FW: Koha on Digital Ocean (Was: Re: Installation on so-called virtual server at external internet service provider IONOS)
(Reposted after it got stuck in moderation--too many recipients.) -----Original Message----- From: King, Fred Sent: Monday, January 27, 2020 12:48 PM To: 'Chris Brown' <chris@stayawake.co.uk>; Heinz-Jürgen Oertel <hj.oertel@t-online.de> Cc: koha <koha@lists.katipo.co.nz>; koha-us@koha-us.org Subject: Koha on Digital Ocean (Was: Re: [Koha] Installation on so-called virtual server at external internet service provider IONOS) Hello Chris, Heinz-Jürgen, and everybody, I'm glad to hear that someone else is using Digital Ocean! We're currently running the MedStar Authors Catalog Koha instance at Digital Ocean, and since I bought our in-house Koha instance server refurbished seven years ago and I'm getting kind of nervous, I'm trying to move that to Digital Ocean as well. I'm planning to start on the $5 USD per month configuration ($6 USD with weekly backup), though we may splurge for the $10/$12 configuration if we need to. Yes, we're a very small library--circulation is maybe in the high two figures per month and is mostly the Advanced Cardiac Life Support exam review book. Getting another in-house server isn't an option. My next step is a Technical Review Meeting with our IT department where I need to convince the Demand Management Team that Koha/Digital Ocean will not present a security threat to the rest of our network and the Protected Health Information contained therein. Our systems were attacked a couple of years ago and we were shut down for a couple of weeks (my desk has never been so tidy), so their concerns are understandable. The form they asked me to fill out was the same one that any software vendor chosen by the hospital needs to use, though in my case a lot of the answers were "not applicable." Which brings me to a few questions, some general and some Koha or maybe Digital Ocean specific: One of the things I think they'll ask me about is data encryption. The form I filled out asked the highest level--TLS 1.3, 1.2, 1.1, SSL 3.0 or less. Any ideas? Yes, it's a basic question that I should know, but there are large gaps in my knowledge as I'm mostly self-taught. They're also going to ask about antivirus protection. I have never heard of a Koha instance running on Debian/Ubuntu being affected by a virus or anything similar, and if it had happened I think I would have heard of it since I've been involved with Koha since version 2.something-or-other. Does anybody know something different? I'd also like to hear from other users of Digital Ocean, or from people whose Koha systems have had to undergo a review of this type. Any advice? I know enough about Koha, Ubuntu, and Digital Ocean to be able to set up, migrate, and run our small Koha system, enough to install it on a Raspberry Pi (http://avengingchicken.online/misc/installing_koha_on_raspberry-pi-4.pdf), take part in a panel discussion (http://koha-us.org/learn/conferences/kohacon2019/, see "Unsupported? You're not on your own!"), but this part is something new to me. Thank you, Fred King, AHIP Medical Librarian, MedStar Washington Hospital Center fred.king@medstar.net 202-877-6670 ORCID 0000-0001-5266-0279 MedStar Authors Catalog: http://medstarauthors.org Mars is the only known planet in the universe inhabited solely by robots. --Brandon Spektor, LiveScience -----Original Message----- From: Koha <koha-bounces@lists.katipo.co.nz> On Behalf Of Chris Brown Sent: Sunday, January 26, 2020 9:55 AM To: Heinz-Jürgen Oertel <hj.oertel@t-online.de> Cc: koha <koha@lists.katipo.co.nz> Subject: [EXTERNAL] Re: [Koha] Installation on so-called virtual server at external internet service provider IONOS ** ATTENTION: This email originated from outside the MedStar network. ** DO NOT CLICK links or attachments unless you recognize the sender and know the content is safe. Hi Heinz-Jürgen, I don't have any experience of IONOS but I successfully host Koha on a virtual private server from Digital Ocean. For a long time we were running on a small configuration costing 20 USD per month though we have now upgraded as we're supporting 5 libraries (and a web site). I have had a smooth ride (though I do have prior experience of administering Linux servers). Digital Ocean will give you a VPS with Debian pre-installed which makes it easy to get started. If you're hosting in-house, some things to think about: 1. Does your ISP offer a static IP address? 2. You will need to set up a tunnel (or do I mean a bridge?) through your broadband router to your Koha server 3. You will need a way to do backups -- preferably off-site Good luck! Best Regards Chris Brown On Sun, Jan 26, 2020 at 12:53 PM Heinz-Jürgen Oertel <hj.oertel@t-online.de> wrote:
Hello, just a short introduction, joined the list today. I'm on the way to replace the currently used Allegro-B for our small, about 3000 books, library. The main reason is to have an OPAC to tell the world what we have collected so far in our specialized library.
