https://feministwiki.org/w/api.php?action=feedcontributions&feedformat=atom&user=SocJusWizFeministWiki - User contributions [en]2026-04-17T23:27:13ZUser contributionsMediaWiki 1.43.8https://feministwiki.org/w/index.php?title=FeministWiki:Todo&diff=157FeministWiki:Todo2019-02-18T16:47:42Z<p>SocJusWiz: </p>
<hr />
<div>* Regular SQL backups to ensure data integrity when restoring a STRATO backup<br />
* Implement single sign-on<br />
* Implement password recovery<br />
* Implement file upload to XMPP<br />
* Look into issue with saving drafts<br />
* Add blogs (WP?)<br />
* Add mailing lists<br />
* Create newsletter<br />
* Add e-mail notifications to forum & co.<br />
* Add Mastodon<br />
* Add calendar<br />
* Add Diaspora?<br />
* Import Wikipedia features (infoboxes, citations)</div>SocJusWizhttps://feministwiki.org/w/index.php?title=FeministWiki:Todo&diff=142FeministWiki:Todo2019-01-26T18:34:21Z<p>SocJusWiz: </p>
<hr />
<div>* Implement single sign-on<br />
* Implement password recovery<br />
* Implement file upload to XMPP<br />
* Look into issue with saving drafts<br />
* Add blogs (WP?)<br />
* Add mailing lists<br />
* Create newsletter<br />
* Add e-mail notifications to forum & co.<br />
* Add Mastodon<br />
* Add calendar<br />
* Add Diaspora?<br />
* Import Wikipedia features (infoboxes, citations)</div>SocJusWizhttps://feministwiki.org/w/index.php?title=Transwomen_in_women%27s_sports&diff=135Transwomen in women's sports2018-10-20T14:54:58Z<p>SocJusWiz: /* Michelle Dumaresq */</p>
<hr />
<div>Since the [[Trans activism|trans activist]] notion of "trans women are women" is meant literally, it follows that transwomen would be allowed to partake in women's sports. When a sports organization adheres to this notion, it poses a problem to women's sports, since the various physiological differences between the sexes allow peak-performing male athletes to significantly outperform peak-performing female athletes in most disciplines. The extent to which [[hormone replacement therapy]] (HRT) decreases the advantages of being male is yet unstudied, however it is clear that many of the changes the male body undergoes during puberty are not reversed by HRT, such as overall body size, skeletal structure, or the size of the lungs and heart.<br />
<br />
== Physiological differences ==<br />
<br />
Significant physiological differences between the human sexes that might affect athletic performance include but are not limited to:<br />
<br />
* Males weight about 15% more on average<ref>https://www.cdc.gov/nchs/data/ad/ad347.pdf</ref><br />
* Males are about 15 cm (6 in) taller on average<ref>https://www.cdc.gov/nchs/data/ad/ad347.pdf</ref><br />
* Males have denser and therefore more durable bones on average<ref>https://www.ncbi.nlm.nih.gov/pmc/articles/PMC2100202</ref><br />
* Males have stronger tendons and ligaments on average<ref>https://www.ncbi.nlm.nih.gov/pmc/articles/PMC2100202</ref><br />
* Males on avreage have greater total muscle mass<ref>http://jap.physiology.org/content/89/1/81</ref><br />
* Males on average have a greater ratio of muscle mass to total body mass<ref>http://jap.physiology.org/content/89/1/81</ref><br />
* Males have about 56% greater lung volume relative to body mass<ref>Glucksman A (1981). Sexual Dimorphism in Human and Mammalian Biology and Pathology. Academic Press. pp. 66–75.</ref><br />
* Males have larger hearts, with 10% higher red blood cell count and higher haemoglobin, meaning greater oxygen carrying capacity, although the difference is less pronounced among athletes<ref>Glucksman A (1981). Sexual Dimorphism in Human and Mammalian Biology and Pathology. Academic Press. pp. 66–75.</ref><br />
* Males have higher circulating "clotting factors" which allow for faster healing of wounds and higher peripheral pain tolerance<ref>Glucksman A (1981). Sexual Dimorphism in Human and Mammalian Biology and Pathology. Academic Press. pp. 66–75.</ref><br />
<br />
The differences in strength can be very significant. For instance, gross measures of body strength suggest that women are approximately only 50% to 60% as strong as men in the upper body, and 60% to 70% as strong in the lower body.<ref>https://www.ncbi.nlm.nih.gov/pubmed/8477683</ref> A study of hand-grip strength found that even elite female athletes can be surpassed by a man with no athletic training.<ref>https://www.ncbi.nlm.nih.gov/pubmed/17186303</ref> Another study of sports performance in various disciplines found that males tend to perform 5.5% to 36.8% better, depending on the discipline.<ref>https://www.ncbi.nlm.nih.gov/pmc/articles/PMC3761733/</ref><br />
<br />
== Notable transwomen in women's sports ==<br />
<br />
=== Fallon Fox ===<br />
<br />
Male transgender mixed martial arts (MMA) fighter [[Fallon Fox]] has brutalized a female opponent, Tamikka Brents, causing her to suffer a concussion, an orbital bone fracture, and seven staples to the head, in the first round. After her loss, Brents took to social media to convey her thoughts on the experience of fighting Fox: "I've fought a lot of women and have never felt the strength that I felt in a fight as I did that night. I can't answer whether it's because she was born a man or not because I'm not a doctor. I can only say, I've never felt so overpowered ever in my life and I am an abnormally strong female in my own right," she stated. "Her grip was different, I could usually move around in the clinch against other females but couldn't move at all in Fox's clinch..."<ref>http://www.cagepotato.com/after-being-tkod-by-fallon-fox-tamikka-brents-says-transgender-fighters-in-mma-just-isnt-fair/</ref> Fox has won 5 out of 6 MMA fights in total.<br />
<br />
=== Rachel McKinnon ===<br />
<br />
Male transgender cyclist [[Rachel McKinnon]] won the women’s 35-44 sprint during the UCI Masters Track Cycling World Championships in Los Angeles, in October 2018.<ref>https://www.cyclingweekly.com/news/latest-news/rachel-mckinnon-becomes-first-transgender-woman-win-track-world-title-397473</ref> Third place finisher Jennifer Wagner commented that this was unfair, and later commented on Twitter that she would work on getting the rules changed, which Rachel McKinnon characterized as transphobic.<br />
<br />
=== Terry Miller and Andraya Yearwood ===<br />
<br />
Two male transgender high school athletes, [[Terry Miller]] and [[Andraya Yearwood]], won first and second place in the Connecticut state championship 100-meter dash in 2018. Miller also won first place in the 200-meter dash.<ref>https://www.wkbn.com/news/national-world/transgender-track-stars-win-state-championship-ignites-debate/1238813951</ref><br />
<br />
=== Laurel Hubbard ===<br />
<br />
Male transgender New Zealand weightlifter [[Laurel Hubbard]] competed at the heaviest 90 kg+ category at the 2017 Australian International & Australian Open in Melbourne, winning the gold medal.<ref>http://www.heraldsun.com.au/sport/more-sports/laurel-hubbard-wins-female-90kg-division-at-weightliftings-australian-international/news-story/cd4a5fa012eb9a5ceb0281faceea5c7a</ref> Hubbard qualified for the 2018 Commonwealth Games, but an elbow injury during the competition forced Hubbard's withdrawal from the event, while however leading the field.<ref>https://www.theguardian.com/sport/2018/apr/09/transgender-weightlifter-laurel-hubbards-eligibility-under-scrutiny</ref><br />
<br />
=== Michelle Dumaresq ===<br />
<br />
Canadian professional downhill mountain-bike competitor [[Michelle Dumaresq]], who is a [[Sex reassignment surgery|post-operative]] male-born transsexual, won the 2002 Canada Cup series, which qualified Dumaresq for the Canadian National team. In September 2002, Dumaresq co-represented Canada at the World Mountain Bike Championships. However, due to technical issues with the bike, Dumaresq only managed a 24th-place finish in the event. In 2003, Dumaresq won the 2003 Canadian National Championships and again represented Canada in the 2003 World Championships. Dumaresq repeated a Nationals win in 2004 and finished 17th at the 2004 World Mountain Bike Championships held in Les Gets, France.<br />
<br />
At the 2006 Canadian Nationals, a protest from one of the competitors during the podium ceremonies brought attention to Dumaresq's participation in female sports. The boyfriend of second-place finisher Danika Schroeter jumped up onto the podium and helped Schroeter put on a T-shirt reading '100% Pure Woman Champ'. The Canadian Cycling Association suspended Schroeter for her actions. However, the CCA announced that Schroeter's time off the race course would be served during the off-season when it would have no impact on her.<br />
<br />
=== Hannah Mouncey ===<br />
<br />
On 27 May 2018, male transgender handball player [[Hannah Mouncey]] scored three goals for Melbourne Handball Club in their win over University of Queensland Handball Club for the 2018 Oceanian Open Club Championship.<ref>http://handballvic.org.au/event/5628/</ref><br />
<br />
== References ==<br />
<br />
<references/></div>SocJusWizhttps://feministwiki.org/w/index.php?title=Transwomen_in_women%27s_sports&diff=134Transwomen in women's sports2018-10-20T14:54:38Z<p>SocJusWiz: /* Notable transwomen in women's sports */</p>
<hr />
<div>Since the [[Trans activism|trans activist]] notion of "trans women are women" is meant literally, it follows that transwomen would be allowed to partake in women's sports. When a sports organization adheres to this notion, it poses a problem to women's sports, since the various physiological differences between the sexes allow peak-performing male athletes to significantly outperform peak-performing female athletes in most disciplines. The extent to which [[hormone replacement therapy]] (HRT) decreases the advantages of being male is yet unstudied, however it is clear that many of the changes the male body undergoes during puberty are not reversed by HRT, such as overall body size, skeletal structure, or the size of the lungs and heart.<br />
<br />
== Physiological differences ==<br />
<br />
Significant physiological differences between the human sexes that might affect athletic performance include but are not limited to:<br />
<br />
* Males weight about 15% more on average<ref>https://www.cdc.gov/nchs/data/ad/ad347.pdf</ref><br />
* Males are about 15 cm (6 in) taller on average<ref>https://www.cdc.gov/nchs/data/ad/ad347.pdf</ref><br />
* Males have denser and therefore more durable bones on average<ref>https://www.ncbi.nlm.nih.gov/pmc/articles/PMC2100202</ref><br />
* Males have stronger tendons and ligaments on average<ref>https://www.ncbi.nlm.nih.gov/pmc/articles/PMC2100202</ref><br />
* Males on avreage have greater total muscle mass<ref>http://jap.physiology.org/content/89/1/81</ref><br />
* Males on average have a greater ratio of muscle mass to total body mass<ref>http://jap.physiology.org/content/89/1/81</ref><br />
* Males have about 56% greater lung volume relative to body mass<ref>Glucksman A (1981). Sexual Dimorphism in Human and Mammalian Biology and Pathology. Academic Press. pp. 66–75.</ref><br />
* Males have larger hearts, with 10% higher red blood cell count and higher haemoglobin, meaning greater oxygen carrying capacity, although the difference is less pronounced among athletes<ref>Glucksman A (1981). Sexual Dimorphism in Human and Mammalian Biology and Pathology. Academic Press. pp. 66–75.</ref><br />
* Males have higher circulating "clotting factors" which allow for faster healing of wounds and higher peripheral pain tolerance<ref>Glucksman A (1981). Sexual Dimorphism in Human and Mammalian Biology and Pathology. Academic Press. pp. 66–75.</ref><br />
<br />
The differences in strength can be very significant. For instance, gross measures of body strength suggest that women are approximately only 50% to 60% as strong as men in the upper body, and 60% to 70% as strong in the lower body.<ref>https://www.ncbi.nlm.nih.gov/pubmed/8477683</ref> A study of hand-grip strength found that even elite female athletes can be surpassed by a man with no athletic training.<ref>https://www.ncbi.nlm.nih.gov/pubmed/17186303</ref> Another study of sports performance in various disciplines found that males tend to perform 5.5% to 36.8% better, depending on the discipline.<ref>https://www.ncbi.nlm.nih.gov/pmc/articles/PMC3761733/</ref><br />
<br />
== Notable transwomen in women's sports ==<br />
<br />
=== Fallon Fox ===<br />
<br />
Male transgender mixed martial arts (MMA) fighter [[Fallon Fox]] has brutalized a female opponent, Tamikka Brents, causing her to suffer a concussion, an orbital bone fracture, and seven staples to the head, in the first round. After her loss, Brents took to social media to convey her thoughts on the experience of fighting Fox: "I've fought a lot of women and have never felt the strength that I felt in a fight as I did that night. I can't answer whether it's because she was born a man or not because I'm not a doctor. I can only say, I've never felt so overpowered ever in my life and I am an abnormally strong female in my own right," she stated. "Her grip was different, I could usually move around in the clinch against other females but couldn't move at all in Fox's clinch..."<ref>http://www.cagepotato.com/after-being-tkod-by-fallon-fox-tamikka-brents-says-transgender-fighters-in-mma-just-isnt-fair/</ref> Fox has won 5 out of 6 MMA fights in total.<br />
<br />
=== Rachel McKinnon ===<br />
<br />
Male transgender cyclist [[Rachel McKinnon]] won the women’s 35-44 sprint during the UCI Masters Track Cycling World Championships in Los Angeles, in October 2018.<ref>https://www.cyclingweekly.com/news/latest-news/rachel-mckinnon-becomes-first-transgender-woman-win-track-world-title-397473</ref> Third place finisher Jennifer Wagner commented that this was unfair, and later commented on Twitter that she would work on getting the rules changed, which Rachel McKinnon characterized as transphobic.<br />
<br />
=== Terry Miller and Andraya Yearwood ===<br />
<br />
Two male transgender high school athletes, [[Terry Miller]] and [[Andraya Yearwood]], won first and second place in the Connecticut state championship 100-meter dash in 2018. Miller also won first place in the 200-meter dash.<ref>https://www.wkbn.com/news/national-world/transgender-track-stars-win-state-championship-ignites-debate/1238813951</ref><br />
<br />
=== Laurel Hubbard ===<br />
<br />
Male transgender New Zealand weightlifter [[Laurel Hubbard]] competed at the heaviest 90 kg+ category at the 2017 Australian International & Australian Open in Melbourne, winning the gold medal.<ref>http://www.heraldsun.com.au/sport/more-sports/laurel-hubbard-wins-female-90kg-division-at-weightliftings-australian-international/news-story/cd4a5fa012eb9a5ceb0281faceea5c7a</ref> Hubbard qualified for the 2018 Commonwealth Games, but an elbow injury during the competition forced Hubbard's withdrawal from the event, while however leading the field.<ref>https://www.theguardian.com/sport/2018/apr/09/transgender-weightlifter-laurel-hubbards-eligibility-under-scrutiny</ref><br />
<br />
=== Michelle Dumaresq ===<br />
<br />
Canadian professional downhill mountain-bike competitor [[Michelle Dumaresq]], who is a [[Sexual reassignment surgery|post-operative]] male-born transsexual, won the 2002 Canada Cup series, which qualified Dumaresq for the Canadian National team. In September 2002, Dumaresq co-represented Canada at the World Mountain Bike Championships. However, due to technical issues with the bike, Dumaresq only managed a 24th-place finish in the event. In 2003, Dumaresq won the 2003 Canadian National Championships and again represented Canada in the 2003 World Championships. Dumaresq repeated a Nationals win in 2004 and finished 17th at the 2004 World Mountain Bike Championships held in Les Gets, France.<br />
<br />
At the 2006 Canadian Nationals, a protest from one of the competitors during the podium ceremonies brought attention to Dumaresq's participation in female sports. The boyfriend of second-place finisher Danika Schroeter jumped up onto the podium and helped Schroeter put on a T-shirt reading '100% Pure Woman Champ'. The Canadian Cycling Association suspended Schroeter for her actions. However, the CCA announced that Schroeter's time off the race course would be served during the off-season when it would have no impact on her.<br />
<br />
=== Hannah Mouncey ===<br />
<br />
On 27 May 2018, male transgender handball player [[Hannah Mouncey]] scored three goals for Melbourne Handball Club in their win over University of Queensland Handball Club for the 2018 Oceanian Open Club Championship.<ref>http://handballvic.org.au/event/5628/</ref><br />
<br />
== References ==<br />
<br />
<references/></div>SocJusWizhttps://feministwiki.org/w/index.php?title=Transwomen_in_women%27s_sports&diff=133Transwomen in women's sports2018-10-20T14:53:15Z<p>SocJusWiz: </p>
<hr />
<div>Since the [[Trans activism|trans activist]] notion of "trans women are women" is meant literally, it follows that transwomen would be allowed to partake in women's sports. When a sports organization adheres to this notion, it poses a problem to women's sports, since the various physiological differences between the sexes allow peak-performing male athletes to significantly outperform peak-performing female athletes in most disciplines. The extent to which [[hormone replacement therapy]] (HRT) decreases the advantages of being male is yet unstudied, however it is clear that many of the changes the male body undergoes during puberty are not reversed by HRT, such as overall body size, skeletal structure, or the size of the lungs and heart.<br />
