Sarah's Catalog

Disclaimer: I am not an expert. The following information is based on my experience and understanding. Research was done beforehand to make sure I'm not getting things wrong.

Storage

  • Root and boot partions (SSD), and hard drive are automatically mounted using the fstab file.
  • Hard drive is mounted to a folder called miso in the mnt directory.
  • Hard drive allocates space for a swap file.

Permissions

  • (There's an image in the information section about permissions for reference)
  • I tend to avoid using permissions for group and others unless I have to.
  • For example, if I need permission to access the directory (execute).
  • Miso → 751
  • Docker → 750
  • Container Folders → 700
  • Docker Compose → 660
  • Caddyfile → 644
  • Media → 750

Layout

  • I think the best way of visualizing the core layout of the server is by using the apartment or hotel analogy.
  • Receptionist (Caddy) → Caddy listens for requests on port 80 and 443 from .home domains listed in the Caddyfile.
  • It knows where to send requests because of the container name and port listed with each .home domain (reverse proxy container_name:port).
  • (In Pi-hole, there's local DNS records for each of my .home domains pointing towards my network's local IP)
  • Elevator (srm_network) → My Docker network, srm_network, connects all of my containers together. Allowing them to communicate with each other.
  • Docker Containers (Apartment/Hotel Room) → All of my containers are self contained, they can only be contacted through their port number. Similar to a door. Otherwise, they operate separately from each other.

HTTPS

  • All of my domains use HTTPS instead of HTTP because Caddy internally signs each of my domains using its own private certificate authority (CA).
  • By default, the browser won't trust the certificate. So I have used root.crt to install config profiles on all of my main devices.

Docker Containers

  • Type of volume: named.
  • What does this mean? Docker manages my permissions, I must access my data by using docker exec commands. Even though it's stored in /var/lib/docker. Also, the volume is created when I first setup my container since it's defined in my docker compose file.
  • Docker containers are a huge security plus. But the biggest benefit for me is that it allows me to easily manage all of my services.
  • If I want to check logs, all I have to do is run this command: docker logs [container_name].
  • The configuration for the service are all within the docker compose file.
  • And updating is as simple as pulling a new image.
  • Also have directory called docker with folders for each containers in /mnt/miso where I edit my config files.

SteamCMD + Rust Server

  • (This feels kind of out of place since it's a video game server, but I'm going to focus on the server side of things. In the future, I think it would be cool to provide information on how to setup a Rust server for others though.)
  • For SteamCMD I followed the documentation: created a steam user and followed the instructions under 'manually'.
  • Everytime I want to work on the Rust server, I use sudo su - steam to login as the steam user.
  • This provides me with what feels like a server within my actual server, but it's just a user folder in the home directory that can only be accessed by that user.
  • Layout: /home/steam/rust.

Information + Terms

  • Fstab: a configuration file, located in /etc/fstab, which is used to automate the mounting of pesistent storage and swap space at boot.
  • Persistent storage: storage that is non-volatile, or able to retain it's data even there isn't any power.
  • Swap file: a file which acts as a placeholder for allocated space used by the RAM when it's at full capacity.