommend,
11:21because he plays again
11:22on a completely different scale,
11:23namely underneath there.
11:25Exactly.
11:25What have we done since
11:26upgraded?
11:27So we are talking about 8 GB RAM
11:29went to 32 GB,
11:31but have now
11:32instead of the mentioned
11:32three apps
11:33also now
11:3430 apps running.
11:36If you had to decide,
11:38what kind of RAM you install,
11:41then rather
11:41a few large bars
11:43and still have slots available.
11:45That can be
11:46easier to expand later,
11:47as if you then
11:47you have to replace all the bars.
11:49For processor,
11:49exactly what we had above
11:50wrote another tip,
11:51if you have a processor
11:52you have to choose,
11:53because you buy new,
11:54then you should just
11:55also the electricity costs
11:56keep an eye on
11:57because such a server
11:58should in the best case
12:00Run 24-7.
12:01That means,
12:02it adds up.
12:04So that simply
12:07keep an eye on.
12:07So you need
12:08not necessarily
12:08the best performance,
12:09Electricity costs in any case
12:10don't forget.
12:13Exactly.
12:13And we have
12:13our hard drives
12:14again
12:14screwed one in.
12:16So we are now
12:16instead of 8 TB
12:18at 12 TB.
12:19There again
12:20the tip,
12:20if you prefer slots
12:22keep free
12:22and a few large plates
12:24buy,
12:24then expands
12:25it easier.
12:26You don’t have to
12:26replace everything.
12:28Exactly.
12:30Yes,
12:31Software part.
12:33So we have
12:34at that time,
12:35so we recommend
12:36LTS version,
12:37that is the
12:38long-term care
12:39Version of Ubuntu.
12:41We take
12:42an Ubuntu server
12:43without GUI components,
12:44because we want
12:45yes build a server,
12:46the one without a monitor
12:47just sitting in the closet.
12:48So we need
12:48we don't have a GUI.
12:49At that time we
12:50with a 20.04
12:51begun,
12:52in the meantime
12:53downgraded
12:53to 22.04.
12:56Now our
12:57Prototypes
12:58now here for the talk
12:59I have on the
12:59current version
13:0124 made.
13:03Functions
13:03everything exactly the same.
13:05You just take
13:05simply the latest,
13:06what's in LTS,
13:08when you start.
13:10Exactly.
13:10And our
13:10Approach is,
13:12as little as possible in the OS
13:13to install directly,
13:14rather
13:15everything possible,
13:16what's going on applications
13:18via Docker containers
13:19to install.
13:21What are the advantages of Docker
13:22We will hear soon
13:23even more precisely for now,
13:24if that doesn't mean anything to you,
13:25we are orienting ourselves
13:26to beginners,
13:27then you can,
13:28I don't know,
13:28whether you like these noodle pictures
13:29you can see down there,
13:30but on the left one has
13:31Spaghetti in the fridge
13:32thrown,
13:32without anything.
13:34On the right is the
13:34containerized,
13:35so we have louder
13:36individual types of pasta,
13:37in containers
13:39are separated from each other.
13:40This is what we want
13:41with our applications
13:42also have.
13:42Because you can
13:43then just
13:43take out a container,
13:44by another
13:45substitute,
13:46without all others
13:46to impair.
13:47Exactly.
13:50So, now we come
13:50into doing.
13:53We must first
13:54our operating system
13:55put on.
13:57If you are from Windows
13:59comes, so still
14:00don’t have Linux at home,
14:01then it works on
14:02easiest way is to
14:03a Rufus is used.
14:05This is a program
14:06with which one
14:06Live USB sticks
14:08can create,
14:09for example
14:10an Ubuntu setup USB stick.
14:12If you are not from Windows
14:13comes from Linux,
14:14then you already know,
14:15how to install Linux,
14:15then you need this
14:16not interested.
14:19Then we put the
14:20in our laptop
14:21or in our machine,
14:22which we now
14:23want to set up
14:23and usually have to,
14:25if the one
14:26existing machine,
14:27change the boot order,
14:28so that the
14:29this boot stick.
14:31This is sometimes
14:31not so easy
14:32to find out
14:32how to do that.
14:33As a rule, it is
14:34either Escape,
14:35F2, F10 or F12,
14:37to get into the BIOS.
14:39You have to find out,
14:41in case of doubt
14:41spam everything,
14:42while it boots.
14:43At some point you will find
14:44that's true.
14:44Then you switch
14:45up, please
14:45Boats not from the
14:47HDD, but
14:47Boats from the
14:48USB stick.
