This commit is contained in:
parent
a217196439
commit
dd8d989c3e
GPG Key ID:
E9B4156C1659C079
@ -37,12 +37,13 @@ IP address tables
|
||||
|wiki.burble.dn42|172.20.129.6|fd42:4242:2601:ac81::1|DN42 Wiki Mirror|
|
||||
|rproxy.burble.dn42|172.20.129.7|fd42:4242:2601:acf0::1|Distributed NGINX Reverse Proxy|
|
||||
|whois.burble.dn42|172.20.129.8|fd42:4242:2601:ac43::1|Whois service|
|
||||
| |_172.20.129.10-19_| |_Unallocated_|
|
||||
|voip.burble.dn42|172.20.129.9|fd42:4242:2601:37:216:3eff:fe8f:6211|Asterisk VOIP Service|
|
||||
|shell.burble.dn42|172.20.129.10|fd42:4242:2601:ac22::1|Shell service|
|
||||
| |_172.20.129.11-19_| |_Unallocated_|
|
||||
||172.20.129.20/30|_n/a_|[Dialup Service](/retro/modem/) endpoints|
|
||||
| |_172.20.129.24-26_| |_Unallocated_|
|
||||
|shell.us-lax1.burble.dn42|172.20.129.27|fd42:4242:2601:100a:216:3eff:fe5c:30b2|us-lax1 shell service|
|
||||
|shell.fr-par1.burble.dn42|172.20.129.28|fd42:4242:2601:1017:216:3eff:fe01:2f1f|fr-par1 shell service|
|
||||
|shell.fr-nte2.burble.dn42|172.20.129.29|fd42:4242:2601:1004:fc13:b592:53b0:8ff4|fr-nte2 shell service|
|
||||
|shell.ca-bhs2.burble.dn42|172.20.129.30|fd42:4242:2601:100d:216:3eff:fed7:2ceb|ca-bhs2 shell service|
|
||||
||172.20.129.31||*unassigned*|
|
||||
|
||||
|
||||
@ -79,7 +79,7 @@ Forwarding is provided by the recursive service, dns.burble.dn42.*
|
||||
| dns.burble.dn42<br/>b.recursive-servers.dn42| 172.20.129.2<br/>fd42:4242:2601:ac53::53 |
|
||||
|
||||
dns.burble.dn42 is a caching, recursive DNS service that returns results for both DN42
|
||||
and clearnet domains. The service issues parallel queries from five regional masters, the
|
||||
and clearnet domains. The service issues parallel queries from regional masters, the
|
||||
recursive service takes advantage of the burble.dn42 global scale to reduce latency and
|
||||
avoid local connectivity problems.
|
||||
|
||||
@ -171,7 +171,7 @@ Clearnet queries are forwarded on the edge nodes to a combination of
|
||||
Google and Cloudflare services.
|
||||
|
||||
The edge services are monitored and anycast routes automatically injected (or
|
||||
removed) using [GoBGP](https://github.com/osrg/gobgp) and a health checking script.
|
||||
removed) with a health checking script.
|
||||
|
||||
### dns-slave
|
||||
|
||||
@ -179,6 +179,7 @@ removed) using [GoBGP](https://github.com/osrg/gobgp) and a health checking scri
|
||||
|:--|:--|:--|
|
||||
| Europe | dns-slave.de-fra1.burble.dn42 | PHP Friends, Frankfurt, Germany |
|
||||
| Americas (East) | dns-slave.ca-bhs2.burble.dn42 | OVH, Beauharnois, Canada |
|
||||
| Americas (West) | dns-slave.us-lax1.burble.dn42 | Alvin Servers, Los Angeles, USA |
|
||||
|
||||
The slave nodes are implemented using [PowerDNS](https://www.powerdns.com/).
|
||||
|
||||
|
||||
@ -22,16 +22,6 @@ As well as a reverse proxy, nginx also provides:
|
||||
- A local page cache to act as a poor man's CDN
|
||||
- Static content server
|
||||
|
||||
## n8n.burble.dn42
|
||||
|
||||
[n8n](https://n8n.io) is used to provide an automation and workflow service.
|
||||
|
||||
As an example, n8n is used to update [dn42regsrv](https://explorer.burble.com)
|
||||
and [ROA tables](/services/public#ROA Tables) when the
|
||||
[registry](https://git.dn42.dev) changes.
|
||||
|
||||
|
||||
|
||||
## vault.burble.dn42
|
||||
|
||||
[Hashicorp Vault](https://www.vaultproject.io/) is used to handle secrets
|
||||
|
||||
@ -6,10 +6,12 @@ weight: 60
|
||||
burble.dn42 provides shell accounts on the following servers:
|
||||
|
||||
- shell.fr-par1.burble.dn42
|
||||
- shell.fr-nte2.burble.dn42 (hosted at [IXP frnte](https://dn42.dev/services/IXP-frnte))
|
||||
- shell.ca-bhs2.burble.dn42
|
||||
- shell.us-lax1.burble.dn42
|
||||
|
||||
There is also an anycast address [shell.burble.dn42](https://shell.burble.dn42)
|
||||
that will route to the closest server.
