TubeArchivist, Part Four

TubeArchivist, Part Four
Photo by Thomas William / Unsplash

Configure TubeArchivist

I have not touched TubeArchivist in months so I am going to come back to it so I can try to close out some of my projects.

Steps performed on TUBEARCHIVIST-01

  • sudo apt update
  • sudo apt upgrade -y
  • sudo reboot

Ok. So the web application is loading in my browser, but it has gone back to the default password. Maybe I just need to update the default password? Since TubeArchivist is so out of date at this point I think I will just start there, perhaps it is some sort of bug that's been resolved.

  • sudo docker-compose down
  • sudo docker-compose pull
  • sudo docker-compose up -d
  • sudo docker-compose ps
    • archivist-redis exited with code 1
  • sudo docker-compose down
  • sudo docker-compose up

Victory everything is running as it should.

Configure Operating System

Configure Firewall

Steps performed on TUBEARCHIVIST-01

  • sudo apt install ufw
  • sudo ufw allow 22
  • sudo ufw allow 8000
  • sudo ufw allow 8080
  • sudo ufw enable

Configure Fail2Ban

Steps performed on TUBEARCHIVIST-01

  • sudo apt install fail2ban
  • sudo nano /etc/fail2ban/jail.local
[DEFAULT]
bantime = 100m
findtime = 5m
maxretry = 5
ignoreip = 10.10.10.XXXX

[sshd]
enabled = true
port = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s
  • sudo systemctl enable fail2ban
  • sudo systemctl start fail2ban

Configure Reverse Proxy

Steps performed on NGINX-01

  • sudo nano /etc/nginx/sites-available/TubeArchivist.conf
    if ($host = tube.domain.com) {
        return 301 https://$host$request_uri;
    }
# Configuration for tube.domain.com
server {
    listen 443;
    server_name tube-s.fnkyhs.net;
    client_max_body_size 100M;
    location / {
        proxy_set_header Host $host;
        proxy_pass http://tube.domain.local:8000;
        proxy_redirect off;
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Connection "upgrade";
    }
}
  • I saved the file
  • sudo systemctl stop nginx
  • sudo systemctl start nginx