Djeex/docudjeex
1
1
Fork 0
Code Issues Pull Requests Projects Wiki Activity

Fully translated (but some work to do about urls)

Browse Source
This commit is contained in:
Djeex
2025-07-04 12:54:44 +00:00
parent acdebcb682
commit e9ccda2e14
26 changed files with 1002 additions and 846 deletions
Download Patch File Download Diff File Expand all files Collapse all files

79
content/2.general/1.nat.md
View File

@ -1,79 +0,0 @@
---
navigation: true
title: NAT & DHCP
main:
fluid: false
---
:ellipsis{left=0px width=40rem top=10rem blur=140px}
# Router and NAT
::alert{type="info"}
🎯 __Goals:__
- Understand how port forwarding works
- Learn how to configure router NAT
- Learn how to issue DHCP leases (fixed IPs)
::
![picture](/img/global/nat.svg)
## What is a "port"?
---
Ports are different channels through which your router sends and receives data. This allows multiple services to run simultaneously.
When it receives data through a port, your router forwards that data to the machine that:
- either initiated the request,
- or is configured to receive data on a specific port.
Your router has over 65,000 ports available.
Some programs and applications are designed to use specific ports. For example, when your network sends data from an HTML page, the router receives it through port 80 (non-secure) or port 443 (secure via SSL).
So, your router acts as a data dispatcher between the internet and your local machines.
## Port Forwarding
---
Forwarding a `port` means setting a rule that specifies which `source` can send data to which `port` on your router, which will then forward it to a specific `port` on a specific `machine`. The `sources` and `destination machine` are identified by their IP addresses.
| Variable | Description | Example |
|------------------------|---------------------------------------------------------|-------------------------|
| `source machine` | IP of the source machine (from the internet) | `All`<br>`123.45.67.89` |
| `source port` | Incoming port on the router | `443` |
| `destination port` | Port on the destination machine | `3000` |
| `destination machine` | IP of the target machine (on your local network) | `192.168.1.50` |
According to the table:
If we remove `All` and keep the IP `123.45.67.89`, all traffic from this IP sent to port `443` on your router will be forwarded to port `3000` on the local IP `192.168.1.50`.
If we remove the IP and keep `All`, then all traffic from the internet on port `443` will be redirected to port `3000` on `192.168.1.50`.
This is useful when you have a server that must be accessible from the internet. For instance, a website uses port `80` (non-secure) or `443` (SSL-secured).
To make the website accessible, you'll configure your router to redirect the domain request to your local server.
Assume your service runs on port `3000` locally (`http://192.168.1.50:3000`), you would redirect all traffic from port `443` on the router to port `3000` on the local server.
::alert{type="warning"}
:::list{type="warning"}
- __Warning:__ If you have multiple services to expose like `subdomain1.mydomain.com` and `subdomain2.mydomain.com`, your router cannot differentiate requests and forward to different ports.
You must use a [Reverse Proxy](../../serveex/coeur/swag) to route traffic based on the request.
:::
::
## DHCP
---
Every time a device connects to your local network, your router assigns it an IP address using DHCP rules.
This IP is randomly selected from a predefined pool.
At every device reboot, the IP may change — which is problematic if you're forwarding ports, as the target IP may no longer be valid.
To avoid this, use your router's DHCP server to assign a static IP address.
Each device has a physical "MAC address".
To assign a fixed IP, you must know your device's MAC address (visible in your router when it's connected), and assign it a static IP.
This is called a "static DHCP lease."
That way, your machine's IP never changes and your port forwarding rules remain effective.
| Variable | Description | Example |
|---------------|----------------------------------|---------------------|
| `IP` | Fixed local IP to assign | `192.168.1.50` |
| `MAC Address` | Physical address of the device | `5E:FF:56:A2:AF:15` |
For more information, refer to your router's documentation.

69
content/2.general/2.dns.md
View File

@ -1,69 +0,0 @@
---
navigation: true
title: DNS Zone
main:
fluid: false
---
:ellipsis{left=0px width=40rem top=10rem blur=140px}
# Domain Names and DNS Zones
::alert{type="info"}
🎯 __Objectives:__
- Understand how a DNS server works
- Learn how to edit a DNS zone
::
## Introduction
---
When you browse a website or use an app, requests are made to one or more domains to fetch content for the page. Your device doesn't know the IP addresses of these servers, so it contacts a _name server_ (Domain Name Server), which responds with the most up-to-date IP address for the domain being requested.
The DNS zone is like a registry with signposts that direct your requests to the correct destination.
![Picture](/img/global/dns.svg)
## The DNS Zone
---
When you purchase a domain from a registrar (Cloudflare, OVH, etc.), the registrar assigns you a DNS zone that you can customize.
You can enter _records_ into this DNS zone to direct requests properly. You can find [more information here](https://help.ovhcloud.com/csm/fr-dns-servers-general-information?id=kb_article_view&sysparm_article=KB0051661).
Example of a DNS zone for the domain `mydomain.com`:
```
@ IN SOA ns1.dns.me. dns.net. (2024051800 86400 3600 3600000 60)
IN NS ns1.dns.me.
IN NS ns2.dns.me.
IN A 203.0.113.0
www IN CNAME mydomain.com
sousdomaine IN CNAME mydomain.com
```
In this example:
- `$TTL 3600` tells global name servers that the records are valid for 1 hour (after which they need to re-check).
- `IN SOA ns1.dns.me. dns.net. (...)` indicates `ns1.dns.me` as the primary DNS server, with refresh intervals.
- `IN NS` records define the authoritative name servers for the domain.
- `IN A 203.0.113.0` means `mydomain.com` points to IP `203.0.113.0`.
- `subdomain IN CNAME mydomain.com` means `subdomain.mydomain.com` points to the same destination as `mydomain.com`.
So, if you want to point `mydomain.com` to your server, you can do it by adding an `A` record pointing to your server's public IP address.
::alert{type="warning"}
:::list{type="warning"}
- __Warning:__ If your server is hosted at home:
:::
- Your public IP is the one assigned to your home router. Make sure it's static, or configure [DDNS](https://aws.amazon.com/fr/what-is/dynamic-dns/).
- Make sure you've [set up port 443 forwarding to your server's listening port](/generalites/nat).
::
If you're adding a subdomain that should also point to your server, use a `CNAME` record pointing to `mydomain.com`.
::alert{type="info"}
:::list{type="info"}
- __Why not use an `A` record for the subdomain?__ If your subdomain points to the same server as `mydomain.com`, it's better to use a `CNAME` record because if the server's IP changes, you wont need to update the subdomain record.
:::
::
Most registrars offer user-friendly interfaces to manage DNS records. Refer to your registrars documentation for specific instructions.

