[Development Discussion] Minstall Server Management Script
Hey all,
It's been quite a while since I've posted on (or even visited) LowEndTalk (unfortunately).
I've been slowly working on the next stage in Minstall's development and figured that the wonderful people of LowEndTalk might have some feedback or suggestions on the script and the direction I take it in.
Some things I've been working on:
+ Debian 7 Support
+ Rehashing Ubuntu 12.04 Support (While it does work, it is a hack)
+ CentOS 6.x Support (Coming Along Nicely!)
+ Modules for NodeJS, Python, MariaDB, PostgreSQL, Ruby (And Ruby On Rails), Fail2Ban, LogWatch, sudo (Finally!), Unattended Upgrades
+ Repositories for MariaDB, PostgreSQL, Plex Media Server, NodeJS & many general fixes/updates to the repos.
+ An Experimental Automated Host Configuration Creation/Update/Removal Script (Source Here: http://www.github.com/maxexcloo/Snippets-Server/blob/master/daemon-http.sh)
+ Assorted General Server Scripts (Source Here: http://www.github.com/maxexcloo/Snippets-Server)
+ Cleaning Up The Management Scripts
+ A General Cleanup Of Code
Things I will be working on before the final release (which is a while away):
+ Documentation. This is the main issue I've seen and I would like to rectify it.
+ More documentation.
+ Some form of automated benchmarking script (maybe work with @serverbear to implement his system, it's awesome!)
+ Some form of web based configuration generator.
+ More KISS principle!
+ Option to automatically create MySQL users when adding users (thanks @Mon5t3r!)
As usual everything can be found on GitHub (http://www.github.com/KnightSwarm/Minstall) (the current code is very much in development and it probably won't work/blow up your server).
Finally, if anyone wants to commit to the Minstall codebase I'd very much love to have other people working with me! If you're interested (even if you just want to fix tiny bugs) message me on Skype (maxexcloo) or contact me via the email address on my website (www.excloo.com).
Comments
damn, i really miss "that thing" button.
don't forget to add auto mysql user creation
Added to the todo list
Hey Max! Nice seeing you back here!
As a huge fan of your work I'd just like to say thanks for making our lives so much easier! Nothing has come up for the moment (atleast on my side) but I'll definitely let you know if anything comes to mind!
Huge fan of your work. Have been using your script on many projects.
@maxexcloo
Great to see NodeJS. I assume it will have something like Forever implemented then ?
I would like to see Redis added please.
Admin for SFTP-Only user creation, chrooted etc, too.
Can you elaborate? My NodeJS implementation so far is honestly really simple, I'm pretty much adding a NodeJS repo and installing the package (node and npm).
EDIT: It appears forever can be installed via npm which is installed by the nodejs module, is that what you need?
I can probably add a Redis installer but management might be a bit harder (PostgreSQL is in this boat too).
I get what you mean but more elaboration would be great
Thanks for the support guys
If anyone wants to help in any way other than code or testing feel free to PM ideas, if you want stuff tested on your platform I can probably manage that, donations are welcome too, whether test servers or money (I'll
you either way though :P).
This article is old @maxexcloo but a handy overview :
http://blog.nodejitsu.com/keep-a-nodejs-server-up-with-forever
Basically, NodeJS does not restart an app if it crashes or the server restarts. So it requires something to monitor it, like Forever.
https://github.com/nodejitsu/forever
Even just a Redis installer is cool.
Also need > Nginx 1.3.13 for WebSocket support.
Just a configuration option :
1. Add user ?
2. SFTP-Only ?
3. Chroot to home dir ?
Perhaps use SSH-Groups also ?
Only users added to SSH-Access or SFTP-Only-Access groups can log-in. So apps etc can have their own user accounts.
Yes.
I'm no longer a coder but perhaps I can be of help when it comes to documentation.
This. I'm such a fanboy when it comes to Minstall. I swear by it. Let me know if there's ever anything I, or we at Catalyst, can do for you.
I saw your LowEndGuide post on Minstall and it prompted me into coming back to LET to make this thread
If you ever want to help documenting just say, I could use a hand!
Thanks for the support and the offer! If you ever want to contact me feel free to add me on Skype
For documentation, https://readthedocs.org/ is useful.
