Roadmap : Différence entre versions
De SLM - MediaWiki
(→SSO) |
|||
(77 révisions intermédiaires par 2 utilisateurs non affichées) | |||
Ligne 1 : | Ligne 1 : | ||
+ | ===Installation=== | ||
+ | |||
+ | {| class="wikitable alternance center" | ||
+ | |+ | ||
+ | |- | ||
+ | | | ||
+ | ! scope="col" | OPNSense | ||
+ | ! scope="col" | Jeedom | ||
+ | ! scope="col" | Proxmox | ||
+ | ! scope="col" | Centreon | ||
+ | ! scope="col" | Mediawiki | ||
+ | ! scope="col" | Wazo | ||
+ | ! scope="col" | Gitlab | ||
+ | ! scope="col" | Wordpress | ||
+ | ! scope="col" | Proxmox2 | ||
+ | ! scope="col" | Nextcloud | ||
+ | |- | ||
+ | ! scope="row" | Installation | ||
+ | | {{Vert|OK}} | ||
+ | | {{Vert|OK}} | ||
+ | | {{Vert|OK}} | ||
+ | | {{Vert|OK}} | ||
+ | | {{Vert|OK}} | ||
+ | | {{Vert|OK}} | ||
+ | | {{Vert|OK}} | ||
+ | | {{Vert|OK}} | ||
+ | | {{Vert|OK}} | ||
+ | | {{Vert|OK}} | ||
+ | |- | ||
+ | ! scope="row" | Hardware | ||
+ | | APU3 | ||
+ | | Thinkcentre M73 | ||
+ | | Thinkcentre M700 | ||
+ | | VM 251 | ||
+ | | CT 103 | ||
+ | | VM 254 | ||
+ | | CT 252 | ||
+ | | CT 225 | ||
+ | | Telmat | ||
+ | | CT 201 | ||
+ | |- | ||
+ | ! scope="row" | RAM | ||
+ | | 4G | ||
+ | | 4G | ||
+ | | 12G | ||
+ | | 4G | ||
+ | | 512M | ||
+ | | 2G | ||
+ | | 2G | ||
+ | | 1G | ||
+ | | 4G | ||
+ | | 2G | ||
+ | |- | ||
+ | ! scope="row" | SWAP | ||
+ | | / | ||
+ | | / | ||
+ | | / | ||
+ | | / | ||
+ | | 512M | ||
+ | | / | ||
+ | | 2G | ||
+ | | 2G | ||
+ | | / | ||
+ | | 3G | ||
+ | |- | ||
+ | ! scope="row" | CPU | ||
+ | | 4 | ||
+ | | 2 | ||
+ | | 2 | ||
+ | | 1 | ||
+ | | 1 | ||
+ | | 1 | ||
+ | | 1 | ||
+ | | 1 | ||
+ | | 4 | ||
+ | | 2 | ||
+ | |- | ||
+ | ! scope="row" | Stockage | ||
+ | | 16G | ||
+ | | 500G | ||
+ | | 500G | ||
+ | | 100G | ||
+ | | 8G | ||
+ | | 12G | ||
+ | | 10G | ||
+ | | 8G | ||
+ | | 16G + 1To | ||
+ | | 750G | ||
+ | |- | ||
+ | ! scope="row" | IP | ||
+ | | 10.10.10.1 | ||
+ | | 10.10.10.240 | ||
+ | | 10.10.10.250 | ||
+ | | 10.10.10.251 | ||
+ | | 10.10.10.253 | ||
+ | | 10.10.10.254 | ||
+ | | 10.10.10.252 | ||
+ | | 10.10.10.225 | ||
+ | | 10.10.10.200 | ||
+ | | 10.10.10.201 | ||
+ | |- | ||
+ | ! scope="row" | Commentaire | ||
+ | | Firewall | ||
+ | | Domotique | ||
+ | | Virtualisation | ||
+ | | Supervision | ||
+ | | Wiki | ||
+ | | IPBX | ||
+ | | Dev | ||
+ | | Article | ||
+ | | Virtualisation | ||
+ | | Stockage | ||
+ | |} | ||
+ | |||
==Sécurité== | ==Sécurité== | ||
− | ===Avoir accès à l'ensemble des serveurs en https avec un certificat valide | + | ===HTTPS=== |
+ | '''Projet:''' Avoir accès à l'ensemble des serveurs en https avec un certificat valide | ||
{| class="wikitable alternance center" | {| class="wikitable alternance center" | ||
− | |+ | + | |+ |
