Hello devRant, a question for you.

I'm looking to redisign/setup my server 'infrastructure'.

It'll exist out of:
7 vps's (6+gb ram/500gb+/100mbs up/down per vps)
2 dedicated servers running as virtualization servers. (16gb/4tb/1gbit up/down and another one but let's leave that one out for now because it's gonna take a shit ton of time to solve that clusterfuck)

One server will function as an entry point for all websites I run, multiple database servers and multiple backup ones.

Any advices/tips/ideas?

Just a very serious hobby thing :)

@undef Nah, it's awesome to expand knowledge!

@2lazy2debug
1) Yes, netdata. Still have to configure it better but it works well

2) Every server I have runs a vpn server.

3) mostly hosting websites and possibly other things but that's why I'm redesigning the entire thing.

4) Maybe but I don't like containers that much. Have had multiple containers with huge memory leaks causing a server crash and had to reboot a fucking 32gb dedi in order to operate it again multiple times. I like vm's. But, I usually setup hosting vms so that I can host many sites on them.

5) Not really. Well, I could but that'd be expensive. I have a dedi with 1gbit up and down and could get a second one but that would cost even more. It's the main entry server which does the load balancing (get quite some attacks).

6) don't have one right now so anything would be better than this 😅

7) cheers is love, cheese is life ❤

@Jilano mailcow, Ubuntu server, had plenty of them and all caused huge memory leaks. I prefer vms for some reason anyways :)

@Jilano Oh and debian, Ubuntu and Centos

@undef I'll be backing up to my own backup servers

fail2ban set up?

@linuxxx what ever you do, no matter what anyone says, avoid K8s like the plague that it is!

@PrivateGER Nah I don't use fail2ban, CSF ftw!

@linuxxx Oh, what's that?

@PrivateGER A firewall/brute force monitor/iptables Manager in one!

Also does ssh brute force monitoring but provides way more functionality than fail2ban and is very easy to use!

Want to open a port (tcp or udp or both)? Put the port in the list with open ports in the conf file and run csf -r in order to reload the rules 😊

@Jilano Have had them for a while irl (computer glasses) and thought they'd fit my avatar :D

@linuxxx Sounds good.
Did you renew the much-security certificate?

@PrivateGER FUCK, thanks!

@PrivateGER Also good to know that I still have visitors 😅

What about storage replication? Are you going to have the data in each server or in a ha cluster? If that's the case, I'd go with DRBD9 + Pacemaker

Do you use an automatic provisioning tool like puppet or chef?

@Gerschtli Not yet, going to use one of them, though.

Ansible playbooks are way less overblown and less extra work for the automation part. Coming from puppet I don't go back :)