Document Scope
To describe rational, choices and purpose in technology choice in use at KzooMakers today. This document is originally authored by JonK, but may involve future author(s).
Technology | Rational/Background/Role to our organization | Why I selected this |
---|---|---|
PVE (Proxmox Virtual Environment) | Proxmox Virtual Environment (Proxmox VE) is a complete open-source server virtualization management solution that leverages a combination of KVM (Kernel-based Virtual Machine) and LXC (Linux Containers) technologies to offer virtualization capabilities. Here are a few reasons why Proxmox VE is favored over KVM, Xen, and VMware vSphere:
Proxmox VE is based on top of the Debian operating system and uses a combination of KVM and LXC hypervisors to provide virtualization capabilities. Proxmox VE's tech stack includes the following components:
In summary, Proxmox VE is an open-source server virtualization management solution based on Debian that uses KVM and LXC hypervisors to offer virtualization capabilities. Its tech stack includes the Linux kernel, QEMU, LXC, a web-based interface, a RESTful API, Corosync, and PHP. |
KzooMakers is looking for a virtualization solution that is user-friendly and easy to manage, without requiring extensive command-line interaction. While I have experience with KVM, Xen, and OpenStack, these platforms can be complex and require a dedicated team to manage effectively. Instead, this organization is using Proxmox, which is a front-end interface for QEMU, a powerful virtualization tool.
Proxmox is built on Debian, which JonK has 20 years experience with and familiarity. Proxmox provides a web interface that is user-friendly and secure, allowing administrators to manage virtual machines and containers without the need for extensive CLI interaction. (JonK: Although granted to setup partitions, I still use CLI over SSH... sorry it is a Linux dinosaurs habit... with lsblk, fdisk, mkfs.ext4, and edit /etc/fstab and then setup a directoy-style mount in Proxmox, because I don't know how to do it the fancy way in the web GUI! LOL.) The built-in VNC client allows for easy access to virtual machines, making it simple to monitor and manage them. One of the key benefits of Proxmox is its ability to support LXC containers, which offer better performance than running QEMU images. LXC is a lightweight virtualization technology that enables containers to share the host system's kernel, allowing for faster boot times and reduced overhead. This makes it an attractive option for organizations looking to optimize their virtualization environment. Overall, Proxmox is a powerful and user-friendly virtualization solution that is well-suited to the needs of KzooMakers. Its integration with LXC containers provides a performance boost, while its web interface makes it easy to manage virtual machines and containers without requiring extensive CLI knowledge. I've used it for a few years personally, it's free (unlike Vsphere and ESXI) so yeah. |
Docker | Docker is a platform for building, shipping, and running applications in containers. It allows developers to create and deploy applications quickly and easily, with a consistent environment across different systems.
A container is a lightweight, standalone executable package that includes everything needed to run an application, including code, runtime, system tools, libraries, and settings. Containers allow applications to run in isolated environments, without interfering with other applications or the host system. One of the main benefits of using Docker is that it enables developers to create a consistent environment for their applications, regardless of the underlying hardware or operating system. This means that developers can build their applications on their local machine, test them in a containerized environment, and then deploy them to any system that supports Docker. Using Docker also makes it easier to scale applications, as containers can be easily replicated and distributed across multiple systems. This means that applications can be quickly and easily scaled up or down as demand changes. In addition, Docker provides a number of other benefits over traditional bare metal machines. For example, it allows for more efficient use of resources, as multiple containers can be run on a single host machine. It also enables faster deployment of applications, as containers can be quickly created and deployed without the need for complex setup and configuration. Overall, Docker is a powerful tool for developers and system administrators that can help to streamline the development and deployment of applications, while also providing a more efficient and flexible approach to managing infrastructure. |
KzooMakers is using VMs using Ubuntu linux images. These VMs have Docker CE installed, which allows them to run containerized applications through the use of Docker Compose. By utilizing containerization, KzooMakers can ensure that each application runs independently of the host system and can be easily moved between different environments. The applications that are currently containerized include KzooMakers's Wiki, Fileservers, and VPN.
To ensure that the containerized applications start automatically when the VM boots,KzooMakers uses a combination of Docker Compose and systemd startup scripts. Systemd is a system and service manager for Linux that provides a framework for the management of services and processes. By integrating Docker Compose with systemd startup scripts, KzooMakers can automate the process of starting and managing the containerized applications. This approach not only simplifies the deployment process, but it also ensures that the applications are always available and running efficiently. |
VPN (Pritunl) | Pritunl VPN is an open-source virtual private network (VPN) solution that provides a secure and encrypted connection between devices over the internet. It is designed to be easy to use and deploy, making it a popular choice for both individuals and organizations.