An example :
http://unofficial-google-music-api.readthedocs.org
minstall.readthedocs.orgminstall.rtfd.orgRedis is available in DotDeb on Debian based systems so an installer should be simple to create. Will do!
Nginx support is dependent on the repositories I base on and so far it looks like DotDeb doesn't support nginx so I won't be able to do anything about that for now unfortunately...
1. Add user ?
2. SFTP-Only ?
3. Chroot to home dir ?
Perhaps use SSH-Groups also ?
Only users added to SSH-Access or SFTP-Only-Access groups can log-in. So apps etc can have their own user accounts.
I'll need to look into this in more detail.
I've created an account and registered the project but will need to learn how the system works before I begin using it.
Alright, it looks like SFTP Only accounts are very easy to setup!
Here are the instructions (pretty much for my reference when I implement it):
http://www.debian-administration.org/articles/94
Chrooted SFTP also looks fairly standard to implement:
http://www.thegeekstuff.com/2012/03/chroot-sftp-setup/
@bnmkl, if I implement both these options would that be OK or am I missing something?
If you ever want to help documenting just say, I could use a hand!
I'll add you on skype and I'm sure we can work something out.
Glad if I can be of service.
Yes. That is great @maxexcloo.
Using the current Minstall, I have edited
/etc/ssh/sshd_config:HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key Protocol 2 Subsystem sftp /usr/lib/openssh/sftp-server -u 0007 ChallengeResponseAuthentication no PermitRootLogin no UsePAM yes UsePrivilegeSeparation yes Port xxxxx AllowGroups ssh-access sftp-only-access Match Group sftp-only-access ChrootDirectory /home ForceCommand internal-sftp AllowTcpForwarding noThen added those groups.
It would be nice to
chrootsftp-only-access users to their home directories by replacing/homewith%h. But I found other users can view the first level of their home directory when doing it that way.Could have a set SSH port option in the configure module too ?
-
Shame about Nginx. But like you suggest, it is only a matter of time. That version is still very new.
-
Awesome, the next generation of Minstall.
Better documentation please on how to install and usage.
I've pushed out some changes, feel free to have a look here if you want to follow: http://www.github.com/KnightSwarm/Minstall/commits/
Some news: It looks like I'll be dropping the preliminary CentOS support unless someone wants to sponsor the development, it's simply not very exciting to work around all the differences between Debian based systems and RHEL based systems![:\](https://lowendtalk.com/resources/emoji/confused.png ":\")
The ability to use some modules would be nice, like nginx's mp4 module.
I'll probably do something along the lines of custom package support for modular services such as nginx or php
@maxexcloo I personally would like to see centos support, what do you need?
i use debian
It would be great to have the option to install Apache with Nginx as a reverse proxy. These days many LEBs have 256MB or 512MB ram. Not having to deal with changing rewrite rules sometimes is nice....
The problem with CentOS support is CentOS names everything differently. This means that the script needs a billion if statements to even slightly work. Honestly the only way I'd support CentOS is if someone paid me or offered me a very good reason/incentive to do it.
I'm not actually too familiar with Apache and not so sure on this one, convince me :P
Mostly from my own laziness
. Most things support apache out of the box, especially the rewrite rules. There have been a few times I need to figure out how to make everything work on nginx. It's not that bad, but I'd rather avoid these type of hassles if possible so I tend to just use apache. But I still want to take advantage of nginx and let it handle the static files as a reverse proxy....
Maybe some option for enabling IPv6 for IPv6 enabled vps for the Nginx like this :
Site config
server { listen 80; listen [::]:80; server_name domainname; ....Default config
server { listen 80 default_server; listen [::]:80 default ipv6only=on; server_name localhost; ....Previously, if we use the IPv6 pointed to our domain/sub domain, and the visitor accessing out site via IPv6, they will see the default Nginx page.
But if we add the above code in the Nginx config, they will see the correct page
@maxexcloo Thank you for your great script. I always use it for my VPSs
The new one is very interesting. Please add the document because the READ.ME is not enough.
Add support for installing caching programs. like enable caching in nginx and maybe also varnish
Minstall already has the option to enable Nginx caching @jcaleb.
Yes, Varnish would be good too