¶ Welcome to our Knowledge Base Home
This is just a landing page where which you can use to touch Off into each section of this knowledge base. You might find it helpful to return to this to use as a launching point into Athena, Eos or Hecate or any of the other projects we have.
For the main knowledge base, see Athena.
¶ The main characters:
¶ Hecate
- Frontend
Hecate, named after the ancient Greek goddess of crossroads, boundaries, and the arcane arts, Hecate stands as the gatekeeper between your infrastructure and the outside world.
Hecate is a modular reverse proxy framework aimed at helping humans set up their own reverse proxy.
¶ Eos
- Backend
In ancient Greek mythology and religion, Eos is the goddess and personification of the dawn, helping everyone start the day.
This repo contains lots of tools to help you get started on your ubuntu server journey, including tools for easy server management and turn-key web app configurations.
- Includes
Delphi- powered by Wazuh, an enterprise level security system.
Contains instructions and best practices for deploying and managing Wazuh within your infrastructure.
¶ Persephone
- Backups
Persephone is a solution designed to simplify and enhance the use of Restic for backups and recovery.
It provides additional features like cross platform compatibility, centralized management, automated scheduling, and modular configuration.
¶ Athena
- Knowledge Base
Athena is the Greek goddess of wisdom and practical reasoning. Accordingly, we think this is a fitting name for the repository of our how-to files and knowledge base.
Athena has comprehensive guides, tutorials, and documentation to help you navigate and utilize our cybersecurity solutions effectively.
¶ Metis
- Knowledge Base, specifically for Troubleshooting
Metis, the Greek goddess of wisdom, deep thought, and cunning. She was known for her resourcefulness and intelligence, making her an ideal symbol our troubleshooting knowledge base.
¶ GitHub Repository
Access our GitHub repository to view source code, contribute, and report issues.
¶ Three part ecosystem
Our respoitories, including; Eos, Hecate, Persephone are designed to help you set up your own self-hosted cloud infrastructure.
They are designed to be deployed together, as an ecosystem.
This means, they can be deployed independently of each other and can also work together to create your own self-hosted cloud deployment.
¶ Hecate: Frontend
¶ Reverse proxy
Hecate GitHub
Hecate was the ancient Greek goddess of crossroads, boundaries, and the arcane arts. This is a modular reverse proxy framework named after her, aimed at helping humans set up their own reverse proxies.
So today, Hecate still stands as the gatekeeper between your infrastructure and the outside world.
¶ Eos: Backend
¶ Tooling and backend Web Apps
Eos GitHub
In ancient Greek mythology and religion, Eos is the goddess and personification of the dawn, helping everyone start the day. This repo contains lots of tools to help you get started on your ubuntu server journey.
- Delphi
Detailed instructions and best practices for deploying and managing Wazuh within your infrastructure.
See here for other supported Web Applications
¶ Persephone: Backups
Persephone GitHub
Persephone is a solution designed to simplify and enhance the use of Restic for backups and recovery.
It provides additional features like cross platform compatibility, centralized management, automated scheduling, and modular configuration.
¶ Supported Web Apps
This section outlines what cloud-native web applications, which Eos currently supports. Those currently marked
X
means they aren't supported yet
¶ GitHub
The configurations to deploy these can be found in the eos/apps/ directory
¶ Diagrams
Cloud servers are made out to be super complicated or mysterious. Essentially, they are made of three main parts:
- Frontend
- Backend
- Backups
The three tools here Hecate, Eos, and Persephone are help set up these three different components.
¶ Hecate
will help you set and manage the frontend. The more technical term for 'frontend' is reverse proxy. This frontend will have a public IP address and will be the only part of your setup which will be directly accessible from the internet.
This means, once this is set up properly, you will be able to go on to Google, Safari or Firefox and type in yourwebsitename.com, and you will get sent here.
