The kasad.com Server
The server for kasad.com is a VPS hosted by Vultr. It costs $5/month. It's a pretty low-spec VPS, but that's what keeps it cheap.
Specs/information
| Property | Value |
|---|---|
| OS | GNU/Linux |
| Distribution | Debian 11 (bullseye) |
| Vultr VPS type | Regular Cloud Compute |
| Price (monthly) | US$5.00 |
| CPU cores | 1 |
| Architecture | x86_64 |
| RAM | 1 GB |
| Storage | 25 GB |
| IP Address allocation | static (via DHCP) |
| IPv4 Address | 140.82.7.10 |
| IPv6 Address | 2001:19f0:5:46cc:5400:2ff:fed9:9eba |
| Bandwidth (monthly) | 1 TB |
Services
The kasad.com server runs:
- NGINX webserver / reverse proxy
- Git server
- CGit web frontend for Git
- Nextcloud
- PHP-FPM
- MariaDB (MySQL)
- WireGuard VPN
- Mail server
- Postfix
- Dovecot
- SpamAssassin
- dkimpy-milter
- Syncthing discovery server
- Syncthing relay server
- SSH server
Logging/Monitoring
Currently, the logging and especially log monitoring capabilities on the kasad.com server are lackluster. Logging settings have not been changed for most processes. Some log to syslog/systemd-journal while others write logs in /var/log/.
Network Traffic Accounting
Network traffic accounting is handled relatively well. The server uses vnStat 2.6 to aggregate network traffic for each interface.
A very simple web frontend (that I wrote) is available for vnStat.
Remote Access (SSH)
Remote access into the kasad.com server is done using SSH. The server runs OpenSSH 8.4.
Password authentication is disabled. Public-key authentication is required to log in. Logging in as root is disabled, as well as for several mail-only accounts.
One possible security enhancement would be to enforce two-factor authentication when logging in via SSH. However, this is risky because losing the second factor means locking yourself out of the server.
Vultr Web Console
It's also possible to log in using a username/password from the Vultr website, which provides a web interface to the TTY.
No Comments