[Koha] FW: Koha on Digital Ocean (Was: Re: Installation on so-called virtual server at external internet service provider IONOS)
Alvaro Cornejo
cornejo.alvaro at gmail.com
Wed Jan 29 02:52:30 NZDT 2020
Hi Fred
In my basic understanding -might be, awfully, wrong-:
1) Data encryption:
There are several levels of data encryption you can set up.
-) Apache: You define this in apache config and depends on the ssl
certificate you get for your website.
-) Mysql encryption. You can encrypt data in mysql. This is not set by
default since usually you need a "middleware/software" to do this. I guess
koha does not have the ability to do it.
-) Disk level: You can encrypt your whole disk and work with it. This
mainly works for the initial access to the drive. Once system started
encryption is transparent.
2) Virus:
Virus usually propagate through email. They usually does not affect the
linux box itself, but use your box to propagate to other machines when
receiving/processing emails. If you use a local MTA -email server- in your
koha box and process emails from/to external users, it is recommended to
install an antivirus program on the linux box so any virus is
detected/removed -hopefully- before reaching the final recipient. If you do
only process localhost emails (root, your server user) it is not really
necessary.
For other kind of attacks, the way to fight them is to ensure your system
is always updated and that you have closed any door -port/service/listener-
you don't use and secure the ones you do use like denying remote access to
root user to any console/database, etc.
Hope this clarifies a little your life and have not messed it more ;)
Regards
Alvaro
|-----------------------------------------------------------------------------------------------------------------|
Envíe y Reciba Datos y mensajes de Texto (SMS) hacia y desde cualquier
celular y Nextel
en el Perú, México y en mas de 180 paises. Use aplicaciones 2 vias via SMS
y GPRS online
Visitenos en www.perusms.com
Le mar. 28 janv. 2020 à 07:18, King, Fred <Fred.King at medstar.net> a écrit :
> (Reposted after it got stuck in moderation--too many recipients.)
>
> -----Original Message-----
> From: King, Fred
> Sent: Monday, January 27, 2020 12:48 PM
> To: 'Chris Brown' <chris at stayawake.co.uk>; Heinz-Jürgen Oertel <
> hj.oertel at t-online.de>
> Cc: koha <koha at lists.katipo.co.nz>; koha-us at koha-us.org
> Subject: Koha on Digital Ocean (Was: Re: [Koha] Installation on so-called
> virtual server at external internet service provider IONOS)
>
> Hello Chris, Heinz-Jürgen, and everybody,
>
> I'm glad to hear that someone else is using Digital Ocean!
>
> We're currently running the MedStar Authors Catalog Koha instance at
> Digital Ocean, and since I bought our in-house Koha instance server
> refurbished seven years ago and I'm getting kind of nervous, I'm trying to
> move that to Digital Ocean as well. I'm planning to start on the $5 USD per
> month configuration ($6 USD with weekly backup), though we may splurge for
> the $10/$12 configuration if we need to. Yes, we're a very small
> library--circulation is maybe in the high two figures per month and is
> mostly the Advanced Cardiac Life Support exam review book. Getting another
> in-house server isn't an option.
>
> My next step is a Technical Review Meeting with our IT department where I
> need to convince the Demand Management Team that Koha/Digital Ocean will
> not present a security threat to the rest of our network and the Protected
> Health Information contained therein. Our systems were attacked a couple of
> years ago and we were shut down for a couple of weeks (my desk has never
> been so tidy), so their concerns are understandable. The form they asked me
> to fill out was the same one that any software vendor chosen by the
> hospital needs to use, though in my case a lot of the answers were "not
> applicable."
>
> Which brings me to a few questions, some general and some Koha or maybe
> Digital Ocean specific:
>
> One of the things I think they'll ask me about is data encryption. The
> form I filled out asked the highest level--TLS 1.3, 1.2, 1.1, SSL 3.0 or
> less. Any ideas? Yes, it's a basic question that I should know, but there
> are large gaps in my knowledge as I'm mostly self-taught.
>
> They're also going to ask about antivirus protection. I have never heard
> of a Koha instance running on Debian/Ubuntu being affected by a virus or
> anything similar, and if it had happened I think I would have heard of it
> since I've been involved with Koha since version 2.something-or-other. Does
> anybody know something different?
>
> I'd also like to hear from other users of Digital Ocean, or from people
> whose Koha systems have had to undergo a review of this type. Any advice? I
> know enough about Koha, Ubuntu, and Digital Ocean to be able to set up,
> migrate, and run our small Koha system, enough to install it on a Raspberry
> Pi (
> http://avengingchicken.online/misc/installing_koha_on_raspberry-pi-4.pdf),
> take part in a panel discussion (
> http://koha-us.org/learn/conferences/kohacon2019/, see "Unsupported?
> You're not on your own!"), but this part is something new to me.
>
> Thank you,
>
> Fred King, AHIP
> Medical Librarian, MedStar Washington Hospital Center
> fred.king at medstar.net
> 202-877-6670
> ORCID 0000-0001-5266-0279
> MedStar Authors Catalog: http://medstarauthors.org
>
> Mars is the only known planet in the universe inhabited solely by robots.
