TechDocs/Systems

Hosts and Systems

This is an overview of a few complex systems the FSFE runs and the System Hackers maintain.

Docker

We have one host running all Docker containers. The instructions for the containers (used images, domains...) are stored in individual repositories on our Git server. This data is processed by the Drone CI/CD service which then deploys these containers on the Docker host.

The connection from the outside is handled by a reverse proxy (a Docker container as well), which also takes care of issuing TLS certificates.

    .-,(  ),-.    
 .-(          )-. 
(    internet    )
 '-(          ).-'
     '-.( ).-'    
    |
    |       .----------------------------------------------------.
    |       |                 Docker Host (lund)                 |
    |       |----------------------------------------------------|
    |     .----------------------.        .--------------------. |
    '---->| Reverse Proxy        |        | MANY DOCKER        | |
          | (a Docker container) |------->| CONTAINERS         | |
          '----------------------'        |                    | |
            | .----------------------.    | (visible on        | |
            | | Drone (CI/CD)        |    | docker.fsfe.org)   | |
    .-------->| drone.fsfe.org       |--->|                    | |
    |       | | (a Docker container) |    |                    | |
    |       | '----------------------'    |                    | |
    |       |                             '--------------------' |
    |       '----------------------------------------------------'
    |
    |
  .--------------------------------------------------------------.
  |                    A Git repo (on fajans)                    |
  |--------------------------------------------------------------|
  | .----------------------. .---------------------------------. |
  | |      .drone.yml      | |       docker-compose.yml        | |
  | |----------------------| |---------------------------------| |
  | | Steps in CI/CD       | | Meta information for container: | |
  | |                      | | - name                          | |
  | '----------------------' | - ports                         | |
  | .----------------------. | - env variables                 | |
  | |      Dockerfile      | |   (also domain used by proxy)   | |
  | |----------------------| | - network                       | |
  | | Build instructions   | | - secrets                       | |
  | | for Docker container | | - volumes                       | |
  | '----------------------' '---------------------------------' |
  '--------------------------------------------------------------'

Community Database / Mails

Sending emails to someone with a @fsfe.org address involves many systems on our side, and is connected to how we store and process user data.

All user records are stored within our Community Database (CD), a PostgreSQL database on a VM. Users and administrators are able to update data via the CD front- and backend, a system of three Docker containers. If someone updates their home address, this change is pushed to the CD.

If someone updates their email address, so the destination where their username@fsfe.org forwards to, this information is both pushed to the CD, but also to LDAP. In LDAP, the FSFE username, the actual email address, and the user password is stored.

If an email is being sent to a username@fsfe.org address, the mail server looks in LDAP for the actual email and forwards it there. If an email is being sent by a @fsfe.org address (so the SMTP server is used), the SMTP server requires authentication against the LDAP server's records.

.-------------------------.       .-------------------------.
|        fsfe-cd-*        |       |   Community Database    |
|-------------------------|------>|-------------------------|
| Front- and backend      |       | PostgreSQL database     |
| for user record updates |<------| Full user records       |
| (Docker)                |       | (seaborg)               |
'-------------------------'       '-------------------------'
             |
             |                     .-------------.
             v                     | Mail Server |
.------------------------.-------> | (mail1)     |
|          LDAP          |         '-------------'
|------------------------|                |
| Username/Mail matching |                v
| + group management     |           .-,(  ),-.    
| (berzelius)            |        .-(          )-. 
'------------------------'       (    internet    )
                                  '-(          ).-'
                                      '-.( ).-'    

TechDocs/Systems (last edited 2020-03-31 08:30:19 by vincent)