diff --git a/config/alertmanager/alertmanager.yml b/config/alertmanager/alertmanager.yml deleted file mode 100644 index c6b7988..0000000 --- a/config/alertmanager/alertmanager.yml +++ /dev/null @@ -1,42 +0,0 @@ -global: - resolve_timeout: 5m - # For email alerts - smtp_smarthost: 'smtp.gmail.com:587' - smtp_from: 'your-email@gmail.com' - smtp_auth_username: 'your-email@gmail.com' - smtp_auth_password: 'your-app-password' # Use app password for Gmail - smtp_require_tls: true - -# Route all alerts to all receivers -route: - group_by: ['alertname'] - group_wait: 30s - group_interval: 5m - repeat_interval: 4h - receiver: 'email-notifications' - routes: - - match: - severity: critical - receiver: 'slack-notifications' - continue: true - -receivers: - - name: 'email-notifications' - email_configs: - - to: 'your-email@gmail.com' - send_resolved: true - - - name: 'slack-notifications' - slack_configs: - - api_url: 'https://hooks.slack.com/services/YOUR/SLACK/WEBHOOK' - channel: '#alerts' - send_resolved: true - title: "{{ .GroupLabels.alertname }}" - text: "{{ range .Alerts }}{{ .Annotations.description }}\n{{ end }}" - -inhibit_rules: - - source_match: - severity: 'critical' - target_match: - severity: 'warning' - equal: ['alertname'] diff --git a/config/authelia/configuration.yml b/config/authelia/configuration.yml deleted file mode 100644 index 045ae5d..0000000 --- a/config/authelia/configuration.yml +++ /dev/null @@ -1,56 +0,0 @@ ---- -theme: light -jwt_secret: a_very_important_secret # Change this! -default_redirection_url: https://auth.yourdomain.com - -server: - host: 0.0.0.0 - port: 9091 - -log: - level: info - format: text - -totp: - issuer: yourdomain.com # Change this! - period: 30 - skew: 1 - -authentication_backend: - file: - path: /config/users_database.yml - password: - algorithm: argon2id - iterations: 1 - key_length: 32 - salt_length: 16 - memory: 1024 - parallelism: 8 - -access_control: - default_policy: deny - rules: - - domain: auth.yourdomain.com # Change this! - policy: bypass - - domain: "*.yourdomain.com" # Change this! - policy: one_factor - -session: - name: authelia_session - secret: unsecure_session_secret # Change this! - expiration: 12h - inactivity: 45m - domain: yourdomain.com # Change this! - -regulation: - max_retries: 3 - find_time: 2m - ban_time: 5m - -storage: - local: - path: /config/db.sqlite3 - -notifier: - filesystem: - filename: /config/notification.txt diff --git a/config/authelia/docker-compose.yml b/config/authelia/docker-compose.yml deleted file mode 100644 index b258501..0000000 --- a/config/authelia/docker-compose.yml +++ /dev/null @@ -1,21 +0,0 @@ -version: '3.8' - -services: - authelia: - image: authelia/authelia:latest - container_name: authelia - restart: unless-stopped - volumes: - - ./config:/config - ports: - - "9091:9091" - environment: - - TZ=UTC - networks: - - proxy - profiles: - - auth - -networks: - proxy: - external: true diff --git a/config/authelia/users_database.yml b/config/authelia/users_database.yml deleted file mode 100644 index 00edb2f..0000000 --- a/config/authelia/users_database.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -users: - homeadmin: # Change this username - displayname: "Home Admin" - password: "$argon2id$v=19$m=65536,t=3,p=4$CHANGE_THIS_PASSWORD_HASH" # Generate with authelia crypto hash command - email: your.email@example.com # Change this - groups: - - admins diff --git a/config/loki/docker-compose.yml b/config/loki/docker-compose.yml deleted file mode 100644 index 8b111cd..0000000 --- a/config/loki/docker-compose.yml +++ /dev/null @@ -1,41 +0,0 @@ -version: '3.8' - -services: - loki: - image: grafana/loki:latest - container_name: loki - restart: unless-stopped - volumes: - - ./loki/config:/etc/loki - - loki_data:/loki - command: -config.file=/etc/loki/loki-config.yml - ports: - - "3100:3100" - networks: - - proxy - profiles: - - logging - - promtail: - image: grafana/promtail:latest - container_name: promtail - restart: unless-stopped - volumes: - - ./promtail/config:/etc/promtail - - /var/log:/var/log - - /var/lib/docker/containers:/var/lib/docker/containers:ro - - /home/ubuntu/docker:/home/ubuntu/docker:ro - command: -config.file=/etc/promtail/promtail-config.yml - ports: - - "9080:9080" - networks: - - proxy - profiles: - - logging - -networks: - proxy: - external: true - -volumes: - loki_data: diff --git a/config/loki/loki-config.yml b/config/loki/loki-config.yml deleted file mode 100644 index d080237..0000000 --- a/config/loki/loki-config.yml +++ /dev/null @@ -1,38 +0,0 @@ -auth_enabled: false - -server: - http_listen_port: 3100 - grpc_listen_port: 9096 - -common: - path_prefix: /loki - storage: - filesystem: - chunks_directory: /loki/chunks - rules_directory: /loki/rules - replication_factor: 1 - ring: - instance_addr: 127.0.0.1 - kvstore: - store: inmemory - -schema_config: - configs: - - from: 2020-10-24 - store: boltdb-shipper - object_store: filesystem - schema: v11 - index: - prefix: index_ - period: 24h - -ruler: - alertmanager_url: http://alertmanager:9093 - -limits_config: - enforce_metric_name: false - reject_old_samples: true - reject_old_samples_max_age: 168h - -analytics: - reporting_enabled: false diff --git a/config/nginx-proxy-manager/docker-compose.yml b/config/nginx-proxy-manager/docker-compose.yml deleted file mode 100644 index 834a200..0000000 --- a/config/nginx-proxy-manager/docker-compose.yml +++ /dev/null @@ -1,46 +0,0 @@ -version: '3.8' - -services: - nginx-proxy-manager: - image: 'jc21/nginx-proxy-manager:latest' - container_name: nginx-proxy-manager - restart: unless-stopped - ports: - - '80:80' - - '443:443' - - '81:81' # Admin UI - volumes: - - ./data:/data - - ./letsencrypt:/etc/letsencrypt - environment: - DB_MYSQL_HOST: "npm-db" - DB_MYSQL_PORT: 3306 - DB_MYSQL_USER: "npm" - DB_MYSQL_PASSWORD: "npm-password" # Change this! - DB_MYSQL_NAME: "npm" - depends_on: - - npm-db - networks: - - proxy - profiles: - - proxy - - npm-db: - image: 'jc21/mariadb-aria:latest' - container_name: npm-db - restart: unless-stopped - environment: - MYSQL_ROOT_PASSWORD: 'npm-password' # Change this! - MYSQL_DATABASE: 'npm' - MYSQL_USER: 'npm' - MYSQL_PASSWORD: 'npm-password' # Change this! - volumes: - - ./data/mysql:/var/lib/mysql - networks: - - proxy - profiles: - - proxy - -networks: - proxy: - external: true diff --git a/config/prometheus/alerts.yml b/config/prometheus/alerts.yml deleted file mode 100644 index 55d25af..0000000 --- a/config/prometheus/alerts.yml +++ /dev/null @@ -1,29 +0,0 @@ -groups: - - name: basic_alerts - rules: - - alert: HighCPULoad - expr: 100 - (avg by(instance) (irate(node_cpu_seconds_total{mode="idle"}[5m])) * 100) > 80 - for: 5m - labels: - severity: warning - annotations: - summary: "High CPU load (instance {{ $labels.instance }})" - description: "CPU load is > 80%\n VALUE = {{ $value }}\n LABELS: {{ $labels }}" - - - alert: HighMemoryLoad - expr: (node_memory_MemTotal_bytes - node_memory_MemAvailable_bytes) / node_memory_MemTotal_bytes * 100 > 80 - for: 5m - labels: - severity: warning - annotations: - summary: "High memory load (instance {{ $labels.instance }})" - description: "Memory load is > 80%\n VALUE = {{ $value }}\n LABELS: {{ $labels }}" - - - alert: HighDiskUsage - expr: (node_filesystem_size_bytes{fstype!="tmpfs"} - node_filesystem_free_bytes{fstype!="tmpfs"}) / node_filesystem_size_bytes{fstype!="tmpfs"} * 100 > 80 - for: 5m - labels: - severity: warning - annotations: - summary: "High disk usage (instance {{ $labels.instance }})" - description: "Disk usage is > 80%\n VALUE = {{ $value }}\n LABELS: {{ $labels }}" diff --git a/config/prometheus/docker-compose.yml b/config/prometheus/docker-compose.yml deleted file mode 100644 index 2ce82fb..0000000 --- a/config/prometheus/docker-compose.yml +++ /dev/null @@ -1,102 +0,0 @@ -version: '3.8' - -services: - prometheus: - image: prom/prometheus:latest - container_name: prometheus - restart: unless-stopped - volumes: - - ./prometheus/config:/etc/prometheus - - prometheus_data:/prometheus - command: - - '--config.file=/etc/prometheus/prometheus.yml' - - '--storage.tsdb.path=/prometheus' - - '--web.console.libraries=/etc/prometheus/console_libraries' - - '--web.console.templates=/etc/prometheus/consoles' - - '--web.enable-lifecycle' - ports: - - "9090:9090" - networks: - - proxy - profiles: - - monitoring - - alertmanager: - image: prom/alertmanager:latest - container_name: alertmanager - restart: unless-stopped - volumes: - - ./alertmanager/config:/etc/alertmanager - command: - - '--config.file=/etc/alertmanager/alertmanager.yml' - - '--storage.path=/alertmanager' - ports: - - "9093:9093" - networks: - - proxy - profiles: - - monitoring - - node-exporter: - image: prom/node-exporter:latest - container_name: node-exporter - restart: unless-stopped - volumes: - - /proc:/host/proc:ro - - /sys:/host/sys:ro - - /:/rootfs:ro - command: - - '--path.procfs=/host/proc' - - '--path.rootfs=/rootfs' - - '--path.sysfs=/host/sys' - - '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)' - ports: - - "9100:9100" - networks: - - proxy - profiles: - - monitoring - - cadvisor: - image: gcr.io/cadvisor/cadvisor:latest - container_name: cadvisor - restart: unless-stopped - volumes: - - /:/rootfs:ro - - /var/run:/var/run:ro - - /sys:/sys:ro - - /var/lib/docker/:/var/lib/docker:ro - - /dev/disk/:/dev/disk:ro - ports: - - "8080:8080" - networks: - - proxy - profiles: - - monitoring - - grafana: - image: grafana/grafana:latest - container_name: grafana - restart: unless-stopped - volumes: - - grafana_data:/var/lib/grafana - - ./grafana/dashboards:/var/lib/grafana/dashboards - environment: - - GF_SECURITY_ADMIN_USER=admin - - GF_SECURITY_ADMIN_PASSWORD=secure_password # Change this! - - GF_USERS_ALLOW_SIGN_UP=false - - GF_DASHBOARDS_DEFAULT_HOME_DASHBOARD_PATH=/var/lib/grafana/dashboards/security-dashboard.json - ports: - - "3000:3000" - networks: - - proxy - profiles: - - monitoring - -networks: - proxy: - external: true - -volumes: - prometheus_data: - grafana_data: diff --git a/config/prometheus/prometheus.yml b/config/prometheus/prometheus.yml deleted file mode 100644 index d4896d4..0000000 --- a/config/prometheus/prometheus.yml +++ /dev/null @@ -1,34 +0,0 @@ -global: - scrape_interval: 15s - evaluation_interval: 15s - -alerting: - alertmanagers: - - static_configs: - - targets: - - alertmanager:9093 - -rule_files: - - "/etc/prometheus/rules/*.yml" - -scrape_configs: - - job_name: "prometheus" - static_configs: - - targets: ["localhost:9090"] - - - job_name: "node" - static_configs: - - targets: ["node-exporter:9100"] - - - job_name: "cadvisor" - static_configs: - - targets: ["cadvisor:8080"] - - - job_name: "nginx-proxy-manager" - static_configs: - - targets: ["nginx-proxy-manager:81"] - metrics_path: /metrics - - - job_name: "loki" - static_configs: - - targets: ["loki:3100"] diff --git a/config/promtail/promtail-config.yml b/config/promtail/promtail-config.yml deleted file mode 100644 index ee683c7..0000000 --- a/config/promtail/promtail-config.yml +++ /dev/null @@ -1,42 +0,0 @@ -server: - http_listen_port: 9080 - grpc_listen_port: 0 - -positions: - filename: /tmp/positions.yaml - -clients: - - url: http://loki:3100/loki/api/v1/push - -scrape_configs: - - job_name: system - static_configs: - - targets: - - localhost - labels: - job: varlogs - __path__: /var/log/*log - - - job_name: docker - static_configs: - - targets: - - localhost - labels: - job: docker - __path__: /var/lib/docker/containers/*/*log - - - job_name: nginx - static_configs: - - targets: - - localhost - labels: - job: nginx - __path__: /var/log/nginx/*log - - - job_name: authelia - static_configs: - - targets: - - localhost - labels: - job: authelia - __path__: /home/ubuntu/docker/authelia/config/notification.txt diff --git a/website/css/style.css b/css/style.css similarity index 100% rename from website/css/style.css rename to css/style.css diff --git a/website/docs/01-introduction.html b/docs/01-introduction.html similarity index 100% rename from website/docs/01-introduction.html rename to docs/01-introduction.html diff --git a/docs/01-introduction.md b/docs/01-introduction.md deleted file mode 100644 index f4a4e51..0000000 --- a/docs/01-introduction.md +++ /dev/null @@ -1,140 +0,0 @@ -# Introduction and Network Setup - -This guide will walk you through setting up your home server environment, including network configuration, domain setup, and basic system preparation. - -## System Requirements - -Before starting, ensure your system meets these requirements: - -- A computer with Ubuntu Server freshly installed -- Minimum 4GB RAM (8GB or more recommended for running all services) -- At least 50GB of free disk space -- Docker and Docker Compose installed -- SSH server configured and accessible -- Static WAN IP address -- Router with ports 80 and 443 forwarded to your server - -## Network Configuration - -### Static IP Setup - -For a reliable home server, you should configure a static internal IP address: - -1. Identify your network interface: - ```bash - ip a - ``` - -2. Edit the Netplan configuration: - ```bash - sudo nano /etc/netplan/00-installer-config.yaml - ``` - -3. Configure a static IP (example configuration): - ```yaml - network: - version: 2 - ethernets: - ens18: # Replace with your interface name - dhcp4: no - addresses: [192.168.1.100/24] # Choose an IP outside your router's DHCP range - gateway4: 192.168.1.1 # Your router's IP - nameservers: - addresses: [1.1.1.1, 8.8.8.8] - ``` - -4. Apply the configuration: - ```bash - sudo netplan apply - ``` - -### Port Forwarding - -Configure your router to forward ports 80 and 443 to your server's internal IP address: - -1. Access your router's admin interface (typically http://192.168.1.1) -2. Navigate to port forwarding settings (may be under "Advanced" or "NAT/Gaming") -3. Create two port forwarding rules: - - Forward external port 80 (HTTP) to internal port 80 on your server's IP - - Forward external port 443 (HTTPS) to internal port 443 on your server's IP - -### Domain Setup - -For accessing your services remotely, you'll need a domain name: - -1. Purchase a domain from a registrar (Namecheap, GoDaddy, etc.) -2. Set up DNS A records pointing to your static WAN IP: - - Create an A record for your root domain (e.g., `example.com`) - - Create wildcard A records for subdomains (e.g., `*.example.com`) - -If you don't want to purchase a domain, you can use a free dynamic DNS service like Duck DNS or No-IP. - -## System Preparation - -### Update System - -First, ensure your system is up to date: - -```bash -sudo apt update && sudo apt upgrade -y -``` - -### Install Required Packages - -Install some essential packages: - -```bash -sudo apt install -y curl wget git nano htop -``` - -### Docker Setup Verification - -Verify Docker is installed and running: - -```bash -docker --version -docker-compose --version -sudo systemctl status docker -``` - -If Docker is not installed, install it: - -```bash -# Install Docker -curl -fsSL https://get.docker.com -o get-docker.sh -sudo sh get-docker.sh - -# Add your user to the docker group -sudo usermod -aG docker $USER - -# Install Docker Compose -sudo apt install -y docker-compose -``` - -Log out and log back in for group changes to take effect. - -### Create Docker Network - -Create a shared Docker network for all your services: - -```bash -docker network create proxy -``` - -### Create Directory Structure - -Create a directory structure for your services: - -```bash -mkdir -p ~/docker/nginx-proxy-manager -mkdir -p ~/docker/authelia -mkdir -p ~/docker/monitoring/prometheus -mkdir -p ~/docker/monitoring/grafana -mkdir -p ~/docker/monitoring/alertmanager -mkdir -p ~/docker/logging/loki -mkdir -p ~/docker/logging/promtail -``` - -## Next Steps - -Now that your system is prepared, you can proceed to the next section to set up Nginx Proxy Manager and Authelia for secure access to your services. diff --git a/website/docs/02-nginx-authelia.html b/docs/02-nginx-authelia.html similarity index 100% rename from website/docs/02-nginx-authelia.html rename to docs/02-nginx-authelia.html diff --git a/docs/02-nginx-authelia.md b/docs/02-nginx-authelia.md deleted file mode 100644 index 4bfa55a..0000000 --- a/docs/02-nginx-authelia.md +++ /dev/null @@ -1,337 +0,0 @@ -# Nginx Proxy Manager and Authelia Setup - -This guide will walk you through setting up Nginx Proxy Manager (NPM) with Authelia for secure access to your home server services. This combination provides: - -- A reverse proxy to route traffic to different services -- SSL certificate management with Let's Encrypt -- Single sign-on (SSO) for all your services -- Multi-factor authentication (MFA) -- Access control policies - -## Docker Compose Setup - -We'll use Docker Compose to set up both services. First, let's create the configuration files. - -### Nginx Proxy Manager - -Create a docker-compose.yml file for Nginx Proxy Manager: - -```bash -cd ~/docker/nginx-proxy-manager -nano docker-compose.yml -``` - -Add the following content: - -```yaml -version: '3.8' - -services: - nginx-proxy-manager: - image: 'jc21/nginx-proxy-manager:latest' - container_name: nginx-proxy-manager - restart: unless-stopped - ports: - - '80:80' - - '443:443' - - '81:81' # Admin UI - volumes: - - ./data:/data - - ./letsencrypt:/etc/letsencrypt - environment: - DB_MYSQL_HOST: "npm-db" - DB_MYSQL_PORT: 3306 - DB_MYSQL_USER: "npm" - DB_MYSQL_PASSWORD: "npm-password" # Change this! - DB_MYSQL_NAME: "npm" - depends_on: - - npm-db - networks: - - proxy - profiles: - - proxy - - npm-db: - image: 'jc21/mariadb-aria:latest' - container_name: npm-db - restart: unless-stopped - environment: - MYSQL_ROOT_PASSWORD: 'npm-password' # Change this! - MYSQL_DATABASE: 'npm' - MYSQL_USER: 'npm' - MYSQL_PASSWORD: 'npm-password' # Change this! - volumes: - - ./data/mysql:/var/lib/mysql - networks: - - proxy - profiles: - - proxy - -networks: - proxy: - external: true -``` - -### Authelia - -Now, let's set up