14:50And then you have
14:50the most difficult
14:51actually already
14:51done.
14:52So the Ubuntu installer
14:55is actually very,
14:56very self-explanatory.
14:57So what we still
14:58would recommend
14:58is right at the beginning,
14:59before you install,
15:00plug in a LAN cable
15:01and not on
15:02WiFi to hope,
15:03because on the one hand
15:03saves you the
15:04one step,
15:04you don't have to
15:05Set up WiFi.
15:06And secondly
15:07it is also simply
15:07a more stable setup,
15:08such a server
15:08you want to have on the LAN.
15:11Exactly, here
15:11We still have the screenshot
15:12the right thing
15:13Select keyboard
15:14cleaned up.
15:15So just like
15:15Example of how easy
15:16one of these
15:17Installer does that.
15:18So there, you have to
15:19real keyboard not at all
15:20select, but he
15:21just ask someone
15:22after, press
15:24one of the following
15:25Keys and then he recognizes
15:25that in two, three
15:26steps yourself.
15:27So it really is
15:28not so difficult.
15:31Exactly, during the
15:32Installation can also be
15:32a checkbox somewhere
15:33set, relatively at the end,
15:34that you can SSH
15:35want to have.
15:37So that’s for
15:38Remote access to these
15:39Machine.
15:40That is what you want in the
15:40have a rule.
15:41So you can
15:41decide now whether you
15:42continue with your keyboard
15:44on this machine
15:45want to work.
15:45It is legitimate, you can
15:46also do.
15:48But if you
15:49your admin machine
15:50want to work, then
15:51you install here
15:52SSH with and
15:54after this
15:55Ubuntu installation step
15:56the box in the corner
15:57and only works
15:58from your normal
15:59Computer from which you
15:59otherwise also works
16:00and connect
16:01there.
16:02And if you do that,
16:03then you set up
16:03best always public key
16:04Authentication and
16:06not password
16:06Authentication.
16:08That would now
16:08for the talk but also
16:09one step too far
16:10go.
16:10Exactly, then we would
16:12come to Docker now.
16:13Running in Docker
16:14yes our applications.
16:16Docker is a
16:17Virtualization solution.
16:18It is something like this
16:19similar to
16:20virtual machines.
16:21With virtual
16:22Machines are like this,
16:23I'll take a look at myself
16:24here, yes, that I
16:25normal in my
16:26virtual machine
16:27I then have another
16:28Guest operating system and
16:29then I have my
16:29Applications and all
16:31Libraries and binaries,
16:32the my application
16:33so needs.
16:34And that means if I
16:35have multiple VMs, have
16:36I then also several
16:37these guest operating systems.
16:38and in such
16:39Container engines like Docker
16:41it is now the case that the
16:42Container engine itself
16:45Operating system functions and
16:46Syscalls the individual
16:48containers.
16:50What does it mean that a single
16:52Container only the applications and
16:53only has the libraries for it and the
16:55Configuration maybe.
16:57And this has the advantage that
16:59which makes everything much smaller.
17:01So I need per container
17:02significantly less disk, less RAM.
17:04The startup is faster because
17:06Over here I have to go with
17:08the guest operating system, which must
17:09yes also boot up if I
17:11If you want to boot up, you only have to
17:12Start the application.
17:14And patching and installing
17:15of the whole is also clear
17:16easier.
17:17That's why we use Docker for this.
17:21Exactly, to Docker itself.
17:23So we basically have scripts in
17:25Repo on how to install it.
17:26There are also instructions online.
17:28It's not all that complicated.
17:31It looks like this.
17:32There are a few commands in the
17:33Command line.
17:34I won’t go too deep now because
17:35we don't have that much time.
17:37But in fact you have to
17:39basically just throw it into the bash
17:40and then it installs Docker.
17:42Then there will be another one
17:44Test for a Hello World container.
17:45So here this
17:45SudoDockerRunHelloWorld.
17:47What he does is he invites you
17:48Download the test container and run it.
17:51And this is a very good end-to-end test,
17:53because then I have the
17:53Tried downloading.
17:54I tried that Docker also
17:55can boot up a container and I
17:57then you know that the installation
17:58worked quite well.
18:01Exactly, then, so Docker we have
18:03now yes to, as a runtime environment,
18:06all our applications run there
18:07and now we have Jenkins.
18:09Jenkins is a CICD tool, which means
18:11is called Continuous Integration,
18:12Continuous Delivery.
18:15What we want to use this for is
18:16de facto that the Jenkins is simply for
18:18regularly carries out jobs for us.