<br />
== Physiological differences ==<br />
<br />
Significant physiological differences between the human sexes that might affect athletic performance include but are not limited to:<br />
<br />
* Males weight about 15% more on average<ref>https://www.cdc.gov/nchs/data/ad/ad347.pdf</ref><br />
* Males are about 15 cm (6 in) taller on average<ref>https://www.cdc.gov/nchs/data/ad/ad347.pdf</ref><br />
* Males have denser and therefore more durable bones on average<ref>https://www.ncbi.nlm.nih.gov/pmc/articles/PMC2100202</ref><br />
* Males have stronger tendons and ligaments on average<ref>https://www.ncbi.nlm.nih.gov/pmc/articles/PMC2100202</ref><br />
* Males on avreage have greater total muscle mass<ref>http://jap.physiology.org/content/89/1/81</ref><br />
* Males on average have a greater ratio of muscle mass to total body mass<ref>http://jap.physiology.org/content/89/1/81</ref><br />
* Males have about 56% greater lung volume relative to body mass<ref>Glucksman A (1981). Sexual Dimorphism in Human and Mammalian Biology and Pathology. Academic Press. pp. 66–75.</ref><br />
* Males have larger hearts, with 10% higher red blood cell count and higher haemoglobin, meaning greater oxygen carrying capacity, although the difference is less pronounced among athletes<ref>Glucksman A (1981). Sexual Dimorphism in Human and Mammalian Biology and Pathology. Academic Press. pp. 66–75.</ref><br />
* Males have higher circulating "clotting factors" which allow for faster healing of wounds and higher peripheral pain tolerance<ref>Glucksman A (1981). Sexual Dimorphism in Human and Mammalian Biology and Pathology. Academic Press. pp. 66–75.</ref><br />
<br />
The differences in strength can be very significant. For instance, gross measures of body strength suggest that women are approximately only 50% to 60% as strong as men in the upper body, and 60% to 70% as strong in the lower body.<ref>https://www.ncbi.nlm.nih.gov/pubmed/8477683</ref> A study of hand-grip strength found that even elite female athletes can be surpassed by a man with no athletic training.<ref>https://www.ncbi.nlm.nih.gov/pubmed/17186303</ref> Another study of sports performance in various disciplines found that males tend to perform 5.5% to 36.8% better, depending on the discipline.<ref>https://www.ncbi.nlm.nih.gov/pmc/articles/PMC3761733/</ref><br />
<br />
== Notable transwomen in women's sports ==<br />
<br />
=== Fallon Fox ===<br />
<br />
Male transgender mixed martial arts (MMA) fighter [[Fallon Fox]] has brutalized a female opponent, Tamikka Brents, causing her to suffer a concussion, an orbital bone fracture, and seven staples to the head, in the first round. After her loss, Brents took to social media to convey her thoughts on the experience of fighting Fox: "I've fought a lot of women and have never felt the strength that I felt in a fight as I did that night. I can't answer whether it's because she was born a man or not because I'm not a doctor. I can only say, I've never felt so overpowered ever in my life and I am an abnormally strong female in my own right," she stated. "Her grip was different, I could usually move around in the clinch against other females but couldn't move at all in Fox's clinch..."<ref>http://www.cagepotato.com/after-being-tkod-by-fallon-fox-tamikka-brents-says-transgender-fighters-in-mma-just-isnt-fair/</ref> Fox has won 5 out of 6 MMA fights in total.<br />
<br />
=== Rachel McKinnon ===<br />
<br />
Male cyclist [[Rachel McKinnon]] won the women’s 35-44 sprint during the UCI Masters Track Cycling World Championships in Los Angeles, in October 2018.<ref>https://www.cyclingweekly.com/news/latest-news/rachel-mckinnon-becomes-first-transgender-woman-win-track-world-title-397473</ref> Third place finisher Jennifer Wagner commented that this was unfair, and later commented on Twitter that she would work on getting the rules changed, which Rachel McKinnon characterized as transphobic.<br />
<br />
=== Terry Miller and Andraya Yearwood ===<br />
<br />
Two male transgender high school athletes, [[Terry Miller]] and [[Andraya Yearwood]], won first and second place in the Connecticut state championship 100-meter dash in 2018. Miller also won first place in the 200-meter dash.<ref>https://www.wkbn.com/news/national-world/transgender-track-stars-win-state-championship-ignites-debate/1238813951</ref><br />
<br />
=== Laurel Hubbard ===<br />
<br />
New Zealand weightlifter [[Laurel Hubbard]] competed at the heaviest 90 kg+ category at the 2017 Australian International & Australian Open in Melbourne, winning the gold medal.<ref>http://www.heraldsun.com.au/sport/more-sports/laurel-hubbard-wins-female-90kg-division-at-weightliftings-australian-international/news-story/cd4a5fa012eb9a5ceb0281faceea5c7a</ref> Hubbard qualified for the 2018 Commonwealth Games, but an elbow injury during the competition forced Hubbard's withdrawal from the event, while however leading the field.<ref>https://www.theguardian.com/sport/2018/apr/09/transgender-weightlifter-laurel-hubbards-eligibility-under-scrutiny</ref><br />
<br />
=== Michelle Dumaresq ===<br />
<br />
Canadian professional downhill mountain-bike competitor [[Michelle Dumaresq]], who is a [[Sexual reassignment surgery|post-operative]] male-born transsexual, won the 2002 Canada Cup series, which qualified Dumaresq for the Canadian National team. In September 2002, Dumaresq co-represented Canada at the World Mountain Bike Championships. However, due to technical issues with the bike, Dumaresq only managed a 24th-place finish in the event. In 2003, Dumaresq won the 2003 Canadian National Championships and again represented Canada in the 2003 World Championships. Dumaresq repeated a Nationals win in 2004 and finished 17th at the 2004 World Mountain Bike Championships held in Les Gets, France.<br />
<br />
At the 2006 Canadian Nationals, a protest from one of the competitors during the podium ceremonies brought attention to Dumaresq's participation in female sports. The boyfriend of second-place finisher Danika Schroeter jumped up onto the podium and helped Schroeter put on a T-shirt reading '100% Pure Woman Champ'. The Canadian Cycling Association suspended Schroeter for her actions. However, the CCA announced that Schroeter's time off the race course would be served during the off-season when it would have no impact on her.<br />
<br />
=== Hannah Mouncey ===<br />
<br />
On 27 May 2018, [[Hannah Mouncey]] scored three goals for Melbourne Handball Club in their win over University of Queensland Handball Club for the 2018 Oceanian Open Club Championship.<ref>http://handballvic.org.au/event/5628/</ref><br />
<br />
== References ==<br />
<br />
<references/></div>SocJusWizhttps://feministwiki.org/w/index.php?title=Main_Page&diff=132Main Page2018-10-20T12:27:24Z<p>SocJusWiz: </p>
<hr />
<div>''Services: [https://chat.feministwiki.org/ FeministChat] - [https://forum.feministwiki.org/ FeministForum] - [https://mail.feministwiki.org/ FeministMail] - [https://files.feministwiki.org/ FeministFiles] - [[FeministWiki:Services#FeministIRC|FeministIRC]] - [https://add-member.feministwiki.org/ Add a member]''<br />
<br />
Welcome to '''FeministWiki''', a wiki and a digital home for the feminist community.<br />
<br />
A wiki is a knowledge-base like an encyclopedia, but managed by the public. The FeministWiki specializes on feminism, and is managed by feminists and their supporters. Further, the FeministWiki platform offers an integrated "digital home" for feminists, consisting of a chat, forum, email accounts (''janedoe@feministwiki.org''), per-member and shared file storage, and more. To become a member, all you need to do is contact an existing member and let them know about your commitment to the feminist cause. You can also contact the project's technician at [mailto:admin@feministwiki.org admin@feministwiki.org] or [https://twitter.com/FeministWiki @FeministWiki] on Twitter.<br />
<br />
Once you are a member, you will be given a username and password with which you can log in to all FeministWiki services. If you want more detailed information, you can read the [[FeministWiki:Membership|details about membership]] or [[FeministWiki:Services|details about the services]]. For an introduction to wiki editing, see [[FeministWiki:Help|our small help page]] or the bigger [https://www.mediawiki.org/wiki/Help:Contents MediaWiki help page].<br />
<br />
Heads up: '''the FeministWiki needs you'''. All of the technical infrastructure of the FeministWiki is only useful if there's a community making use of it, and content on the wiki doesn't write itself! Be bold, don't shy off of asking for membership, and let the community and the world benefit from your added knowledge. You can become a member even if you have no intention to contribute to the actual wiki; feel free to chat away with other members, discuss matters important to you on the forum, or use the file storage to have a central place to store your favorite information-material on feminism.<br />
<br />
The project is mere months old and the community is yet in an infantile stage, but with your contribution, it will grow.<br />
<br />
== What is feminism? ==<br />
<br />
There are a variety of ideological groupings which call themselves feminism, and some of them are in contradiction with each other. As such, a feminist community cannot possibly support all ideologies that have been labelled feminism. The FeministWiki is for feminists who adhere to a relatively straightforward and classical interpretation of feminism: the liberation of female people from male supremacy. This is sometimes called ''radical feminism'' because male supremacy is a radical notion for many people, and its elimination requires radical changes to society.<br />
<br />
Male supremacy refers to social and political systems that use stereotypes, myths, discrimination, belittlement, violence, and other means to keep female people down, so male people can exploit them for domestic labor, sexual enjoyment, reproductive work, or even unearned emotional support. While male supremacy primarily targets women and girls for exploitation, it also causes collateral damage to men and boys, because it requires them to uphold the myth of male superiority, punishing those who can't or won't fulfill their role.<br />
<br />
The FeministWiki promotes second-wave feminist literature:<br />
<br />
* [https://radfem.org/ Radical Feminist Archives]<br />
<br />
Further, the FeministWiki promotes and stands in solidarity with the following groups and organizations:<br />
<br />
* [http://womensliberationfront.org/ WoLF]: The Women's Liberation Front<br />
* [https://feministcurrent.com/ Feminist Current]: Canadian feminist news, commentary, and podcasts<br />
* [https://nordicmodelnow.org/ Nordic Model Now]: Educational movement for the abolition of prostitution<br />
* [http://www.spaceintl.org/ SPACE International]: Survivors of Prostitution Abuse Calling for Enlightenment<br />
* [https://womansplaceuk.org/ Women's Place UK]: Women's campaigning group scrutinizing gender self-identification<br />
* [https://pussychurchofmodernwitchcraft.com/ The Pussy Church of Modern Witchcraft]: Lesbian-led Church for Women and Girls<br />
<br />
== Who's behind the project? ==<br />
<br />
The FeministWiki belongs to the community. However, the technical infrastructure is managed by [[FeministWiki:Technician|the technician]]. The first technician, who set up the infrastructure, is a male computer programmer who goes by the pseudonym "Social Justice Wizard" (humor intended) on [https://twitter.com/socjuswiz Twitter] and [https://medium.com/@socjuswiz Medium]. The technician has no leadership role in the community. She or he is solely responsible for managing the infrastructure, offering technical support, and receiving membership requests. For now, he also pays the bills (a relatively small sum) needed to run the infrastructure.<br />
<br />
* [[FeministWiki:Todo|Project Todo]]<br />
* [[FeministWiki:TechnicalDocumentation|Technical Documentation]]<br />
<br />
{{#seo:<br />
|title=FeministWiki - A wiki and digital home for the feminist community<br />
|keywords=feminist feminism wiki feministwiki feminismwiki<br />
|description=Welcome to the FeministWiki, a wiki about feminism and a digital home for the feminist community<br />
|twitter:card=summary<br />
|twitter:site=@FeministWiki<br />
|twitter:image:src=https://feministwiki.org/w/resources/assets/wiki.png<br />
|google-site-verification=RZf8hzu0sR32H9OsEXa3-aN3LzE4T2nLPg1s9SrJgJI<br />
}}</div>SocJusWizhttps://feministwiki.org/w/index.php?title=Main_Page&diff=131Main Page2018-10-20T12:26:24Z<p>SocJusWiz: </p>
<hr />
<div>''Services: [https://chat.feministwiki.org/ FeministChat] - [https://forum.feministwiki.org/ FeministForum] - [https://mail.feministwiki.org/ FeministMail] - [https://files.feministwiki.org/ FeministFiles] - [https://add-member.feministwiki.org/ Add a member]''<br />
<br />
Welcome to '''FeministWiki''', a wiki and a digital home for the feminist community.<br />
<br />
A wiki is a knowledge-base like an encyclopedia, but managed by the public. The FeministWiki specializes on feminism, and is managed by feminists and their supporters. Further, the FeministWiki platform offers an integrated "digital home" for feminists, consisting of a chat, forum, email accounts (''janedoe@feministwiki.org''), per-member and shared file storage, and more. To become a member, all you need to do is contact an existing member and let them know about your commitment to the feminist cause. You can also contact the project's technician at [mailto:admin@feministwiki.org admin@feministwiki.org] or [https://twitter.com/FeministWiki @FeministWiki] on Twitter.<br />
<br />
Once you are a member, you will be given a username and password with which you can log in to all FeministWiki services. If you want more detailed information, you can read the [[FeministWiki:Membership|details about membership]] or [[FeministWiki:Services|details about the services]]. For an introduction to wiki editing, see [[FeministWiki:Help|our small help page]] or the bigger [https://www.mediawiki.org/wiki/Help:Contents MediaWiki help page].<br />
<br />
Heads up: '''the FeministWiki needs you'''. All of the technical infrastructure of the FeministWiki is only useful if there's a community making use of it, and content on the wiki doesn't write itself! Be bold, don't shy off of asking for membership, and let the community and the world benefit from your added knowledge. You can become a member even if you have no intention to contribute to the actual wiki; feel free to chat away with other members, discuss matters important to you on the forum, or use the file storage to have a central place to store your favorite information-material on feminism.<br />
<br />
The project is mere months old and the community is yet in an infantile stage, but with your contribution, it will grow.<br />
<br />
== What is feminism? ==<br />
<br />
There are a variety of ideological groupings which call themselves feminism, and some of them are in contradiction with each other. As such, a feminist community cannot possibly support all ideologies that have been labelled feminism. The FeministWiki is for feminists who adhere to a relatively straightforward and classical interpretation of feminism: the liberation of female people from male supremacy. This is sometimes called ''radical feminism'' because male supremacy is a radical notion for many people, and its elimination requires radical changes to society.<br />
<br />
Male supremacy refers to social and political systems that use stereotypes, myths, discrimination, belittlement, violence, and other means to keep female people down, so male people can exploit them for domestic labor, sexual enjoyment, reproductive work, or even unearned emotional support. While male supremacy primarily targets women and girls for exploitation, it also causes collateral damage to men and boys, because it requires them to uphold the myth of male superiority, punishing those who can't or won't fulfill their role.<br />
<br />
The FeministWiki promotes second-wave feminist literature:<br />
<br />
* [https://radfem.org/ Radical Feminist Archives]<br />
<br />
Further, the FeministWiki promotes and stands in solidarity with the following groups and organizations:<br />
<br />
* [http://womensliberationfront.org/ WoLF]: The Women's Liberation Front<br />
* [https://feministcurrent.com/ Feminist Current]: Canadian feminist news, commentary, and podcasts<br />
* [https://nordicmodelnow.org/ Nordic Model Now]: Educational movement for the abolition of prostitution<br />
* [http://www.spaceintl.org/ SPACE International]: Survivors of Prostitution Abuse Calling for Enlightenment<br />
* [https://womansplaceuk.org/ Women's Place UK]: Women's campaigning group scrutinizing gender self-identification<br />
* [https://pussychurchofmodernwitchcraft.com/ The Pussy Church of Modern Witchcraft]: Lesbian-led Church for Women and Girls<br />
<br />
== Who's behind the project? ==<br />
<br />