Pritunl VPN uses the OpenVPN protocol, which is known for its strong security and flexibility. It also supports WireGuard, a newer and faster VPN protocol that has gained popularity in recent years. Pritunl VPN offers a range of features, including multi-factor authentication, user and group management, and support for multiple VPN gateways. There are several reasons why people might choose to use Pritunl VPN over other VPN solutions like OpenVPN or WireGuard. One of the main reasons is its ease of use and deployment. Pritunl VPN can be set up quickly and easily, making it an attractive option for individuals and organizations that want a simple yet secure VPN solution. Another reason is its support for multiple VPN protocols. Pritunl VPN supports both OpenVPN and WireGuard, which gives users the flexibility to choose the protocol that best suits their needs. Additionally, Pritunl VPN offers a range of security features that help to protect user data and ensure the privacy of online activities. These include multi-factor authentication, which adds an extra layer of security to the authentication process, and support for user and group management, which makes it easier to control access to the VPN. Overall, Pritunl VPN is a versatile and secure VPN solution that offers a range of features and benefits. Its ease of use and deployment, support for multiple VPN protocols, and strong security features make it a popular choice for both individuals and organizations. |
Pritunl is a web-based VPN management software that provides an easy-to-use frontend to manage OpenVPN for small organizations. OpenVPN is a popular open-source VPN software that creates secure point-to-point connections between remote users and an organization's private network. Pritunl simplifies the configuration and management of OpenVPN, making it easier for small organizations to set up and use VPN connections.
One of the advantages of Pritunl is its ease of use. It is designed to be user-friendly and simple to install and configure, even for users without much technical expertise. The web-based interface allows administrators to manage the VPN from anywhere, using a browser. Pritunl also provides an intuitive interface for configuring default routes and removing 0.0.0.0/0, which are common tasks when setting up a VPN. Pritunl is also flexible and scalable. It can be deployed on a virtual machine (VM) on KzooMakers's network and can handle multiple users and multiple VPN connections. Pritunl also supports multi-factor authentication, which adds an extra layer of security to the VPN connection. Additionally, Pritunl provides detailed logs and monitoring tools, allowing administrators to track usage and troubleshoot issues. Overall, Pritunl is a great choice for small organizations that need an easy-to-use VPN management solution. Its user-friendly interface and flexible deployment options make it a popular choice for organizations that need to provide secure remote access to their network resources. |
Nginx web Proxy | Using Nginx as a central point of entry for incoming traffic has several advantages when hosting multiple websites and domains on a single IP, split across multiple virtual machines. One significant advantage is that it acts as a reverse proxy, which can distribute incoming requests to different VMs based on the domain name or URL path. This way, it can direct traffic to the correct website or application, making it an efficient solution for hosting multiple websites on a single server.
Another advantage of using Nginx as a central point of entry is that it can provide a layer of security, acting as a firewall and filtering out malicious requests. Additionally, Nginx allows for the configuration of SSL/TLS encryption, ensuring that all data transmitted between the server and client is secure. One significant benefit of using Nginx is that it logs all incoming requests and errors in the access.log and error.log files. This way, you can easily audit and monitor all incoming traffic to all websites and virtual hosts in a single location, simplifying troubleshooting and security auditing. Nginx is often preferred over Apache as a reverse proxy because it's designed to handle a large number of concurrent connections efficiently. Nginx has a smaller memory footprint than Apache and can handle more requests per second. Additionally, Nginx is known for its ability to handle static files and has excellent support for SSL/TLS encryption. In summary, using Nginx as a central point of entry for incoming traffic offers several advantages, including efficient distribution of incoming requests, improved security, and easy auditing of all incoming traffic. Moreover, it provides better performance and scalability than other web servers, making it an excellent choice for hosting multiple websites on a single server. |
Nginx is a type of software that runs on a computer to help manage web traffic. It is similar to another software called Apache, which has been around for a long time and is well-known in the industry. However, Nginx has some advantages over Apache that make it a good choice for many organizations.
One of the main benefits of Nginx is that it can handle a very large number of connections, which is important for websites and applications that need to serve a lot of users at the same time. Additionally, Nginx is easier to use than Apache, especially when it comes to setting up reverse proxies and rewriting requests. These are both techniques used to manage web traffic and make sure that requests are sent to the right place. With Nginx, these tasks can be done more easily and without needing to install extra software modules. Overall, Nginx is a newer, more powerful, and easier-to-use web server software than Apache. While JonK may have 23 years experience with Apache because it's old, Nginx has become defacto in the last 10 or more. By using Nginx, organizations can make the most of their available resources, including IP addresses, and provide better service to their users. |
MediaWiki | MediaWiki is a free and open-source wiki software that is used to create and manage collaborative websites. It was originally developed for Wikipedia, the world's largest online encyclopedia, but has since been used for a variety of other projects.
MediaWiki is written in PHP and uses a database to store content. It allows users to create and edit pages using a simple markup language, and provides features such as version control, access control, and page history. The software is highly customizable, with a wide range of extensions and templates available to add new features or change the appearance of the site. One of the key features of MediaWiki is its ability to support collaborative editing, allowing multiple users to edit the same page simultaneously. This makes it well-suited to projects that require collaboration and community input, such as wikis, knowledge bases, and documentation sites. Overall, MediaWiki is a powerful and flexible platform for creating and managing collaborative websites. Its open-source nature and large community of contributors make it a popular choice for a wide range of projects, from small personal wikis to large-scale enterprise knowledge bases. |
MediaWiki is a widely used and popular wiki software that has gained its prominence due to its ease of customization and vast community support. It is an open-source platform that offers a wide range of plugins and examples, making it an ideal choice for creating and managing collaborative websites. MediaWiki is written in PHP, a popular server-side scripting language, and offers a wide range of customization options for developers to adapt the software to their specific needs.