18:19So you can set it, does it
18:21once a week, so it is
18:24Automation of our operations,
18:25Partly, it is a bit more stylish than the
18:28for example in a cron,
18:30simply because I have a nice GUI
18:32and also have logs centrally.
18:34And our goal here is to
18:35boring but important things from
18:37to do it yourself.
18:38So of course this includes
18:40Patching, but also the backup,
18:43both on-site backup and
18:44maybe later some off-site backup
18:45somewhere.
18:47This also includes, there is such a Cron-PAP
18:48at Nextcloud, you have to
18:49start regularly.
18:50Jenkins does all of this
18:53and he reports you here in this
18:55nice GUI too, sunny here
18:57means that the last jobs have all
18:58works, cloud means something
19:00went wrong.
19:01So you can take a look around.
19:04Exactly, we now have Jenkins
19:06natively installed, you would also have
19:08can run in the container.
19:09Then we need a little more
19:11Config steps, that's why we
19:12now decided to do this natively,
19:14that it is easier for you to do it yourself
19:15to implement.
19:16Can be done easily in the shell
19:18and then you have to do an initial setup
19:20simply click through with plugins,
19:21you can simply use the defaults,
19:22is okay for now.
19:24Is there also such a Hello World pipeline,
19:25that you can also test Jenkins.
19:28Exactly, at that point, so I show
19:31Jenkins will also briefly live again later,
19:33at this point again a short
19:35Insert, how is it now
19:36our security architecture.
19:39So our basic plan is,
19:41that we have the Internet up here,
19:43here, and via the Internet we want
19:46just that our website comes in.
19:48So we saw the Nextcloud earlier,
19:50this is 38c3.fun.
19:52That is, this is the only access
19:54where I come in from the network, from the Internet.
19:58This goes to the router.
19:59The router then has port forwarding
20:01to our server.
20:02And on the server we have
20:03on port 443, because it is HTTPS,
20:05the Nginx Proxy Manager is running.
20:08This takes care of the SSL termination.
20:11This means that it is unencrypted
20:13only on the server.
20:13So this part is
20:14on the same machine.
20:17And from here on it goes,
20:19which then forwards it to the Nextcloud
20:20and it runs on port 8092.
20:23And all the other things,
20:24that are still running on the server,
20:25like Jenkins or Nginx,
20:27the configuration GUI,
20:30this is all just here from the intranet,
20:32I would say, accessible from the home network.
20:34The Internet really only comes
20:36to our Nextcloud.
20:39Exactly.
20:40Now to the Nextcloud itself.
20:42What does that look like?
20:44So the Nextcloud has two Docker containers,
20:46the first, so two containers.
20:48The first is the app container.
20:49This is an Apache web server
20:50with a PHP backend.
20:52So this is basically
20:52the source code of Nextcloud.
20:55And Nextcloud still needs
20:56a database.
20:58For very, very small installations
20:59they say SQLite also works,
21:01but they never actually recommend that.
21:02That is why we take
21:03Postgres container.
21:05And that's where the app meter data is.
21:06And with that you can
21:07from two or three users
21:09you should just use a Postgres database.
21:10That's why we put it into a setup.
21:13Nextcloud itself has a plug-in architecture.
21:15This means that the plugins must
21:17receive updates separately.
21:19Jenkins can also do this
21:20do everything automatically.
21:22And then there are several volumes.
21:24So with Docker there are volumes.
21:25Volumes are in principle
21:26such small file containers,
21:28that you set up.
21:29Then we have a
21:30for these photos and so,
21:31one for the logs
21:32and one for the important config files.
21:36Exactly.
21:38And we start this via
21:39It's called a Docker Compose file.
21:43A Docker Compose file,
21:44that is Configuration as Code,
21:46that's called.
21:47Or Infrastructure as Code, sorry.
21:49The idea is,
21:50that I have a file
21:51We see them here on the left,
21:52right in the cutout.
21:54And this file describes,
21:56how these containers are started up.
21:58So the container is called
22:01he pulls the image.
22:02So the image is,
22:02he prefers Nextcloud
22:03and always the latest,
22:04what he finds.
22:05So always the latest version.
22:07He has an addiction,
22:08that the database must first be at the top.
22:10It is hosted on this and that port.
22:13It has these file containers
22:15and is linked to these networks.
22:17And then I can still
22:17Enter final variables for example
22:20and pump in passwords through it.
22:21So the idea of this file is,
22:24that I have in the file,
22:25how the thing is hosted.