|- | |- | ||
− | | | + | | |
! scope="col" | Méthode | ! scope="col" | Méthode | ||
! scope="col" | Commentaire | ! scope="col" | Commentaire | ||
Ligne 13 : | Ligne 128 : | ||
! scope="col" | Nextcloud | ! scope="col" | Nextcloud | ||
! scope="col" | Mediawiki | ! scope="col" | Mediawiki | ||
+ | ! scope="col" | Wazo | ||
+ | ! scope="col" | Proxmox2 | ||
+ | ! scope="col" | Wordpress | ||
+ | ! scope="col" | Gitlab | ||
+ | |- | ||
+ | ! scope="row" | Activation https | ||
+ | | Apache | ||
+ | | | ||
+ | | {{Vert|OK}} | ||
+ | | {{Vert|OK}} | ||
+ | | {{Vert|OK}} | ||
+ | | {{Vert|OK}} | ||
+ | | {{Vert|OK}} | ||
+ | | {{Vert|OK}} | ||
+ | | {{Vert|OK}} | ||
+ | | {{Vert|OK}} | ||
+ | | {{Vert|OK}} | ||
+ | | [[GitLab_Https|{{Vert|OK}}]] | ||
|- | |- | ||
! scope="row" | Sous domaine | ! scope="row" | Sous domaine | ||
| [[LWS_sous_domaine|LWS]] | | [[LWS_sous_domaine|LWS]] | ||
| | | | ||
− | | | + | | {{Vert|OK}} |
− | | | + | | {{Vert|OK}} |
− | | | + | | {{Vert|OK}} |
− | | | + | | {{Vert|OK}} |
− | | | + | | {{Vert|OK}} |
− | | | + | | {{Vert|OK}} |
+ | | {{Vert|OK}} | ||
+ | | {{Vert|OK}} | ||
+ | | {{Vert|OK}} | ||
+ | | {{Vert|OK}} | ||
|- | |- | ||
! scope="row" | Reverse proxy | ! scope="row" | Reverse proxy | ||
| [[OPNSense_NGINX|NGINX]] | | [[OPNSense_NGINX|NGINX]] | ||
| Géré sur OPNSense | | Géré sur OPNSense | ||
− | | | + | | {{Vert|OK}} |
− | | | + | | {{Vert|OK}} |
− | | | + | | {{Vert|OK}} |
− | | | + | | {{Vert|OK}} |
− | | | + | | {{Vert|OK}} |
− | | | + | | {{Vert|OK}} |
+ | | {{Vert|OK}} | ||
+ | | {{Vert|OK}} | ||
+ | | {{Vert|OK}} | ||
+ | | {{Vert|OK}} | ||
|- | |- | ||
! scope="row" | Certificat depuis l'exterieure | ! scope="row" | Certificat depuis l'exterieure | ||
| [[OPNSense_os-acme-client|Let's Encrypt]] | | [[OPNSense_os-acme-client|Let's Encrypt]] | ||
| Géré sur OPNSense | | Géré sur OPNSense | ||
− | | | + | | {{Vert|OK}} |
− | | | + | | {{Vert|OK}} |
− | | | + | | {{Vert|OK}} |
− | | | + | | {{Vert|OK}} |
− | | | + | | {{Vert|OK}} |
− | | | + | | {{Vert|OK}} |
+ | | {{Vert|OK}} | ||
+ | | {{Vert|OK}} | ||
+ | | {{Vert|OK}} | ||
+ | | {{Vert|OK}} | ||
|- | |- | ||
! scope="row" | Certificat depuis LAN | ! scope="row" | Certificat depuis LAN | ||
− | | | + | | contournement dns |
− | | | + | | [[OPNSense_NGINX#NGINX_depuis_le_LAN|Passer par nginx]] |
+ | | [[OPNSense_os-acme-client#Mise_en_place_du_certificat_pour_opnsense|{{Vert|OK}}]] | ||
+ | | [[Jeedom_letsencrypt|{{Vert|OK}}]] | ||
+ | | |{{Vert|OK}} | ||
+ | | [[Centreon_lets_encrypt|{{Vert|OK}}]] | ||
+ | | [[Nextcloud_letsencrypt|{{Vert|OK}}]] | ||
+ | | {{Vert|OK}} | ||
+ | | {{Vert|OK}} | ||
+ | | {{Vert|OK}} | ||
+ | | {{Vert|OK}} | ||
+ | | {{Vert|OK}} | ||
+ | |} | ||
+ | |||
+ | ===Authentification=== | ||