We have two options - installing koha on a separate pc (debian) on our premises, but so far I don't know how can open the OPAC to the customers
- installing koha on an external virtual server with root access My question, is there someone here having it done at IONOS, the former German company 1&1.
Or to you have better recommendations. By the way, money is a very small resource in our association, German Verein e.V.
Greetings Heinz
_______________________________________________ Koha mailing list https://urldefense.proofpoint.com/v2/url?u=http-3A__koha-2Dcommunity.o rg&d=DwIGaQ&c=RvBXVp2Kc-itN3g6r3sN0QK_zL4whPpndVxj8-bJ04M&r=vKh6XwOmjy C51IkP1OfsdjQZoWT2vpi6VZl8El8EPRI&m=d1e9HNijxpF-CFm6aDGu2L4sA9uNUSWxNY OhmVfKlfY&s=PFaZDDXbAVaeRYYYQEEUYB394Eoew_4m7DdURTjQriU&e= Koha@lists.katipo.co.nz https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.katipo.co.n z_mailman_listinfo_koha&d=DwIGaQ&c=RvBXVp2Kc-itN3g6r3sN0QK_zL4whPpndVx j8-bJ04M&r=vKh6XwOmjyC51IkP1OfsdjQZoWT2vpi6VZl8El8EPRI&m=d1e9HNijxpF-C Fm6aDGu2L4sA9uNUSWxNYOhmVfKlfY&s=2YTTiymU3KGcGMBjQQzVdlLnADG5enBMFZZdo gdgCtQ&e=
_______________________________________________ Koha mailing list https://urldefense.proofpoint.com/v2/url?u=http-3A__koha-2Dcommunity.org&d=DwIGaQ&c=RvBXVp2Kc-itN3g6r3sN0QK_zL4whPpndVxj8-bJ04M&r=vKh6XwOmjyC51IkP1OfsdjQZoWT2vpi6VZl8El8EPRI&m=d1e9HNijxpF-CFm6aDGu2L4sA9uNUSWxNYOhmVfKlfY&s=PFaZDDXbAVaeRYYYQEEUYB394Eoew_4m7DdURTjQriU&e= Koha@lists.katipo.co.nz https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.katipo.co.nz_mailman_listinfo_koha&d=DwIGaQ&c=RvBXVp2Kc-itN3g6r3sN0QK_zL4whPpndVxj8-bJ04M&r=vKh6XwOmjyC51IkP1OfsdjQZoWT2vpi6VZl8El8EPRI&m=d1e9HNijxpF-CFm6aDGu2L4sA9uNUSWxNYOhmVfKlfY&s=2YTTiymU3KGcGMBjQQzVdlLnADG5enBMFZZdogdgCtQ&e= ---------------------------------------------------------------------- MedStar Health is a not-for-profit, integrated healthcare delivery system, the largest in Maryland and the Washington, D.C., region. Nationally recognized for clinical quality in heart, orthopaedics, cancer and GI. IMPORTANT: This e-mail (including any attachments) may contain information that is private, confidential, or protected by attorney-client or other privilege. If you received this e-mail in error, please delete it from your system without copying it and notify sender by reply e-mail, so that our records can be corrected... Thank you. Help conserve valuable resources - only print this email if necessary.