22:28Therefore, it is best
22:29if you do this,
22:30create your own repo,
22:31because if you use our Docker-Compose
22:33from the public repo
22:34and we will change them at some point,
22:36then we could
22:36smuggle in a Bitcoin miner.
22:39You don't want that.
22:41Exactly, and Jenkins then takes this file
22:42and simply perform them regularly
22:44and because it says Latest here,
22:46then always pulls the latest containers.
22:49Exactly, now short demo session,
22:51to show this in Jenkins,
22:53what that looks like.
22:56So this is Jenkins for now.
22:57So I can simply click on several jobs.
23:01I have one here...
23:01Can you still zoom?
23:02Oh yes, sorry.
23:04A small screen.
23:05Right, exactly.
23:07So this is Jenkins now.
23:08I don't want to show too much.
23:09We don't have much time left.
23:12In principle, I can always create new jobs here.
23:14For example, I now have a job here
23:15for the Cron PHP updates.
23:17I have a job here for Patch Next Cloud.
23:19I have here,
23:20you can see these pretty icons.
23:21So here one failed,
23:22one was running.
23:23Sun here, everything is fluffy.
23:24Can I look at the job now?
23:28When I configure it,
23:30then there is a Jenkins-specific language here.
23:35So there is here,
23:36that is this pipeline definition.
23:39You can also find the templates for these pipelines in the repo.
23:42So you just have to copy and paste.
23:43And that's basically how it works.
23:46I tell him here,
23:47Please go to the one agent you have.
23:49So on our server.
23:51And then please just do this.
23:53And what I am doing here is
23:55I go to the directory with the Docker Compose file.
24:00I tell him,
24:00Please pull the latest containers.
24:03But I have the latest version in the file.
24:04And when he is finished,
24:07to pull,
24:08then I tell him,
24:08then please shut everything down now
24:10and restart it
24:12with the latest containers.
24:13And then the patching is done.
24:16And I can simply say here with Jenkins,
24:19build this on a time-controlled basis.
24:22Then I can write here,
24:25so what do I know,
24:26every five minutes, for example.
24:27That would be
24:29Excuse me,
24:30so.
24:32One is missing.
24:33So this is basically Cron syntax,
24:38but I have this nice GUI around it,
24:39where I can set all of this.
24:44And I already did a test job here before,
24:48because downloading the containers
24:49took a few minutes.
24:51But in principle it looks like this,
24:53So the chic thing is,
24:54Jenkins also centrally collects all logs
24:56of all build jobs
24:57and I can look at them here.
24:59And you can see here in principle,
25:01what he does.
25:01So I see here,
25:02Okay, he wants to pull the containers first.
25:04That means,
25:05I have the download message below.
25:07Can you see that?
25:08Yes.
25:10Exactly,
25:10He has to download everything first.
25:13Takes a while.
25:15And then he starts here,
25:16to unpack them.
25:19And then I scroll a bit.
25:20Exactly,
25:21That's pretty much finished with unpacking now.
25:22And in the end I see here,
25:29OK,
25:29he pulled the newest containers.
25:31Then he basically drives the old containers down
25:34and then brings the new ones back up here.
25:37You can see that here.
25:37The whole thing lasted about three or four minutes
25:41and three or four minutes of that were
25:43downloading the containers
25:45via my slow mobile hotspot.
25:47Shutting down and raising the containers
25:50are only a few seconds,
25:52because I do not have the operating system itself
25:54has to go up and down,
25:55but really only the application.
25:57And Jenkins in this case is a Java application.
26:00That's a few seconds,
26:01what the,
26:01or 20 seconds,
26:02what the startup has.
26:03And then he tells me here too,
26:05everything went great.
26:07Exactly.
26:09OK.
26:14Exactly.
26:16If you,
26:18once you have started the Nextcloud container,
26:21then you will be greeted here first,
26:23you can't see that at all now,
26:24so with such a nice login page,
26:27where we learned earlier,
26:28that we don't want them,
26:29but we have,
26:30where you can create an administrator container
26:33must create.
26:34That means,
26:34it is not yet fully configured,
26:37the Nextcloud,
26:38but I have to take the first step
26:39create an admin.
26:41For this I have to
26:41choose a username and password.
26:43Probably even less noticeable down here.
26:45Under the two fields
26:45can still be unfolded,
26:47Storage and database.
26:48You just have to change the connection settings
26:50to the second container,
26:52which we already mentioned directly
26:53have installed.
26:55And that was it.
26:56Then click on Install
26:57and then the rest installs itself.
