Home Wiki Programming & Logic Capstone Project: Setting Up an Industrial Monitoring Server From Scratch Using the CLI
Programming & Logic

Capstone Project: Setting Up an Industrial Monitoring Server From Scratch Using the CLI

9 min read Programming & Logic

Overview: An Industrial Monitoring Server

In this final lesson, you apply everything from the series to build a complete industrial monitoring server: Ubuntu Server with Docker, SurrealDB, and a Rust application that reads Modbus data from PLCs, with automated backups and health checks.

Step 1: Installing Ubuntu Server and Securing SSH

sudo apt update && sudo apt upgrade -y
sudo hostnamectl set-hostname factory-monitor-01
sudo timedatectl set-timezone Asia/Riyadh
sudo apt install -y htop tmux curl wget jq net-tools tcpdump fail2ban

Harden SSH in /etc/ssh/sshd_config:

sudo sed -i 's/#Port 22/Port 2222/' /etc/ssh/sshd_config
sudo sed -i 's/#PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
sudo sed -i 's/#PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config

Set up key authentication before disabling passwords, then sudo systemctl restart sshd.

Step 2: Setting Up Users and Permissions

sudo groupadd engineers && sudo groupadd operators
sudo useradd -m -s /bin/bash -G engineers,sudo,docker engineer1
sudo useradd -m -s /bin/bash -G operators operator1
sudo useradd -r -s /usr/sbin/nologin app-monitor

sudo mkdir -p /opt/factory-monitor/{bin,config,data,logs}
sudo mkdir -p /var/log/sensors /backup/{daily,weekly}

sudo chown -R app-monitor:app-monitor /opt/factory-monitor/
sudo chmod -R 750 /opt/factory-monitor/
sudo chown -R app-monitor:operators /var/log/sensors/
sudo chmod -R 2755 /var/log/sensors/

Step 3: Installing Docker and Deploying the Application

curl -fsSL https://get.docker.com | sudo sh
sudo usermod -aG docker engineer1
sudo systemctl enable --now docker

Create /opt/factory-monitor/docker-compose.yml:

services:
  surrealdb:
    image: surrealdb/surrealdb:latest
    command: start --user root --pass factory_db_2026 file:/data/srdb.db
    volumes: [surreal_data:/data]
    ports: ["127.0.0.1:8000:8000"]
    restart: unless-stopped

  factory-monitor:
    image: drmachine/factory-monitor:latest
    environment:
      - DATABASE_URL=ws://surrealdb:8000
      - MODBUS_HOST=192.168.1.100
    ports: ["0.0.0.0:8080:8080"]
    depends_on: [surrealdb]
    restart: unless-stopped

volumes:
  surreal_data:

cd /opt/factory-monitor && sudo docker compose up -d
curl -s http://localhost:8080/health | jq .

Step 4: Writing Backup and Monitoring Scripts

Create /opt/factory-monitor/scripts/daily_backup.sh:

#!/bin/bash
set -euo pipefail
DATE=$(date +%Y%m%d)
docker exec factory-monitor-surrealdb-1 \
  surreal export --conn ws://localhost:8000 --user root --pass factory_db_2026 \
  --ns factory --db monitor > "/backup/daily/db_${DATE}.surql"
tar czf "/backup/daily/config_${DATE}.tar.gz" /opt/factory-monitor/config/
find /backup/daily -type f -mtime +30 -delete

Create /opt/factory-monitor/scripts/health_check.sh:

#!/bin/bash
set -euo pipefail
ISSUES=0
DISK=$(df / | tail -1 | awk '{print $5}' | tr -d '%')
[[ $DISK -gt 85 ]] && echo "WARN: Disk ${DISK}%" && ISSUES=$((ISSUES+1))
curl -sf http://localhost:8080/health > /dev/null 2>&1 || { echo "FAIL: Dashboard"; ISSUES=$((ISSUES+1)); }
curl -sf http://localhost:8000/health > /dev/null 2>&1 || { echo "FAIL: Database"; ISSUES=$((ISSUES+1)); }
[[ $ISSUES -eq 0 ]] && echo "$(date): All healthy"

Set up systemd timers (backup at 2 AM, health check every 5 minutes):

sudo chmod +x /opt/factory-monitor/scripts/*.sh
sudo systemctl daemon-reload
sudo systemctl enable --now factory-backup.timer factory-health.timer

Step 5: Configuring the Firewall and Services

sudo ufw default deny incoming && sudo ufw default allow outgoing
sudo ufw allow 2222/tcp comment "SSH"
sudo ufw allow from 192.168.1.0/24 to any port 8080 proto tcp comment "Dashboard"
sudo ufw allow from 192.168.1.0/24 to any port 502 proto tcp comment "Modbus"
sudo ufw enable

Configure fail2ban in /etc/fail2ban/jail.local:

[sshd]
enabled = true
port = 2222
maxretry = 3
bantime = 3600

Final verification:

docker compose -f /opt/factory-monitor/docker-compose.yml ps
sudo ufw status
curl -s http://localhost:8080/health
/opt/factory-monitor/scripts/health_check.sh

Summary and Next Steps

You have built a complete industrial monitoring server using every skill from the series: terminal navigation, file management, text processing, permissions, pipes, processes, Bash scripting, networking, and systemd services.

To continue: Ansible for multi-server automation, Prometheus/Grafana for dashboards, WireGuard for secure remote access, Kubernetes for container orchestration.

The Linux command line is the foundation of industrial IT. These skills will serve you throughout your engineering career.

project server-setup deployment security monitoring full-stack مشروع تطبيقي إعداد الخادم النشر التأمين المراقبة التطبيق الكامل
Previous Services and systemd: Running Your Programs Automatically at Boot