> --Brandon Spektor, LiveScience
>
> -----Original Message-----
> From: Koha <koha-bounces at lists.katipo.co.nz> On Behalf Of Chris Brown
> Sent: Sunday, January 26, 2020 9:55 AM
> To: Heinz-Jürgen Oertel <hj.oertel at t-online.de>
> Cc: koha <koha at lists.katipo.co.nz>
> Subject: [EXTERNAL] Re: [Koha] Installation on so-called virtual server at
> external internet service provider IONOS
>
> ** ATTENTION: This email originated from outside the MedStar network. **
> DO NOT CLICK links or attachments unless you recognize the sender and know
> the content is safe.
>
> Hi Heinz-Jürgen,
>
> I don't have any experience of IONOS but I successfully host Koha on a
> virtual private server from Digital Ocean. For a long time we were running
> on a small configuration costing 20 USD per month though we have now
> upgraded as we're supporting 5 libraries (and a web site). I have had a
> smooth ride (though I do have prior experience of administering Linux
> servers). Digital Ocean will give you a VPS with Debian pre-installed which
> makes it easy to get started.
>
> If you're hosting in-house, some things to think about:
>
> 1. Does your ISP offer a static IP address?
> 2. You will need to set up a tunnel (or do I mean a bridge?) through your
> broadband router to your Koha server 3. You will need a way to do backups
> -- preferably off-site
>
> Good luck!
>
> Best Regards
>
> Chris Brown
>
>
>
>
> On Sun, Jan 26, 2020 at 12:53 PM Heinz-Jürgen Oertel <
> hj.oertel at t-online.de>
> wrote:
>
> > Hello,
> > just a short introduction, joined the list today.
> > I'm on the way to replace the currently used Allegro-B for our small,
> > about
> > 3000 books, library. The main reason is to have an OPAC to tell the
> > world what we have collected so far in our specialized library.
> >
> > We have two options
> > - installing koha on a separate pc (debian) on our premises, but so
> > far I don't know how can open the OPAC to the customers
> >
> > - installing koha on an external virtual server with root access My
> > question, is there someone here having it done at IONOS, the former
> > German company 1&1.
> >
> > Or to you have better recommendations.
> > By the way, money is a very small resource in our association, German
> > Verein e.V.
> >
> > Greetings
> > Heinz
> >
> >
> >
> > _______________________________________________
> > Koha mailing list
> > https://urldefense.proofpoint.com/v2/url?u=http-3A__koha-2Dcommunity.o
> > rg&d=DwIGaQ&c=RvBXVp2Kc-itN3g6r3sN0QK_zL4whPpndVxj8-bJ04M&r=vKh6XwOmjy
> > C51IkP1OfsdjQZoWT2vpi6VZl8El8EPRI&m=d1e9HNijxpF-CFm6aDGu2L4sA9uNUSWxNY
> > OhmVfKlfY&s=PFaZDDXbAVaeRYYYQEEUYB394Eoew_4m7DdURTjQriU&e=
> > Koha at lists.katipo.co.nz
> > https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.katipo.co.n
> > z_mailman_listinfo_koha&d=DwIGaQ&c=RvBXVp2Kc-itN3g6r3sN0QK_zL4whPpndVx
> > j8-bJ04M&r=vKh6XwOmjyC51IkP1OfsdjQZoWT2vpi6VZl8El8EPRI&m=d1e9HNijxpF-C
> > Fm6aDGu2L4sA9uNUSWxNYOhmVfKlfY&s=2YTTiymU3KGcGMBjQQzVdlLnADG5enBMFZZdo
> > gdgCtQ&e=
> >
> _______________________________________________
> Koha mailing list
> https://urldefense.proofpoint.com/v2/url?u=http-3A__koha-2Dcommunity.org&d=DwIGaQ&c=RvBXVp2Kc-itN3g6r3sN0QK_zL4whPpndVxj8-bJ04M&r=vKh6XwOmjyC51IkP1OfsdjQZoWT2vpi6VZl8El8EPRI&m=d1e9HNijxpF-CFm6aDGu2L4sA9uNUSWxNYOhmVfKlfY&s=PFaZDDXbAVaeRYYYQEEUYB394Eoew_4m7DdURTjQriU&e=
> Koha at lists.katipo.co.nz
>
> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.katipo.co.nz_mailman_listinfo_koha&d=DwIGaQ&c=RvBXVp2Kc-itN3g6r3sN0QK_zL4whPpndVxj8-bJ04M&r=vKh6XwOmjyC51IkP1OfsdjQZoWT2vpi6VZl8El8EPRI&m=d1e9HNijxpF-CFm6aDGu2L4sA9uNUSWxNYOhmVfKlfY&s=2YTTiymU3KGcGMBjQQzVdlLnADG5enBMFZZdogdgCtQ&e=
>
> ----------------------------------------------------------------------
> MedStar Health is a not-for-profit, integrated healthcare delivery system,
> the largest in Maryland and the Washington, D.C., region. Nationally
> recognized for clinical quality in heart, orthopaedics, cancer and GI.
>
> IMPORTANT: This e-mail (including any attachments) may contain information
> that is private, confidential, or protected by attorney-client or other
> privilege. If you received this e-mail in error, please delete it from your
> system without copying it and notify sender by reply e-mail, so that our
> records can be corrected... Thank you.
>
> Help conserve valuable resources - only print this email if necessary.
>
>
> _______________________________________________
> Koha mailing list http://koha-community.org
> Koha at lists.katipo.co.nz
> https://lists.katipo.co.nz/mailman/listinfo/koha
>
More information about the Koha
mailing list