26:59There is one more thing to do,
27:03so at least in the order,
27:04in which we have now documented this here.
27:06Namely, you have to tell him once,
27:08Nextcloud checks,
27:09when someone registers,
27:11which domain is he coming from right now.
27:13And in the order,
27:15in which we recommend this,
27:16is just,
27:17we still have at this point,
27:19where we create the admin account
27:21and are basically finished with the installation,
27:23no internet availability yet
27:25from Nextcloud.
27:26That means,
27:27We are still on our local network.
27:30But if I do it later
27:31from an external domain,
27:33We'll come to that in a moment,
27:34how we get a domain,
27:36then I have to do this once
27:38in such an internal config file
27:41in the Nextcloud.
27:43This is the config PHP.
27:45That's a bit ugly,
27:46but in our experience
27:48you have to get to it at some point anyway,
27:49if you run a Nextcloud like this.
27:50That’s why we have documented you in Rego,
27:52how to do this with a one-liner
27:54basically in a Docker container
27:56comes in there,
27:58makes his changes,
27:58how it comes out.
27:59So that is then,
28:00if you know how to do it,
28:00it is not that difficult,
28:02like a one-liner.
28:04Exactly.
28:06Then Dyn-DNS.
28:07So we are now moving towards
28:09We want to make our Nextcloud available to the outside world.
28:13I just saw DNS,
28:14I don't have to explain to you,
28:15because there is a DNS lecture right after,
28:17so just sit there.
28:18What you need to know
28:21is that in the Internet server
28:24are always addressed primarily via IPs.
28:28But we don’t want to remember IPs,
28:30but we want to use domains,
28:31such as 38c3-Fun,
28:33access services.
28:35And our public IPs
28:37from our home user Internet connections
28:40but are not static,
28:43you can also click,
28:43but is expensive and difficult,
28:45but they change from time to time.
28:46And to connect that,
28:48so a nice domain
28:50and our changing IP,
28:53there is Dyn-DNS,
28:54Dynamic DNS providers,
28:56that automate this for us,
28:58where we basically register
29:00and say,
29:01this is our domain
29:02and we will always keep you informed,
29:06when we get a new IP
29:07and then it is always accessible.
29:11Exactly, come back now
29:12a few screenshots,
29:14how to do that.
29:15So exactly, of course we have here again,
29:16you probably can't tell at all.
29:20So we have documented an example,
29:22As mentioned, there are many different providers
29:24for Dynamic DNS,
29:25This is nothing unusual anymore.
29:28Our recommender,
29:29or where we have the most experience with,
29:31is inwx.de,
29:32who are based in Berlin,
29:33also have their data centers there.
29:35There we have our domains
29:37actually always clicked until now
29:38and they also offer
29:40thin DNA with
29:41and here you can see
29:44the first screenshot,
29:45how to buy a domain there,
29:47relatively simple,
29:48so even more 38c3.fun
29:50would still be free, for example.
29:53And if you have a new
29:54want to have a thin DNS account,
29:55then you just have to
29:56essentially there online
29:58simply new username,
29:59think of a new password
30:00and specify the domain,
30:01that you just bought
30:02and then at home
30:05set up in your router.
30:07So this is another example,
30:10if you have a Fritzbox at home,
30:12it already has that built in.
30:14Many other routers have this too,
30:15that one just says,
30:16I would like to use thin DNS please
30:18and then you say,
30:19which provider you are with
30:20and the router at home
30:22is always the first to notice this,
30:24if you have a new IP.
30:25It then reports this to the DNS,
30:27that the IP has changed
30:29to the domain,
30:30so that everyone can continue seamlessly
30:31are connected to you,
30:32even if you have a dynamic IP
30:34at home.
30:36Exactly, that’s all in brief.
30:40Yes, exactly, now we have
30:42a domain set up.
30:43We basically have Nextcloud running.
30:47Of course we now want
30:48the service via HTTPS,
30:50i.e. via encrypted traffic
30:52release to the outside.
30:55We have this in our setup
30:57long time with a
30:59manually installed Nginx
31:00Reverse Proxy
31:02had going on
31:04and CertBot from
31:05Let's Encrypt,
31:06it all works,
31:07everything is not like that
31:08difficult,
31:09you can do everything,
31:10but then discovered at some point,
31:11discovered for us,
31:12the Nginx Proxy Manager,
31:13who does all this
31:14another level
31:15makes it easier.
31:16The Nginx Proxy Manager,
31:18that's just
31:19there is all that,
31:20what I just described,
31:22packed inside.
