content:serverbasics
Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen der Seite angezeigt.
| Beide Seiten, vorherige ÜberarbeitungVorherige ÜberarbeitungNächste Überarbeitung | Vorherige Überarbeitung | ||
| content:serverbasics [2025/02/11 08:43] – [Which Usecase] obel1x | content:serverbasics [2026/04/10 10:18] (aktuell) – [Mountoptions] obel1x | ||
|---|---|---|---|
| Zeile 1: | Zeile 1: | ||
| ====== Linux: Advanced SoHo- Server Configuration ====== | ====== Linux: Advanced SoHo- Server Configuration ====== | ||
| + | |||
| + | ~~NOCACHE~~ | ||
| Welcome to my **Advanced Server Setup- Documentation**. | Welcome to my **Advanced Server Setup- Documentation**. | ||
| In these chapters, i will explain how to setup and configure a full featured Active Domain- Network with Kerberos Single-Sign-On and Domain Integration of Linux Clients on a rootless containerized Docker- Installation including Nextcloud as personal Cloud to store all your Data and PIM locally and safe. That way you get a fully managed, Cloud enabled Homeoffice Network at low costs and much space for your personal data on your own pc. | In these chapters, i will explain how to setup and configure a full featured Active Domain- Network with Kerberos Single-Sign-On and Domain Integration of Linux Clients on a rootless containerized Docker- Installation including Nextcloud as personal Cloud to store all your Data and PIM locally and safe. That way you get a fully managed, Cloud enabled Homeoffice Network at low costs and much space for your personal data on your own pc. | ||
| - | |||
| ===== Current State ===== | ===== Current State ===== | ||
| Zeile 24: | Zeile 25: | ||
| * A Server, that has relyable, quite fast internet in Download and Upload rates - while Upload may be more Importen | * A Server, that has relyable, quite fast internet in Download and Upload rates - while Upload may be more Importen | ||
| * The Server should be reachable all the time | * The Server should be reachable all the time | ||
| - | |||
| ===== How to Start ===== | ===== How to Start ===== | ||
| Zeile 30: | Zeile 30: | ||
| First, read this Page, get the Hardware and install the system. You should understand the Hardwaresetup and the installation of Linux and Raid- Systems first (as decribend beneath). | First, read this Page, get the Hardware and install the system. You should understand the Hardwaresetup and the installation of Linux and Raid- Systems first (as decribend beneath). | ||
| - | Then, go on whith [[.: | + | Then, go on whith [[:content: |
| Next, setup docker as decribed in the Chapter. When you have portainer running, you can go like this: | Next, setup docker as decribed in the Chapter. When you have portainer running, you can go like this: | ||
| Zeile 39: | Zeile 39: | ||
| Then glue them together with SSO, SPNEGO and Nextcloud-SSO. Then you should have understood everything, you can now play around on your own. | Then glue them together with SSO, SPNEGO and Nextcloud-SSO. Then you should have understood everything, you can now play around on your own. | ||
| - | |||
| ===== Subpages ===== | ===== Subpages ===== | ||
| Zeile 98: | Zeile 97: | ||
| So I would suggest to use two disks both partioned with GPT and same sized efi-partitions (as said, at least 500 Megabytes in Size to store Bios or UCODE updates for Firmware Updater) and before creating the FAT32 filesystem do software raid on it. E.g.: | So I would suggest to use two disks both partioned with GPT and same sized efi-partitions (as said, at least 500 Megabytes in Size to store Bios or UCODE updates for Firmware Updater) and before creating the FAT32 filesystem do software raid on it. E.g.: | ||
| - | |||
| < | < | ||
| + | |||
| ~ # mdadm --create --verbose / | ~ # mdadm --create --verbose / | ||
| Zeile 216: | Zeile 215: | ||
| ==== LVM ==== | ==== LVM ==== | ||