One of the primary benefits of using MediaWiki is its extensive support community, which provides ample resources, including plugins, templates, and examples, to help users create and manage wikis effectively. Moreover, the software's open-source nature allows for continuous development and innovation, enabling users to leverage new features and improvements as they are released. MediaWiki is written in PHP, which provides both advantages and disadvantages. While PHP is a widely used and popular language, it is often criticized for its performance and security issues. Nevertheless, the software is well-designed and optimized for PHP, providing a stable and reliable platform for wiki creation and management. Overall, MediaWiki is an excellent choice for organizations and individuals looking to create collaborative websites. Its large and supportive community, customization options, and wide range of features make it a popular choice for managing knowledge bases, wikis, and other collaborative content. |
File Browse | https://github.com/filebrowser/filebrowserfilebrowser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit your files. It allows the creation of multiple users and each user can have its own directory. It can be used as a standalone app. | Firstly, the reason for selecting the chosen interface is its similarity to Trotec Ruby interface or a drag-and-drop interface that is extremely user-friendly, compared to a complex FTP service or other systems that may pose difficulties for users to learn. The chosen interface offers a seamless and intuitive user experience that is expected to enhance the user adoption and efficiency.
Secondly, the interface also boasts granular role-based access control (RBAC) and can be utilized to manage file uploads across various organizational activities. The RBAC feature allows for specific permissions and restrictions to be assigned to different users, thereby ensuring that sensitive data and files are only accessible to authorized personnel. Additionally, the interface can render images, edit files, and manage file paths, making it a versatile tool for various organizational needs. It also includes built-in file-sharing features that allow external parties to access files within the KzooMakers organization. Lastly, it is worth noting that the chosen interface is open source, implying that it is freely available to the public for use, modification, and distribution. The open-source nature of the interface enables the KzooMakers organization to benefit from a vibrant community of developers who continuously improve the platform and fix bugs. This ensures that the interface remains relevant, reliable, and efficient over time, reducing the need for costly and time-consuming custom development. |
LetsEncrypt | Let's Encrypt is a non-profit organization that provides free SSL certificates for websites to enable secure HTTPS encryption. SSL certificates are digital certificates that ensure that the data exchanged between a website and a user is encrypted and secure.
Certbot is a popular tool used to obtain and install Let's Encrypt SSL certificates on Ubuntu-based systems. It simplifies the process of obtaining and installing SSL certificates, making it accessible even for those who are not familiar with the technical details of SSL certificates. Using Let's Encrypt and Certbot to enable HTTPS encryption for your website is free, as Let's Encrypt is supported by sponsors and donations. It's also easy to use, as Certbot automates the process and provides an interactive wizard that guides you through the installation process. By enabling HTTPS encryption on your website, you can protect your users' sensitive information from being intercepted by hackers or eavesdroppers. This is particularly important for websites that handle personal or financial information, such as e-commerce sites or online banking platforms. |
Easiest way since we can terminate 80/443 on our network through portforwarding and can run certbot on our proxy server. |
YDNS.io | What we are using for DNS, there are many dynamic dns providers but this seems to support the amount of domains we have and the script was easy to write.
The script is on the PVE (Proxmox Virtual Environment) hypervisor, since if that goes down; that's like the captain of the ship isn't it? | |
PiHole | Pi-hole is a software application that can be installed on a device on your local network to act as a network-wide ad-blocker. It uses DNS (Domain Name System) to filter out requests to known advertising and tracking domains. When you browse the internet or use an app, your device sends a DNS query to a DNS server to resolve the domain name into an IP address so that it can connect to the website or app. Pi-hole intercepts these DNS queries and checks them against a blacklist of known advertising and tracking domains. If a query matches one of the domains on the blacklist, Pi-hole blocks the request and prevents the ad from being downloaded.
Pi-hole uses the FTL (FTL stands for “Faster Than Light”) DNS server, which is a specialized version of the DNS server software called Dnsmasq. FTL is designed to be lightweight and fast, and it includes features that are specifically optimized for Pi-hole, such as real-time query logging and blocking. Pi-hole also includes a web frontend that allows you to manage and configure the software. The web interface provides real-time statistics on blocked queries and allows you to configure the software to your preferences. The web frontend is built using a variety of web technologies, including PHP, JavaScript, and CSS. Pi-hole supports the use of multiple blocklists, which can be subscribed to in order to provide granular control over what is blocked. These blocklists can be added via the web frontend or through the command line interface. Some of the most popular blocklists include EasyList, which is a list of common advertising domains, and various lists that block known malware and phishing domains. By subscribing to multiple blocklists, you can tailor Pi-hole to your specific needs and preferences. |