The FeministWiki belongs to the community. However, the technical infrastructure is managed by [[FeministWiki:Technician|the technician]]. The first technician, who set up the infrastructure, is a male computer programmer who goes by the pseudonym "Social Justice Wizard" (humor intended) on [https://twitter.com/socjuswiz Twitter] and [https://medium.com/@socjuswiz Medium]. The technician has no leadership role in the community. She or he is solely responsible for managing the infrastructure, offering technical support, and receiving membership requests. For now, he also pays the bills (a relatively small sum) needed to run the infrastructure.<br />
<br />
* [[FeministWiki:Todo|Project Todo]]<br />
* [[FeministWiki:TechnicalDocumentation|Technical Documentation]]<br />
<br />
{{#seo:<br />
|title=FeministWiki - A wiki and digital home for the feminist community<br />
|keywords=feminist feminism wiki feministwiki feminismwiki<br />
|description=Welcome to the FeministWiki, a wiki about feminism and a digital home for the feminist community<br />
|twitter:card=summary<br />
|twitter:site=@FeministWiki<br />
|twitter:image:src=https://feministwiki.org/w/resources/assets/wiki.png<br />
|google-site-verification=RZf8hzu0sR32H9OsEXa3-aN3LzE4T2nLPg1s9SrJgJI<br />
}}</div>SocJusWizhttps://feministwiki.org/w/index.php?title=Main_Page&diff=130Main Page2018-10-20T12:24:39Z<p>SocJusWiz: </p>
<hr />
<div>{| class="wikitable" style="width: 100%"<br />
| style="width: 33%; text-align: center" | [https://chat.feministwiki.org/ FeministChat]<br />
| style="width: 33%; text-align: center" | [https://forum.feministwiki.org/ FeministForum]<br />
| style="width: 33%; text-align: center" | [https://mail.feministwiki.org/ FeministMail]<br />
|-<br />
| style="width: 33%; text-align: center" | [https://files.feministwiki.org/ FeministFiles]<br />
| style="width: 33%; text-align: center" | [[FeministWiki:Services#FeministIRC|FeministIRC]]<br />
| style="width: 33%; text-align: center" | [https://add-member.feministwiki.org/ Add a member]<br />
|}<br />
<br />
Welcome to '''FeministWiki''', a wiki and a digital home for the feminist community.<br />
<br />
A wiki is a knowledge-base like an encyclopedia, but managed by the public. The FeministWiki specializes on feminism, and is managed by feminists and their supporters. Further, the FeministWiki platform offers an integrated "digital home" for feminists, consisting of a chat, forum, email accounts (''janedoe@feministwiki.org''), per-member and shared file storage, and more. To become a member, all you need to do is contact an existing member and let them know about your commitment to the feminist cause. You can also contact the project's technician at [mailto:admin@feministwiki.org admin@feministwiki.org] or [https://twitter.com/FeministWiki @FeministWiki] on Twitter.<br />
<br />
Once you are a member, you will be given a username and password with which you can log in to all FeministWiki services. If you want more detailed information, you can read the [[FeministWiki:Membership|details about membership]] or [[FeministWiki:Services|details about the services]]. For an introduction to wiki editing, see [[FeministWiki:Help|our small help page]] or the bigger [https://www.mediawiki.org/wiki/Help:Contents MediaWiki help page].<br />
<br />
Heads up: '''the FeministWiki needs you'''. All of the technical infrastructure of the FeministWiki is only useful if there's a community making use of it, and content on the wiki doesn't write itself! Be bold, don't shy off of asking for membership, and let the community and the world benefit from your added knowledge. You can become a member even if you have no intention to contribute to the actual wiki; feel free to chat away with other members, discuss matters important to you on the forum, or use the file storage to have a central place to store your favorite information-material on feminism.<br />
<br />
The project is mere months old and the community is yet in an infantile stage, but with your contribution, it will grow.<br />
<br />
== What is feminism? ==<br />
<br />
There are a variety of ideological groupings which call themselves feminism, and some of them are in contradiction with each other. As such, a feminist community cannot possibly support all ideologies that have been labelled feminism. The FeministWiki is for feminists who adhere to a relatively straightforward and classical interpretation of feminism: the liberation of female people from male supremacy. This is sometimes called ''radical feminism'' because male supremacy is a radical notion for many people, and its elimination requires radical changes to society.<br />
<br />
Male supremacy refers to social and political systems that use stereotypes, myths, discrimination, belittlement, violence, and other means to keep female people down, so male people can exploit them for domestic labor, sexual enjoyment, reproductive work, or even unearned emotional support. While male supremacy primarily targets women and girls for exploitation, it also causes collateral damage to men and boys, because it requires them to uphold the myth of male superiority, punishing those who can't or won't fulfill their role.<br />
<br />
The FeministWiki promotes second-wave feminist literature:<br />
<br />
* [https://radfem.org/ Radical Feminist Archives]<br />
<br />
Further, the FeministWiki promotes and stands in solidarity with the following groups and organizations:<br />
<br />
* [http://womensliberationfront.org/ WoLF]: The Women's Liberation Front<br />
* [https://feministcurrent.com/ Feminist Current]: Canadian feminist news, commentary, and podcasts<br />
* [https://nordicmodelnow.org/ Nordic Model Now]: Educational movement for the abolition of prostitution<br />
* [http://www.spaceintl.org/ SPACE International]: Survivors of Prostitution Abuse Calling for Enlightenment<br />
* [https://womansplaceuk.org/ Women's Place UK]: Women's campaigning group scrutinizing gender self-identification<br />
* [https://pussychurchofmodernwitchcraft.com/ The Pussy Church of Modern Witchcraft]: Lesbian-led Church for Women and Girls<br />
<br />
== Who's behind the project? ==<br />
<br />
The FeministWiki belongs to the community. However, the technical infrastructure is managed by [[FeministWiki:Technician|the technician]]. The first technician, who set up the infrastructure, is a male computer programmer who goes by the pseudonym "Social Justice Wizard" (humor intended) on [https://twitter.com/socjuswiz Twitter] and [https://medium.com/@socjuswiz Medium]. The technician has no leadership role in the community. She or he is solely responsible for managing the infrastructure, offering technical support, and receiving membership requests. For now, he also pays the bills (a relatively small sum) needed to run the infrastructure.<br />
<br />
* [[FeministWiki:Todo|Project Todo]]<br />
* [[FeministWiki:TechnicalDocumentation|Technical Documentation]]<br />
<br />
{{#seo:<br />
|title=FeministWiki - A wiki and digital home for the feminist community<br />
|keywords=feminist feminism wiki feministwiki feminismwiki<br />
|description=Welcome to the FeministWiki, a wiki about feminism and a digital home for the feminist community<br />
|twitter:card=summary<br />
|twitter:site=@FeministWiki<br />
|twitter:image:src=https://feministwiki.org/w/resources/assets/wiki.png<br />
|google-site-verification=RZf8hzu0sR32H9OsEXa3-aN3LzE4T2nLPg1s9SrJgJI<br />
}}</div>SocJusWizhttps://feministwiki.org/w/index.php?title=Main_Page&diff=129Main Page2018-10-20T12:21:08Z<p>SocJusWiz: </p>
<hr />
<div>{| class="wikitable"<br />
| [https://chat.feministwiki.org/ FeministChat]<br />
| [https://forum.feministwiki.org/ FeministForum]<br />
| [https://mail.feministwiki.org/ FeministMail]<br />
|-<br />
| [https://files.feministwiki.org/ FeministFiles]<br />
| [[FeministWiki:Services#FeministIRC|FeministIRC]]<br />
| [https://add-member.feministwiki.org/ Add a member]<br />
|}<br />
<br />
Welcome to '''FeministWiki''', a wiki and a digital home for the feminist community.<br />
<br />
A wiki is a knowledge-base like an encyclopedia, but managed by the public. The FeministWiki specializes on feminism, and is managed by feminists and their supporters. Further, the FeministWiki platform offers an integrated "digital home" for feminists, consisting of a chat, forum, email accounts (''janedoe@feministwiki.org''), per-member and shared file storage, and more. To become a member, all you need to do is contact an existing member and let them know about your commitment to the feminist cause. You can also contact the project's technician at [mailto:admin@feministwiki.org admin@feministwiki.org] or [https://twitter.com/FeministWiki @FeministWiki] on Twitter.<br />
<br />
Once you are a member, you will be given a username and password with which you can log in to all FeministWiki services. If you want more detailed information, you can read the [[FeministWiki:Membership|details about membership]] or [[FeministWiki:Services|details about the services]]. For an introduction to wiki editing, see [[FeministWiki:Help|our small help page]] or the bigger [https://www.mediawiki.org/wiki/Help:Contents MediaWiki help page].<br />
<br />
Heads up: '''the FeministWiki needs you'''. All of the technical infrastructure of the FeministWiki is only useful if there's a community making use of it, and content on the wiki doesn't write itself! Be bold, don't shy off of asking for membership, and let the community and the world benefit from your added knowledge. You can become a member even if you have no intention to contribute to the actual wiki; feel free to chat away with other members, discuss matters important to you on the forum, or use the file storage to have a central place to store your favorite information-material on feminism.<br />
<br />
The project is mere months old and the community is yet in an infantile stage, but with your contribution, it will grow.<br />
<br />
== What is feminism? ==<br />
<br />
There are a variety of ideological groupings which call themselves feminism, and some of them are in contradiction with each other. As such, a feminist community cannot possibly support all ideologies that have been labelled feminism. The FeministWiki is for feminists who adhere to a relatively straightforward and classical interpretation of feminism: the liberation of female people from male supremacy. This is sometimes called ''radical feminism'' because male supremacy is a radical notion for many people, and its elimination requires radical changes to society.<br />
<br />
Male supremacy refers to social and political systems that use stereotypes, myths, discrimination, belittlement, violence, and other means to keep female people down, so male people can exploit them for domestic labor, sexual enjoyment, reproductive work, or even unearned emotional support. While male supremacy primarily targets women and girls for exploitation, it also causes collateral damage to men and boys, because it requires them to uphold the myth of male superiority, punishing those who can't or won't fulfill their role.<br />
<br />
The FeministWiki promotes second-wave feminist literature:<br />
<br />
* [https://radfem.org/ Radical Feminist Archives]<br />
<br />
Further, the FeministWiki promotes and stands in solidarity with the following groups and organizations:<br />
<br />
* [http://womensliberationfront.org/ WoLF]: The Women's Liberation Front<br />
* [https://feministcurrent.com/ Feminist Current]: Canadian feminist news, commentary, and podcasts<br />
* [https://nordicmodelnow.org/ Nordic Model Now]: Educational movement for the abolition of prostitution<br />
* [http://www.spaceintl.org/ SPACE International]: Survivors of Prostitution Abuse Calling for Enlightenment<br />
* [https://womansplaceuk.org/ Women's Place UK]: Women's campaigning group scrutinizing gender self-identification<br />
* [https://pussychurchofmodernwitchcraft.com/ The Pussy Church of Modern Witchcraft]: Lesbian-led Church for Women and Girls<br />
<br />
== Who's behind the project? ==<br />
<br />
The FeministWiki belongs to the community. However, the technical infrastructure is managed by [[FeministWiki:Technician|the technician]]. The first technician, who set up the infrastructure, is a male computer programmer who goes by the pseudonym "Social Justice Wizard" (humor intended) on [https://twitter.com/socjuswiz Twitter] and [https://medium.com/@socjuswiz Medium]. The technician has no leadership role in the community. She or he is solely responsible for managing the infrastructure, offering technical support, and receiving membership requests. For now, he also pays the bills (a relatively small sum) needed to run the infrastructure.<br />
<br />
* [[FeministWiki:Todo|Project Todo]]<br />
* [[FeministWiki:TechnicalDocumentation|Technical Documentation]]<br />
<br />
{{#seo:<br />
|title=FeministWiki - A wiki and digital home for the feminist community<br />
|keywords=feminist feminism wiki feministwiki feminismwiki<br />
|description=Welcome to the FeministWiki, a wiki about feminism and a digital home for the feminist community<br />
|twitter:card=summary<br />
|twitter:site=@FeministWiki<br />
|twitter:image:src=https://feministwiki.org/w/resources/assets/wiki.png<br />
|google-site-verification=RZf8hzu0sR32H9OsEXa3-aN3LzE4T2nLPg1s9SrJgJI<br />
}}</div>SocJusWizhttps://feministwiki.org/w/index.php?title=Main_Page&diff=128Main Page2018-10-20T12:16:19Z<p>SocJusWiz: </p>
<hr />
<div>''Services: [https://chat.feministwiki.org/ FeministChat] - [https://forum.feministwiki.org/ FeministForum] - [https://mail.feministwiki.org/ FeministMail] - [https://files.feministwiki.org/ FeministFiles] - [https://add-member.feministwiki.org/ Add a member]''<br />
<br />
Welcome to '''FeministWiki''', a wiki and a digital home for the feminist community.<br />
<br />
A wiki is a knowledge-base like an encyclopedia, but managed by the public. The FeministWiki specializes on feminism, and is managed by feminists and their supporters. Further, the FeministWiki platform offers an integrated "digital home" for feminists, consisting of a chat, forum, email accounts (''janedoe@feministwiki.org''), per-member and shared file storage, and more. To become a member, all you need to do is contact an existing member and let them know about your commitment to the feminist cause. You can also contact the project's technician at [mailto:admin@feministwiki.org admin@feministwiki.org] or [https://twitter.com/FeministWiki @FeministWiki] on Twitter.<br />
<br />
Once you are a member, you will be given a username and password with which you can log in to all FeministWiki services. If you want more detailed information, you can read the [[FeministWiki:Membership|details about membership]] or [[FeministWiki:Services|details about the services]]. For an introduction to wiki editing, see [[FeministWiki:Help|our small help page]] or the bigger [https://www.mediawiki.org/wiki/Help:Contents MediaWiki help page].<br />
<br />
Heads up: '''the FeministWiki needs you'''. All of the technical infrastructure of the FeministWiki is only useful if there's a community making use of it, and content on the wiki doesn't write itself! Be bold, don't shy off of asking for membership, and let the community and the world benefit from your added knowledge. You can become a member even if you have no intention to contribute to the actual wiki; feel free to chat away with other members, discuss matters important to you on the forum, or use the file storage to have a central place to store your favorite information-material on feminism.<br />
<br />
The project is mere months old and the community is yet in an infantile stage, but with your contribution, it will grow.<br />
<br />
== What is feminism? ==<br />
<br />
There are a variety of ideological groupings which call themselves feminism, and some of them are in contradiction with each other. As such, a feminist community cannot possibly support all ideologies that have been labelled feminism. The FeministWiki is for feminists who adhere to a relatively straightforward and classical interpretation of feminism: the liberation of female people from male supremacy. This is sometimes called ''radical feminism'' because male supremacy is a radical notion for many people, and its elimination requires radical changes to society.<br />
<br />
Male supremacy refers to social and political systems that use stereotypes, myths, discrimination, belittlement, violence, and other means to keep female people down, so male people can exploit them for domestic labor, sexual enjoyment, reproductive work, or even unearned emotional support. While male supremacy primarily targets women and girls for exploitation, it also causes collateral damage to men and boys, because it requires them to uphold the myth of male superiority, punishing those who can't or won't fulfill their role.<br />
<br />
The FeministWiki promotes second-wave feminist literature:<br />
<br />
* [https://radfem.org/ Radical Feminist Archives]<br />
<br />
Further, the FeministWiki promotes and stands in solidarity with the following groups and organizations:<br />
<br />
* [http://womensliberationfront.org/ WoLF]: The Women's Liberation Front<br />
* [https://feministcurrent.com/ Feminist Current]: Canadian feminist news, commentary, and podcasts<br />
* [https://nordicmodelnow.org/ Nordic Model Now]: Educational movement for the abolition of prostitution<br />