Hi Fred In my basic understanding -might be, awfully, wrong-: 1) Data encryption: There are several levels of data encryption you can set up. -) Apache: You define this in apache config and depends on the ssl certificate you get for your website. -) Mysql encryption. You can encrypt data in mysql. This is not set by default since usually you need a "middleware/software" to do this. I guess koha does not have the ability to do it. -) Disk level: You can encrypt your whole disk and work with it. This mainly works for the initial access to the drive. Once system started encryption is transparent. 2) Virus: Virus usually propagate through email. They usually does not affect the linux box itself, but use your box to propagate to other machines when receiving/processing emails. If you use a local MTA -email server- in your koha box and process emails from/to external users, it is recommended to install an antivirus program on the linux box so any virus is detected/removed -hopefully- before reaching the final recipient. If you do only process localhost emails (root, your server user) it is not really necessary. For other kind of attacks, the way to fight them is to ensure your system is always updated and that you have closed any door -port/service/listener- you don't use and secure the ones you do use like denying remote access to root user to any console/database, etc. Hope this clarifies a little your life and have not messed it more ;) Regards Alvaro |-----------------------------------------------------------------------------------------------------------------| Envíe y Reciba Datos y mensajes de Texto (SMS) hacia y desde cualquier celular y Nextel en el Perú, México y en mas de 180 paises. Use aplicaciones 2 vias via SMS y GPRS online Visitenos en www.perusms.com Le mar. 28 janv. 2020 à 07:18, King, Fred <Fred.King@medstar.net> a écrit :
(Reposted after it got stuck in moderation--too many recipients.)
-----Original Message----- From: King, Fred Sent: Monday, January 27, 2020 12:48 PM To: 'Chris Brown' <chris@stayawake.co.uk>; Heinz-Jürgen Oertel < hj.oertel@t-online.de> Cc: koha <koha@lists.katipo.co.nz>; koha-us@koha-us.org Subject: Koha on Digital Ocean (Was: Re: [Koha] Installation on so-called virtual server at external internet service provider IONOS)
Hello Chris, Heinz-Jürgen, and everybody,
I'm glad to hear that someone else is using Digital Ocean!
We're currently running the MedStar Authors Catalog Koha instance at Digital Ocean, and since I bought our in-house Koha instance server refurbished seven years ago and I'm getting kind of nervous, I'm trying to move that to Digital Ocean as well. I'm planning to start on the $5 USD per month configuration ($6 USD with weekly backup), though we may splurge for the $10/$12 configuration if we need to. Yes, we're a very small library--circulation is maybe in the high two figures per month and is mostly the Advanced Cardiac Life Support exam review book. Getting another in-house server isn't an option.
My next step is a Technical Review Meeting with our IT department where I need to convince the Demand Management Team that Koha/Digital Ocean will not present a security threat to the rest of our network and the Protected Health Information contained therein. Our systems were attacked a couple of years ago and we were shut down for a couple of weeks (my desk has never been so tidy), so their concerns are understandable. The form they asked me to fill out was the same one that any software vendor chosen by the hospital needs to use, though in my case a lot of the answers were "not applicable."
Which brings me to a few questions, some general and some Koha or maybe Digital Ocean specific:
One of the things I think they'll ask me about is data encryption. The form I filled out asked the highest level--TLS 1.3, 1.2, 1.1, SSL 3.0 or less. Any ideas? Yes, it's a basic question that I should know, but there are large gaps in my knowledge as I'm mostly self-taught.
They're also going to ask about antivirus protection. I have never heard of a Koha instance running on Debian/Ubuntu being affected by a virus or anything similar, and if it had happened I think I would have heard of it since I've been involved with Koha since version 2.something-or-other. Does anybody know something different?
I'd also like to hear from other users of Digital Ocean, or from people whose Koha systems have had to undergo a review of this type. Any advice? I know enough about Koha, Ubuntu, and Digital Ocean to be able to set up, migrate, and run our small Koha system, enough to install it on a Raspberry Pi ( http://avengingchicken.online/misc/installing_koha_on_raspberry-pi-4.pdf), take part in a panel discussion ( http://koha-us.org/learn/conferences/kohacon2019/, see "Unsupported? You're not on your own!"), but this part is something new to me.
Thank you,
Fred King, AHIP Medical Librarian, MedStar Washington Hospital Center fred.king@medstar.net 202-877-6670 ORCID 0000-0001-5266-0279 MedStar Authors Catalog: http://medstarauthors.org
Mars is the only known planet in the universe inhabited solely by robots. --Brandon Spektor, LiveScience
-----Original Message----- From: Koha <koha-bounces@lists.katipo.co.nz> On Behalf Of Chris Brown Sent: Sunday, January 26, 2020 9:55 AM To: Heinz-Jürgen Oertel <hj.oertel@t-online.de> Cc: koha <koha@lists.katipo.co.nz> Subject: [EXTERNAL] Re: [Koha] Installation on so-called virtual server at external internet service provider IONOS
** ATTENTION: This email originated from outside the MedStar network. ** DO NOT CLICK links or attachments unless you recognize the sender and know the content is safe.
