Table of Contents

Server Configuration Wiki

Overview
Content

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

Server Configuration Wiki

Overview

This wiki documents the secure configuration and operation of our production server infrastructure.

The goal of this infrastructure is to host the following core services:

Mattermost — internal team communication platform
Forgejo — self-hosted Git service
MinIO — S3-compatible object storage
PostgreSQL — relational database engine
Nginx — reverse proxy and TLS termination

All services are deployed using:

Ubuntu Server
Docker Engine
Docker Swarm
Overlay networks
Docker secrets
Let’s Encrypt certificates (Certbot)
UFW firewall rules

Security and reproducibility are mandatory.

No application service is deployed before SSH hardening is completed.

Content

Architecture Overview
System Hardware
Operating System
SSH Hardening
Docker Installation
Docker Swarm Configuration
Network Architecture
Stacks Deployment
Reverse Proxy
Certbot & Let's Encrypt
TURN Server (Coturn)
PostgreSQL Configuration
MinIO Configuration
Forgejo Configuration
Mattermost Configuration
Backup and Recovery
Security Checklist

Architecture Overview
System Hardware
Operating System
SSH Hardening
Docker Installation
Docker Swarm Configuration
Network Architecture
Stacks Deployment
Reverse Proxy
Certbot & Let's Encrypt
TURN Server (Coturn)
PostgreSQL Configuration
MinIO Configuration
Forgejo Configuration
Mattermost Configuration
Backup and Recovery
Security Checklist