Authelia. First, create the necessary configuration files: - -```bash -cd ~/docker/authelia -mkdir -p config -``` - -Create the configuration.yml file: - -```bash -nano config/configuration.yml -``` - -Add the following content: - -```yaml ---- -theme: light -jwt_secret: a_very_important_secret # Change this! -default_redirection_url: https://auth.yourdomain.com - -server: - host: 0.0.0.0 - port: 9091 - -log: - level: info - format: text - -totp: - issuer: yourdomain.com # Change this! - period: 30 - skew: 1 - -authentication_backend: - file: - path: /config/users_database.yml - password: - algorithm: argon2id - iterations: 1 - key_length: 32 - salt_length: 16 - memory: 1024 - parallelism: 8 - -access_control: - default_policy: deny - rules: - - domain: auth.yourdomain.com # Change this! - policy: bypass - - domain: "*.yourdomain.com" # Change this! - policy: one_factor - -session: - name: authelia_session - secret: unsecure_session_secret # Change this! - expiration: 12h - inactivity: 45m - domain: yourdomain.com # Change this! - -regulation: - max_retries: 3 - find_time: 2m - ban_time: 5m - -storage: - local: - path: /config/db.sqlite3 - -notifier: - filesystem: - filename: /config/notification.txt -``` - -Create the users database file: - -```bash -nano config/users_database.yml -``` - -Add the following content (replace with your own user information): - -```yaml ---- -users: - homeadmin: # Change this username - displayname: "Home Admin" - password: "$argon2id$v=19$m=65536,t=3,p=4$CHANGE_THIS_PASSWORD_HASH" # We'll generate this later - email: your.email@example.com # Change this - groups: - - admins -``` - -Now, create the docker-compose.yml file for Authelia: - -```bash -nano docker-compose.yml -``` - -Add the following content: - -```yaml -version: '3.8' - -services: - authelia: - image: authelia/authelia:latest - container_name: authelia - restart: unless-stopped - volumes: - - ./config:/config - ports: - - "9091:9091" - environment: - - TZ=UTC - networks: - - proxy - profiles: - - auth - -networks: - proxy: - external: true -``` - -## Starting the Services - -### Start Nginx Proxy Manager - -```bash -cd ~/docker/nginx-proxy-manager -docker-compose --profile proxy up -d -``` - -### Generate Password Hash for Authelia - -```bash -docker run --rm authelia/authelia:latest authelia crypto hash generate argon2 --password 'YourSecurePassword' -``` - -Replace the password hash in the users_database.yml file with the generated hash. - -### Start Authelia - -```bash -cd ~/docker/authelia -docker-compose --profile auth up -d -``` - -## Configuring Nginx Proxy Manager - -1. Access the Nginx Proxy Manager admin interface at http://your-server-ip:81 -2. Log in with the default credentials: - - Email: admin@example.com - - Password: changeme -3. You'll be prompted to change the default credentials - -### Add SSL Certificates - -1. Go to "SSL Certificates" and click "Add SSL Certificate" -2. Choose "Let's Encrypt" and enter: - - Domain Names: yourdomain.com, *.yourdomain.com - - Email Address: your.email@example.com -3. Check "Use a DNS Challenge" if you're using a wildcard certificate -4. Follow the instructions to verify domain ownership -5. Click "Save" to generate the certificate - -### Configure Authelia Proxy Host - -1. Go to "Hosts" > "Proxy Hosts" and click "Add Proxy Host" -2. Configure the following: - - Domain Name: auth.yourdomain.com - - Scheme: http - - Forward Hostname / IP: authelia - - Forward Port: 9091 -3. Under the "SSL" tab: - - Select your SSL certificate - - Force SSL: Enabled -4. Click "Save" - -## Integrating Authelia with Nginx Proxy Manager - -To protect your services with Authelia, you'll need to add custom configurations to each proxy host. - -1. Create a new proxy host or edit an existing one -2. Under the "Advanced" tab, add the following configuration: - -```nginx -location /authelia { - internal; - set $upstream_authelia http://authelia:9091/api/verify; - proxy_pass_request_body off; - proxy_pass $upstream_authelia; - proxy_set_header Content-Length ""; - - # Timeout if the real server is dead - proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; - - # [REQUIRED] Needed by Authelia - proxy_set_header X-Original-URL $scheme://$http_host$request_uri; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Host $http_host; - proxy_set_header X-Forwarded-Uri $request_uri; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Content-Length ""; - - # [OPTIONAL] Timeout if Authelia is down - proxy_connect_timeout 5s; - proxy_send_timeout 5s; - proxy_read_timeout 5s; -} - -# [REQUIRED] Authentication request -auth_request /authelia; -auth_request_set $target_url $scheme://$http_host$request_uri; -auth_request_set $user $upstream_http_remote_user; -auth_request_set $groups $upstream_http_remote_groups; -auth_request_set $name $upstream_http_remote_name; -auth_request_set $email $upstream_http_remote_email; -proxy_set_header Remote-User $user; -proxy_set_header Remote-Groups $groups; -proxy_set_header Remote-Name $name; -proxy_set_header Remote-Email $email; - -# [REQUIRED] Redirect to Authelia if not authenticated -error_page 401 =302 https://auth.yourdomain.com/?rd=$target_url; -``` - -3. Save the configuration - -## Testing the Setup - -1. Access your protected service at its domain (e.g., https://service.yourdomain.com) -2. You should be redirected to the Authelia login page -3. After successful authentication, you'll be redirected back to your service - -## Troubleshooting - -### Nginx Proxy Manager Issues - -- Check logs: `docker logs nginx-proxy-manager` -- Verify port forwarding on your router -- Ensure DNS records are correctly configured - -### Authelia Issues - -- Check logs: `docker logs authelia` -- Verify configuration.yml syntax -- Check users_database.yml format and password hash - -## Security Recommendations - -1. Change all default passwords and secrets in configuration files -2. Enable two-factor authentication in Authelia -3. Use strong, unique passwords for all services -4. Regularly update Docker images: `docker-compose pull && docker-compose up -d` -5. Consider implementing IP-based access rules for additional security - -## Next Steps - -Now that you have Nginx Proxy Manager and Authelia set up, you can proceed to the next section to configure Prometheus and Grafana for monitoring your home server. diff --git a/website/docs/03-prometheus-grafana.html b/docs/03-prometheus-grafana.html similarity index 100% rename from website/docs/03-prometheus-grafana.html rename to docs/03-prometheus-grafana.html diff --git a/docs/03-prometheus-grafana.md b/docs/03-prometheus-grafana.md deleted file mode 100644 index ac170a0..0000000 --- a/docs/03-prometheus-grafana.md +++ /dev/null @@ -1,427 +0,0 @@ -# Prometheus and Grafana Monitoring Setup - -This guide will walk you through setting up a comprehensive monitoring solution for your home server using Prometheus, Grafana, and Alert Manager. This stack will allow you to: - -- Collect metrics from your server and services -- Visualize performance data with customizable dashboards -- Set up alerts for critical events -- Monitor system health and resource usage - -## Directory Structure - -First, ensure you have the proper directory structure: - -```bash -mkdir -p ~/docker/monitoring/prometheus/config -mkdir -p ~/docker/monitoring/grafana -mkdir -p ~/docker/monitoring/alertmanager/config -mkdir -p ~/docker/monitoring/node-exporter -``` - -## Prometheus Setup - -Prometheus is an open-source systems monitoring and alerting toolkit. It collects and stores metrics as time series data. - -### Prometheus Configuration - -Create the Prometheus configuration file: - -```bash -nano ~/docker/monitoring/prometheus/config/prometheus.yml -``` - -Add the following content: - -```yaml -global: - scrape_interval: 15s - evaluation_interval: 15s - -alerting: - alertmanagers: - - static_configs: - - targets: - - alertmanager:9093 - -rule_files: - - "/etc/prometheus/rules/*.yml" - -scrape_configs: - - job_name: "prometheus" - static_configs: - - targets: ["localhost:9090"] - - - job_name: "node" - static_configs: - - targets: ["node-exporter:9100"] - - - job_name: "cadvisor" - static_configs: - - targets: ["cadvisor:8080"] - - - job_name: "nginx-proxy-manager" - static_configs: - - targets: ["nginx-proxy-manager:81"] - metrics_path: /metrics - - - job_name: "loki" - static_configs: - - targets: ["loki:3100"] -``` - -Create a directory for alert rules: - -```bash -mkdir -p ~/docker/monitoring/prometheus/config/rules -``` - -Create a basic alert rules file: - -```bash -nano ~/docker/monitoring/prometheus/config/rules/alerts.yml -``` - -Add the following content: - -```yaml -groups: - - name: basic_alerts - rules: - - alert: HighCPULoad - expr: 100 - (avg by(instance) (irate(node_cpu_seconds_total{mode="idle"}[5m])) * 100) > 80 - for: 5m - labels: - severity: warning - annotations: - summary: "High CPU load (instance {{ $labels.instance }})" - description: "CPU load is > 80%\n VALUE = {{ $value }}\n LABELS: {{ $labels }}" - - - alert: HighMemoryLoad - expr: (node_memory_MemTotal_bytes - node_memory_MemAvailable_bytes) / node_memory_MemTotal_bytes * 100 > 80 - for: 5m - labels: - severity: warning - annotations: - summary: "High memory load (instance {{ $labels.instance }})" - description: "Memory load is > 80%\n VALUE = {{ $value }}\n LABELS: {{ $labels }}" - - - alert: HighDiskUsage - expr: (node_filesystem_size_bytes{fstype!