As an analogy, say you have an ex or a former friend or colleage who you'd rather not talk to anymore because you don't trust them. But say that you needed to talk to them. You might not want to talk to them directly. Instead, you might get a trusted friend to act as a messenger between the two of you. In this situation, your friend is acting as a proxy for you. And the person you don't want to talk to directly, is the internet.
In the context of cloud servers we call the machine that acts as this in-between messenger a reverse proxy. The reason we call it specifically a reverse proxy and not just a proxy is a bit more technical, but if you just remember that a reverse proxy acts as a trusted messenger who carries messages between you and the internet , you will get the main point. You can think of Hecate as your reverse proxy - your in between messenger between your backend servers and the untrusted internet.
While this is not strictly correct and technically Hecate is only a tool to help you set up and manage the Nginx reverse proxy, thinking of Hecate as the reverse proxy itself may be easier.
¶ Eos
Eos will help you set up and manage the backend of your cloud server. While the reverse proxy acts only as a messenger, this backend server is where the magic happens. This backend server is what actually hosts the information/application/process/website/pages/programme you want to set up in the cloud. This information/application/process/website/pages/programme could be a place to store your files and photos (like iCloud, Google Cloud or Nextcloud), serve your emails from (eg. Microsoft exchange or Mailcow), keep track of the security of your network (Wazuh/Delphi), or host your wiki (like wikipaedia or wiki.js). In any case, this is where the 'thinking' for your cloud server happens in each of these examples.
As above, it may be easier to think of this backend as Eos itself, even though Eos is only a tool to set up and manage these backend applications.
In the example above about you, your trusted friend (Hecate), and your ex (The Internet), you would be Eos. You would make it known that if anyone wanted to talk to you, they would have to do it through your friend, Hecate. Your ex, The Internet, would go to your friend, Hecate, with a specific request. Hecate then comes to you with what they said. You, as Eos, have to listen to what Hecate has told you, and then you have to think about what to do/say in response to your ex. You, Eos, then give that response to your friend, Hecate, who then takes your message to your ex, The Internet, and delivers it to them.
This is an bizarre analogy to read, and it was even more bizarre to write down. But, we think it gets the point across of the main functionality of how cloud servers work. If you get confused, we recommend coming back to these three main actors:
The Internet, your ex, who you don't trust, is toxic, and you want to limit interraction with as much as possible.Hecate, your trusted friend, the proxy, who acts as a messenger between you,Eosand your ex, The Internet.Eos, you, the backend cloud server, which does all the thinking. You have to listen to Hecate, think about what she tells you, before giving your reply back to her for her to return to your ex.
There is a more in-depth diagram later on, but here is a very simple diagram to help clarify the common terminology, the more technical terms, and Eos and Hecate.
#
# Common terms More technical Our stuff The story
# --------------------- --------------------- ------------------ ------------------
# Internet # Client # Internet # You ex
# ^ # ^ # ^ # ^
# | # | # | # |
# v # v # v # v
# ┌─────────────┐ # ┌───────────────┐ # ┌────────┐ # ┌─────────────┐
# | Frontend | # | Reverse Proxy | # | Hecate | # | Your friend |
# └─────────────┘ # └───────────────┘ # └────────┘ # └─────────────┘
# ^ | # ^ | # ^ | # ^ |
# | +------+ # | +------+ # | +---+ # | +---+
# v | # v | # v | # v |
# ┌─────────┐ | # ┌─────────────┐ | # ┌─────┐ | # ┌─────┐ |
# | Backend | | # | Virtualhost | | # | Eos | | # | You | |
# └─────────┘ | # └─────────────┘ | # └─────┘ | # └─────┘ |
# | +------+ # | +------+ # | +---+ # | +---+
# | | # | | # | | # | |
# v v # v v # v v # v v
# ┌─────────┐ # ┌─────────┐ # ┌────────────┐ # ┌────────────┐
# | Backups | # | Backups | # | Persephone | # | Persephone |
# └─────────┘ # └─────────┘ # └────────────┘ # └────────────┘
# | # | # | # |
# v # v # v # v
# ┌────────────────┐ # ┌────────────────┐ # ┌────────────────┐ # ┌────────────────┐
# | Offline backup | # | Offline backup | # | Offline backup | # | Offline backup |
# └────────────────┘ # └────────────────┘ # └────────────────┘ # └────────────────┘
#
There are several diagrams which are more broad and more details throughout this documentation, but this is the overall structure and should be your reference when things become confusing.