* [http://www.spaceintl.org/ SPACE International]: Survivors of Prostitution Abuse Calling for Enlightenment<br />
* [https://womansplaceuk.org/ Women's Place UK]: Women's campaigning group scrutinizing gender self-identification<br />
* [https://pussychurchofmodernwitchcraft.com/ The Pussy Church of Modern Witchcraft]: Lesbian-led Church for Women and Girls<br />
<br />
== Who's behind the project? ==<br />
<br />
The FeministWiki belongs to the community. However, the technical infrastructure is managed by [[FeministWiki:Technician|the technician]]. The first technician, who set up the infrastructure, is a male computer programmer who goes by the pseudonym "Social Justice Wizard" (humor intended) on [https://twitter.com/socjuswiz Twitter] and [https://medium.com/@socjuswiz Medium]. The technician has no leadership role in the community. She or he is solely responsible for managing the infrastructure, offering technical support, and receiving membership requests. For now, he also pays the bills (a relatively small sum) needed to run the infrastructure.<br />
<br />
* [[FeministWiki:Todo|Project Todo]]<br />
* [[FeministWiki:TechnicalDocumentation|Technical Documentation]]<br />
<br />
{{#seo:<br />
|title=FeministWiki - A wiki and digital home for the feminist community<br />
|keywords=feminist feminism wiki feministwiki feminismwiki<br />
|description=Welcome to the FeministWiki, a wiki about feminism and a digital home for the feminist community<br />
|twitter:card=summary<br />
|twitter:site=@FeministWiki<br />
|twitter:image:src=https://feministwiki.org/w/resources/assets/wiki.png<br />
|google-site-verification=RZf8hzu0sR32H9OsEXa3-aN3LzE4T2nLPg1s9SrJgJI<br />
}}</div>SocJusWizhttps://feministwiki.org/w/index.php?title=Main_Page&diff=127Main Page2018-10-20T12:15:17Z<p>SocJusWiz: </p>
<hr />
<div>Welcome to '''FeministWiki''', a wiki and a digital home for the feminist community.<br />
<br />
''Services: [https://chat.feministwiki.org/ FeministChat] - [https://forum.feministwiki.org/ FeministForum] - [https://mail.feministwiki.org/ FeministMail] - [https://files.feministwiki.org/ FeministFiles] - [https://add-member.feministwiki.org/ Add a member]<br />
<br />
A wiki is a knowledge-base like an encyclopedia, but managed by the public. The FeministWiki specializes on feminism, and is managed by feminists and their supporters. Further, the FeministWiki platform offers an integrated "digital home" for feminists, consisting of a chat, forum, email accounts (''janedoe@feministwiki.org''), per-member and shared file storage, and more. To become a member, all you need to do is contact an existing member and let them know about your commitment to the feminist cause. You can also contact the project's technician at [mailto:admin@feministwiki.org admin@feministwiki.org] or [https://twitter.com/FeministWiki @FeministWiki] on Twitter.<br />
<br />
Once you are a member, you will be given a username and password with which you can log in to all FeministWiki services. If you want more detailed information, you can read the [[FeministWiki:Membership|details about membership]] or [[FeministWiki:Services|details about the services]]. For an introduction to wiki editing, see [[FeministWiki:Help|our small help page]] or the bigger [https://www.mediawiki.org/wiki/Help:Contents MediaWiki help page].<br />
<br />
Heads up: '''the FeministWiki needs you'''. All of the technical infrastructure of the FeministWiki is only useful if there's a community making use of it, and content on the wiki doesn't write itself! Be bold, don't shy off of asking for membership, and let the community and the world benefit from your added knowledge. You can become a member even if you have no intention to contribute to the actual wiki; feel free to chat away with other members, discuss matters important to you on the forum, or use the file storage to have a central place to store your favorite information-material on feminism.<br />
<br />
The project is mere months old and the community is yet in an infantile stage, but with your contribution, it will grow.<br />
<br />
== What is feminism? ==<br />
<br />
There are a variety of ideological groupings which call themselves feminism, and some of them are in contradiction with each other. As such, a feminist community cannot possibly support all ideologies that have been labelled feminism. The FeministWiki is for feminists who adhere to a relatively straightforward and classical interpretation of feminism: the liberation of female people from male supremacy. This is sometimes called ''radical feminism'' because male supremacy is a radical notion for many people, and its elimination requires radical changes to society.<br />
<br />
Male supremacy refers to social and political systems that use stereotypes, myths, discrimination, belittlement, violence, and other means to keep female people down, so male people can exploit them for domestic labor, sexual enjoyment, reproductive work, or even unearned emotional support. While male supremacy primarily targets women and girls for exploitation, it also causes collateral damage to men and boys, because it requires them to uphold the myth of male superiority, punishing those who can't or won't fulfill their role.<br />
<br />
The FeministWiki promotes second-wave feminist literature:<br />
<br />
* [https://radfem.org/ Radical Feminist Archives]<br />
<br />
Further, the FeministWiki promotes and stands in solidarity with the following groups and organizations:<br />
<br />
* [http://womensliberationfront.org/ WoLF]: The Women's Liberation Front<br />
* [https://feministcurrent.com/ Feminist Current]: Canadian feminist news, commentary, and podcasts<br />
* [https://nordicmodelnow.org/ Nordic Model Now]: Educational movement for the abolition of prostitution<br />
* [http://www.spaceintl.org/ SPACE International]: Survivors of Prostitution Abuse Calling for Enlightenment<br />
* [https://womansplaceuk.org/ Women's Place UK]: Women's campaigning group scrutinizing gender self-identification<br />
* [https://pussychurchofmodernwitchcraft.com/ The Pussy Church of Modern Witchcraft]: Lesbian-led Church for Women and Girls<br />
<br />
== Who's behind the project? ==<br />
<br />
The FeministWiki belongs to the community. However, the technical infrastructure is managed by [[FeministWiki:Technician|the technician]]. The first technician, who set up the infrastructure, is a male computer programmer who goes by the pseudonym "Social Justice Wizard" (humor intended) on [https://twitter.com/socjuswiz Twitter] and [https://medium.com/@socjuswiz Medium]. The technician has no leadership role in the community. She or he is solely responsible for managing the infrastructure, offering technical support, and receiving membership requests. For now, he also pays the bills (a relatively small sum) needed to run the infrastructure.<br />
<br />
* [[FeministWiki:Todo|Project Todo]]<br />
* [[FeministWiki:TechnicalDocumentation|Technical Documentation]]<br />
<br />
{{#seo:<br />
|title=FeministWiki - A wiki and digital home for the feminist community<br />
|keywords=feminist feminism wiki feministwiki feminismwiki<br />
|description=Welcome to the FeministWiki, a wiki about feminism and a digital home for the feminist community<br />
|twitter:card=summary<br />
|twitter:site=@FeministWiki<br />
|twitter:image:src=https://feministwiki.org/w/resources/assets/wiki.png<br />
|google-site-verification=RZf8hzu0sR32H9OsEXa3-aN3LzE4T2nLPg1s9SrJgJI<br />
}}</div>SocJusWizhttps://feministwiki.org/w/index.php?title=Main_Page&diff=126Main Page2018-10-20T11:51:28Z<p>SocJusWiz: </p>
<hr />
<div>{| class="wikitable" style="float: right; margin-left: 10px"<br />
! Services<br />
|-<br />
| [https://chat.feministwiki.org/ FeministChat]<br />
|-<br />
| [https://forum.feministwiki.org/ FeministForum]<br />
|-<br />
| [https://mail.feministwiki.org/ FeministMail]<br />
|-<br />
| [https://files.feministwiki.org/ FeministFiles]<br />
|-<br />
| [[FeministWiki:Services#FeministIRC|FeministIRC]]<br />
|-<br />
| [https://add-member.feministwiki.org/ Add a member]<br />
|}<br />
<br />
Welcome to '''FeministWiki''', a wiki and a digital home for the feminist community.<br />
<br />
A wiki is a knowledge-base like an encyclopedia, but managed by the public. The FeministWiki specializes on feminism, and is managed by feminists and their supporters. Further, the FeministWiki platform offers an integrated "digital home" for feminists, consisting of a chat, forum, email accounts (''janedoe@feministwiki.org''), per-member and shared file storage, and more. To become a member, all you need to do is contact an existing member and let them know about your commitment to the feminist cause. You can also contact the project's technician at [mailto:admin@feministwiki.org admin@feministwiki.org] or [https://twitter.com/FeministWiki @FeministWiki] on Twitter.<br />
<br />
Once you are a member, you will be given a username and password with which you can log in to all FeministWiki services. If you want more detailed information, you can read the [[FeministWiki:Membership|details about membership]] or [[FeministWiki:Services|details about the services]]. For an introduction to wiki editing, see [[FeministWiki:Help|our small help page]] or the bigger [https://www.mediawiki.org/wiki/Help:Contents MediaWiki help page].<br />
<br />
Heads up: '''the FeministWiki needs you'''. All of the technical infrastructure of the FeministWiki is only useful if there's a community making use of it, and content on the wiki doesn't write itself! Be bold, don't shy off of asking for membership, and let the community and the world benefit from your added knowledge. You can become a member even if you have no intention to contribute to the actual wiki; feel free to chat away with other members, discuss matters important to you on the forum, or use the file storage to have a central place to store your favorite information-material on feminism.<br />
<br />
The project is mere months old and the community is yet in an infantile stage, but with your contribution, it will grow.<br />
<br />
== What is feminism? ==<br />
<br />
There are a variety of ideological groupings which call themselves feminism, and some of them are in contradiction with each other. As such, a feminist community cannot possibly support all ideologies that have been labelled feminism. The FeministWiki is for feminists who adhere to a relatively straightforward and classical interpretation of feminism: the liberation of female people from male supremacy. This is sometimes called ''radical feminism'' because male supremacy is a radical notion for many people, and its elimination requires radical changes to society.<br />
<br />
Male supremacy refers to social and political systems that use stereotypes, myths, discrimination, belittlement, violence, and other means to keep female people down, so male people can exploit them for domestic labor, sexual enjoyment, reproductive work, or even unearned emotional support. While male supremacy primarily targets women and girls for exploitation, it also causes collateral damage to men and boys, because it requires them to uphold the myth of male superiority, punishing those who can't or won't fulfill their role.<br />
<br />
The FeministWiki promotes second-wave feminist literature:<br />
<br />
* [https://radfem.org/ Radical Feminist Archives]<br />
<br />
Further, the FeministWiki promotes and stands in solidarity with the following groups and organizations:<br />
<br />
* [http://womensliberationfront.org/ WoLF]: The Women's Liberation Front<br />
* [https://feministcurrent.com/ Feminist Current]: Canadian feminist news, commentary, and podcasts<br />
* [https://nordicmodelnow.org/ Nordic Model Now]: Educational movement for the abolition of prostitution<br />
* [http://www.spaceintl.org/ SPACE International]: Survivors of Prostitution Abuse Calling for Enlightenment<br />
* [https://womansplaceuk.org/ Women's Place UK]: Women's campaigning group scrutinizing gender self-identification<br />
* [https://pussychurchofmodernwitchcraft.com/ The Pussy Church of Modern Witchcraft]: Lesbian-led Church for Women and Girls<br />
<br />
== Who's behind the project? ==<br />
<br />
The FeministWiki belongs to the community. However, the technical infrastructure is managed by [[FeministWiki:Technician|the technician]]. The first technician, who set up the infrastructure, is a male computer programmer who goes by the pseudonym "Social Justice Wizard" (humor intended) on [https://twitter.com/socjuswiz Twitter] and [https://medium.com/@socjuswiz Medium]. The technician has no leadership role in the community. She or he is solely responsible for managing the infrastructure, offering technical support, and receiving membership requests. For now, he also pays the bills (a relatively small sum) needed to run the infrastructure.<br />
<br />
* [[FeministWiki:Todo|Project Todo]]<br />
* [[FeministWiki:TechnicalDocumentation|Technical Documentation]]<br />
<br />
{{#seo:<br />
|title=FeministWiki - A wiki and digital home for the feminist community<br />
|keywords=feminist feminism wiki feministwiki feminismwiki<br />
|description=Welcome to the FeministWiki, a wiki about feminism and a digital home for the feminist community<br />
|twitter:card=summary<br />
|twitter:site=@FeministWiki<br />
|twitter:image:src=https://feministwiki.org/w/resources/assets/wiki.png<br />
|google-site-verification=RZf8hzu0sR32H9OsEXa3-aN3LzE4T2nLPg1s9SrJgJI<br />
}}</div>SocJusWizhttps://feministwiki.org/w/index.php?title=Transwomen_in_women%27s_sports&diff=125Transwomen in women's sports2018-10-20T11:26:16Z<p>SocJusWiz: Created page with "Since the trans activist notion of "trans women are women" is meant literally, it follows that transwomen would be allowed to partake in women's sports unde..."</p>
<hr />
<div>Since the [[Trans activism|trans activist]] notion of "trans women are women" is meant literally, it follows that transwomen would be allowed to partake in women's sports under this logic. When a sports organization adheres to this notion, it poses a problem to women's sports, since the various physiological differences between the sexes allow peak-performing male athletes to significantly outperform peak-performing female athletes in most disciplines. The extent to which [[hormone replacement therapy]] (HRT) decreases the advantages of being male is yet unstudied, however it is clear that many of the changes the male body undergoes during puberty are not reversed by HRT, such as overall body size, skeletal structure, or the size of the lungs and heart.<br />
<br />
== Physiological differences ==<br />
<br />
Significant physiological differences between the human sexes that might affect athletic performance include but are not limited to:<br />
<br />
* Males weight about 15% more on average<ref>https://www.cdc.gov/nchs/data/ad/ad347.pdf</ref><br />
* Males are about 15 cm (6 in) taller on average<ref>https://www.cdc.gov/nchs/data/ad/ad347.pdf</ref><br />
* Males have denser and therefore more durable bones on average<ref>https://www.ncbi.nlm.nih.gov/pmc/articles/PMC2100202</ref><br />
* Males have stronger tendons and ligaments on average<ref>https://www.ncbi.nlm.nih.gov/pmc/articles/PMC2100202</ref><br />
* Males on avreage have greater total muscle mass<ref>http://jap.physiology.org/content/89/1/81</ref><br />
* Males on average have a greater ratio of muscle mass to total body mass<ref>http://jap.physiology.org/content/89/1/81</ref><br />
* Males have about 56% greater lung volume relative to body mass<ref>Glucksman A (1981). Sexual Dimorphism in Human and Mammalian Biology and Pathology. Academic Press. pp. 66–75.</ref><br />
* Males have larger hearts, with 10% higher red blood cell count and higher haemoglobin, meaning greater oxygen carrying capacity, although the difference is less pronounced among athletes<ref>Glucksman A (1981). Sexual Dimorphism in Human and Mammalian Biology and Pathology. Academic Press. pp. 66–75.</ref><br />
* Males have higher circulating "clotting factors" which allow for faster healing of wounds and higher peripheral pain tolerance<ref>Glucksman A (1981). Sexual Dimorphism in Human and Mammalian Biology and Pathology. Academic Press. pp. 66–75.</ref><br />
<br />
The differences in strength can be very significant. For instance, gross measures of body strength suggest that women are approximately only 50% to 60% as strong as men in the upper body, and 60% to 70% as strong in the lower body.<ref>https://www.ncbi.nlm.nih.gov/pubmed/8477683</ref> A study of hand-grip strength found that even elite female athletes can be surpassed by a man with no athletic training.<ref>https://www.ncbi.nlm.nih.gov/pubmed/17186303</ref> Another study of sports performance in various disciplines found that males tend to perform 5.5% to 36.8% better, depending on the discipline.<ref>https://www.ncbi.nlm.nih.gov/pmc/articles/PMC3761733/</ref><br />
<br />
== Notable transwomen in women's sports ==<br />
<br />
=== Fallon Fox ===<br />
<br />