| - | LVM is a powerful partition-management-layer and should always be used, when there is some none low-end hardware present. If you can use the **KDE Partitioning- Tool** | + | LVM is a powerful partition-management-layer and should always be used, when there is some none low-end hardware present. If you can use the **KDE Partitioning- Tool** (which means having Plasma=KDE Desktop compatible support), the support is very inuitive and opens a lot of flexibility whne handling partitions, like adding more disk space or moving partitions, but also on console this offers good functionality. OpenSuSE offer to create LVM- Styled system setup in installation optionally (not by default). If you can: use it. |
| === Mirror- Raided LVM- Volumes (RAID1) === | === Mirror- Raided LVM- Volumes (RAID1) === | ||
| Zeile 319: | Zeile 317: | ||
| </ | </ | ||
| + | |||
| + | === LVM Error Recovery === | ||
| + | |||
| + | In case on Harddrive is failing, the Array gets degraded. If you boot your system without that disk, it will not start due to inaktive volume groups. | ||
| + | |||
| + | To recover, do this: | ||
| + | |||
| + | 1. Get Volume Groups up, if degraded | ||
| + | |||
| + | vgchange -a y | ||
| + | |||
| + | 2. Add a new PV to the VG that is large enough to hold the Data | ||
| + | |||
| + | vgextend vgname /dev/sdX | ||
| + | |||
| + | 3. Repair the logical volume by searching for usable PVs automagically | ||
| + | |||
| + | lvconvert –repair vgname/ | ||
| + | |||
| + | This should rebuild your logical Volume | ||
| + | |||
| + | 4. After rebuild, remove the faild drive from the vg: | ||
| + | |||
| + | vgreduce –removemissing vgdata | ||
| + | |||
| + | Thats it, your System should become usable after that. | ||
| + | |||
| + | == Moving Data before Drive fails == | ||
| + | |||
| + | If you have the possibility to add a new PV before the array gets degraded, you can use the replace- method after adding the new pv to the VG: | ||
| + | |||
| + | lvconvert –replace /dev/sdX1 vgname/ | ||
| + | |||
| + | === More Info for LVMs === | ||
| + | |||
| + | https:// | ||
| + | |||
| ==== Filesystem ==== | ==== Filesystem ==== | ||
| Zeile 334: | Zeile 369: | ||
| While autodefrag should not be necessary on ssd- harddiscs. | While autodefrag should not be necessary on ssd- harddiscs. | ||
| - | For **Databases** | + | For **Databases** or files that need speed and __**are well backed up otherwise**__ |
| === Sources: === | === Sources: === | ||
| * [[https:// | * [[https:// | ||
| * [[https:// | * [[https:// | ||
| + | |||
| + | === Powermode settings === | ||
| + | |||
| + | Your Harddrives may have set a power level, that allows spindown. I personally would not let your harddrives spindown, because every start brings your harddrives mechanics nearer to death. In Fact there is not very much worse than spinning up and down every few minutes for a harddrive with physical discs. | ||
| + | |||
| + | To change that, create the following file: | ||
| + | < | ||
| + | |||
| + | pcserver2023:/ | ||
| + | ACTION==" | ||
| + | |||
| + | </ | ||
| + | |||
| + | That way, your harddrives will stay up all time. | ||
| + | |||
| ===== Quotas ===== | ===== Quotas ===== | ||
| Zeile 612: | Zeile 661: | ||
| And with FACLs there are powerful tools that should cover everything an administrator needs. | And with FACLs there are powerful tools that should cover everything an administrator needs. | ||
| + | |||
| + | ===== Firewall ===== | ||
| + | |||
| + | To check, which services are open, use: | ||
| + | |||
| + | PLEASE, Before opening the Ports, check the Services described at the Sub-Pages first to secure them! | ||
| + | |||
| + | < | ||
| + | servername: | ||
| + | 3478/tcp 3478/udp | ||
| + | servername: | ||
| + | 546/udp | ||
| + | 53/tcp 53/udp | ||
| + | 80/tcp | ||
| + | 443/tcp | ||
| + | 88/tcp 88/udp | ||
| + | 389/tcp | ||
| + | 636/tcp | ||
| + | 873/tcp 873/udp | ||
| + | 22/tcp | ||
| + | |||
| + | </ | ||
content/serverbasics.1739259798.txt.gz · Zuletzt geändert: von obel1x