="tmpfs"} - node_filesystem_free_bytes{fstype!="tmpfs"}) / node_filesystem_size_bytes{fstype!="tmpfs"} * 100 > 80 - for: 5m - labels: - severity: warning - annotations: - summary: "High disk usage (instance {{ $labels.instance }})" - description: "Disk usage is > 80%\n VALUE = {{ $value }}\n LABELS: {{ $labels }}" -``` - -## Alert Manager Setup - -Alert Manager handles alerts sent by Prometheus and routes them to the appropriate receiver. - -Create the Alert Manager configuration file: - -```bash -nano ~/docker/monitoring/alertmanager/config/alertmanager.yml -``` - -Add the following content (customize with your email or Slack details): - -```yaml -global: - resolve_timeout: 5m - # For email alerts - smtp_smarthost: 'smtp.gmail.com:587' - smtp_from: 'your-email@gmail.com' - smtp_auth_username: 'your-email@gmail.com' - smtp_auth_password: 'your-app-password' # Use app password for Gmail - smtp_require_tls: true - -# Route all alerts to all receivers -route: - group_by: ['alertname'] - group_wait: 30s - group_interval: 5m - repeat_interval: 4h - receiver: 'email-notifications' - routes: - - match: - severity: critical - receiver: 'slack-notifications' - continue: true - -receivers: - - name: 'email-notifications' - email_configs: - - to: 'your-email@gmail.com' - send_resolved: true - - - name: 'slack-notifications' - slack_configs: - - api_url: 'https://hooks.slack.com/services/YOUR/SLACK/WEBHOOK' - channel: '#alerts' - send_resolved: true - title: "{{ .GroupLabels.alertname }}" - text: "{{ range .Alerts }}{{ .Annotations.description }}\n{{ end }}" - -inhibit_rules: - - source_match: - severity: 'critical' - target_match: - severity: 'warning' - equal: ['alertname'] -``` - -## Node Exporter Setup - -Node Exporter collects hardware and OS metrics from the host system. - -## Docker Compose Configuration - -Create a docker-compose.yml file for the monitoring stack: - -```bash -nano ~/docker/monitoring/docker-compose.yml -``` - -Add the following content: - -```yaml -version: '3.8' - -services: - prometheus: - image: prom/prometheus:latest - container_name: prometheus - restart: unless-stopped - volumes: - - ./prometheus/config:/etc/prometheus - - prometheus_data:/prometheus - command: - - '--config.file=/etc/prometheus/prometheus.yml' - - '--storage.tsdb.path=/prometheus' - - '--web.console.libraries=/etc/prometheus/console_libraries' - - '--web.console.templates=/etc/prometheus/consoles' - - '--web.enable-lifecycle' - ports: - - "9090:9090" - networks: - - proxy - profiles: - - monitoring - - alertmanager: - image: prom/alertmanager:latest - container_name: alertmanager - restart: unless-stopped - volumes: - - ./alertmanager/config:/etc/alertmanager - command: - - '--config.file=/etc/alertmanager/alertmanager.yml' - - '--storage.path=/alertmanager' - ports: - - "9093:9093" - networks: - - proxy - profiles: - - monitoring - - node-exporter: - image: prom/node-exporter:latest - container_name: node-exporter - restart: unless-stopped - volumes: - - /proc:/host/proc:ro - - /sys:/host/sys:ro - - /:/rootfs:ro - command: - - '--path.procfs=/host/proc' - - '--path.rootfs=/rootfs' - - '--path.sysfs=/host/sys' - - '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)' - ports: - - "9100:9100" - networks: - - proxy - profiles: - - monitoring - - cadvisor: - image: gcr.io/cadvisor/cadvisor:latest - container_name: cadvisor - restart: unless-stopped - volumes: - - /:/rootfs:ro - - /var/run:/var/run:ro - - /sys:/sys:ro - - /var/lib/docker/:/var/lib/docker:ro - - /dev/disk/:/dev/disk:ro - ports: - - "8080:8080" - networks: - - proxy - profiles: - - monitoring - - grafana: - image: grafana/grafana:latest - container_name: grafana - restart: unless-stopped - volumes: - - grafana_data:/var/lib/grafana - environment: - - GF_SECURITY_ADMIN_USER=admin - - GF_SECURITY_ADMIN_PASSWORD=secure_password # Change this! - - GF_USERS_ALLOW_SIGN_UP=false - ports: - - "3000:3000" - networks: - - proxy - profiles: - - monitoring - -networks: - proxy: - external: true - -volumes: - prometheus_data: - grafana_data: -``` - -## Starting the Monitoring Stack - -Start the monitoring stack with Docker Compose: - -```bash -cd ~/docker/monitoring -docker-compose --profile monitoring up -d -``` - -## Configuring Nginx Proxy Manager for Monitoring Services - -Now, let's set up proxy hosts in Nginx Proxy Manager for each monitoring service: - -### Prometheus - -1. Go to "Hosts" > "Proxy Hosts" and click "Add Proxy Host" -2. Configure the following: - - Domain Name: prometheus.yourdomain.com - - Scheme: http - - Forward Hostname / IP: prometheus - - Forward Port: 9090 -3. Under the "SSL" tab: - - Select your SSL certificate - - Force SSL: Enabled -4. Under the "Advanced" tab, add the Authelia configuration (from the previous guide) -5. Click "Save" - -### Grafana - -1. Go to "Hosts" > "Proxy Hosts" and click "Add Proxy Host" -2. Configure the following: - - Domain Name: grafana.yourdomain.com - - Scheme: http - - Forward Hostname / IP: grafana - - Forward Port: 3000 -3. Under the "SSL" tab: - - Select your SSL certificate - - Force SSL: Enabled -4. Under the "Advanced" tab, add the Authelia configuration -5. Click "Save" - -### Alert Manager - -1. Go to "Hosts" > "Proxy Hosts" and click "Add Proxy Host" -2. Configure the following: - - Domain Name: alerts.yourdomain.com - - Scheme: http - - Forward Hostname / IP: alertmanager - - Forward Port: 9093 -3. Under the "SSL" tab: - - Select your SSL certificate - - Force SSL: Enabled -4. Under the "Advanced" tab, add the Authelia configuration -5. Click "Save" - -## Configuring Grafana - -1. Access Grafana at https://grafana.yourdomain.com -2. Log in with the default credentials: - - Username: admin - - Password: secure_password (the one you set in docker-compose.yml) -3. You'll be prompted to change the default password - -### Adding Prometheus as a Data Source - -1. Go to "Configuration" > "Data Sources" -2. Click "Add data source" -3. Select "Prometheus" -4. Set the URL to http://prometheus:9090 -5. Click "Save & Test" - -### Importing Dashboards - -Let's import some useful dashboards: - -1. Go to "Create" > "Import" -2. Enter one of these dashboard IDs: - - 1860 (Node Exporter Full) - - 893 (Docker and System Monitoring) - - 10619 (Docker Monitoring) -3. Click "Load" -4. Select "Prometheus" as the data source -5. Click "Import" - -Repeat for each dashboard ID. - -## Creating Custom Alerts - -You can create custom alerts in Grafana: - -1. Go to "Alerting" in the left sidebar -2. Click "New alert rule" -3. Configure your alert conditions -4. Set notification channels (email, Slack, etc.) -5. Save the alert - -## Testing Alerts - -To test if your alerts are working: - -1. For CPU alerts: Run a stress test - ```bash - sudo apt install stress - stress --cpu 8 --timeout 300 - ``` - -2. For disk space alerts: Create a large file - ```bash - fallocate -l 10G /tmp/large_file - ``` - -3. Check Alert Manager at https://alerts.yourdomain.com to see if alerts are triggered - -## Troubleshooting - -### Prometheus Issues - -- Check logs: `docker logs prometheus` -- Verify prometheus.yml syntax -- Check if targets are up in the Prometheus UI (Status > Targets) - -### Grafana Issues - -- Check logs: `docker logs grafana` -- Verify data source connection -- Check permissions on grafana_data volume - -### Alert Manager Issues - -- Check logs: `docker logs alertmanager` -- Verify alertmanager.yml syntax -- Test email or Slack notifications manually - -## Next Steps - -Now that you have your monitoring stack set up, you can proceed to the next section to configure Loki and Promtail for centralized logging. diff --git a/website/docs/04-loki-promtail.html b/docs/04-loki-promtail.html similarity index 100% rename from website/docs/04-loki-promtail.html rename to docs/04-loki-promtail.html diff --git a/docs/04-loki-promtail.md b/docs/04-loki-promtail.md deleted file mode 100644 index 532f820..0000000 --- a/docs/04-loki-promtail.md +++ /dev/null @@ -1,330 +0,0 @@ -# Loki and Promtail Logging Setup - -This guide will walk you through setting up a centralized logging solution for your home server using Loki and Promtail. This stack will allow you to: - -- Collect logs from your server and services -- Store logs efficiently with Loki -- Query and analyze logs through Grafana -- Set up alerts based on log patterns -- Troubleshoot issues across your entire infrastructure - -## Directory Structure - -First, ensure you have the proper directory structure: - -```bash -mkdir -p ~/docker/logging/loki/config -mkdir -p ~/docker/logging/promtail/config -``` - -## Loki Setup - -Loki is a horizontally-scalable, highly-available, multi-tenant log aggregation system inspired by Prometheus. It's designed to be very cost-effective and easy to operate. - -### Loki Configuration - -Create the Loki configuration file: - -```bash -nano ~/docker/logging/loki/config/loki-config.yml -``` - -Add the following content: - -```yaml -auth_enabled: false - -server: - http_listen_port: 3100 - grpc_listen_port: 9096 - -common: - path_prefix: /loki - storage: - filesystem: - chunks_directory: /loki/chunks - rules_directory: /loki/rules - replication_factor: 1 - ring: - instance_addr: 127.0.0.1 - kvstore: - store: inmemory - -schema_config: - configs: - - from: 2020-10-24 - store: boltdb-shipper - object_store: filesystem - schema: v11 - index: - prefix: index_ - period: 24h - -ruler: - alertmanager_url: http://alertmanager:9093 - -limits_config: - enforce_metric_name: false - reject_old_samples: true - reject_old_samples_max_age: 168h - -analytics: - reporting_enabled: false -``` - -## Promtail Setup - -Promtail is an agent which ships the contents of local logs to a Loki instance. - -### Promtail Configuration - -Create the Promtail configuration file: - -```bash -nano ~/docker/logging/promtail/config/promtail-config.yml -``` - -Add the following content: - -```yaml -server: - http_listen_port: 9080 - grpc_listen_port: 0 - -positions: - filename: /tmp/positions.yaml - -clients: - - url: http://loki:3100/loki/api/v1/push - -scrape_configs: - - job_name: system - static_configs: - - targets: - - localhost - labels: - job: varlogs - __path__: /var/log/*log - - - job_name: docker - static_configs: - - targets: - - localhost - labels: - job: docker - __path__: /var/lib/docker/containers/*/*log - - - job_name: nginx - static_configs: - - targets: - - localhost - labels: - job: nginx - __path__: /var/log/nginx/*log - - - job_name: authelia - static_configs: - - targets: - - localhost - labels: - job: authelia - __path__: /home/ubuntu/docker/authelia/config/notification.txt -``` - -## Docker Compose Configuration - -Create a docker-compose.yml file for the logging stack: - -```bash -nano ~/docker/logging/docker-compose.yml -``` - -Add the following content: - -```yaml -version: '3.8' - -services: - loki: - image: grafana/loki:latest - container_name: loki - restart: unless-stopped - volumes: - - ./loki/config:/etc/loki - - loki_data:/loki - command: -config.file=/etc/loki/loki-config.yml - ports: - - "3100:3100" - networks: - - proxy - profiles: - - logging - - promtail: - image: grafana/promtail:latest - container_name: promtail - restart: unless-stopped - volumes: - - ./promtail/config:/etc/promtail - - /var/log:/var/log - - /var/lib/docker/containers:/var/lib/docker/containers:ro - - /home/ubuntu/docker:/home/ubuntu/docker:ro - command: -config.file=/etc/promtail/promtail-config.yml - ports: - - "9080:9080" - networks: - - proxy - profiles: - - logging - -networks: - proxy: - external: true - -volumes: - loki_data: -``` - -## Starting the Logging Stack - -Start the logging stack with Docker Compose: - -```bash -cd ~/docker/logging -docker-compose --profile logging up -d -``` - -## Configuring Nginx Proxy Manager for Loki - -Set up a proxy host in Nginx Proxy Manager for Loki: - -1. Go to "Hosts" > "Proxy Hosts" and click "Add Proxy Host" -2. Configure the following: - - Domain Name: loki.yourdomain.com - - Scheme: http - - Forward Hostname / IP: loki - - Forward Port: 3100 -3. Under the "SSL" tab: - - Select your SSL certificate - - Force SSL: Enabled -4. Under the "Advanced" tab, add the Authelia configuration (from the previous guide) -5. Click "Save" - -## Integrating Loki with Grafana - -Now, let's add Loki as a data source in Grafana: - -1. Access Grafana at https://grafana.yourdomain.com -2. Go to "Configuration" > "Data Sources" -3. Click "Add data source" -4. Select "Loki" -5. Set the URL to http://loki:3100 -6. Click "Save & Test" - -## Creating Log Dashboards in Grafana - -Let's create a basic log dashboard: - -1. Go to "Create" > "Dashboard" -2. Click "Add new panel" -3. Select "Loki" as the data source -4. In the query field, enter a LogQL query: - ``` - {job="varlogs"} - ``` -5. Adjust the time range as needed -6. Click "Apply" - -### Importing Log Dashboards - -You can also import pre-made dashboards: - -1. Go to "Create" > "Import" -2. Enter dashboard ID 13639 (Loki Dashboard) -3. Click "Load" -4. Select "Loki" as the data source -5. Click "Import" - -## Advanced Log Queries - -Loki uses LogQL, a query language inspired by PromQL. Here are some useful queries: - -### Filter by Log Content - -``` -{job="docker"} |= "error" -``` - -This shows all logs from the "docker" job containing the word "error". - -### Filter by Regular Expression - -``` -{job="nginx"} |~ "GET /api/.*" -``` - -This shows all logs from the "nginx" job matching the regular expression. - -### Count Error Occurrences - -``` -count_over_time({job="varlogs"} |= "error"[1h]) -``` - -This counts how many times "error" appears in the logs over the last hour. - -## Setting Up Log-Based Alerts - -You can set up alerts based on log patterns: - -1. In Grafana, go to "Alerting" > "New alert rule" -2. Configure a Loki query, for example: - ``` - count_over_time({job="varlogs"} |= "error"[5m]) > 10 - ``` -3. This will alert if there are more than 10 errors in 5 minutes -4. Set notification channels and save the alert - -## Log Retention and Management - -By default, Loki will retain logs based on the configuration in the `limits_config` section. You can adjust the retention period by modifying the `reject_old_samples_max_age` value. - -For example, to keep logs for 30 days: - -```yaml -limits_config: - reject_old_samples: true - reject_old_samples_max_age: 720h # 30 days -``` - -## Troubleshooting - -### Loki Issues - -- Check logs: `docker logs loki` -- Verify loki-config.yml syntax -- Check if Loki is accessible: `curl http://localhost:3100/ready` - -### Promtail Issues - -- Check logs: `docker logs promtail` -- Verify promtail-config.yml syntax -- Check if Promtail is sending logs: `curl http://localhost:9080/metrics | grep loki_sent` - -### Grafana Integration Issues - -- Verify the Loki data source URL -- Check network connectivity between Grafana and Loki -- Verify that Loki is receiving logs: `curl -G -s "http://localhost:3100/loki/api/v1/label" --data-urlencode 'match={}'` - -## Best Practices - -1. **Log Rotation**: Ensure your system has proper log rotation configured to prevent disk space issues -2. **Query Optimization**: Use label filters before content filters for better performance -3. **Label Management**: Use meaningful labels but avoid high cardinality -4. **Resource Allocation**: Monitor Loki's resource usage and adjust as needed -5. **Security**: Protect access to your logs as they may contain sensitive information - -## Next Steps - -Now that you have your logging stack set up, you can proceed to the next section to configure security features including automatic Tor users blocking and additional alerting options. diff --git a/website/docs/05-security-alerting.html b/docs/05-security-alerting.html similarity index 100% rename from website/docs/05-security-alerting.html rename to docs/05-security-alerting.html diff --git a/docs/05-security-alerting.md b/docs/05-security-alerting.md deleted file mode 100644 index f0d26ec..0000000 --- a/docs/05-security-alerting.md +++ /dev/null @@ -1,1157 +0,0 @@ -# Security and Alerting Setup - -This guide will walk you through setting up advanced security features for your home server, including automatic Tor exit node blocking, comprehensive alerting via email and Slack, and Docker profiles for service isolation. These features will help: - -- Protect your services from malicious actors -- Get notified about important events and potential security threats -- Organize your Docker services for better management - -## Automatic Tor Exit Node Blocking - -Tor exit nodes can be used by malicious actors to attack your services. Let's set up automatic blocking of Tor exit nodes using a script and cron job. - -### Directory Setup - -First, create a directory for the security scripts: - -```bash -mkdir -p ~/docker/security/tor-blocking -cd ~/docker/security/tor-blocking -``` - -### Tor Exit Node Blocking Script - -Create a script to fetch and block Tor exit nodes: - -```bash -nano ~/docker/security/tor-blocking/block-tor-exits.sh -``` - -Add the following content: - -```bash -#!