227
content/2.general/3.samba.md
View File

@ -1,227 +0,0 @@
---
navigation: true
title: Samba
main:
fluid: false
---
:ellipsis{left=0px width=40rem top=10rem blur=140px}
# Samba
Samba is a protocol that allows access to a folder located on a network drive. It can be configured on macOS, Windows, or Linux.
There are many tutorials for setting up Samba on Windows or on NAS systems like Synology, but here we focus on Debian.
::alert{type="info"}
🎯 __Objectives:__
- Create a network folder on a remote machine
- Access the network folder from our server
::
![samba](/img/global/smb.svg)
## Sharing a Network Folder
---
::alert{type="info"}
:::list{type="info"}
- In this example, we will share the `/video` folder from a remote machine called `remote-machine`. We will access this folder from a machine called `local-machine`. The user connecting to the network drive will be `sambauser`.
:::
::
### Install Samba Server
```shell
sudo apt update && sudo apt upgrade
sudo apt install samba smbclient cifs-utils
```
### Create the `/video` Folder
```shell
sudo mkdir /video
```
### Configure the Share
Now, edit the file `/etc/samba/smb.conf`.
**Tip:** You can use [File Browser](/serveex/files/file-browser) to navigate and edit your files instead of using terminal commands.
\::
```shell
sudo vim /etc/samba/smb.conf
```
Find the `workgroup` variable, press `i` to enter insert mode, and name your workgroup (e.g., `workgroup = WORKGROUP`).
Then scroll to the end of the file and add the following configuration:
```properties
[video]
comment = Video folder
path = /video
writable = yes
guest ok = no
valid users = @smbshare
force create mode = 770
force directory mode = 770
inherit permissions = yes
```
Press `Esc` to exit insert mode, then type `:x` and press `Enter` to save and exit.
### Create a Samba User and Group
Since we're using a secured share, we need to create a user and group to access it remotely.
Create the group:
```shell
sudo groupadd smbshare
```
Give the group control over the `/video` folder:
```shell
sudo chgrp -R smbshare /video
```
Set inherited permissions:
```shell
sudo chmod 2775 /video
```
Now add a no-login user — this user cannot log into the server but can access Samba.
```shell
sudo useradd -M -s /sbin/nologin sambauser
```
Add the user to the `smbshare` group:
```shell
sudo usermod -aG smbshare sambauser
```
Set a Samba password:
```shell
sudo smbpasswd -a sambauser
```
Enable the Samba account:
```shell
sudo smbpasswd -e sambauser
```
```shell
sudo ufw allow from remote-ip to any app Samba
::
```
## Accessing a Shared Folder
---
\::
### Install Required Packages
```shell
sudo apt update && sudo apt upgrade
sudo apt install cifs-utils
```
### Create the Mount Destination
We will create a folder on our local machine where the remote `/video` folder will be mounted — e.g., `/mnt/video`.
```shell
sudo mkdir /mnt/video
```
### Prepare the .credentials File
To avoid typing our username and password every time, create a `.credentials` file storing the login info.
Create it in the `/smb` folder:
```shell
sudo mkdir /smb
sudo vi /smb/.credentials
```
Enter insert mode (`i`) and write:
```properties
username=smbuser
password=password
```
* `smbuser`: the user we created on the `remote-machine`
* `password`: the password set earlier
Press `Esc`, then `:x` and `Enter` to save and exit.
Set proper file permissions:
```shell
sudo chmod 600 /smb/.credentials
```
### Mount the Shared Folder
Now mount the folder:
```shell
sudo mount -t cifs -o credentials=/smb/.credentials //remote-ip/video /mnt/video
```
Replace `remote-ip` with your `remote-machine`'s IP address.
Verify the mount:
```shell
sudo mount -t cifs
```
Youll see details confirming the mount is successful.
Now you can access the `/video` folder of the `remote-machine` from your `local-machine`!
### Auto-mount on Boot
By default, shares aren't auto-mounted after reboot. To automate this, edit the `/etc/fstab` file.
First, back it up:
```shell
sudo cp /etc/fstab /etc/fstab.bak
```
Then add the mount configuration line:
```shell
sudo echo //remote-ip/video /mnt/video cifs _netdev,nofail,credentials=/smb/.credentials,x-systemd.automount,x-systemd.device-timeout=15 0 0 >> /etc/fstab
```
Reboot the machine:
```shell
sudo reboot
```
After rebooting, verify the mount:
```shell
sudo mount -t cifs
```
And done!
### Unmount the Shared Folder
```shell
sudo umount -t cifs /mnt/video
```

3
content/2.general/_dir.yml
View File

@ -1,3 +0,0 @@
icon: noto:open-book
navigation.title: General
navigation.redirect: /general/nat