Get Started. It's Free
or sign up with your email address
Physical Server by Mind Map: Physical Server

1. shared folder for SANEi multi-configuration system: /shared

1.1. common shm mount point for sharing linux sockets between guests: /shared/run

1.1.1. /shared/run/mysql/mysqld.sock

2. local and VPN access only (

3. Container - MySQL (MariaDB)

3.1. /shared/run/mysqld.sock

4. Container - WWW

4.1. /shared/run/mysqld.sock

4.2. a special home point is used to store all websites users: /srv

4.3. PHP5-FPM with separate pools for each website, chrooted

4.4. nginx (for performance and security)

4.5. chrooted SSH server used for SCP only (no shell permissions)

5. Every container can have individually limited resources (RAM, CPU, HDD and quotas), which means that if there's a memory leak, processing DDoS or another problem in one of the services - the others shouldn't be influenced.


6. Container - Mail and local users DB (LDAP)

6.1. LDAP is used as a database for: email access, OpenVPN, and XMPP

7. Container - OpenVPN

7.1. OpenVPN is used to make secure connections for developers, administrative content that is restricted to local networks only (phpMyAdmin, OpenVZ Web GUI, secure panels and statistics)

8. We can setup a global iptables firewall on the physical server, so that if we ban somebody, we ban them from all the services simultaneously.


9. Container - XMPP

9.1. XMPP is used for secure communication within the company

10. Container - Developer (same setup as WWW)

10.1. Secure Web GUIs

10.2. Internal Bug Tracking (Redmine)

11. global log analysis (statistics and security measures, eg. active response)

11.1. munin


11.3. fail2ban

11.4. snort

11.5. prelude

11.6. Observium

12. Container - Client Management

13. Setup documentation by Bazyli Brzóska

14. Linux Containers


15. We make regular and incremental backups to remote systems. Each container backup is encrypted with individual GPG private keys. MySQL database is backed up live via XtraBackup.