TubeArchivist, Part Four
Configure TubeArchivist
I have not touched TubeArchivist in months so I am going to come back to it so I can try to close out some of my projects.
Steps performed on TUBEARCHIVIST-01
sudo apt update
sudo apt upgrade -y
sudo reboot
Ok. So the web application is loading in my browser, but it has gone back to the default password. Maybe I just need to update the default password? Since TubeArchivist is so out of date at this point I think I will just start there, perhaps it is some sort of bug that's been resolved.
sudo docker-compose down
sudo docker-compose pull
sudo docker-compose up -d
sudo docker-compose ps
archivist-redis exited with code 1
sudo docker-compose down
sudo docker-compose up
Victory everything is running as it should.
Configure Operating System
Configure Firewall
Steps performed on TUBEARCHIVIST-01
sudo apt install ufw
sudo ufw allow 22
sudo ufw allow 8000
sudo ufw allow 8080
sudo ufw enable
Configure Fail2Ban
Steps performed on TUBEARCHIVIST-01
sudo apt install fail2ban
sudo nano /etc/fail2ban/jail.local
[DEFAULT]
bantime = 100m
findtime = 5m
maxretry = 5
ignoreip = 10.10.10.XXXX
[sshd]
enabled = true
port = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s
sudo systemctl enable fail2ban
sudo systemctl start fail2ban
Configure Reverse Proxy
Steps performed on NGINX-01
sudo nano /etc/nginx/sites-available/TubeArchivist.conf
if ($host = tube.domain.com) {
return 301 https://$host$request_uri;
}
# Configuration for tube.domain.com
server {
listen 443;
server_name tube-s.fnkyhs.net;
client_max_body_size 100M;
location / {
proxy_set_header Host $host;
proxy_pass http://tube.domain.local:8000;
proxy_redirect off;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Connection "upgrade";
}
}
- I saved the file
sudo systemctl stop nginx
sudo systemctl start nginx