/bin/bash - -# Script to block Tor exit nodes -# This script fetches the current list of Tor exit nodes and blocks them using iptables - -# Log file -LOG_FILE="/var/log/tor-blocking.log" - -# Create log file if it doesn't exist -if [ ! -f "$LOG_FILE" ]; then - sudo touch "$LOG_FILE" - sudo chmod 644 "$LOG_FILE" -fi - -# Log function -log() { - echo "$(date): $1" | sudo tee -a "$LOG_FILE" -} - -log "Starting Tor exit node blocking script" - -# Create a new ipset if it doesn't exist -if ! sudo ipset list tor-exits &>/dev/null; then - log "Creating new ipset for Tor exit nodes" - sudo ipset create tor-exits hash:ip hashsize 4096 -fi - -# Flush the existing ipset -log "Flushing existing Tor exit node list" -sudo ipset flush tor-exits - -# Fetch the current list of Tor exit nodes -log "Fetching current Tor exit node list" -TOR_EXITS=$(curl -s https://check.torproject.org/exit-addresses | grep ExitAddress | cut -d ' ' -f 2) - -# Count of exit nodes -EXIT_COUNT=$(echo "$TOR_EXITS" | wc -l) -log "Found $EXIT_COUNT Tor exit nodes" - -# Add each exit node to the ipset -for IP in $TOR_EXITS; do - sudo ipset add tor-exits $IP -done - -# Check if the iptables rule exists, if not add it -if ! sudo iptables -C INPUT -m set --match-set tor-exits src -j DROP 2>/dev/null; then - log "Adding iptables rule to block Tor exit nodes" - sudo iptables -A INPUT -m set --match-set tor-exits src -j DROP - sudo iptables -A FORWARD -m set --match-set tor-exits src -j DROP -fi - -# Make iptables rules persistent -if command -v netfilter-persistent &>/dev/null; then - log "Saving iptables rules" - sudo netfilter-persistent save -fi - -log "Tor exit node blocking updated successfully" - -# Send alert to Prometheus Alertmanager -if [ -n "$EXIT_COUNT" ] && [ "$EXIT_COUNT" -gt 0 ]; then - log "Sending alert to Alertmanager" - curl -XPOST http://localhost:9093/api/v1/alerts -H "Content-Type: application/json" -d "[{ - \"labels\": { - \"alertname\": \"TorExitNodesBlocked\", - \"severity\": \"info\", - \"instance\": \"$(hostname)\" - }, - \"annotations\": { - \"summary\": \"Tor exit nodes blocked\", - \"description\": \"$EXIT_COUNT Tor exit nodes have been blocked\" - } - }]" -fi - -exit 0 -``` - -Make the script executable: - -```bash -chmod +x ~/docker/security/tor-blocking/block-tor-exits.sh -``` - -### Install Required Packages - -Install the necessary packages for IP blocking: - -```bash -sudo apt update -sudo apt install -y ipset iptables-persistent curl -``` - -### Set Up Cron Job - -Set up a cron job to run the script every hour: - -```bash -sudo crontab -e -``` - -Add the following line: - -``` -0 * * * * /home/ubuntu/docker/security/tor-blocking/block-tor-exits.sh -``` - -### Run the Script Manually - -Run the script manually to verify it works: - -```bash -sudo ~/docker/security/tor-blocking/block-tor-exits.sh -``` - -Check the log file: - -```bash -cat /var/log/tor-blocking.log -``` - -## Fail2Ban Integration - -Fail2Ban can help protect your server from brute force attacks. Let's set it up to work with our services. - -### Install Fail2Ban - -```bash -sudo apt install -y fail2ban -``` - -### Configure Fail2Ban for SSH - -Create a custom SSH jail configuration: - -```bash -sudo nano /etc/fail2ban/jail.d/ssh.conf -``` - -Add the following content: - -``` -[sshd] -enabled = true -port = ssh -filter = sshd -logpath = /var/log/auth.log -maxretry = 3 -bantime = 86400 -``` - -### Configure Fail2Ban for Nginx - -Create a custom Nginx jail configuration: - -```bash -sudo nano /etc/fail2ban/jail.d/nginx.conf -``` - -Add the following content: - -``` -[nginx-http-auth] -enabled = true -filter = nginx-http-auth -port = http,https -logpath = /var/log/nginx/error.log -maxretry = 5 -bantime = 86400 - -[nginx-badbots] -enabled = true -filter = nginx-badbots -port = http,https -logpath = /var/log/nginx/access.log -maxretry = 2 -bantime = 86400 - -[nginx-botsearch] -enabled = true -filter = nginx-botsearch -port = http,https -logpath = /var/log/nginx/access.log -maxretry = 2 -bantime = 86400 -``` - -### Restart Fail2Ban - -```bash -sudo systemctl restart fail2ban -``` - -### Check Fail2Ban Status - -```bash -sudo fail2ban-client status -``` - -## Email Alerting Setup - -Let's configure email alerting for our monitoring system. - -### Configure Postfix for Email Relay - -Install Postfix for email sending: - -```bash -sudo apt install -y postfix mailutils -``` - -During installation, select "Internet Site" and enter your domain name. - -Edit the Postfix configuration: - -```bash -sudo nano /etc/postfix/main.cf -``` - -Update the following settings: - -``` -myhostname = yourdomain.com -mydomain = yourdomain.com -myorigin = $mydomain -relayhost = [smtp.gmail.com]:587 -smtp_use_tls = yes -smtp_sasl_auth_enable = yes -smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd -smtp_sasl_security_options = noanonymous -smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt -``` - -Create the SASL password file: - -```bash -sudo nano /etc/postfix/sasl_passwd -``` - -Add your Gmail credentials: - -``` -[smtp.gmail.com]:587 your-email@gmail.com:your-app-password -``` - -Generate the hash database and set permissions: - -```bash -sudo postmap /etc/postfix/sasl_passwd -sudo chmod 600 /etc/postfix/sasl_passwd -sudo chmod 600 /etc/postfix/sasl_passwd.db -``` - -Restart Postfix: - -```bash -sudo systemctl restart postfix -``` - -Test email sending: - -```bash -echo "Test email from your home server" | mail -s "Test Alert" your-email@example.com -``` - -### Update Alert Manager Configuration - -Update the Alert Manager configuration to use the local mail relay: - -```bash -nano ~/docker/monitoring/alertmanager/config/alertmanager.yml -``` - -Update the email configuration: - -```yaml -global: - resolve_timeout: 5m - smtp_smarthost: 'localhost:25' - smtp_from: 'alerts@yourdomain.com' - smtp_require_tls: false - -# Rest of the configuration remains the same -``` - -Restart Alert Manager: - -```bash -cd ~/docker/monitoring -docker-compose restart alertmanager -``` - -## Slack Alerting Setup - -Let's configure Slack alerting for our monitoring system. - -### Create a Slack Webhook - -1. Go to your Slack workspace -2. Create a new channel for alerts (e.g., #server-alerts) -3. Go to https://api.slack.com/apps and create a new app -4. Enable "Incoming Webhooks" for your app -5. Create a new webhook URL for your alerts channel -6. Copy the webhook URL - -### Update Alert Manager Configuration - -Update the Alert Manager configuration to use the Slack webhook: - -```bash -nano ~/docker/monitoring/alertmanager/config/alertmanager.yml -``` - -Ensure the Slack configuration is properly set: - -```yaml -receivers: - - name: 'slack-notifications' - slack_configs: - - api_url: 'https://hooks.slack.com/services/YOUR/SLACK/WEBHOOK' - channel: '#server-alerts' - send_resolved: true - title: "{{ .GroupLabels.alertname }}" - text: "{{ range .Alerts }}{{ .Annotations.description }}\n{{ end }}" -``` - -Replace `'https://hooks.slack.com/services/YOUR/SLACK/WEBHOOK'` with your actual webhook URL. - -Restart Alert Manager: - -```bash -cd ~/docker/monitoring -docker-compose restart alertmanager -``` - -## Docker Profiles Configuration - -Docker Compose profiles allow you to selectively start services. Let's organize our services into logical profiles. - -### Update Docker Compose Files - -We've already added profile configurations to our Docker Compose files. Let's create a script to manage them all: - -```bash -nano ~/docker/manage-services.sh -``` - -Add the following content: - -```bash -#!/bin/bash - -# Script to manage Docker Compose services using profiles - -# Function to display usage -usage() { - echo "Usage: $0 [command] [profile]" - echo "Commands:" - echo " start - Start services with the specified profile" - echo " stop - Stop services with the specified profile" - echo " restart - Restart services with the specified profile" - echo " status - Show status of all services" - echo "Profiles:" - echo " all - All services" - echo " proxy - Nginx Proxy Manager and Authelia" - echo " auth - Authelia only" - echo " monitoring - Prometheus, Grafana, and Alert Manager" - echo " logging - Loki and Promtail" - echo " security - Security-related services" - exit 1 -} - -# Check if command is provided -if [ $# -lt 1 ]; then - usage -fi - -COMMAND=$1 -PROFILE=$2 - -# Function to start services -start_services() { - case $1 in - all) - echo "Starting all services..." - cd ~/docker/nginx-proxy-manager && docker-compose --profile proxy up -d - cd ~/docker/authelia && docker-compose --profile auth up -d - cd ~/docker/monitoring && docker-compose --profile monitoring up -d - cd ~/docker/logging && docker-compose --profile logging up -d - ;; - proxy) - echo "Starting proxy services..." - cd ~/docker/nginx-proxy-manager && docker-compose --profile proxy up -d - ;; - auth) - echo "Starting authentication services..." - cd ~/docker/authelia && docker-compose --profile auth up -d - ;; - monitoring) - echo "Starting monitoring services..." - cd ~/docker/monitoring && docker-compose --profile monitoring up -d - ;; - logging) - echo "Starting logging services..." - cd ~/docker/logging && docker-compose --profile logging up -d - ;; - security) - echo "Starting security services..." - # Add security services here when available - ;; - *) - echo "Unknown profile: $1" - usage - ;; - esac -} - -# Function to stop services -stop_services() { - case $1 in - all) - echo "Stopping all services..." - cd ~/docker/logging && docker-compose --profile logging down - cd ~/docker/monitoring && docker-compose --profile monitoring down - cd ~/docker/authelia && docker-compose --profile auth down - cd ~/docker/nginx-proxy-manager && docker-compose --profile proxy down - ;; - proxy) - echo "Stopping proxy services..." - cd ~/docker/nginx-proxy-manager && docker-compose --profile proxy down - ;; - auth) - echo "Stopping authentication services..." - cd ~/docker/authelia && docker-compose --profile auth down - ;; - monitoring) - echo "Stopping monitoring services..." - cd ~/docker/monitoring && docker-compose --profile monitoring down - ;; - logging) - echo "Stopping logging services..." - cd ~/docker/logging && docker-compose --profile logging down - ;; - security) - echo "Stopping security services..." - # Add security services here when available - ;; - *) - echo "Unknown profile: $1" - usage - ;; - esac -} - -# Function to restart services -restart_services() { - stop_services $1 - start_services $1 -} - -# Function to show status -show_status() { - echo "Docker containers status:" - docker ps --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}" -} - -# Execute command -case $COMMAND in - start) - if [ -z "$PROFILE" ]; then - echo "Error: Profile not specified" - usage - fi - start_services $PROFILE - ;; - stop) - if [ -z "$PROFILE" ]; then - echo "Error: Profile not specified" - usage - fi - stop_services $PROFILE - ;; - restart) - if [ -z "$PROFILE" ]; then - echo "Error: Profile not specified" - usage - fi - restart_services $PROFILE - ;; - status) - show_status - ;; - *) - echo "Unknown command: $COMMAND" - usage - ;; -esac - -exit 0 -``` - -Make the script executable: - -```bash -chmod +x ~/docker/manage-services.sh -``` - -### Using the Service Management Script - -Start all services: - -```bash -~/docker/manage-services.sh start all -``` - -Start only monitoring services: - -```bash -~/docker/manage-services.sh start monitoring -``` - -Check the status of all services: - -```bash -~/docker/manage-services.sh status -``` - -## Security Monitoring Dashboard - -Let's create a security monitoring dashboard in Grafana to visualize security events. - -### Create Security Dashboard Configuration - -```bash -mkdir -p ~/docker/monitoring/grafana/dashboards -nano ~/docker/monitoring/grafana/dashboards/security-dashboard.json -``` - -Add the following content: - -```json -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": 10, - "links": [], - "panels": [ - { - "alert": { - "alertRuleTags": {}, - "conditions": [ - { - "evaluator": { - "params": [ - 10 - ], - "type": "gt" - }, - "operator": { - "type": "and" - }, - "query": { - "params": [ - "A", - "5m", - "now" - ] - }, - "reducer": { - "params": [], - "type": "avg" - }, - "type": "query" - } - ], - "executionErrorState": "alerting", - "for": "5m", - "frequency": "1m", - "handler": 1, - "name": "Failed SSH Logins", - "noDataState": "no_data", - "notifications": [] - }, - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Loki", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 0 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.4.0", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(count_over_time({job=\"varlogs\"} |~ \"Failed password for.*sshd\" [1m]))", - "legendFormat": "Failed SSH Logins", - "refId": "A" - } - ], - "thresholds": [ - { - "colorMode": "critical", - "fill": true, - "line": true, - "op": "gt", - "value": 10, - "visible": true - } - ], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Failed SSH Logins", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "datasource": "Loki", - "fieldConfig": { - "defaults": { - "custom": { - "align": null, - "filterable": false - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 0 - }, - "id": 4, - "options": { - "showHeader": true, - "sortBy": [ - { - "desc": true, - "displayName": "Time" - } - ] - }, - "pluginVersion": "7.4.0", - "targets": [ - { - "expr": "{job=\"varlogs\"} |~ \"Failed password for.*sshd\" | line_format \"{{.message}}\"", - "legendFormat": "", - "refId": "A" - } - ], - "timeFrom": null, - "timeShift": null, - "title": "Recent Failed SSH Logins", - "type": "table" - }, - { - "alert": { - "alertRuleTags": {}, - "conditions": [ - { - "evaluator": { - "params": [ - 5 - ], - "type": "gt" - }, - "operator": { - "type": "and" - }, - "query": { - "params": [ - "A", - "5m", - "now" - ] - }, - "reducer": { - "params": [], - "type": "avg" - }, - "type": "query" - } - ], - "executionErrorState": "alerting", - "for": "5m", - "frequency": "1m", - "handler": 1, - "name": "HTTP 403/404 Errors", - "noDataState": "no_data", - "notifications": [] - }, - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Loki", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 8 - }, - "hiddenSeries": false, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.4.0", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(count_over_time({job=\"nginx\"} |~ \"HTTP/1.1\\\" (403|404)\" [1m]))", - "legendFormat": "HTTP 403/404 Errors", - "refId": "A" - } - ], - "thresholds": [ - { - "colorMode": "critical", - "fill": true, - "line": true, - "op": "gt", - "value": 5, - "visible": true - } - ], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "HTTP 403/404 Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "datasource": "Loki", - "fieldConfig": { - "defaults": { - "custom": { - "align": null, - "filterable": false - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 8 - }, - "id": 8, - "options": { - "showHeader": true, - "sortBy": [ - { - "desc": true, - "displayName": "Time" - } - ] - }, - "pluginVersion": "7.4.0", - "targets": [ - { - "expr": "{job=\"nginx\"} |~ \"HTTP/1.1\\\" (403|404)\" | line_format \"{{.message}}\"", - "legendFormat": "", - "refId": "A" - } - ], - "timeFrom": null, - "timeShift": null, - "title": "Recent HTTP 403/404 Errors", - "type": "table" - } - ], - "refresh": "10s", - "schemaVersion": 27, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": {}, - "timezone": "", - "title": "Security Dashboard", - "uid": "security", - "version": 1 -} -``` - -### Update Grafana Configuration - -To automatically load the dashboard, update the Grafana Docker Compose configuration: - -```bash -nano ~/docker/monitoring/docker-compose.yml -``` - -Add a volume for the dashboards: - -```yaml -grafana: - image: grafana/grafana:latest - container_name: grafana - restart: unless-stopped - volumes: - - grafana_data:/var/lib/grafana - - ./grafana/dashboards:/var/lib/grafana/dashboards # Add this line - environment: - - GF_SECURITY_ADMIN_USER=admin - - GF_SECURITY_ADMIN_PASSWORD=secure_password - - GF_USERS_ALLOW_SIGN_UP=false - - GF_DASHBOARDS_DEFAULT_HOME_DASHBOARD_PATH=/var/lib/grafana/dashboards/security-dashboard.json # Add this line - ports: - - "3000:3000" - networks: - - proxy - profiles: - - monitoring -``` - -Restart Grafana: - -```bash -cd ~/docker/monitoring -docker-compose restart grafana -``` - -## System Backup Script - -Let's create a script to back up your important configuration files: - -```bash -nano ~/docker/backup-configs.sh -``` - -Add the following content: - -```bash -#!/bin/bash - -# Script to back up important configuration files - -# Backup directory -BACKUP_DIR="/home/ubuntu/backups" -TIMESTAMP=$(date +"%Y%m%d-%H%M%S") -BACKUP_FILE="$BACKUP_DIR/homeserver-backup-$TIMESTAMP.tar.gz" - -# Create backup directory if it doesn't exist -mkdir -p "$BACKUP_DIR" - -# Log file -LOG_FILE="$BACKUP_DIR/backup-$TIMESTAMP.log" - -# Log function -log() { - echo "$(date): $1" | tee -a "$LOG_FILE" -} - -log "Starting backup process" - -# Directories to back up -DIRS_TO_BACKUP=( - "/home/ubuntu/docker/nginx-proxy-manager/data" - "/home/ubuntu/docker/authelia/config" - "/home/ubuntu/docker/monitoring/prometheus/config" - "/home/ubuntu/docker/monitoring/alertmanager/config" - "/home/ubuntu/docker/logging/loki/config" - "/home/ubuntu/docker/logging/promtail/config" - "/home/ubuntu/docker/security" - "/etc/fail2ban" -) - -# Create temporary directory -TEMP_DIR=$(mktemp -d) -log "Created temporary directory: $TEMP_DIR" - -# Copy files to temporary directory -for DIR in "${DIRS_TO_BACKUP[@]}"; do - if [ -d "$DIR" ]; then - TARGET_DIR="$TEMP_DIR$(dirname "$DIR")" - mkdir -p "$TARGET_DIR" - cp -r "$DIR" "$TARGET_DIR" - log "Copied $DIR to $TARGET_DIR" - else - log "Warning: Directory $DIR does not exist, skipping" - fi -done - -# Create tar archive -tar -czf "$BACKUP_FILE" -C "$TEMP_DIR" . -log "Created backup archive: $BACKUP_FILE" - -# Clean up temporary directory -rm -rf "$TEMP_DIR" -log "Cleaned up temporary directory" - -# Keep only the 5 most recent backups -ls -t "$BACKUP_DIR"/homeserver-backup-*.tar.gz | tail -n +6 | xargs -r rm -log "Removed old backups, keeping the 5 most recent" - -# Send email notification -if command -v mail &>/dev/null; then - echo "Home server backup completed. Backup file: $BACKUP_FILE" | mail -s "Home Server Backup Completed" your-email@example.com - log "Sent email notification" -fi - -log "Backup process completed successfully" - -exit 0 -``` - -Make the script executable: - -```bash -chmod +x ~/docker/backup-configs.sh -``` - -Set up a cron job to run the backup script weekly: - -```bash -crontab -e -``` - -Add the following line: - -``` -0 2 * * 0 /home/ubuntu/docker/backup-configs.sh -``` - -## Next Steps - -You have now completed the setup of a comprehensive home server with: - -- Secure access through Nginx Proxy Manager and Authelia -- Monitoring with Prometheus and Grafana -- Logging with Loki and Promtail -- Security features including Tor exit node blocking -- Alerting via email and Slack -- Docker profiles for service organization - -To further enhance your home server, consider: - -1. Setting up additional services like Nextcloud for file storage -2. Implementing a VPN server for secure remote access -3. Adding a media server like Plex or Jellyfin -4. Setting up home automation with Home Assistant -5. Implementing regular security audits and updates - -Remember to regularly update your system and Docker containers to ensure you have the latest security patches. diff --git a/docs/README.md b/docs/README.md deleted file mode 100644 index 795b050..0000000 --- a/docs/README.md +++ /dev/null @@ -1,49 +0,0 @@ -# Home Server Setup Guide - -This comprehensive guide will help you set up a secure and monitored home server using Ubuntu Server. The guide covers the following components: - -## Components - -1. **Nginx Proxy Manager with Authelia** - - Secure access to your services with a reverse proxy - - Single sign-on and multi-factor authentication - -2. **Monitoring Stack** - - Prometheus for metrics collection - - Grafana for visualization - - Alert Manager for notifications - -3. **Logging Stack** - - Loki for log aggregation - - Promtail for log collection - - Log visualization in Grafana - -4. **Security Features** - - Automatic Tor users blocking - - Email and Slack alerting - - Docker profiles for service isolation - -## Prerequisites - -- Ubuntu Server (fresh installation) -- Docker and Docker Compose installed -- SSH access configured -- Static WAN IP address -- Router with ports 80 and 443 forwarded to your server - -## Directory Structure - -- `/docs` - Documentation for each component -- `/config` - Configuration files and templates -- `/scripts` - Helper scripts for setup and maintenance -- `/website` - Website files for documentation presentation - -## Getting Started - -Follow the guides in order for the best experience: - -1. [Introduction and Network Setup](./01-introduction.md) -2. [Nginx Proxy Manager and Authelia Setup](./02-nginx-authelia.md) -3. [Prometheus and Grafana Monitoring](./03-prometheus-grafana.md) -4. [Loki and Promtail Logging](./04-loki-promtail.md) -5. [Security and Alerting](./05-security-alerting.md) diff --git a/website/docs/external-resources.html b/docs/external-resources.html similarity index 100% rename from website/docs/external-resources.html rename to docs/external-resources.html diff --git a/docs/external-resources.md b/docs/external-resources.md deleted file mode 100644 index 40616c5..0000000 --- a/docs/external-resources.md +++ /dev/null @@ -1,115 +0,0 @@ -# External Resources - -This document provides links to official documentation and useful resources for all components used in the Home Server Setup Guide. - -## Ubuntu Server - -- [Ubuntu Server Documentation](https://ubuntu.com/server/docs) -- [Ubuntu Server Installation Guide](https://ubuntu.com/tutorials/install-ubuntu-server) -- [Ubuntu Security Guide](https://ubuntu.com/security/documentation) - -## Docker & Docker Compose - -- [Docker Documentation](https://docs.docker.com/) -- [Docker Compose Documentation](https://docs.docker.com/compose/) -- [Docker Hub](https://hub.docker.com/) -- [Docker Best Practices](https://docs.docker.com/develop/develop-images/dockerfile_best-practices/) - -## Nginx Proxy Manager - -- [Nginx Proxy Manager Official Website](https://nginxproxymanager.com/) -- [Nginx Proxy Manager Documentation](https://nginxproxymanager.com/guide/) -- [Nginx Proxy Manager GitHub Repository](https://github.com/NginxProxyManager/nginx-proxy-manager) -- [Nginx Documentation](https://nginx.org/en/docs/) - -## Authelia - -- [Authelia Official Website](https://www.authelia.com/) -- [Authelia Documentation](https://www.authelia.com/docs/) -- [Authelia GitHub Repository](https://github.com/authelia/authelia) -- [Authelia Configuration Examples](https://www.authelia.com/configuration/prologue/introduction/) -- [Authelia Integration Examples](https://www.authelia.com/integration/proxies/nginx/) - -## Prometheus - -- [Prometheus Official Website](https://prometheus.io/) -- [Prometheus Documentation](https://prometheus.io/docs/introduction/overview/) -- [Prometheus GitHub Repository](https://github.com/prometheus/prometheus) -- [PromQL Query Language](https://prometheus.io/docs/prometheus/latest/querying/basics/) -- [Prometheus Alert Rules](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) - -## Grafana - -- [Grafana Official Website](https://grafana.com/) -- [Grafana Documentation](https://grafana.com/docs/grafana/latest/) -- [Grafana GitHub Repository](https://github.com/grafana/grafana) -- [Grafana Dashboard Gallery](https://grafana.com/grafana/dashboards/) -- [Grafana Alerting](https://grafana.com/docs/grafana/latest/alerting/) - -## Alert Manager - -- [Alert Manager Documentation](https://prometheus.io/docs/alerting/latest/alertmanager/) -- [Alert Manager GitHub Repository](https://github.com/prometheus/alertmanager) -- [Alert Manager Configuration](https://prometheus.io/docs/alerting/latest/configuration/) - -## Loki - -- [Loki Official Website](https://grafana.com/oss/loki/) -- [Loki Documentation](https://grafana.com/docs/loki/latest/) -- [Loki GitHub Repository](https://github.com/grafana/loki) -- [LogQL Query Language](https://grafana.com/docs/loki/latest/logql/) - -## Promtail - -- [Promtail Documentation](https://grafana.com/docs/loki/latest/clients/promtail/) -- [Promtail GitHub Repository](https://github.com/grafana/loki/tree/main/clients/pkg/promtail) -- [Promtail Configuration](https://grafana.com/docs/loki/latest/clients/promtail/configuration/) - -## Security Tools - -- [Fail2Ban Documentation](https://www.fail2ban.org/wiki/index.php/Main_Page) -- [Fail2Ban GitHub Repository](https://github.com/fail2ban/fail2ban) -- [IPTables Documentation](https://netfilter.org/documentation/) -- [IPSet Documentation](https://ipset.netfilter.org/) -- [Tor Project](https://www.torproject.org/) -- [Tor Exit Node List](https://check.torproject.org/exit-addresses) - -## Email & Notification Services - -- [Postfix Documentation](http://www.postfix.org/documentation.html) -- [Gmail SMTP Setup](https://support.google.com/a/answer/176600) -- [Slack API Documentation](https://api.slack.com/messaging/webhooks) - -## SSL/TLS & Domain Management - -- [Let's Encrypt](https://letsencrypt.org/docs/) -- [Certbot Documentation](https://certbot.eff.org/docs/) -- [DNS Configuration Guide](https://www.cloudflare.com/learning/dns/dns-records/) -- [Cloudflare DNS](https://developers.cloudflare.com/dns/) - -## Networking - -- [Port Forwarding Guide](https://portforward.com/) -- [Netplan Documentation](https://netplan.io/reference) -- [UFW Firewall Guide](https://help.ubuntu.com/community/UFW) - -## Monitoring & Dashboard Templates - -- [Node Exporter Full Dashboard](https://grafana.com/grafana/dashboards/1860-node-exporter-full/) -- [Docker Monitoring Dashboard](https://grafana.com/grafana/dashboards/893-docker-and-system-monitoring/) -- [Loki Dashboard](https://grafana.com/grafana/dashboards/13639-loki-dashboard/) - -## Tutorials & Guides - -- [Self-Hosted Home Server Guide](https://www.smarthomebeginner.com/docker-home-media-server-2022/) -- [Traefik with Authelia Guide](https://www.smarthomebeginner.com/traefik-forward-auth-google-oauth-2022/) -- [Prometheus Monitoring Guide](https://grafana.com/tutorials/grafana-prometheus-tutorial/) -- [Loki Logging Guide](https://grafana.com/docs/loki/latest/getting-started/) - -## Communities & Forums - -- [r/selfhosted Subreddit](https://www.reddit.com/r/selfhosted/) -- [r/homelab Subreddit](https://www.reddit.com/r/homelab/) -- [Docker Community Forums](https://forums.docker.com/) -- [Ubuntu Forums](https://ubuntuforums.org/) -- [Stack Overflow](https://stackoverflow.com/questions/tagged/docker) diff --git a/website/images/server-diagram.svg b/images/server-diagram.svg similarity index 100% rename from website/images/server-diagram.svg rename to images/server-diagram.svg diff --git a/website/index.html b/index.html similarity index 99% rename from website/index.html rename to index.html index 7fc1e93..c4101a7 100644 --- a/website/index.html +++ b/index.html @@ -36,7 +36,7 @@
The setup includes reverse proxy with authentication, comprehensive monitoring, centralized logging, and security features to protect your services from threats.
+