Male transgender mixed martial arts (MMA) fighter [[Fallon Fox]] has brutalized a female opponent, Tamikka Brents, causing her to suffer a concussion, an orbital bone fracture, and seven staples to the head, in the first round. After her loss, Brents took to social media to convey her thoughts on the experience of fighting Fox: "I've fought a lot of women and have never felt the strength that I felt in a fight as I did that night. I can't answer whether it's because she was born a man or not because I'm not a doctor. I can only say, I've never felt so overpowered ever in my life and I am an abnormally strong female in my own right," she stated. "Her grip was different, I could usually move around in the clinch against other females but couldn't move at all in Fox's clinch..."<ref>http://www.cagepotato.com/after-being-tkod-by-fallon-fox-tamikka-brents-says-transgender-fighters-in-mma-just-isnt-fair/</ref> Fox has won 5 out of 6 MMA fights in total.<br />
<br />
=== Rachel McKinnon ===<br />
<br />
Male cyclist [[Rachel McKinnon]] won the women’s 35-44 sprint during the UCI Masters Track Cycling World Championships in Los Angeles, in October 2018.<ref>https://www.cyclingweekly.com/news/latest-news/rachel-mckinnon-becomes-first-transgender-woman-win-track-world-title-397473</ref> Third place finisher Jennifer Wagner commented that this was unfair, and later commented on Twitter that she would work on getting the rules changed, which Rachel McKinnon characterized as transphobic.<br />
<br />
=== Terry Miller and Andraya Yearwood ===<br />
<br />
Two male transgender high school athletes, [[Terry Miller]] and [[Andraya Yearwood]], won first and second place in the Connecticut state championship 100-meter dash in 2018. Miller also won first place in the 200-meter dash.<ref>https://www.wkbn.com/news/national-world/transgender-track-stars-win-state-championship-ignites-debate/1238813951</ref><br />
<br />
=== Laurel Hubbard ===<br />
<br />
New Zealand weightlifter [[Laurel Hubbard]] competed at the heaviest 90 kg+ category at the 2017 Australian International & Australian Open in Melbourne, winning the gold medal.<ref>http://www.heraldsun.com.au/sport/more-sports/laurel-hubbard-wins-female-90kg-division-at-weightliftings-australian-international/news-story/cd4a5fa012eb9a5ceb0281faceea5c7a</ref> Hubbard qualified for the 2018 Commonwealth Games, but an elbow injury during the competition forced Hubbard's withdrawal from the event, while however leading the field.<ref>https://www.theguardian.com/sport/2018/apr/09/transgender-weightlifter-laurel-hubbards-eligibility-under-scrutiny</ref><br />
<br />
=== Michelle Dumaresq ===<br />
<br />
Canadian professional downhill mountain-bike competitor [[Michelle Dumaresq]], who is a [[Sexual reassignment surgery|post-operative]] male-born transsexual, won the 2002 Canada Cup series, which qualified Dumaresq for the Canadian National team. In September 2002, Dumaresq co-represented Canada at the World Mountain Bike Championships. However, due to technical issues with the bike, Dumaresq only managed a 24th-place finish in the event. In 2003, Dumaresq won the 2003 Canadian National Championships and again represented Canada in the 2003 World Championships. Dumaresq repeated a Nationals win in 2004 and finished 17th at the 2004 World Mountain Bike Championships held in Les Gets, France.<br />
<br />
At the 2006 Canadian Nationals, a protest from one of the competitors during the podium ceremonies brought attention to Dumaresq's participation in female sports. The boyfriend of second-place finisher Danika Schroeter jumped up onto the podium and helped Schroeter put on a T-shirt reading '100% Pure Woman Champ'. The Canadian Cycling Association suspended Schroeter for her actions. However, the CCA announced that Schroeter's time off the race course would be served during the off-season when it would have no impact on her.<br />
<br />
=== Hannah Mouncey ===<br />
<br />
On 27 May 2018, [[Hannah Mouncey]] scored three goals for Melbourne Handball Club in their win over University of Queensland Handball Club for the 2018 Oceanian Open Club Championship.<ref>http://handballvic.org.au/event/5628/</ref><br />
<br />
== References ==<br />
<br />
<references/></div>SocJusWizhttps://feministwiki.org/w/index.php?title=FeministWiki:Technical_documentation&diff=124FeministWiki:Technical documentation2018-10-13T16:36:03Z<p>SocJusWiz: /* Certs */</p>
<hr />
<div>This page documents the FeministWiki's technical infrastructure, the target audience being technicians.<br />
<br />
== Hosts ==<br />
<br />
The following table documents the basic DNS configuration, and can be used as part of the <code>/etc/hosts</code> file on each server to obviate the need for DNS lookups when connecting to one another.<br />
<br />
{| class="wikitable"<br />
!IP !! FQDN !! Host !! Purpose<br />
|-<br />
|85.214.101.34 || feministwiki.org || || Wiki<br />
|-<br />
|85.214.101.34 || www.feministwiki.org || www || Wiki<br />
|-<br />
|85.214.101.34 || ldap.feministwiki.org || ldap || LDAP<br />
|-<br />
|85.214.101.34 || chat.feministwiki.org || chat || Web-client for XMPP<br />
|-<br />
|85.214.101.34 || forum.feministwiki.org || forum || BBS Forum<br />
|-<br />
|85.214.101.34 || mail.feministwiki.org || mail || Web-client for Mail<br />
|-<br />
|85.214.101.34 || files.feministwiki.org || files || File storage<br />
|-<br />
|85.214.101.34 || imap.feministwiki.org || imap || IMAP<br />
|-<br />
|85.214.101.34 || smtp.feministwiki.org || smtp || SMTP<br />
|-<br />
|85.214.101.34 || xmpp.feministwiki.org || xmpp || XMPP<br />
|-<br />
|85.214.101.34 || irc.feministwiki.org || irc || IRC<br />
|-<br />
|85.214.101.34 || social.feministwiki.org || social || GNU social<br />
|-<br />
|85.214.101.34 || add-member.feministwiki.org || add-member || Add a member<br />
|}<br />
<br />
(As you can see, all services are on the same server for now.)<br />
<br />
== Special DNS entries ==<br />
<br />
For CAA:<br />
<br />
{| class="wikitable"<br />
!Type !! Name !! Flag !! Tag !! Value <br />
|-<br />
|CAA || @ || 0 || issue || letsencrypt.org<br />
|-<br />
|CAA || @ || 0 || iodef || admin@feministwiki.org<br />
|}<br />
<br />
For email:<br />
<br />
{| class="wikitable"<br />
!Type !! Host !! Data !! Purpose<br />
|-<br />
|MX || @ || smtp.feministwiki.org || Mail server<br />
|-<br />
|TXT || @ || v=spf1 mx -all || SPF<br />
|-<br />
|TXT || mail._domainkey || v=DKIM1; k=rsa; p=<pubkey> || DKIM<br />
|-<br />
|TXT || _dmarc || v=DMARC1; p=reject; rua=<nowiki>mailto:admin</nowiki>@feministwiki.org || DMARC<br />
|}<br />
<br />
For XMPP:<br />
<br />
{| class="wikitable"<br />
!Type !! Service !! Protocol !! Name !! Destination !! Port<br />
|-<br />
|SRV || _xmpp-client || _tcp || @ || xmpp.feministwiki.org || 5222<br />
|-<br />
|SRV || _xmpp-server || _tcp || @ || xmpp.feministwiki.org || 5269<br />
|}<br />
<br />
Google Site Verification:<br />
<br />
{| class="wikitable"<br />
!Type !! Host !! Data<br />
|-<br />
|TXT || @ || google-site-verification=<key><br />
|}<br />
<br />
== SSH access ==<br />
<br />
FeministWiki hosts have ssh enabled for <code>root</code> access, but password login is disabled. You must own a valid private key to log in.<br />
<br />
== Git repo of scripts and configuration ==<br />
<br />
The following GitHub account hosts repositories with scripts and configuration used by the FeministWiki:<br />
<br />
https://github.com/FeministWiki<br />
<br />
== Certs ==<br />
<br />
The FeministWiki uses LetsEncrypt to acquire digital certificates for encrypted communication.<br />
<br />
To ease use of the letsencrypt command, the file <code>/root/etc/domains</code> contains all the FQDNs used by the FeministWiki, one per line. Given that, the preferred way to populate the <code>/etc/letsencrypt/live/feministwiki.org</code> directory with fresh certs is to run the following commands while TCP port 80 is free (e.g. stop Apache first):<br />
<br />
# Use $() to eliminate the terminating newline, if any.<br />
domains=$(cat /root/etc/domains)<br />
<br />
domains=$(printf '%s' "$domains" | tr '\n' ',')<br />
<br />
letsencrypt certonly --authenticator standalone -d "$domains"<br />
<br />
Additionally, for programs that require a cert file and its private key in a single combined <code>.pem</code> file, run the following commands to generate such a file:<br />
<br />
cd /etc/letsencrypt/live/feministwiki.org<br />
cat fullchain.pem privkey.pem > certbundle.pem<br />
<br />
The script <code>/root/bin/letsencrypt-refresh</code> '''does all of the above''', so in practice you just need to run the following commands to recreate the cert:<br />
<br />
service apache2 stop # Assuming Apache is running on the machine<br />
letsencrypt-refresh<br />
service apache2 start<br />
<br />
The above can be used not only to refresh a cert that's running out, but also to add a new domain to the cert. Just add the domain to <code>/root/etc/domains</code> and run the commands.<br />
<br />
Note that the letsencrypt command doesn't work well on a "dumb" terminal such as an Emacs shell buffer. Make sure to run it from within a proper terminal emulator.<br />
<br />
=== Readability of the key files ===<br />
<br />
To ensure that processes running under unprivileged users can read key files, ensure that the users they run under are members of the <code>ssl-cert</code> group, which should have read access to the files in <code>/etc/letsencrypt/live/feministwiki.org</code>.<br />
<br />
== Services ==<br />
<br />
This section documents the individual services of the FeministWiki. They should work regardless of what server they're on. I.e. every service could in theory be hosted on its own server.<br />
<br />
=== LDAP ===<br />
<br />
Host: ldap.feministwiki.org <br/><br />
Software: OpenLDAP<br />
<br />
The LDAP service contains the central database of FeministWiki members. The structure looks like this:<br />
<br />
* dc=feministwiki,dc=org<br />
** ou=members<br />
*** cn=''username'' <br/> objectClass: inetOrgPerson <br/> cn: ''username'' <br/> uid: ''username'' <br/> sn: - <br/> userPassword: {SSHA}''saltedhash'' <br/> mail: ''username''@feministwiki.org<br />
*** cn=''username2'' <br/> objectClass: inetOrgPerson <br/> cn: ''username2'' <br/> uid: ''username2'' <br/> sn: - <br/> userPassword: {SSHA}''saltedhash2'' <br/> mail: ''username2''@feministwiki.org <br/> manager: cn=''username'',ou=members,dc=feministwiki,dc=org<br />
*** ...<br />
** ou=groups<br />
*** cn=members <br/> objectClass: groupOfNames <br/> cn: members <br/> member: ''username'' <br/> member: ''username2'' <br/> member: ...<br />
<br />
Notes:<br />
* The <code>cn</code> (common name) and <code>uid</code> (user ID) fields both contain the username. This is because some software is preconfigured to look at <code>uid</code>, while most look at <code>cn</code>.<br />
* The <code>sn</code> (surname) field simply contains a minus character as a placeholder, because it's a mandatory field.<br />
* The <code>manager</code> field is optional and we use it to record the member who added the member in question.<br />
<br />
To make sure passwords are stored with the <code>{SSHA}</code> scheme rather than plain text, the <code>ppolicy</code> "password policy overlay" is used. ZYTRAX has a very nice book about LDAP which documents how to enable this: http://www.zytrax.com/books/ldap/ch6/ppolicy.html<br />
<br />
In short, the steps go as follows (these commands ''should'' work verbatim):<br />
<br />
# Add the ppolicy schema<br />
ldapadd -Y external -H ldapi:/// < /etc/ldap/schema/ppolicy.ldif<br />
<br />
# Enable the ppolicy dynamic module<br />
ldapmodify -Y external -H ldapi:/// <<EOF<br />
dn: cn=module{0},cn=config<br />
changetype: modify<br />
add: olcModuleLoad<br />
olcModuleLoad: ppolicy<br />
EOF<br />
<br />
# Add the ppolicy overlay with olcPPolicyHashCleartext set to TRUE<br />
ldapadd -Y external -H ldapi:/// <<EOF<br />
dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config<br />
objectClass: olcPPolicyConfig<br />
olcOverlay: ppolicy<br />
olcPPolicyHashCleartext: TRUE<br />
EOF<br />
<br />
=== Wiki ===<br />
<br />
Host: feministwiki.org, www.feministwiki.org <br/><br />
Software: MediaWiki<br />
<br />
The wiki uses a [https://www.mediawiki.org/wiki/MediaWiki MediaWiki] installation located at <code>/var/www/wiki/w</code> with the [https://www.mediawiki.org/wiki/Extension:LDAP_Authentication LDAP Authentication] plugin for login management and the "Short URL" feature enabled with help of Apache's vhost configuration, which is located at <code>/etc/apache2/sites-available/wiki.conf</code>.<br />
<br />
The wiki uses the SQL database called "feministwiki" and the SQL user of the same name.<br />
<br />
=== Chat (web interface) ===<br />
<br />
Host: chat.feministwiki.org <br/><br />
Software: Converse.js<br />
<br />
The web-interface for the FeministChat uses the full-screen "Impress" variant of the [https://conversejs.org/ Converse.js] XMPP client. The hosted HTML and JS files are located at <code>/var/www/chat</code>, although they load Converse.js as an external script from upstream, which is why the self-hosted HTML and JS are very minimal.<br />
<br />
=== Forum ===<br />
<br />
Host: forum.feministwiki.org <br/><br />
Software: phpBB<br />
<br />
The forum uses a [https://www.phpbb.com/ phpBB] installation located at <code>/var/www/forum</code>. Most configuration of phpBB, including LDAP authentication, is done through its administration panel. The style used by the forum is essentially Basic Orange, though the logo is changed via an inheriting style called FeministWiki.<br />
<br />
The forum uses the SQL database called "feministforum" and the SQL user of the same name.<br />
<br />
=== Mail (web interface) ===<br />
<br />
Host: mail.feministwiki.org <br/><br />
Software: Roundcube<br />
<br />
The web-interface for the FeministMail uses the [https://roundcube.net/ Roundcube] mail client, installed at <code>/var/www/mail</code>. It uses the standard "larry" style, but with some tweaks to logos and images.<br />
<br />
=== Files ===<br />
<br />
Host: files.feministwiki.org <br/><br />
Software: Nextcloud<br />
<br />
FeministFiles is a [https://nextcloud.com/ Nextcloud] installation with some branding, and LDAP authentication, installed at <code>/var/www/files</code>.<br />
<br />
=== IMAP ===<br />
<br />
Host: imap.feministwiki.org <br/><br />
Software: Dovecot<br />
<br />
FeministMail uses the [https://www.dovecot.org/ Dovecot] IMAP server, configured for LDAP authentication and using virtual mail boxes under <code>/home/vmail</code>.<br />
<br />
=== SMTP ===<br />
<br />
Host: smtp.feministwiki.org <br/><br />
Software: Postfix, OpenDKIM<br />
<br />
FeministMail uses the [http://www.postfix.org/ Postfix] SMTP server, using SASL authentication through Dovecot, LDAP-based virtual mail boxes under <code>/home/vmail</code>, and DKIM signing via OpenDKIM. Send a mail to a Gmail account and use the "Show original" feature of Gmail to see if the mail passes SPF, DKIM, and DMARC tests.<br />
<br />
There are also various tools on the web to automatically test the DNS settings for correctness, to check if the domain/IP is on blacklists, etc., which you can find via Google. All in all, FeministMail is probably the most complicated service of the FeministWiki, as far as technical background goes.<br />
<br />
=== XMPP ===<br />
<br />
Host: xmpp.feministwiki.org <br/><br />
Software: ejabberd<br />
<br />
FeministChat uses the [https://www.ejabberd.im/ ejabberd] XMPP server, configured to use LDAP authentication and an LDAP-based shared roster group for all members.<br />
<br />
=== IRC ===<br />
<br />
Host: irc.feministwiki.org <br/><br />
Software: InspIRCd<br />
<br />
FeministIRC uses the [http://www.inspircd.org/ InspIRCd] IRC server with the <code>ldapauth</code> module for LDAP authentication.<br />
<br />
=== Add a member ===<br />
<br />
Host: add-member.feministwiki.org <br/><br />
Software: custom<br />
<br />
The page to add a new member, hosted at <code>/var/www/add-member</code>, uses a bit of self-written HTML, PHP, and a setuid-root C program to invoke the shell script located at <code>/root/bin/fw-adduser</code> with root privileges.</div>SocJusWizhttps://feministwiki.org/w/index.php?title=FeministWiki:Todo&diff=123FeministWiki:Todo2018-10-07T09:46:32Z<p>SocJusWiz: </p>
<hr />
<div>* Implement single sign-on<br />
* Add blogs (WP?)<br />
* Add mailing lists<br />
* Create newsletter<br />
* Add Mastodon<br />
* Add calendar<br />
* Add Diaspora?<br />
* Import Wikipedia features (infoboxes, citations)</div>SocJusWizhttps://feministwiki.org/w/index.php?title=Main_Page&diff=122Main Page2018-09-30T15:04:54Z<p>SocJusWiz: </p>
<hr />
<div>{| class="wikitable" style="float: right"<br />
! Services<br />
|-<br />
| [https://chat.feministwiki.org/ FeministChat]<br />
|-<br />
| [https://forum.feministwiki.org/ FeministForum]<br />
|-<br />
| [https://mail.feministwiki.org/ FeministMail]<br />
|-<br />
| [https://files.feministwiki.org/ FeministFiles]<br />
|-<br />
| [[FeministWiki:Services#FeministIRC|FeministIRC]]<br />
|-<br />
| [https://add-member.feministwiki.org/ Add a member]<br />
|}<br />
<br />
Welcome to '''FeministWiki''', a wiki and a digital home for the feminist community.<br />
<br />