+ | |||
+ | {| class="wikitable alternance center" | ||
+ | |+ | ||
+ | |- | ||
+ | | | ||
+ | ! scope="col" | Méthode | ||
+ | ! scope="col" | Commentaire | ||
+ | ! scope="col" | OPNSense | ||
+ | ! scope="col" | Jeedom | ||
+ | ! scope="col" | Proxmox | ||
+ | ! scope="col" | Centreon | ||
+ | ! scope="col" | Nextcloud | ||
+ | ! scope="col" | Mediawiki | ||
+ | ! scope="col" | WIFI | ||
+ | |- | ||
+ | ! scope="row" rowspan="2" | SSH | ||
+ | | Clé RSA | ||
+ | | slemoal acces root | ||
+ | | [[opnsense_ssh_RSA|{{Vert|OK}}]] | ||
+ | | [[jeedom_ssh_RSA|{{Vert|OK}}]] | ||
+ | | [[proxmox_ssh_RSA|{{Vert|OK}}]] | ||
+ | | [[centreon_ssh_RSA|{{Vert|OK}}]] | ||
+ | | [[nextcloud_ssh_RSA|{{Vert|OK}}]] | ||
+ | | [[mediawiki_ssh_RSA|{{Vert|OK}}]] | ||
+ | | {{Vert|/}} | ||
+ | |- | ||
+ | | sshd.conf | ||
+ | | accès ssh par clé uniquement | ||
+ | | [[opnsence_resteinte_ssh|{{Vert|OK}}]] | ||
+ | | [[debian_resteinte_ssh|{{Vert|OK}}]] | ||
+ | | [[debian_resteinte_ssh|{{Vert|OK}}]] | ||
+ | | [[centos_resteinte_ssh|{{Vert|OK}}]] | ||
+ | | [[debian_resteinte_ssh|{{Vert|OK}}]] | ||
+ | | [[debian_resteinte_ssh|{{Vert|OK}}]] | ||
+ | | {{Vert|/}} | ||
+ | |- | ||
+ | ! scope="row" | Coffre à mot de passe | ||
+ | | [[nextcloud_password|Nextcloud Password]] | ||
+ | | Mot de passe auto généré | ||
+ | | {{Vert|OK}} | ||
+ | | {{Vert|OK}} | ||
+ | | {{Vert|OK}} | ||
+ | | {{Vert|OK}} | ||
+ | | {{Vert|OK}} | ||
+ | | {{Vert|OK}} | ||
+ | | {{Vert|OK}} | ||
+ | |- | ||
+ | ! scope="row" | SSO | ||
+ | | Kerberos | ||
+ | | Indentification unique | ||
| | | | ||
+ | | | ||
| | | | ||
| | | | ||
Ligne 55 : | Ligne 264 : | ||
|} | |} | ||
− | == | + | ==Supervision== |
{| class="wikitable alternance center" | {| class="wikitable alternance center" | ||
− | |+ | + | |+ |
|- | |- | ||
− | | | + | | |
! scope="col" | Méthode | ! scope="col" | Méthode | ||
− | ! scope="col" | | + | ! scope="col" | Freebsd |
! scope="col" | OPNSense | ! scope="col" | OPNSense | ||
+ | ! scope="col" | Linux | ||
! scope="col" | Jeedom | ! scope="col" | Jeedom | ||
! scope="col" | Proxmox | ! scope="col" | Proxmox | ||
Ligne 68 : | Ligne 278 : | ||
! scope="col" | Nextcloud | ! scope="col" | Nextcloud | ||
! scope="col" | Mediawiki | ! scope="col" | Mediawiki | ||
+ | ! scope="col" | Livebox | ||
+ | ! scope="col" | Wifi | ||
+ | |- | ||
+ | ! scope="row" rowspan="3" | Création plugin | ||
+ | | snmp | ||
+ | | [[Plugin_OS-FreeBSD-snmp|{{Vert|OK}}]] | ||
+ | | [[Plugin Apps-OPNSense-SNMP|{{Vert|OK}}]] | ||
+ | | {{Vert|OK}} | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | |- | ||
+ | | ssh | ||
+ | | | ||
+ | | [[Plugin Apps-OPNSense-SSH|{{Vert|OK}}]] | ||
+ | | [[Plugin_OS-linux-ssh|{{Vert|OK}}]] | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