|
||||
|
||||
## Accessing the Service
|
||||
|
||||
The shell service imports user information from the dn42 registry allowing
|
||||
@ -27,26 +29,24 @@ shell server.
|
||||
MNTNERs without an SSH key must first use the
|
||||
[burble.dn42 service portal](https://svc.burble.dn42) to set an account password.
|
||||
|
||||
{{<hint info>}}
|
||||
**FOO-MNT**
|
||||
```
|
||||
mntner: FOO-MNT
|
||||
auth: ssh-ed25519 xxxxxxxxx
|
||||
### Connection Example
|
||||
|
||||
For mntner *FOO-MNT*
|
||||
|
||||
Log in to the closest server using your ssh key or burble.dn42 password:
|
||||
|
||||
```shell
|
||||
ssh foo@shell.burble.dn42
|
||||
```
|
||||
|
||||
Log in using your ssh key or burble.dn42 password:
|
||||
|
||||
or log in to a specific server:
|
||||
```shell
|
||||
ssh foo@shell.fr-par1.burble.dn42
|
||||
```
|
||||
{{</hint>}}
|
||||
|
||||
Your home directory is created automatically on first access and will then
|
||||
persist across logins.
|
||||
|
||||
*Note that individual ~/.ssh/authorized_keys are disabled and will
|
||||
not work, you will only be able to log in using an SSH key from the registry
|
||||
or using a burble.dn42 password*
|
||||
persist across logins.
|
||||
Home directories are *not* replicated across servers.
|
||||
|
||||
## Key Services
|
||||
|
||||
@ -67,13 +67,12 @@ Requests for additional packages are welcome, please raise these as
|
||||
|
||||
The shell servers include a webserver with user directories (`~/public_html/`)
|
||||
and CGI (`~/public_html/cgi-bin/`) enabled. The webserver is accessed over https
|
||||
and has a dn42 certificate auto-renewed from the
|
||||
[ACME service](https://acme.dn42/about.html).
|
||||
and has a dn42 certificate.
|
||||
|
||||
- `https://shell.fr-par1.burble.dn42/~<username>/`
|
||||
- `https://shell.fr-nte2.burble.dn42/~<username>/`
|
||||
- `https://shell.ca-bhs2.burble.dn42/~<username>/`
|
||||
- `https://shell.us-lax1.burble.dn42/~<username>/`
|
||||
- `https://shell.burble.dn42/~<username>/`
|
||||
|
||||
{{<hint info>}}
|
||||
Remember that any files need to be accessible by the webserver
|
||||
@ -99,6 +98,13 @@ setfacl -Rdm "u:www-data:rx" ~/public_html/cgi-bin
|
||||
```
|
||||
{{</hint>}}
|
||||
|
||||
{{<hint info>}}
|
||||
Note also that home directories are not replicated across each shell server.
|
||||
|
||||
If you want to provide services using the anycast address you must copy your code
|
||||
between servers yourself.
|
||||
{{</hint>}}
|
||||
|
||||
### Login Shell
|
||||
|
||||
You can change your login shell using the
|
||||
@ -141,6 +147,23 @@ Clearnet access is provided. Rate limiting allows for a small amount of
|
||||
burst traffic, but then bandwidth is quickly limited to 10mbit/sec. In general,
|
||||
you should be better off using your own clearnet access for large downloads.
|
||||
|
||||
### Connection Forwarding
|
||||
|
||||
SSH forwarding is enabled on the servers.
|
||||
|
||||
For example, this means you are able to use the shell servers as a
|
||||
resilient, anycast jump host:
|
||||
|
||||
```sh
|
||||
ssh -J shell.burble.dn42 my.other.host.dn42
|
||||
```
|
||||
|
||||
There are also a small number of X11 apps installed on the servers:
|
||||
|
||||
```sh
|
||||
ssh -X shell.burble.dn42 -f 'xterm & xeyes'
|
||||
```
|
||||
|
||||
### Performance Monitoring
|
||||
|
||||
The shell servers are monitored using netdata and prometheus, with performance
|
||||
@ -149,7 +172,6 @@ graphs available in [grafana](https://grafana.burble.dn42).
|
||||
The netdata dashboard is also directly accessible:
|
||||
|
||||
- [http://shell.fr-par1.burble.dn42:19999](http://shell.fr-par1.burble.dn42:19999)
|
||||
- [http://shell.fr-nte2.burble.dn42:19999](http://shell.fr-nte2.burble.dn42:19999)
|
||||
- [http://shell.ca-bhs2.burble.dn42:19999](http://shell.ca-bhs2.burble.dn42:19999)
|
||||
- [http://shell.us-lax1.burble.dn42:19999](http://shell.us-lax1.burble.dn42:19999)
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user