¶ How do I use these repositories?
These repositories are best used together.
The Hecate project sets up an NGINX web server as a reverse proxy using docker compose. The aim is to make deploying cloud native Web Apps on your own infrastructure as 'point and click' as possible. The reverse proxy set up here can be used in front of the corresponding web application/backend deployed by the Eos repository.
Below is a slightly more technical version of the diagram above outlining how things work 'under the hood', more explicitly:
#
# ┌───────────────────────────┐
# │ Clients │ # This is how your cloud instance will be
# │ (User Browsers, Apps, etc)│ # accessed. Usually a browser on a client
# └────────────┬──────────────┘ # machine.
# │
# ▼
# ┌───────────────────────────┐
# │ DNS Resolution │ # This needs to be set up
# │ (domain.com, | # with your cloud provider or DNS broker, eg.
# | cybermonkey.net.au, etc.) │ # GoDaddy, Cloudflare, Hetzner, etc.
# └────────────┬──────────────┘
# │
# ▼
#
# **This your remote server (reverse proxy/proxy/cloud instance)**
#
# #########################
# # Hecate sets this up #
# #########################
#
# ┌─────────────────┐
# │ Reverse Proxy │ # This is what we are setting up `hecate`.
# │ (NGINX, Caddy, │ # All your traffic between the internet and
# │ Ingress, etc) │ # the backend servers gets router through
# └────────┬────────┘ # here.
# │
# ┌────────────────────────┼─────────────────────────┐
# │ │ │
# ▼ ▼ ▼
#
# **These are your local servers (backend/virtual hosts)**
#
# #######################
# # Eos sets these up #
# #######################
#
# ┌──────────────┐ ┌──────────────┐ ┌──────────────┐
# │ Backend 1 │ │ Backend 2 │ │ Backend 3 │
# │ (backend1) │ │ (backend2) │ │ (backend3) │ # If using tailscale,
# │ ┌────────┐ │ │ ┌────────┐ │ │ ┌────────┐ │ # these are the magicDNS hostnames.
# │ │ Service│ │ │ │ Service│ │ │ │ Service│ │ # For setting up a demo website instance,
# │ │ Pod/ │ │ │ │ Pod/ │ │ │ │ Pod/ │ │ # see our `helen` repository
# │ │ Docker │ │ │ │ Docker │ │ │ │ Docker │ │ # To set up Wazuh, check out
# │ │ (eg. │ │ │ │ (eg. │ │ │ │ (eg. │ │ # eos/legacy/wazuh/README.md.
# │ │Website)│ │ │ │ Wazuh) │ │ │ │Mailcow)│ │ #
# │ └────────┘ │ │ └────────┘ │ │ └────────┘ │ #
# └──────────────┘ └──────────────┘ └──────────────┘ #
#
#
# **This is your backup server**
#
# ##############################
# # Persephone sets this up #
# ##############################
#
# ┌──────────────┐
# │ Persephone │
# │ ┌────────┐ │
# │ │ Backup │ │
# │ │ server │ │
# │ └────────┘ │
# └──────────────┘
#
¶ Features
- Lightweight
NGINXcontainer based on thenginxdockerimage. - Automatic
HTTPScertificate generation usingCertbot. - Support for serving custom static files from the
htmldirectory, for a landing page/website - Automatic redirection from
HTTPtoHTTPS. docker composefor easy deployment and management.- Accessible on the web, via domain name (eg.