|- | |- | ||
− | + | | API | |
+ | | | ||
+ | | [[Plugin Apps-OPNSense-API|{{Vert|OK}}]] | ||
+ | | | ||
| | | | ||
| | | | ||
| | | | ||
| | | | ||
+ | | | ||
+ | | | ||
| | | | ||
+ | |- | ||
+ | ! scope="row" rowspan="3" | Mise en place | ||
+ | | snmp | ||
+ | | | ||
+ | | {{Vert|OK}} | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
| | | | ||
+ | | | ||
+ | | | ||
+ | |- | ||
+ | | ssh | ||
+ | | | ||
+ | | {{Vert|OK}} | ||
| | | | ||
| | | | ||
− | | | + | | |
− | |||
− | |||
− | |||
| | | | ||
| | | | ||
+ | | | ||
+ | | | ||
| | | | ||
+ | |- | ||
+ | | API | ||
+ | | | ||
+ | | {{Vert|OK}} | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
| | | | ||
− | | | + | | |
+ | | | ||
| | | | ||
|} | |} | ||
+ | ==Sauvegarde== | ||
{| class="wikitable alternance center" | {| class="wikitable alternance center" | ||
− | |+ | + | |+ |
|- | |- | ||
− | | | + | | |
− | ! scope="col" | | + | ! scope="col" | Emplacement |
− | |||
! scope="col" | OPNSense | ! scope="col" | OPNSense | ||
! scope="col" | Jeedom | ! scope="col" | Jeedom | ||
Ligne 102 : | Ligne 368 : | ||
! scope="col" | Nextcloud | ! scope="col" | Nextcloud | ||
! scope="col" | Mediawiki | ! scope="col" | Mediawiki | ||
+ | ! scope="col" | Livebox | ||
+ | ! scope="col" | Wifi | ||
+ | |- | ||
+ | ! scope="row" rowspan="2" | Backup | ||
+ | | Local | ||
+ | | {{Rouge|à Faire}} | ||
+ | | {{Rouge|à Faire}} | ||
+ | | {{Rouge|à Faire}} | ||
+ | | {{Rouge|à Faire}} | ||
+ | | {{Rouge|à Faire}} | ||
+ | | {{Rouge|à Faire}} | ||
+ | | {{Rouge|à Faire}} | ||
+ | | {{Rouge|à Faire}} | ||
|- | |- | ||
− | ! scope="row" | | + | | Nextcloud |
− | | | + | | {{Rouge|à Faire}} |
− | | | + | | {{Rouge|à Faire}} |
− | | | + | | {{Rouge|à Faire}} |
− | | | + | | {{Rouge|à Faire}} |
− | | | + | | {{Rouge|à Faire}} |
− | | | + | | {{Rouge|à Faire}} |
− | | | + | | {{Rouge|à Faire}} |
− | | | + | | {{Rouge|à Faire}} |
+ | |- | ||
+ | ! scope="row" rowspan="2" | Rotation | ||
+ | | Local | ||
+ | | {{Rouge|à Faire}} | ||
+ | | {{Rouge|à Faire}} | ||
+ | | {{Rouge|à Faire}} | ||
+ | | {{Rouge|à Faire}} | ||
+ | | {{Rouge|à Faire}} | ||
+ | | {{Rouge|à Faire}} | ||
+ | | {{Rouge|à Faire}} | ||
+ | | {{Rouge|à Faire}} | ||
+ | |- | ||
+ | | Nextcloud | ||
+ | | {{Rouge|à Faire}} | ||
+ | | {{Rouge|à Faire}} | ||
+ | | {{Rouge|à Faire}} | ||
+ | | {{Rouge|à Faire}} | ||
+ | | {{Rouge|à Faire}} | ||
+ | | {{Rouge|à Faire}} | ||
+ | | {{Rouge|à Faire}} | ||
+ | | {{Rouge|à Faire}} | ||
|} | |} |
Version actuelle datée du 19 janvier 2021 à 15:14
Installation
OPNSense | Jeedom | Proxmox | Centreon | Mediawiki | Wazo | Gitlab | Wordpress | Proxmox2 | Nextcloud | |
---|---|---|---|---|---|---|---|---|---|---|