A wiki is a knowledge-base like an encyclopedia, but managed by the public. The FeministWiki specializes on feminism, and is managed by feminists and their supporters. Further, the FeministWiki platform offers an integrated "digital home" for feminists, consisting of a chat, forum, email accounts (''janedoe@feministwiki.org''), per-member and shared file storage, and more. To become a member, all you need to do is contact an existing member and let them know about your commitment to the feminist cause. You can also contact the project's technician at [mailto:admin@feministwiki.org admin@feministwiki.org] or [https://twitter.com/FeministWiki @FeministWiki] on Twitter.<br />
<br />
Once you are a member, you will be given a username and password with which you can log in to all FeministWiki services. If you want more detailed information, you can read the [[FeministWiki:Membership|details about membership]] or [[FeministWiki:Services|details about the services]]. For an introduction to wiki editing, see [[FeministWiki:Help|our small help page]] or the bigger [https://www.mediawiki.org/wiki/Help:Contents MediaWiki help page].<br />
<br />
Heads up: '''the FeministWiki needs you'''. All of the technical infrastructure of the FeministWiki is only useful if there's a community making use of it, and content on the wiki doesn't write itself! Be bold, don't shy off of asking for membership, and let the community and the world benefit from your added knowledge. You can become a member even if you have no intention to contribute to the actual wiki; feel free to chat away with other members, discuss matters important to you on the forum, or use the file storage to have a central place to store your favorite information-material on feminism.<br />
<br />
The project is mere months old and the community is yet in an infantile stage, but with your contribution, it will grow.<br />
<br />
== What is feminism? ==<br />
<br />
There are a variety of ideological groupings which call themselves feminism, and some of them are in contradiction with each other. As such, a feminist community cannot possibly support all ideologies that have been labelled feminism. The FeministWiki is for feminists who adhere to a relatively straightforward and classical interpretation of feminism: the liberation of female people from male supremacy. This is sometimes called ''radical feminism'' because male supremacy is a radical notion for many people, and its elimination requires radical changes to society.<br />
<br />
Male supremacy refers to social and political systems that use stereotypes, myths, discrimination, belittlement, violence, and other means to keep female people down, so male people can exploit them for domestic labor, sexual enjoyment, reproductive work, or even unearned emotional support. While male supremacy primarily targets women and girls for exploitation, it also causes collateral damage to men and boys, because it requires them to uphold the myth of male superiority, punishing those who can't or won't fulfill their role.<br />
<br />
The FeministWiki promotes second-wave feminist literature:<br />
<br />
* [https://radfem.org/ Radical Feminist Archives]<br />
<br />
Further, the FeministWiki promotes and stands in solidarity with the following groups and organizations:<br />
<br />
* [http://womensliberationfront.org/ WoLF]: The Women's Liberation Front<br />
* [https://feministcurrent.com/ Feminist Current]: Canadian feminist news, commentary, and podcasts<br />
* [https://nordicmodelnow.org/ Nordic Model Now]: Educational movement for the abolition of prostitution<br />
* [http://www.spaceintl.org/ SPACE International]: Survivors of Prostitution Abuse Calling for Enlightenment<br />
* [https://womansplaceuk.org/ Women's Place UK]: Women's campaigning group scrutinizing gender self-identification<br />
* [https://pussychurchofmodernwitchcraft.com/ The Pussy Church of Modern Witchcraft]: Lesbian-led Church for Women and Girls<br />
<br />
== Who's behind the project? ==<br />
<br />
The FeministWiki belongs to the community. However, the technical infrastructure is managed by [[FeministWiki:Technician|the technician]]. The first technician, who set up the infrastructure, is a male computer programmer who goes by the pseudonym "Social Justice Wizard" (humor intended) on [https://twitter.com/socjuswiz Twitter] and [https://medium.com/@socjuswiz Medium]. The technician has no leadership role in the community. She or he is solely responsible for managing the infrastructure, offering technical support, and receiving membership requests. For now, he also pays the bills (a relatively small sum) needed to run the infrastructure.<br />
<br />
* [[FeministWiki:Todo|Project Todo]]<br />
* [[FeministWiki:TechnicalDocumentation|Technical Documentation]]<br />
<br />
{{#seo:<br />
|title=FeministWiki - A wiki and digital home for the feminist community<br />
|keywords=feminist feminism wiki feministwiki feminismwiki<br />
|description=Welcome to the FeministWiki, a wiki about feminism and a digital home for the feminist community<br />
|twitter:card=summary<br />
|twitter:site=@FeministWiki<br />
|twitter:image:src=https://feministwiki.org/w/resources/assets/wiki.png<br />
|google-site-verification=RZf8hzu0sR32H9OsEXa3-aN3LzE4T2nLPg1s9SrJgJI<br />
}}</div>SocJusWizhttps://feministwiki.org/w/index.php?title=FeministWiki:Technical_documentation&diff=121FeministWiki:Technical documentation2018-09-30T14:14:47Z<p>SocJusWiz: /* Special DNS entries */</p>
<hr />
<div>This page documents the FeministWiki's technical infrastructure, the target audience being technicians.<br />
<br />
== Hosts ==<br />
<br />
The following table documents the basic DNS configuration, and can be used as part of the <code>/etc/hosts</code> file on each server to obviate the need for DNS lookups when connecting to one another.<br />
<br />
{| class="wikitable"<br />
!IP !! FQDN !! Host !! Purpose<br />
|-<br />
|85.214.101.34 || feministwiki.org || || Wiki<br />
|-<br />
|85.214.101.34 || www.feministwiki.org || www || Wiki<br />
|-<br />
|85.214.101.34 || ldap.feministwiki.org || ldap || LDAP<br />
|-<br />
|85.214.101.34 || chat.feministwiki.org || chat || Web-client for XMPP<br />
|-<br />
|85.214.101.34 || forum.feministwiki.org || forum || BBS Forum<br />
|-<br />
|85.214.101.34 || mail.feministwiki.org || mail || Web-client for Mail<br />
|-<br />
|85.214.101.34 || files.feministwiki.org || files || File storage<br />
|-<br />
|85.214.101.34 || imap.feministwiki.org || imap || IMAP<br />
|-<br />
|85.214.101.34 || smtp.feministwiki.org || smtp || SMTP<br />
|-<br />
|85.214.101.34 || xmpp.feministwiki.org || xmpp || XMPP<br />
|-<br />
|85.214.101.34 || irc.feministwiki.org || irc || IRC<br />
|-<br />
|85.214.101.34 || social.feministwiki.org || social || GNU social<br />
|-<br />
|85.214.101.34 || add-member.feministwiki.org || add-member || Add a member<br />
|}<br />
<br />
(As you can see, all services are on the same server for now.)<br />
<br />
== Special DNS entries ==<br />
<br />
For CAA:<br />
<br />
{| class="wikitable"<br />
!Type !! Name !! Flag !! Tag !! Value <br />
|-<br />
|CAA || @ || 0 || issue || letsencrypt.org<br />
|-<br />
|CAA || @ || 0 || iodef || admin@feministwiki.org<br />
|}<br />
<br />
For email:<br />
<br />
{| class="wikitable"<br />
!Type !! Host !! Data !! Purpose<br />
|-<br />
|MX || @ || smtp.feministwiki.org || Mail server<br />
|-<br />
|TXT || @ || v=spf1 mx -all || SPF<br />
|-<br />
|TXT || mail._domainkey || v=DKIM1; k=rsa; p=<pubkey> || DKIM<br />
|-<br />
|TXT || _dmarc || v=DMARC1; p=reject; rua=<nowiki>mailto:admin</nowiki>@feministwiki.org || DMARC<br />
|}<br />
<br />
For XMPP:<br />
<br />
{| class="wikitable"<br />
!Type !! Service !! Protocol !! Name !! Destination !! Port<br />
|-<br />
|SRV || _xmpp-client || _tcp || @ || xmpp.feministwiki.org || 5222<br />
|-<br />
|SRV || _xmpp-server || _tcp || @ || xmpp.feministwiki.org || 5269<br />
|}<br />
<br />
Google Site Verification:<br />
<br />
{| class="wikitable"<br />
!Type !! Host !! Data<br />
|-<br />
|TXT || @ || google-site-verification=<key><br />
|}<br />
<br />
== SSH access ==<br />
<br />
FeministWiki hosts have ssh enabled for <code>root</code> access, but password login is disabled. You must own a valid private key to log in.<br />
<br />
== Git repo of scripts and configuration ==<br />
<br />
The following GitHub account hosts repositories with scripts and configuration used by the FeministWiki:<br />
<br />
https://github.com/FeministWiki<br />
<br />
== Certs ==<br />
<br />
The FeministWiki uses LetsEncrypt to acquire digital certificates for encrypted communication.<br />
<br />
To ease use of the letsencrypt command, the file <code>/root/etc/domains</code> contains all the FQDNs used by the FeministWiki, one per line. Given that, the preferred way to populate the <code>/etc/letsencrypt/live/feministwiki.org</code> directory with fresh certs is to run the following command while TCP port 80 is free (e.g. stop Apache first):<br />
<br />
letsencrypt certonly --authenticator standalone -d "$(tr '\n' ',' < /root/etc/domains)"<br />
<br />
Additionally, for programs that require a cert file and its private key in a single combined <code>.pem</code> file, run the following commands to generate such a file:<br />
<br />
cd /etc/letsencrypt/live/feministwiki.org<br />
cat fullchain.pem privkey.pem > certbundle.pem<br />
<br />
The script <code>/root/bin/letsencrypt-refresh</code> '''does all of the above''', so in practice you just need to run the following commands to recreate the cert:<br />
<br />
service apache2 stop # Assuming Apache is running on the machine<br />
letsencrypt-refresh<br />
service apache2 start<br />
<br />
The above can be used not only to refresh a cert that's running out, but also to add a new domain to the cert. Just add the domain to <code>/root/etc/domains</code> and run the commands.<br />
<br />
Note that the letsencrypt command doesn't work well on a "dumb" terminal such as an Emacs shell buffer. Make sure to run it from within a proper terminal emulator.<br />
<br />
=== Readability of the key files ===<br />
<br />
To ensure that processes running under unprivileged users can read key files, ensure that the users they run under are members of the <code>ssl-cert</code> group, which should have read access to the files in <code>/etc/letsencrypt/live/feministwiki.org</code>.<br />
<br />
== Services ==<br />
<br />
This section documents the individual services of the FeministWiki. They should work regardless of what server they're on. I.e. every service could in theory be hosted on its own server.<br />
<br />
=== LDAP ===<br />
<br />
Host: ldap.feministwiki.org <br/><br />
Software: OpenLDAP<br />
<br />
The LDAP service contains the central database of FeministWiki members. The structure looks like this:<br />
<br />
* dc=feministwiki,dc=org<br />
** ou=members<br />
*** cn=''username'' <br/> objectClass: inetOrgPerson <br/> cn: ''username'' <br/> uid: ''username'' <br/> sn: - <br/> userPassword: {SSHA}''saltedhash'' <br/> mail: ''username''@feministwiki.org<br />
*** cn=''username2'' <br/> objectClass: inetOrgPerson <br/> cn: ''username2'' <br/> uid: ''username2'' <br/> sn: - <br/> userPassword: {SSHA}''saltedhash2'' <br/> mail: ''username2''@feministwiki.org <br/> manager: cn=''username'',ou=members,dc=feministwiki,dc=org<br />
*** ...<br />
** ou=groups<br />
*** cn=members <br/> objectClass: groupOfNames <br/> cn: members <br/> member: ''username'' <br/> member: ''username2'' <br/> member: ...<br />
<br />
Notes:<br />
* The <code>cn</code> (common name) and <code>uid</code> (user ID) fields both contain the username. This is because some software is preconfigured to look at <code>uid</code>, while most look at <code>cn</code>.<br />
* The <code>sn</code> (surname) field simply contains a minus character as a placeholder, because it's a mandatory field.<br />
* The <code>manager</code> field is optional and we use it to record the member who added the member in question.<br />
<br />
To make sure passwords are stored with the <code>{SSHA}</code> scheme rather than plain text, the <code>ppolicy</code> "password policy overlay" is used. ZYTRAX has a very nice book about LDAP which documents how to enable this: http://www.zytrax.com/books/ldap/ch6/ppolicy.html<br />
<br />
In short, the steps go as follows (these commands ''should'' work verbatim):<br />
<br />
# Add the ppolicy schema<br />
ldapadd -Y external -H ldapi:/// < /etc/ldap/schema/ppolicy.ldif<br />
<br />
# Enable the ppolicy dynamic module<br />
ldapmodify -Y external -H ldapi:/// <<EOF<br />
dn: cn=module{0},cn=config<br />
changetype: modify<br />
add: olcModuleLoad<br />
olcModuleLoad: ppolicy<br />
EOF<br />
<br />
# Add the ppolicy overlay with olcPPolicyHashCleartext set to TRUE<br />
ldapadd -Y external -H ldapi:/// <<EOF<br />
dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config<br />
objectClass: olcPPolicyConfig<br />
olcOverlay: ppolicy<br />
olcPPolicyHashCleartext: TRUE<br />
EOF<br />
<br />
=== Wiki ===<br />
<br />
Host: feministwiki.org, www.feministwiki.org <br/><br />
Software: MediaWiki<br />
<br />
The wiki uses a [https://www.mediawiki.org/wiki/MediaWiki MediaWiki] installation located at <code>/var/www/wiki/w</code> with the [https://www.mediawiki.org/wiki/Extension:LDAP_Authentication LDAP Authentication] plugin for login management and the "Short URL" feature enabled with help of Apache's vhost configuration, which is located at <code>/etc/apache2/sites-available/wiki.conf</code>.<br />
<br />
The wiki uses the SQL database called "feministwiki" and the SQL user of the same name.<br />
<br />
=== Chat (web interface) ===<br />
<br />
Host: chat.feministwiki.org <br/><br />
Software: Converse.js<br />
<br />
The web-interface for the FeministChat uses the full-screen "Impress" variant of the [https://conversejs.org/ Converse.js] XMPP client. The hosted HTML and JS files are located at <code>/var/www/chat</code>, although they load Converse.js as an external script from upstream, which is why the self-hosted HTML and JS are very minimal.<br />
<br />
=== Forum ===<br />
<br />
Host: forum.feministwiki.org <br/><br />
Software: phpBB<br />
<br />
The forum uses a [https://www.phpbb.com/ phpBB] installation located at <code>/var/www/forum</code>. Most configuration of phpBB, including LDAP authentication, is done through its administration panel. The style used by the forum is essentially Basic Orange, though the logo is changed via an inheriting style called FeministWiki.<br />
<br />
The forum uses the SQL database called "feministforum" and the SQL user of the same name.<br />
<br />
=== Mail (web interface) ===<br />
<br />
Host: mail.feministwiki.org <br/><br />
Software: Roundcube<br />
<br />
The web-interface for the FeministMail uses the [https://roundcube.net/ Roundcube] mail client, installed at <code>/var/www/mail</code>. It uses the standard "larry" style, but with some tweaks to logos and images.<br />
<br />
=== Files ===<br />
<br />
Host: files.feministwiki.org <br/><br />
Software: Nextcloud<br />
<br />
FeministFiles is a [https://nextcloud.com/ Nextcloud] installation with some branding, and LDAP authentication, installed at <code>/var/www/files</code>.<br />
<br />
=== IMAP ===<br />
<br />
Host: imap.feministwiki.org <br/><br />
Software: Dovecot<br />
<br />
FeministMail uses the [https://www.dovecot.org/ Dovecot] IMAP server, configured for LDAP authentication and using virtual mail boxes under <code>/home/vmail</code>.<br />
<br />
=== SMTP ===<br />
<br />
Host: smtp.feministwiki.org <br/><br />
Software: Postfix, OpenDKIM<br />
<br />
FeministMail uses the [http://www.postfix.org/ Postfix] SMTP server, using SASL authentication through Dovecot, LDAP-based virtual mail boxes under <code>/home/vmail</code>, and DKIM signing via OpenDKIM. Send a mail to a Gmail account and use the "Show original" feature of Gmail to see if the mail passes SPF, DKIM, and DMARC tests.<br />
<br />
There are also various tools on the web to automatically test the DNS settings for correctness, to check if the domain/IP is on blacklists, etc., which you can find via Google. All in all, FeministMail is probably the most complicated service of the FeministWiki, as far as technical background goes.<br />
<br />
=== XMPP ===<br />
<br />
Host: xmpp.feministwiki.org <br/><br />
Software: ejabberd<br />
<br />
FeministChat uses the [https://www.ejabberd.im/ ejabberd] XMPP server, configured to use LDAP authentication and an LDAP-based shared roster group for all members.<br />
<br />
=== IRC ===<br />
<br />
Host: irc.feministwiki.org <br/><br />
Software: InspIRCd<br />
<br />
FeministIRC uses the [http://www.inspircd.org/ InspIRCd] IRC server with the <code>ldapauth</code> module for LDAP authentication.<br />
<br />
=== Add a member ===<br />
<br />
Host: add-member.feministwiki.org <br/><br />
Software: custom<br />
<br />
The page to add a new member, hosted at <code>/var/www/add-member</code>, uses a bit of self-written HTML, PHP, and a setuid-root C program to invoke the shell script located at <code>/root/bin/fw-adduser</code> with root privileges.</div>SocJusWizhttps://feministwiki.org/w/index.php?title=Black_feminism&diff=120Black feminism2018-09-29T19:02:02Z<p>SocJusWiz: </p>
<hr />
<div>'''Black feminism''' refers to ideologies centered on the experiences of Black women. A central theme in Black feminism is ''intersectionality'', which refers to the ways gender, race, and other social categories interact to influence an individual's life outcomes and experiences of oppression. Prominent Black feminists from the 19th to 21th centuries include [[Anna Julia Cooper]], [[Ida B. Wells]], [[Sojourner Truth]], [[Audre Lorde]], [[Patricia Hill Collins]], Gloria Jean Watkins aka [[bell hooks]], [[Kimberlé Crenshaw]], [[Chimamanda Ngozi Adichie]], and Claire Heuchan aka [[Sister Outrider]].<br />
