RMM DokuWiki - linux_server

RMM DokuWiki - linux_server_manuals https://rmm.li/wiki/ 2026-05-11T17:23:12+00:00 RMM DokuWiki https://rmm.li/wiki/ https://rmm.li/wiki/lib/exe/fetch.php?media=wiki:dokuwiki.svg text/html 2018-01-19T10:22:06+00:00 Anonymous (anonymous@undisclosed.example.com) Use 2FA Authentication over SSH (as Fallback for SSH-keys) https://rmm.li/wiki/doku.php?id=linux_server_manuals:2fa_authentication&rev=1516357326&do=diff Use 2FA Authentication over SSH (as Fallback for SSH-keys) We will install 2FA (Two Factor) authentication over SSH. Afterwards we can authenticate as usually using ssh-keys, but as fallback, if we loose our SSH-key, or are sitting on an other computer, we can connect using the 2FA authentication. This is the root password plus a string which changes every 30 seconds. The second factor we get with our smartphone. On an android based phone you can use andOTP oder freeOTP which you can get both o… text/html 2021-08-18T14:46:18+00:00 Anonymous (anonymous@undisclosed.example.com) Apache Web Server with mpm_event, mod_proxy_fcgi, php-fpm and HTTP/2 https://rmm.li/wiki/doku.php?id=linux_server_manuals:apache_http_2_php-fpm&rev=1629297978&do=diff Apache Web Server with mpm_event, mod_proxy_fcgi, php-fpm and HTTP/2 When installing a web server, there are certain chances that you will use webapplications which depend on PHP. Unfortunately php (7) is not thread safe. This means when using Apache, you'll have to use mpm_prefork, which is slow when there are a lot of conections, uses a lot of memory and only partially supports HTTP/2 (As it seems in newer versions of apache it's not supported at all). Therefore, to use mpm_event with php, we… text/html 2019-04-03T17:51:30+00:00 Anonymous (anonymous@undisclosed.example.com) Install Keycloak as Docker Container with Apache Web Server as Reverse Proxy and a local PostgreSQL https://rmm.li/wiki/doku.php?id=linux_server_manuals:docker_keycloak_container_with_local_postgresql&rev=1554313890&do=diff Install Keycloak as Docker Container with Apache Web Server as Reverse Proxy and a local PostgreSQL Keycloak is an Identity and Access management solution. Which supports SSO (Single Sign on), i.e. if you have several webpages (services) to which you need to authenticate, it is enough if you authenticate only to one of them, and then you are automatically authenticated to all of them. The SSO Identity Providers of keycloak are SAML 2.0 and OpenID Connect, CAS can be added over a plugin. For mor… text/html 2018-01-31T16:39:19+00:00 Anonymous (anonymous@undisclosed.example.com) Dokuwiki authentication against Keycloak https://rmm.li/wiki/doku.php?id=linux_server_manuals:dokuwiki_authentication_against_keycloak&rev=1517416759&do=diff Dokuwiki authentication against Keycloak There exists basically no documentation about how to do that proberly, and also the error messages from the plugin, are not helping in any way... So to get the whole thing working: Keycloak Config Add a new client with following settings: text/html 2018-01-28T18:49:22+00:00 Anonymous (anonymous@undisclosed.example.com) Dovecot + Postfix + Ldap (keycloak) + solr + Rspamd https://rmm.li/wiki/doku.php?id=linux_server_manuals:dovecot_ldap_rspamd&rev=1517165362&do=diff Dovecot + Postfix + Ldap (keycloak) + solr + Rspamd Postfix will be used to receive mails, it will use Rspamd as effective spam filter and check over LMTP with dovecot if mail adresses exists and if yes, deliver them to dovecot, as long as rspamd doesn't reject the mail. Dovecot will authenticate user against an Ldap server and only accepts mail for users of the group mail. The Ldap data actually come from an keycloak installation, but that is irrelevant here text/html 2018-05-12T16:28:33+00:00 Anonymous (anonymous@undisclosed.example.com) Setup openLDAP and integrate it with Keycloak https://rmm.li/wiki/doku.php?id=linux_server_manuals:keycloak_openldap_integration&rev=1526142513&do=diff Setup openLDAP and integrate it with Keycloak For that manual, we assume that you've already got a working Keycloak installation. Otherwise take a look at Install Keycloak as Docker Container with Apache Web Server as Reverse Proxy and a local PostgreSQL first. The manual was written for Debian Stretch, but should also work with other distributions. text/html 2018-02-01T16:49:47+00:00 Anonymous (anonymous@undisclosed.example.com) Integrate LDAP into Nextcloud https://rmm.li/wiki/doku.php?id=linux_server_manuals:nextcloud_ldap_integration&rev=1517503787&do=diff Integrate LDAP into Nextcloud Nextcloud can use LDAP for authentication, to get user groups, and even lets user change their passwords directly in the LDAP directory. The whole LDAP integration process is pretty straight forward, I mainly write it down here, so I remember it myself text/html 2023-06-25T17:24:56+00:00 Anonymous (anonymous@undisclosed.example.com) Keycloak as (SAML) SSO-Authentication provider for Nextcloud https://rmm.li/wiki/doku.php?id=linux_server_manuals:nextcloud_saml_authentication_against_keycloak&rev=1687713896&do=diff Keycloak as (SAML) SSO-Authentication provider for Nextcloud We can use Keycloak as SSO (Single Sign On) authentication provider for nextcloud using SAML. Unfortunately the SAML plugin for nextcloud doesn't support groups (yet?). If you need/want to use them, you can get them over LDAP. Therefor you want to use