Installation | OK | OK | OK | OK | OK | OK | OK | OK | OK | OK |
Hardware | APU3 | Thinkcentre M73 | Thinkcentre M700 | VM 251 | CT 103 | VM 254 | CT 252 | CT 225 | Telmat | CT 201 |
RAM | 4G | 4G | 12G | 4G | 512M | 2G | 2G | 1G | 4G | 2G |
SWAP | / | / | / | / | 512M | / | 2G | 2G | / | 3G |
CPU | 4 | 2 | 2 | 1 | 1 | 1 | 1 | 1 | 4 | 2 |
Stockage | 16G | 500G | 500G | 100G | 8G | 12G | 10G | 8G | 16G + 1To | 750G |
IP | 10.10.10.1 | 10.10.10.240 | 10.10.10.250 | 10.10.10.251 | 10.10.10.253 | 10.10.10.254 | 10.10.10.252 | 10.10.10.225 | 10.10.10.200 | 10.10.10.201 |
Commentaire | Firewall | Domotique | Virtualisation | Supervision | Wiki | IPBX | Dev | Article | Virtualisation | Stockage |
Sécurité
HTTPS
Projet: Avoir accès à l'ensemble des serveurs en https avec un certificat valide
Méthode | Commentaire | OPNSense | Jeedom | Proxmox | Centreon | Nextcloud | Mediawiki | Wazo | Proxmox2 | Wordpress | Gitlab | |
---|---|---|---|---|---|---|---|---|---|---|---|---|
Activation https | Apache | OK | OK | OK | OK | OK | OK | OK | OK | OK | OK | |
Sous domaine | LWS | OK | OK | OK | OK | OK | OK | OK | OK | OK | OK | |
Reverse proxy | NGINX | Géré sur OPNSense | OK | OK | OK | OK | OK | OK | OK | OK | OK | OK |
Certificat depuis l'exterieure | Let's Encrypt | Géré sur OPNSense | OK | OK | OK | OK | OK | OK | OK | OK | OK | OK |
Certificat depuis LAN | contournement dns | Passer par nginx | OK | OK | OK | OK | OK | OK | OK | OK | OK | OK |
Authentification
Méthode | Commentaire | OPNSense | Jeedom | Proxmox | Centreon | Nextcloud | Mediawiki | WIFI | |
---|---|---|---|---|---|---|---|---|---|
SSH | Clé RSA | slemoal acces root | OK | OK | OK | OK | OK | OK | / |
sshd.conf | accès ssh par clé uniquement | OK | OK | OK | OK | OK | OK | / | |
Coffre à mot de passe | Nextcloud Password | Mot de passe auto généré | OK | OK | OK | OK | OK | OK | OK |
SSO | Kerberos | Indentification unique |
Supervision
Méthode | Freebsd | OPNSense | Linux | Jeedom | Proxmox | Centreon | Nextcloud | Mediawiki | Livebox | Wifi | |
---|---|---|---|---|---|---|---|---|---|---|---|
Création plugin | snmp | OK | OK | OK | |||||||
ssh | OK | OK | |||||||||
API | OK | ||||||||||
Mise en place | snmp | OK | |||||||||
ssh | OK | ||||||||||
API | OK |
Sauvegarde
Emplacement | OPNSense | Jeedom | Proxmox | Centreon | Nextcloud | Mediawiki | Livebox | Wifi | |
---|---|---|---|---|---|---|---|---|---|
Backup | Local | à Faire | à Faire | à Faire | à Faire | à Faire | à Faire | à Faire | à Faire |
Nextcloud | à Faire | à Faire | à Faire | à Faire | à Faire | à Faire | à Faire | à Faire | |
Rotation | Local | à Faire | à Faire | à Faire | à Faire | à Faire | à Faire | à Faire | à Faire |
Nextcloud | à Faire | à Faire | à Faire | à Faire | à Faire | à Faire | à Faire | à Faire |