Nextcloud¶
Purpose¶
This system serves a Nextcloud instance.
Application Links¶
- CAcert Nextcloud
Administration¶
System Administration¶
Primary: Sascha Ternes
Secondary: Jan Dittberner
Application Administration¶
Application |
Administrator(s) |
---|---|
nextcloud |
Contact¶
Additional People¶
No additional people have sudo access on that machine.
Basics¶
Physical Location¶
This system is located in an LXC container on physical machine Infra03.
Logical Location¶
- IP Internet:
- IP Intranet:
- IP Internal:
- IPv6:
- MAC address:
00:ff:8f:af:3d:18
(eth0)
See also
See Network
Monitoring¶
- internal checks:
- external checks:
DNS¶
Name |
Type |
Content |
---|---|---|
nextcloud.cacert.org. |
IN A |
213.154.225.249 |
nextcloud.cacert.org. |
IN AAAA |
2001:7b8:616:162:3::12 |
nextcloud.infra.cacert.org. |
IN A |
10.0.3.12 |
nextcloud.infra.cacert.org. |
IN AAAA |
2001:7b8:616:162:3::12 |
nextcloud.cacert.org. |
IN SSHFP |
1 1 5F7F6B6FBB86C469CA52B4705BB034AAE6EA0DC9 |
nextcloud.cacert.org |
IN SSHFP |
1 2 14B734AE965BF216749019B727084D70952DBBC83BD93D049F6567BD571E09B2 |
nextcloud.cacert.org. |
IN SSHFP |
3 1 ABD6257BFC4E47909E4D41B06914A196B8B2B4F1 |
nextcloud.cacert.org. |
IN SSHFP |
3 2 C6F857E69CF509443FF011505B3A774BFA3A149926A7818CD37167C211BEC55B |
nextcloud.cacert.org. |
IN SSHFP |
4 1 DC1C48FD2E62A98672EA70126B2209D604CBC758 |
nextcloud.cacert.org. |
IN SSHFP |
4 2 5563549548D8BE620AAB5B609F2B48A15BE0D80986F79E3A5B28C1F4A974617B |
See also
Operating System¶
Debian GNU/Linux 11 Bullseye
Services¶
Listening services¶
Port |
Service |
Origin |
Purpose |
---|---|---|---|
22/tcp |
ssh |
ANY |
admin console access |
25/tcp |
smtp |
local |
mail delivery to local MTA |
80/tcp |
http |
ANY |
application |
443/tcp |
https |
ANY |
application |
5665/tcp |
icinga2 |
monitor |
remote monitoring service |
Running services¶
Service |
Usage |
Start mechanism |
---|---|---|
Apache httpd |
Webserver for Nextcloud |
systemd unit |
cron |
job scheduler |
systemd unit |
dbus-daemon |
System message bus |
systemd unit |
Exim |
SMTP server for local mail submission |
systemd unit |
icinga2 |
Icinga2 monitoring agent |
systemd unit |
openssh server |
ssh daemon for remote administration |
systemd unit |
PHP-FPM |
PHP for Nextcloud |
systemd unit |
Puppet agent |
configuration management agent |
systemd unit |
rsyslog |
syslog daemon |
systemd unit |
Connected Systems¶
Outbound network connections¶
Security¶
SSH host keys¶
Algorithm |
Fingerprints |
---|---|
RSA |
|
DSA |
- |
ECDSA |
|
ED25519 |
|
See also
Non-distribution packages and modifications¶
Nextcloud has been installed from the Upstream installation archives in
/var/www/nextcloud
and is actively maintained by Sascha Ternes.
Risk assessments on critical packages¶
Apache httpd and PHP-FPM are installed from Debian distribution packages and are security supported.
The Puppet agent package and a few dependencies are installed from the official Puppet APT repository because the versions in Debian are too old to use modern Puppet features.
Critical Configuration items¶
Keys and X.509 certificates¶
Certificate for CN nextcloud.cacert.org, see details in the certificate list
certificate in file /etc/ssl/nextcloud.cacert.org.crt
private key in file /etc/ssl/nextcloud.cacert.org.key
Tasks¶
Adding nextcloud users¶
Nextcloud user administration is done by Sascha Ternes.
Changes¶
Planned¶
Todo
implement OpenID Connect authentication when the CAcert OIDC IDP has been setupIt is planned to add OpenID Connect
Additional documentation¶
See also