Hi Heinz-Jürgen,
I don't have any experience of IONOS but I successfully host Koha on a virtual private server from Digital Ocean. For a long time we were running on a small configuration costing 20 USD per month though we have now upgraded as we're supporting 5 libraries (and a web site). I have had a smooth ride (though I do have prior experience of administering Linux servers). Digital Ocean will give you a VPS with Debian pre-installed which makes it easy to get started.
If you're hosting in-house, some things to think about:
1. Does your ISP offer a static IP address? 2. You will need to set up a tunnel (or do I mean a bridge?) through your broadband router to your Koha server 3. You will need a way to do backups -- preferably off-site
Good luck!
Best Regards
Chris Brown
On Sun, Jan 26, 2020 at 12:53 PM Heinz-Jürgen Oertel < hj.oertel@t-online.de> wrote:
Hello, just a short introduction, joined the list today. I'm on the way to replace the currently used Allegro-B for our small, about 3000 books, library. The main reason is to have an OPAC to tell the world what we have collected so far in our specialized library.
We have two options - installing koha on a separate pc (debian) on our premises, but so far I don't know how can open the OPAC to the customers
- installing koha on an external virtual server with root access My question, is there someone here having it done at IONOS, the former German company 1&1.
Or to you have better recommendations. By the way, money is a very small resource in our association, German Verein e.V.
Greetings Heinz
_______________________________________________ Koha mailing list https://urldefense.proofpoint.com/v2/url?u=http-3A__koha-2Dcommunity.o rg&d=DwIGaQ&c=RvBXVp2Kc-itN3g6r3sN0QK_zL4whPpndVxj8-bJ04M&r=vKh6XwOmjy C51IkP1OfsdjQZoWT2vpi6VZl8El8EPRI&m=d1e9HNijxpF-CFm6aDGu2L4sA9uNUSWxNY OhmVfKlfY&s=PFaZDDXbAVaeRYYYQEEUYB394Eoew_4m7DdURTjQriU&e= Koha@lists.katipo.co.nz https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.katipo.co.n z_mailman_listinfo_koha&d=DwIGaQ&c=RvBXVp2Kc-itN3g6r3sN0QK_zL4whPpndVx j8-bJ04M&r=vKh6XwOmjyC51IkP1OfsdjQZoWT2vpi6VZl8El8EPRI&m=d1e9HNijxpF-C Fm6aDGu2L4sA9uNUSWxNYOhmVfKlfY&s=2YTTiymU3KGcGMBjQQzVdlLnADG5enBMFZZdo gdgCtQ&e=
_______________________________________________ Koha mailing list https://urldefense.proofpoint.com/v2/url?u=http-3A__koha-2Dcommunity.org&d=DwIGaQ&c=RvBXVp2Kc-itN3g6r3sN0QK_zL4whPpndVxj8-bJ04M&r=vKh6XwOmjyC51IkP1OfsdjQZoWT2vpi6VZl8El8EPRI&m=d1e9HNijxpF-CFm6aDGu2L4sA9uNUSWxNYOhmVfKlfY&s=PFaZDDXbAVaeRYYYQEEUYB394Eoew_4m7DdURTjQriU&e= Koha@lists.katipo.co.nz
---------------------------------------------------------------------- MedStar Health is a not-for-profit, integrated healthcare delivery system, the largest in Maryland and the Washington, D.C., region. Nationally recognized for clinical quality in heart, orthopaedics, cancer and GI.
IMPORTANT: This e-mail (including any attachments) may contain information that is private, confidential, or protected by attorney-client or other privilege. If you received this e-mail in error, please delete it from your system without copying it and notify sender by reply e-mail, so that our records can be corrected... Thank you.
Help conserve valuable resources - only print this email if necessary.
_______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
participants (2)
-
Alvaro Cornejo -
King, Fred