31:23But he simply offers us
31:24a graphical interface,
31:25which you can use with the browser
31:26can control
31:27and where you
31:28in very simple steps
31:29can make the setting.
31:32For example, you can
31:32also take
31:33and the configs,
31:34that tumble out at the end,
31:35also in the normal Nginx
31:36maintain,
31:37if you feel like it,
31:37but then you have
31:38a template.
31:39But that also works
31:41actually quite good,
31:41that as a complete solution
31:43gain weight.
31:47Right, exactly.
31:48So that’s where we want to go,
31:49so we have outside
31:49the internet cloud,
31:50there is Let's Encrypt,
31:56Our router is in between.
31:57We only want 443,
31:59so only encrypted
31:59Allow SSL traffic to us.
32:02It should only be with us
32:03right up to the Nginx Proxy Manager
32:05come,
32:05decrypt the traffic
32:08and then pass it on
32:09to a host,
32:10which is the actual service
32:11provides,
32:11in our case Nextcloud.
32:12But you can also
32:1330 additional services
32:15still offer.
32:16You can do all this
32:17in the Nginx Proxy Manager
32:18set up next to each other.
32:20Exactly, we have that here,
32:24Andi has already
32:25Docker Compose shown
32:28or implied.
32:29So we have a big
32:29Docker Compose made,
32:31where the Nextcloud stuff
32:31are inside.
32:32There is the third app
32:34also the Nginx Proxy Manager
32:36included.
32:36So if you use Docker Compose
32:37agrees,
32:38it's already running
32:39and can be found on the intranet,
32:41i.e. in your normal network
32:42via port 81
32:44be surfed.
32:45What does that look like then?
32:46Yes, you have to
32:51introduce a little bit.
32:52So an SSL certificate
32:54to create anew,
32:55is just very simple.
32:57So you can see
32:58on the left
32:58a box,
33:00where you
33:01his domain,
33:03provides an email address
33:06and the Terms of Service
33:08agrees with Let's Encrypt
33:09and press Save
33:12and then everything else happens
33:13in the background.
33:14So it will then
33:15an SSL request
33:18to Let's Encrypt,
33:21they create a new,
33:22they do this whole
33:22Handshaking and testing,
33:24that you can also be reached there
33:26and issue you a certificate
33:27and you get it back too.
33:29And then you set it up,
33:32complete.
33:33And now you have to
33:34this forwarding,
33:34which we just discussed,
33:36set up on your
33:37Nextcloud server.
33:38That is then
33:39a second screen.
33:41You can see here,
33:43you just give
33:44the port,
33:45on which Nextcloud runs
33:46and in the second step,
33:48with which certificate
33:49I would like to
33:51authenticate on the Internet.
33:53And that’s what you say,
33:55what you are doing
33:55in the first step
33:56created here
33:56and done.
33:58So you don't have to do anything more.
34:00Then we're done.
34:04Exactly.
34:04We are on the Internet.
34:06Exactly.
34:06This would mean
34:07you have now done virtually everything,
34:09what you should do,
34:09to have an internet-enabled Nextcloud.
34:12We now have
34:13a brief overview
34:13about next steps,
34:14what else would be interesting.
34:15Due to time,
34:17the most important next step
34:17for you,
34:19functioning backups.
34:20And a backup is just a backup,
34:21even if it is tested,
34:22otherwise it is not a backup.
34:24And the other next step would be
34:25looks into the repo,
34:26because we don't have much time left.
34:27Exactly.
34:27Yes,
34:29Thank you.
34:30Good, thank you very much.
34:31Here is our repo.
34:36We now actually have
34:36but still
34:37ten minutes time,
34:39to ask questions.
34:43Please hold your hand up
34:44and then we'll come to you.
34:46That was too fast.
34:56Not allowed.
34:57A little bit more.
34:59Yes,
35:00Thank you very much for your talk.
35:01I have a question about backup,
35:03or even a little
35:04the impulse to say,
35:05that this is the possibility,
35:07between these islands,
35:08autonomous self-hosting,
35:11also relationships
35:14to other projects.
35:16That is why I ask very specifically,
35:17how to do this with your backup.
35:19Is that then again
35:20practically in your hand?
35:23And the second
35:24dissolves a little
35:25about it.
35:28The idea of decentralization
35:30and dependencies
35:31to commercial providers
35:32to question,
35:33I think it's really important and great.
