====== web3.hosting.gl ======

===== Services =====
==== Mysql databases ====
  * whmcs_hosting - Database for WHMCS
  * pdns - Database for PowerDNS (DNS Manager og PDNS på master.ns.gl)
  * piwik - Database for Piwik (piwik.hosting.gl)

==== Apache Websites ====
  * hosting.gl
  * wiki.hosting.gl
  * piwik.hosting.gl
  * telehosting.gl (redirect til hosting.gl)



===== Firewall setup =====
<code>
ufw status verbose
ufw default deny incoming
ufw default allow outgoing
ufw allow ssh
ufw allow 80
ufw allow 443
ufw allow from 37.59.105.146 to any port 6556 proto tcp
ufw allow from 2001:41d0:302:2200::583 to any port 6556 proto tcp
ufw allow 60000:61000/udp
ufw allow from 2001:41d0:2:195e::43 to any port 3306
ufw enable
ufw status verbose
</code>

===== Misc =====

==== GeoIP update ====
Used to determine which country clients are accessing the site and deciding weather they should use 3D Secure or not
<code>
apt install geoipupdate
</code>

Add file ''/etc/GeoIP.conf''
<code>
# Please see http://dev.maxmind.com/geoip/geoipupdate/ for instructions
# on setting up geoipupdate, including information on how to download a
# pre-filled GeoIP.conf file.

# Enter your user ID and license key below. These are available from
# https://www.maxmind.com/en/my_license_key. If you are only using free
# GeoLite databases, you make leave the 0 values.
UserId 0
LicenseKey 000000000000

# Enter the product IDs of the databases you would like to update.
# Multiple product IDs are separated by spaces.
ProductIds GeoLite2-Country GeoLite2-City

# The following are for the GeoLite Legacy databases. To update them,
# uncomment.
# ProductIds 506 517 533 GeoLite-Legacy-IPv6-Country GeoLite-Legacy-IPv6-City

# The remaining settings are OPTIONAL.

# The directory to store the database files. Defaults to /usr/local/share/GeoIP
# DatabaseDirectory /usr/local/share/GeoIP

# The server to use. Defaults to "updates.maxmind.com".
# Host updates.maxmind.com

# The desired protocol either "https" (default) or "http".
# Protocol https

# The proxy host name or IP address. You may optionally specify a
# port number, e.g., 127.0.0.1:8888. If no port number is specified, 1080
# will be used.
# Proxy 127.0.0.1:8888

# The user name and password to use with your proxy server.
# ProxyUserPassword username:password

# Whether to skip host name verification on HTTPS connections.
# Defaults to "0".
# SkipHostnameVerification 0

# Whether to skip peer verification on HTTPS connections.
# Defaults to "0".
# SkipPeerVerification 0

# The lock file to use. This ensures only one geoipupdate process can run at a
# time.
# Defaults to ".geoipupdate.lock" under the DatabaseDirectory.
# LockFile /usr/local/share/GeoIP/.geoipupdate.lock
</code>


==== Crontab ====
<code>
13 01 * * 6     /usr/bin/geoipupdate

1 4 * * *       /usr/bin/php -q /var/vhost/hosting.gl/crons/cron.php
15 */6 * * *    /usr/bin/php -q /var/vhost/hosting.gl/crons/domainsync.php
*/5 * * * *     /usr/bin/php -q /var/vhost/hosting.gl/crons/pop.php >> /var/log/whmcs-pop.log
14 8 * * *      /usr/bin/php -q /var/vhost/hosting.gl/crons/COCCApoll.php
14 7 * * *      /usr/bin/php -q /var/vhost/hosting.gl/crons/deletemails.php

32 11 * * *     /root/certbot-auto renew --quiet --no-self-upgrade
</code>

<code>
</code>