<br />
== History ==<br />
<br />
Women such as Sojourner Truth, Anna Julia Cooper, and Ida B. Wells exemplified Black feminist activism in the nineteenth century.<br />
<br />
In 1851, women’s rights advocate and abolitionist [[Sojourner Truth]] gave a speech at a women’s rights convention in which she challenged both racism and sexism faced by Black women. No actual transcription of the speech exists, although Marius Robinson, who was present during the speech and who worked with Truth, published the following written version some weeks after the original speech:<br />
<br />
<blockquote><br />
I want to say a few words about this matter. I am a woman's rights. [sic] I have as much muscle as any man, and can do as much work as any man. I have plowed and reaped and husked and chopped and mowed, and can any man do more than that? I have heard much about the sexes being equal. I can carry as much as any man, and can eat as much too, if I can get it. I am as strong as any man that is now. As for intellect, all I can say is, if a woman have a pint, and a man a quart – why can't she have her little pint full? You need not be afraid to give us our rights for fear we will take too much, – for we can't take more than our pint'll hold. The poor men seems to be all in confusion, and don't know what to do. Why children, if you have woman's rights, give it to her and you will feel better. You will have your own rights, and they won't be so much trouble. I can't read, but I can hear. I have heard the bible and have learned that Eve caused man to sin. Well, if woman upset the world, do give her a chance to set it right side up again. The Lady has spoken about Jesus, how he never spurned woman from him, and she was right. When Lazarus died, Mary and Martha came to him with faith and love and besought him to raise their brother. And Jesus wept and Lazarus came forth. And how came Jesus into the world? Through God who created him and the woman who bore him. Man, where was your part? But the women are coming up blessed be God and a few of the men are coming up with them. But man is in a tight place, the poor slave is on him, woman is coming on him, he is surely between a hawk and a buzzard.<br />
</blockquote><br />
<br />
About a decade later, women's rights and abolition activist Gage published a different version, featuring a heavy Southern dialect, recalled from her memory. Following is her recalling of the speech, with the Southern dialect edited to more common English for easier reading:<br />
<br />
<blockquote><br />
The leaders of the movement trembled on seeing a tall, gaunt black woman in a gray dress and white turban, surmounted with an uncouth sunbonnet, march deliberately into the church, walk with the air of a queen up the aisle, and take her seat upon the pulpit steps. A buzz of disapprobation was heard all over the house, and there fell on the listening ear, 'An abolition affair!" "Woman's rights and niggers!" "I told you so!" "Go it, darkey!" . . Again and again, timorous and trembling ones came to me and said, with earnestness, "Don't let her speak, Mrs. Gage, it will ruin us. Every newspaper in the land will have our cause mixed up with abolition and niggers, and we shall be utterly denounced." My only answer was, "We shall see when the time comes."<br />
<br />
The second day the work waxed warm. Methodist, Baptist, Episcopal, Presbyterian, and Universalist minister came in to hear and discuss the resolutions presented. One claimed superior rights and privileges for man, on the ground of "superior intellect"; another, because of the "manhood of Christ; if God had desired the equality of woman, He would have given some token of His will through the birth, life, and death of the Saviour." Another gave us a theological view of the "sin of our first mother."<br />
<br />
There were very few women in those days who dared to "speak in meeting"; and the august teachers of the people were seemingly getting the better of us, while the boys in the galleries, and the sneerers among the pews, were hugely enjoying the discomfiture as they supposed, of the "strong-minded." Some of the tender-skinned friends were on the point of losing dignity, and the atmosphere betokened a storm. When, slowly from her seat in the corner rose Sojourner Truth, who, till now, had scarcely lifted her head. "Don't let her speak!" gasped half a dozen in my ear. She moved slowly and solemnly to the front, laid her old bonnet at her feet, and turned her great speaking eyes to me. There was a hissing sound of disapprobation above and below. I rose and announced, "Sojourner Truth," and begged the audience to keep silence for a few moments.<br />
<br />
The tumult subsided at once, and every eye was fixed on this almost Amazon form, which stood nearly six feet high, head erect, and eyes piercing the upper air like one in a dream. At her first word there was a profound hush. She spoke in deep tones, which, though not loud, reached every ear in the house, and away through the throng at the doors and windows.<br />
<br />
"Well, children, where there is so much racket there must be somethin' out o' kilter. I think that twixt the niggers of the South and the women of the North, all talkin' about rights, the white man will be in a fix pretty soon. But what's all this here talkin' about?"<br />
<br />
"That man over there say that women need to be helped into carriages, and lifted over ditches, and to have the best place everywhere. Nobody ever helps me into carriages, or over mud-puddles, or gives me any best place!" And raising herself to her full height, and her voice to a pitch like rolling thunder, she asked. "And ain't I a woman? Look at me! Look at my arm! (and she bared her right arm to the shoulder, showing her tremendous muscular power). I have plowed, and planted, and gathered into barns, and no man could head me! And ain't I a woman? I could work as much and eat as much as a man--when I could get it--and bear the lash as well! And ain't I a woman? I have born thirteen children, and seen 'em most all sold off to slavery, and when I cried out with my mother's grief, none but Jesus heard me! And ain't I a woman?"<br />
<br />
"Then they talk 'bout this thing in the head; what this they call it?" ("Intellect," whispered some one near.) "That's it, honey. What's that got to do with women's rights or nigger's rights? If my cup won't hold but a pint, and yours holds a quart, wouldn't you be mean not to let me have my little half-measure full?" And she pointed her significant finger, and sent a keen glance at the minister who had made the argument. The cheering was long and loud.<br />
<br />
"Then that little man in black there, he says women can't have as much rights as men, 'cause Christ wasn't a woman! Where did your Christ come from?" Rolling thunder couldn't have stilled that crowd, as did those deep, wonderful tones, as she stood there with outstretched arms and eyes of fire. Raising her voice still louder, she repeated, "Where did your Christ come from? From God and a woman! Man had nothin' to do with Him." Oh, what a rebuke that was to that little man.<br />
<br />
Turning again to another objector, she took up the defense of Mother Eve. I can not follow her through it all. It was pointed, and witty, and solemn; eliciting at almost every sentence deafening applause; and she ended by asserting: "If the first woman God ever made was strong enough to turn the world upside down all alone, these women together (and she glanced her eye over the platform) ought to be able to turn it back, and get it right side up again! And now they're asking to do it, the men better let 'em." Long-continued cheering greeted this. "Obliged to you for hearin' on me, and now ole Sojourner hasn't got nothin' more to say."<br />
</blockquote><br />
<br />
In 1892 another Black woman, [[Anna Julia Cooper]] published ''A Voice from the South'', a book in which she described the importance of the voices of Black women for social change. Another exemplary Black feminist, [[Ida B. Wells]], an activist and journalist, led a crusade against lynching during the 1890s. The work of these and other Black women shows how Black community politics laid the foundation for social justice toward sexism from Black men, marginalization from White feminists, and disenfranchisement under White male privilege.<br />
<br />
== Intersectionality ==<br />
<br />
A central theme in black feminism is ''intersectionality'', which refers to the ways gender, race, and other social categories (such as class, sexual orientation, etc.) interact or "intersect" to influence an individual's life outcomes and experiences of oppression. The term was first coined by legal scholar [[Kimberlé Crenshaw]] in 1989, though the concept predates her coining of the term. <br />
<br />
In the 1970s, a group of Black women formed the Combahee River Collective. They saw intersectionality (as it is called today) as integral to the distinction between their movement and that of White feminism, because “the major source of difficulty in our political work is that we are not just trying to fight oppression on one front or even two, but instead to address a whole range of oppressions”. During the twentieth century, Black women remained active in social justice movements as Black feminism and intersectionality expanded into academic and professional discourse. Women like sociologist Patricia Hill Collins, critical race scholar Kimberlé Crenshaw, and writer bell hooks are a few examples.<br />
<br />
In recent years, the term intersectionality has frequently been misappropriated by [[Trans activism|transgender activists]], who insist that intersectional feminism must center male people who identify as [[Transwoman|transwomen]] and frequently make comparisons between Black women and transwomen, which some Black women find to be incorrect and racist, since Black women, unlike transwomen, are unambiguously [[female]].<br />
<br />
== References ==<br />
<br />
* https://www.blackfeminisms.com/black-feminism/<br />
* https://www.blackfeminisms.com/black-feminism-defined/<br />
* https://en.wikipedia.org/wiki/Ain't_I_a_Woman?<br />
* https://en.wikipedia.org/wiki/Intersectionality<br />
* https://sisteroutrider.wordpress.com/</div>SocJusWizhttps://feministwiki.org/w/index.php?title=Main_Page&diff=119Main Page2018-09-29T16:41:36Z<p>SocJusWiz: </p>
<hr />
<div>{| class="wikitable" style="float: right"<br />
! Services<br />
|-<br />
| [https://chat.feministwiki.org/ FeministChat]<br />
|-<br />
| [https://forum.feministwiki.org/ FeministForum]<br />
|-<br />
| [https://mail.feministwiki.org/ FeministMail]<br />
|-<br />
| [https://files.feministwiki.org/ FeministFiles]<br />
|-<br />
| [[FeministWiki:Services#FeministIRC|FeministIRC]]<br />
|-<br />
| [https://add-member.feministwiki.org/ Add a member]<br />
|}<br />
<br />
Welcome to '''FeministWiki''', a wiki and a digital home for the feminist community.<br />
<br />
A wiki is a knowledge-base like an encyclopedia, but managed by the public. The FeministWiki specializes on feminism, and is managed by feminists and their supporters. Further, the FeministWiki platform offers an integrated "digital home" for feminists, consisting of a chat, forum, email accounts (''janedoe@feministwiki.org''), per-member and shared file storage, and more. To become a member, all you need to do is contact an existing member and let them know about your commitment to the feminist cause. You can also contact the project's technician at [mailto:admin@feministwiki.org admin@feministwiki.org] or [https://twitter.com/FeministWiki @FeministWiki] on Twitter.<br />
<br />
Once you are a member, you will be given a username and password with which you can log in to all FeministWiki services. If you want more detailed information, you can read the [[FeministWiki:Membership|details about membership]] or [[FeministWiki:Services|details about the services]]. For an introduction to wiki editing, see [[FeministWiki:Help|our small help page]] or the bigger [https://www.mediawiki.org/wiki/Help:Contents MediaWiki help page].<br />
<br />
Heads up: '''the FeministWiki needs you'''. All of the technical infrastructure of the FeministWiki is only useful if there's a community making use of it, and content on the wiki doesn't write itself! Be bold, don't shy off of asking for membership, and let the community and the world benefit from your added knowledge. You can become a member even if you have no intention to contribute to the actual wiki; feel free to chat away with other members, discuss matters important to you on the forum, or use the file storage to have a central place to store your favorite information-material on feminism.<br />
<br />
The project is mere months old and the community is yet in an infantile stage, but with your contribution, it will grow.<br />
<br />
== What is feminism? ==<br />
<br />
There are a variety of ideological groupings which call themselves feminism, and some of them are in contradiction with each other. As such, a feminist community cannot possibly support all ideologies that have been labelled feminism. The FeministWiki is for feminists who adhere to a relatively straightforward and classical interpretation of feminism: the liberation of female people from male supremacy. This is sometimes called ''radical feminism'' because male supremacy is a radical notion for many people, and its elimination requires radical changes to society.<br />
<br />
Male supremacy refers to social and political systems that use stereotypes, myths, discrimination, belittlement, violence, and other means to keep female people down, so male people can exploit them for domestic labor, sexual enjoyment, reproductive work, or even unearned emotional support. While male supremacy primarily targets women and girls for exploitation, it also causes collateral damage to men and boys, because it requires them to uphold the myth of male superiority, punishing those who can't or won't fulfill their role.<br />
<br />
The FeministWiki promotes second-wave feminist literature:<br />
<br />
* [https://radfem.org/ Radical Feminist Archives]<br />
<br />
Further, the FeministWiki promotes and stands in solidarity with the following groups and organizations:<br />
<br />
* [http://womensliberationfront.org/ WoLF]: The Women's Liberation Front<br />
* [https://feministcurrent.com/ Feminist Current]: Canadian feminist news, commentary, and podcasts<br />
* [https://nordicmodelnow.org/ Nordic Model Now]: Educational movement for the abolition of prostitution<br />
* [http://www.spaceintl.org/ SPACE International]: Survivors of Prostitution Abuse Calling for Enlightenment<br />
* [https://womansplaceuk.org/ Women's Place UK]: Women's campaigning group scrutinizing gender self-identification<br />
* [https://pussychurchofmodernwitchcraft.com/ The Pussy Church of Modern Witchcraft]: Lesbian-led Church for Women and Girls<br />
<br />
== Who's behind the project? ==<br />
<br />
The FeministWiki belongs to the community. However, the technical infrastructure is managed by [[FeministWiki:Technician|the technician]]. The first technician, who set up the infrastructure, is a male computer programmer who goes by the pseudonym "Social Justice Wizard" (humor intended) on [https://twitter.com/socjuswiz Twitter] and [https://medium.com/@socjuswiz Medium]. The technician has no leadership role in the community. She or he is solely responsible for managing the infrastructure, offering technical support, and receiving membership requests. For now, he also pays the bills (a relatively small sum) needed to run the infrastructure.<br />
<br />
* [[FeministWiki:Todo|Project Todo]]<br />
* [[FeministWiki:TechnicalDocumentation|Technical Documentation]]<br />
<br />
{{#seo:<br />
|title=FeministWiki - A wiki and digital home for the feminist community<br />
|keywords=feminist feminism wiki feministwiki feminismwiki<br />
|description=Welcome to the FeministWiki, a wiki about feminism and a digital home for the feminist community<br />
|twitter:card=summary<br />
|twitter:site=@FeministWiki<br />
|twitter:image:src=https://feministwiki.org/w/resources/assets/wiki.png<br />
}}</div>SocJusWizhttps://feministwiki.org/w/index.php?title=Main_Page&diff=118Main Page2018-09-29T16:41:24Z<p>SocJusWiz: /* What is feminism? */</p>
<hr />
<div>{| class="wikitable" style="float: right"<br />
! Services<br />
|-<br />
| [https://chat.feministwiki.org/ FeministChat]<br />
|-<br />
| [https://forum.feministwiki.org/ FeministForum]<br />
|-<br />
| [https://mail.feministwiki.org/ FeministMail]<br />
|-<br />
| [https://files.feministwiki.org/ FeministFiles]<br />
|-<br />
| [[FeministWiki:Services#FeministIRC|FeministIRC]]<br />
|-<br />
| [https://add-member.feministwiki.org/ Add a member]<br />
|}<br />
<br />
Welcome to '''FeministWiki''', a wiki and digital home for the feminist community.<br />
<br />