35:36Ultimately, it often ends up
35:38to that,
35:40that even if there are such impulses
35:42with this talk,
35:43to spread knowledge,
35:44ultimately to two
35:46or at least
35:47so one
35:48cis-male admins are,
35:50who then take care of all the stuff
35:51are responsible
35:52and of course there is
35:54exactly the impulse needed
35:57to question dependencies.
35:59Hence the question
36:00specifically for your project,
36:03how about that,
36:05exactly what happens,
36:06when something happens to a person
36:07or she is no longer responsive.
36:08how do you manage
36:12Dependencies
36:13to question carefully
36:15or exactly
36:16and the invitation
36:18maybe also to all
36:19Flinters.
36:21On day 3
36:23there is
36:23a meetup
36:25for feminist servers
36:26and I notice myself,
36:28So I'm busy with that now
36:29for a while now,
36:31simply puts a lot
36:32technical knowledge required,
36:33which can be daunting at first
36:34and feminist servers
36:36are such moments,
36:39where the whole thing collectively
36:41a little less dangerous
36:42and
36:43Yes,
36:44is more approachable.
36:45Therefore day 3
36:47at 2 o'clock
36:48looks
36:48into the plan
36:49chaos
36:50feminist servers
36:51You are cordially invited.
36:54Yes,
36:55OK,
36:56the second was perhaps
36:57more like a statement,
36:59so
36:59Yes,
37:00goes there,
37:00very good.
37:01Then the question about the backup,
37:03So you had two questions
37:04actually set up as backup,
37:05one was like this
37:06the technical,
37:07actual backup
37:08and the second was so
37:09a personal backup,
37:11So if someone
37:11of the
37:12Admin people
37:14what happens.
37:15So
37:15to the first
37:16Yes,
37:17there is of course
37:18different possibilities,
37:19So we have for example
37:20two different options
37:23already in use
37:24for
37:24for our server,
37:26that we have running.
37:27One is
37:28for
37:30so
37:30when we still had two hard drives,
37:33we simply
37:33a nightly backup
37:35from one hard drive
37:35on the other.
37:37That helps,
37:37if one hard drive dies,
37:39but does not help,
37:39if your apartment burns down.
37:42That is why we now have
37:43meanwhile also
37:45with
37:45Friends of ours
37:47just keep it simple
37:48a VPN connection
37:49built,
37:50that will work again
37:50with Fritzbox
37:51relatively easy
37:52in the meantime,
37:53but of course there are
37:53a thousand other possibilities.
37:55So we have
37:55a VPN connection
37:57to their network,
37:58we then have
37:59a server running
38:00and we join in
38:00Borg backup
38:01an encrypted,
38:02detuplicated
38:03Backup once a night
38:04about it.
38:05So
38:06doesn't help now either
38:07against all
38:07attack scenarios,
38:09but
38:09Yes,
38:10at least there can
38:11burn down the apartment
38:12and the data
38:12will still be there.
38:12Yes,
38:15personnel
38:16Backup,
38:18so what happens
38:19if any of us
38:20what is due?
38:21Yes,
38:21good question.
38:22So you just have to,
38:23our entire setup
38:24is also again
38:25in repos
38:27documented,
38:28so it can be
38:29everything relatively good
38:30restore.
38:31The question is,
38:32if we now
38:33both die,
38:34how does someone
38:34your turn?
38:35Have I honestly
38:36spontaneously no answer to this,
38:38but should you
38:38maybe thoughts
38:39over it.
38:39But in most
38:40Companies is the bus factor
38:41yes one,
38:42so there must be one
38:42run in front of the bus
38:43and that's it with the
38:43Project and we have
38:44at least two,
38:45so I think
38:45we are quite good
38:46set up.
38:47And maybe
38:48to Borg Backup,
38:49so just very briefly,
38:50I think we have
38:51two, three terabytes
38:52Payload,
38:53but our backup
38:54is now
38:5590 terabytes
38:56duplicated,
38:58because Borg Backup
38:59is relatively cool,
39:00you can basically
39:00Take snapshots
39:01and stores
39:02really always only
39:02the difference.
39:03That means,
39:04you save a lot,
39:04a lot of space,
39:05so I can
39:05Borg Backup
39:06highly recommend.
39:06OK,
39:08further questions?
39:12And keep it short.
39:18Once on the topic
39:19personal backup,
39:20you can also simply
39:20the SSH key
39:21share with each other
39:23in paper form,
39:24in the sense of,
39:25if something happens to me,
39:26then you can
39:26Open the envelope,
39:28that's how I do it
39:28with a friend too.
39:30And a question
39:31to your repo,
39:32can this be done on
39:32a Synology NAS
39:34for example
39:34as hardware
39:36get it running?