domain.com) pointing to your server’s IP address (eg.12.34.56.78) and any subdomains ( eg.sub.domain.com) as needed
¶ Simple Diagram
Here is a more simple diagram than the one above
# User # The user accesses these web apps by googling `domain.com`
# ^ # or `nextcloud.domain.com`
# |
# v
# ┌─────────────┐ # Deployed by `hecate`
# |Reverse Proxy| # This is your remote cloud server
# └─────────────┘ #
# ^ |
# | +-------------------------------------------------------+
# v |
# +----------------+---------------+ |
# ^ ^ ^ |
# | | | |
# v v v |
# ┌──────────────┐ ┌───────────┐ ┌───────────┐ # Deployed by `eos` |
# | HTML website | | Nextcloud | | Wazuh | # These are your local server(s) |
# └──────────────┘ └───────────┘ └───────────┘ # |
# | | | |
# v v v |
# +----------------+---------------+ |
# | |
# | +--------------------------------------------------------+
# | |
# v v
# ┌──────────────┐ # All nodes are backed up to `persephone`
# │ Persephone │ # Make this a separate physical server on its own
# └──────────────┘
# |
# v
# ┌──────────────┐ # Back up to here weekly
# │ Offline │ # Make sure this is offline when it's not being used
# │ storage/ │
# │ backup │
# └──────────────┘
#
More to come regarding distributed, highly available, and kubernetes-based deployments.
¶ To set up a reverse proxy:
Hecate
Hecate, named after the ancient Greek goddess of crossroads, boundaries, and the arcane arts, Hecate stands as the gatekeeper between your infrastructure and the outside world.
Hecate is a modular reverse proxy framework aimed at helping humans set up their own reverse proxy.
Here is a snapshot from the diagram above, focussing on the part hecate is responsible for
#
# ...
# ^
# |
# v
# ┌─────────────┐ # Deployed by `hecate`
# |Reverse Proxy| # This is your remote cloud server
# └─────────────┘ #
# ^
# |
# v
# +----------------+---------------+
# ^ ^ ^
# | | |
# v v v
# ... ... ...
#
¶ To set up a virtual host:
Eos
In ancient Greek mythology and religion, Eos is the goddess and personification of the dawn, helping everyone start the day. This repo contains lots of tools to help you get started on your ubuntu server journey.
#
# ... ... ...
# | | |
# v v v
# ┌──────────────┐ ┌───────────┐ ┌───────────┐ # Deployed by `eos`
# | HTML website | | Nextcloud | | Wazuh | # These are your local server(s)
# └──────────────┘ └───────────┘ └───────────┘ #
# | | |
# ... ... ...
#
¶ To set up your backups:
Persephone
Persephone is a solution designed to simplify and enhance the use of Restic for backups and recovery.
#
# ... ...
# | |
# v v
# ┌──────────────┐ # All nodes are backed up to `persephone`
# │ Persephone │ # Make this a separate physical server on its own
# └──────────────┘
# |
# ...
#
¶ Offline storage / archiving
This isn't super complicated and is probably a little out of our scope here, so we're going to leave this up to you.
# ...
# |
# v
# ┌──────────────┐ # Back up to here weekly
# │ Offline │ # Make sure this is offline when it's not being used
# │ storage/ │
# │ backup │
# └──────────────┘
#
¶ Other links
Return to the main website cybermonkey.net.au
Our Facebook
Or X/Twitter
¶ Complaints, compliments, confusion:
Secure email: git@cybermonkey.net.au
Website: cybermonkey.net.au
# ___ _ __ __ _
# / __|___ __| |___ | \/ |___ _ _ | |_____ _ _
# | (__/ _ \/ _` / -_) | |\/| / _ \ ' \| / / -_) || |
# \___\___/\__,_\___| |_| |_\___/_||_|_\_\___|\_, |
# / __| _| |__ ___ _ _ |__/
# | (_| || | '_ \/ -_) '_|
# \___\_, |_.__/\___|_|
# |__/
© 2025 Code Monkey Cybersecurity. ABN: 77 177 673 061. All rights reserved.