39:38Such a question.
39:41So we have
39:41no Synology NAS
39:42in use,
39:43a friend of ours
39:43has a
39:44and most
39:45can
39:45Docker container
39:47run.
39:47But I don’t know
39:48whether they
39:48Docker Compose
39:49cope.
39:50And at least
39:51the Jenkins
39:52you would have to
39:53start as container
39:54and you would have to
39:55manage it,
39:55that the Jenkins
39:56virtually the
39:58Synology NAS
39:58can say things,
39:59because he has to
40:00the containers
40:01exchange.
40:02There was probably
40:04So if it has an API,
40:05it should work.
40:07You just did it
40:08mentioned himself,
40:08also that you use VPN.
40:10Why use
40:11you not
40:12mainly VPN
40:13instead of port forwarding?
40:17Yes,
40:18also VPN
40:18would in principle
40:20is yes
40:21a clear
40:22Step safer,
40:23but is also
40:24more complicated.
40:25So we have for example
40:25the use case,
40:27when my mother
40:28me any
40:29want to send a large file,
40:30then nowadays it is
40:31still quite difficult.
40:32If you say to yourself,
40:33send it to me via Dropbox,
40:34then they turn
40:36first create an account
40:36and so I can say,
40:37click here
40:38in the Nextcloud
40:38and simply upload
40:39and then she doesn’t have to
40:41First install VPN.
40:43So for everyone
40:44Config stuff
40:45we only use VPN,
40:46so everyone,
40:47I say,
40:48Admin ports
40:49are only behind VPN,
40:51but if you do it in
40:51Inselnet you have,
40:52it is already
40:52very, very comfortable.
40:53And for example
40:54all the Nextcloud clients
40:56and so,
40:57then you would always have to
40:58Have VPN running.
40:59A short addition,
41:02So we have for example
41:03in our own use case,
41:05where we have this at home
41:06have set up,
41:07we have two
41:07parallel Nextclouds.
41:08One for such public matters
41:09and one,
41:10that is not connected to the Internet,
41:11there is simply missing
41:12this whole part
41:12with port forwarding
41:14and the domain
41:14outwards.
41:16Yes,
41:17of course you come
41:18only with VPN then.
41:19So you can also
41:20without any problems
41:21various Nextclouds
41:22running side by side,
41:23so depending.
41:24So that was just
41:25a concrete
41:26User story
41:27for the use case.
41:28I want to help other people
41:29offer a service
41:30and I don't know
41:31so my grandmother-neighbor
41:33I can just
41:34not explain,
41:35that you first
41:35you have to install a VPN,
41:37to access the service
41:37to get it.
41:39OK,
41:40last question.
41:42Yes,
41:43I wanted to ask
41:44due to expansion
41:45of hard drives.
41:46What do you think about RAID?
41:47Practical,
41:47not practical,
41:48beginner-friendly?
41:51Yes,
41:52so we,
41:53what is the last
41:53Expansion stage?
41:54We have a RAID,
41:55or?
41:55We use ZFS.
41:56RAID 5.
41:58Exactly,
41:58so we have
41:59in the meantime,
42:01what's it called
42:02with ZFS?
42:03Z-RAID or something?
42:05So yes,
42:06do we have.
42:07You can do that.
42:08But RAID
42:09is not a backup,
42:09People.
42:09Yes.
42:14No,
42:14no,
42:15the RAID tile
42:15we do not have
42:15documented with.
42:16No,
42:16no,
42:16no.
42:17So we,
42:17we want this here
42:18make it as low-level as possible,
42:20yes, maybe again
42:20on the request to speak
42:21from before,
42:22So don’t worry,
42:23just to start with,
42:24that is really,
42:25every step is documented,
42:26but of course this means
42:27such more complex considerations
42:28not included now,
42:29right?
42:29So,
42:30so that's easy,
42:31you have a hard drive
42:32in your notebook,
42:34you install an Ubuntu
42:35and you work with it,
42:36so a RAID
42:37is not in there.
42:37And when you start,
42:38don't start with ZFS.
42:39Exactly.
42:40And we will
42:40asked very clearly,
42:41to disappear now,
42:42so we are equal
42:43up there at the bar,
42:46We look forward to entertainment.
42:48Thank you very much
42:49and yes,
42:51just hit the front.
Empfohlen
38:02
|
Als nächstes auf Sendung
24:13
28:16
28:07
12:34
2:03
6:55
12:39
38:51
10:30
0:31
28:37
3:54
6:27