A wiki is a knowledge-base like an encyclopedia, but managed by the public. The FeministWiki specializes on feminism, and is managed by feminists and their supporters. Further, the FeministWiki platform offers an integrated "digital home" for feminists, consisting of a chat, forum, email accounts (''janedoe@feministwiki.org''), per-member and shared file storage, and more. To become a member, all you need to do is contact an existing member and let them know about your commitment to the feminist cause. You can also contact the project's technician at [mailto:admin@feministwiki.org admin@feministwiki.org] or [https://twitter.com/FeministWiki @FeministWiki] on Twitter.<br />
<br />
Once you are a member, you will be given a username and password with which you can log in to all FeministWiki services. If you want more detailed information, you can read the [[FeministWiki:Membership|details about membership]] or [[FeministWiki:Services|details about the services]]. For an introduction to wiki editing, see [[FeministWiki:Help|our small help page]] or the bigger [https://www.mediawiki.org/wiki/Help:Contents MediaWiki help page].<br />
<br />
Heads up: '''the FeministWiki needs you'''. All of the technical infrastructure of the FeministWiki is only useful if there's a community making use of it, and content on the wiki doesn't write itself! Be bold, don't shy off of asking for membership, and let the community and the world benefit from your added knowledge. You can become a member even if you have no intention to contribute to the actual wiki; feel free to chat away with other members, discuss matters important to you on the forum, or use the file storage to have a central place to store your favorite information-material on feminism.<br />
<br />
The project is mere months old and the community is yet in an infantile stage, but with your contribution, it will grow.<br />
<br />
== What is feminism? ==<br />
<br />
There are a variety of ideological groupings which call themselves feminism, and some of them are in contradiction with each other. As such, a feminist community cannot possibly support all ideologies that have been labelled feminism. The FeministWiki is for feminists who adhere to a relatively straightforward and classical interpretation of feminism: the liberation of female people from male supremacy. This is sometimes called ''radical feminism'' because male supremacy is a radical notion for many people, and its elimination requires radical changes to society.<br />
<br />
Male supremacy refers to social and political systems that use stereotypes, myths, discrimination, belittlement, violence, and other means to keep female people down, so male people can exploit them for domestic labor, sexual enjoyment, reproductive work, or even unearned emotional support. While male supremacy primarily targets women and girls for exploitation, it also causes collateral damage to men and boys, because it requires them to uphold the myth of male superiority, punishing those who can't or won't fulfill their role.<br />
<br />
The FeministWiki promotes second-wave feminist literature:<br />
<br />
* [https://radfem.org/ Radical Feminist Archives]<br />
<br />
Further, the FeministWiki promotes and stands in solidarity with the following groups and organizations:<br />
<br />
* [http://womensliberationfront.org/ WoLF]: The Women's Liberation Front<br />
* [https://feministcurrent.com/ Feminist Current]: Canadian feminist news, commentary, and podcasts<br />
* [https://nordicmodelnow.org/ Nordic Model Now]: Educational movement for the abolition of prostitution<br />
* [http://www.spaceintl.org/ SPACE International]: Survivors of Prostitution Abuse Calling for Enlightenment<br />
* [https://womansplaceuk.org/ Women's Place UK]: Women's campaigning group scrutinizing gender self-identification<br />
* [https://pussychurchofmodernwitchcraft.com/ The Pussy Church of Modern Witchcraft]: Lesbian-led Church for Women and Girls<br />
<br />
== Who's behind the project? ==<br />
<br />
The FeministWiki belongs to the community. However, the technical infrastructure is managed by [[FeministWiki:Technician|the technician]]. The first technician, who set up the infrastructure, is a male computer programmer who goes by the pseudonym "Social Justice Wizard" (humor intended) on [https://twitter.com/socjuswiz Twitter] and [https://medium.com/@socjuswiz Medium]. The technician has no leadership role in the community. She or he is solely responsible for managing the infrastructure, offering technical support, and receiving membership requests. For now, he also pays the bills (a relatively small sum) needed to run the infrastructure.<br />
<br />
* [[FeministWiki:Todo|Project Todo]]<br />
* [[FeministWiki:TechnicalDocumentation|Technical Documentation]]<br />
<br />
{{#seo:<br />
|title=FeministWiki - A wiki and digital home for the feminist community<br />
|keywords=feminist feminism wiki feministwiki feminismwiki<br />
|description=Welcome to the FeministWiki, a wiki about feminism and a digital home for the feminist community<br />
|twitter:card=summary<br />
|twitter:site=@FeministWiki<br />
|twitter:image:src=https://feministwiki.org/w/resources/assets/wiki.png<br />
}}</div>SocJusWizhttps://feministwiki.org/w/index.php?title=Main_Page&diff=117Main Page2018-09-29T13:13:11Z<p>SocJusWiz: </p>
<hr />
<div>{| class="wikitable" style="float: right"<br />
! Services<br />
|-<br />
| [https://chat.feministwiki.org/ FeministChat]<br />
|-<br />
| [https://forum.feministwiki.org/ FeministForum]<br />
|-<br />
| [https://mail.feministwiki.org/ FeministMail]<br />
|-<br />
| [https://files.feministwiki.org/ FeministFiles]<br />
|-<br />
| [[FeministWiki:Services#FeministIRC|FeministIRC]]<br />
|-<br />
| [https://add-member.feministwiki.org/ Add a member]<br />
|}<br />
<br />
Welcome to '''FeministWiki''', a wiki and digital home for the feminist community.<br />
<br />
A wiki is a knowledge-base like an encyclopedia, but managed by the public. The FeministWiki specializes on feminism, and is managed by feminists and their supporters. Further, the FeministWiki platform offers an integrated "digital home" for feminists, consisting of a chat, forum, email accounts (''janedoe@feministwiki.org''), per-member and shared file storage, and more. To become a member, all you need to do is contact an existing member and let them know about your commitment to the feminist cause. You can also contact the project's technician at [mailto:admin@feministwiki.org admin@feministwiki.org] or [https://twitter.com/FeministWiki @FeministWiki] on Twitter.<br />
<br />
Once you are a member, you will be given a username and password with which you can log in to all FeministWiki services. If you want more detailed information, you can read the [[FeministWiki:Membership|details about membership]] or [[FeministWiki:Services|details about the services]]. For an introduction to wiki editing, see [[FeministWiki:Help|our small help page]] or the bigger [https://www.mediawiki.org/wiki/Help:Contents MediaWiki help page].<br />
<br />
Heads up: '''the FeministWiki needs you'''. All of the technical infrastructure of the FeministWiki is only useful if there's a community making use of it, and content on the wiki doesn't write itself! Be bold, don't shy off of asking for membership, and let the community and the world benefit from your added knowledge. You can become a member even if you have no intention to contribute to the actual wiki; feel free to chat away with other members, discuss matters important to you on the forum, or use the file storage to have a central place to store your favorite information-material on feminism.<br />
<br />
The project is mere months old and the community is yet in an infantile stage, but with your contribution, it will grow.<br />
<br />
== What is feminism? ==<br />
<br />
There are a variety of ideological groupings which call themselves feminism, and some of them are in contradiction with each other. As such, a feminist community cannot possibly support all ideologies that have been labelled feminism. The FeministWiki is for feminists who adhere to a relatively straightforward and classical interpretation of feminism: the liberation of female people from male supremacy. This is sometimes also called ''radical feminism'' because male supremacy is a radical notion for many people.<br />
<br />
Male supremacy refers to social and political systems that use stereotypes, myths, discrimination, belittlement, violence, and other means to keep female people down, so male people can exploit them for domestic labor, sexual enjoyment, reproductive work, or even unearned emotional support. While male supremacy primarily targets women and girls for exploitation, it also causes collateral damage to men and boys, because it requires them to uphold the myth of male superiority, punishing those who can't or won't fulfill their role.<br />
<br />
The FeministWiki promotes second-wave feminist literature:<br />
<br />
* [https://radfem.org/ Radical Feminist Archives]<br />
<br />
Further, the FeministWiki promotes and stands in solidarity with the following groups and organizations:<br />
<br />
* [http://womensliberationfront.org/ WoLF]: The Women's Liberation Front<br />
* [https://feministcurrent.com/ Feminist Current]: Canadian feminist news, commentary, and podcasts<br />
* [https://nordicmodelnow.org/ Nordic Model Now]: Educational movement for the abolition of prostitution<br />
* [http://www.spaceintl.org/ SPACE International]: Survivors of Prostitution Abuse Calling for Enlightenment<br />
* [https://womansplaceuk.org/ Women's Place UK]: Women's campaigning group scrutinizing gender self-identification<br />
* [https://pussychurchofmodernwitchcraft.com/ The Pussy Church of Modern Witchcraft]: Lesbian-led Church for Women and Girls<br />
<br />
== Who's behind the project? ==<br />
<br />
The FeministWiki belongs to the community. However, the technical infrastructure is managed by [[FeministWiki:Technician|the technician]]. The first technician, who set up the infrastructure, is a male computer programmer who goes by the pseudonym "Social Justice Wizard" (humor intended) on [https://twitter.com/socjuswiz Twitter] and [https://medium.com/@socjuswiz Medium]. The technician has no leadership role in the community. She or he is solely responsible for managing the infrastructure, offering technical support, and receiving membership requests. For now, he also pays the bills (a relatively small sum) needed to run the infrastructure.<br />
<br />
* [[FeministWiki:Todo|Project Todo]]<br />
* [[FeministWiki:TechnicalDocumentation|Technical Documentation]]<br />
<br />
{{#seo:<br />
|title=FeministWiki - A wiki and digital home for the feminist community<br />
|keywords=feminist feminism wiki feministwiki feminismwiki<br />
|description=Welcome to the FeministWiki, a wiki about feminism and a digital home for the feminist community<br />
|twitter:card=summary<br />
|twitter:site=@FeministWiki<br />
|twitter:image:src=https://feministwiki.org/w/resources/assets/wiki.png<br />
}}</div>SocJusWizhttps://feministwiki.org/w/index.php?title=Main_Page&diff=116Main Page2018-09-29T13:06:09Z<p>SocJusWiz: </p>
<hr />
<div>{| class="wikitable" style="float: right"<br />
! Services<br />
|-<br />
| [https://chat.feministwiki.org/ FeministChat]<br />
|-<br />
| [https://forum.feministwiki.org/ FeministForum]<br />
|-<br />
| [https://mail.feministwiki.org/ FeministMail]<br />
|-<br />
| [https://files.feministwiki.org/ FeministFiles]<br />
|-<br />
| [[FeministWiki:Services#FeministIRC|FeministIRC]]<br />
|-<br />
| [https://add-member.feministwiki.org/ Add a member]<br />
|}<br />
<br />
Welcome to '''FeministWiki''', a wiki and digital home for the feminist community.<br />
<br />
A wiki is a knowledge-base like an encyclopedia, but managed by the public. The FeministWiki specializes on feminism, and is managed by feminists and their supporters. Further, the FeministWiki platform offers an integrated "digital home" for feminists, consisting of a chat, forum, email accounts (''janedoe@feministwiki.org''), per-member and shared file storage, and more. To become a member, all you need to do is contact an existing member and let them know about your commitment to the feminist cause. You can also contact the project's technician at [mailto:admin@feministwiki.org admin@feministwiki.org] or [https://twitter.com/FeministWiki @FeministWiki] on Twitter.<br />
<br />
Once you are a member, you will be given a username and password with which you can log in to all FeministWiki services. You can read more about the details of membership [[FeministWiki:Membership|here]], and more about the details of each service [[FeministWiki:Services|here]]. For an introduction to wiki editing, see [[FeministWiki:Help|our small help page]] or the bigger [https://www.mediawiki.org/wiki/Help:Contents MediaWiki help page].<br />
<br />
Heads up: '''the FeministWiki needs you'''. All of the technical infrastructure of the FeministWiki is only useful if there's a community making use of it, and content on the wiki doesn't write itself! Be bold, don't shy off of asking for membership, and let the community and the world benefit from your added knowledge. You can become a member even if you have no intention to contribute to the actual wiki; feel free to chat away with other members, discuss matters important to you on the forum, or use the file storage to have a central place to store your favorite information-material on feminism.<br />
<br />
The project is mere months old and the community is yet in an infantile stage, but with your contribution, it will grow.<br />
<br />
== What is feminism? ==<br />
<br />
There are a variety of ideological groupings which call themselves feminism, and some of them are in contradiction with each other. As such, a feminist community cannot possibly support all ideologies that have been labelled feminism. The FeministWiki is for feminists who adhere to a relatively straightforward and classical interpretation of feminism: the liberation of female people from male supremacy. This is sometimes also called ''radical feminism'' because male supremacy is a radical notion for many people.<br />
<br />
Male supremacy refers to social and political systems that use stereotypes, myths, discrimination, belittlement, violence, and other means to keep female people down, so male people can exploit them for domestic labor, sexual enjoyment, reproductive work, or even unearned emotional support. While male supremacy primarily targets women and girls for exploitation, it also causes collateral damage to men and boys, because it requires them to uphold the myth of male superiority, punishing those who can't or won't fulfill their role.<br />
<br />
The FeministWiki promotes second-wave feminist literature:<br />
<br />
* [https://radfem.org/ Radical Feminist Archives]<br />
<br />
Further, the FeministWiki promotes and stands in solidarity with the following groups and organizations:<br />
<br />
* [http://womensliberationfront.org/ WoLF]: The Women's Liberation Front<br />
* [https://feministcurrent.com/ Feminist Current]: Canadian feminist news, commentary, and podcasts<br />
* [https://nordicmodelnow.org/ Nordic Model Now]: Educational movement for the abolition of prostitution<br />
* [http://www.spaceintl.org/ SPACE International]: Survivors of Prostitution Abuse Calling for Enlightenment<br />
* [https://womansplaceuk.org/ Women's Place UK]: Women's campaigning group scrutinizing gender self-identification<br />
* [https://pussychurchofmodernwitchcraft.com/ The Pussy Church of Modern Witchcraft]: Lesbian-led Church for Women and Girls<br />
<br />
== Who's behind the project? ==<br />
<br />
The FeministWiki belongs to the community. However, the technical infrastructure is managed by [[FeministWiki:Technician|the technician]]. The first technician, who set up the infrastructure, is a male computer programmer who goes by the pseudonym "Social Justice Wizard" (humor intended) on [https://twitter.com/socjuswiz Twitter] and [https://medium.com/@socjuswiz Medium]. The technician has no leadership role in the community. She or he is solely responsible for managing the infrastructure, offering technical support, and receiving membership requests. For now, he also pays the bills (a relatively small sum) needed to run the infrastructure. See [[FeministWiki:Todo|here]] for the technician's personal Todo-list regarding the project, and [[FeministWiki:TechnicalDocumentation|here]] for technical documentation of the infrastructure.<br />
<br />
{{#seo:<br />
|title=FeministWiki - A wiki and digital home for the feminist community<br />
|keywords=feminist feminism wiki feministwiki feminismwiki<br />
|description=Welcome to the FeministWiki, a wiki about feminism and a digital home for the feminist community<br />
|twitter:card=summary<br />
|twitter:site=@FeministWiki<br />
|twitter:image:src=https://feministwiki.org/w/resources/assets/wiki.png<br />
}}</div>SocJusWizhttps://feministwiki.org/w/index.php?title=Main_Page&diff=115Main Page2018-09-29T11:39:04Z<p>SocJusWiz: </p>
<hr />
<div>Welcome to '''FeministWiki''', a wiki and a digital home for the international Feminist community.<br />
<br />
Apart from this wiki, the FeministWiki offers the following services to its members:<br />
<br />
* [https://chat.feministwiki.org/ FeministChat]<br />
* [https://forum.feministwiki.org/ FeministForum]<br />
* [https://mail.feministwiki.org/ FeministMail]<br />
* [https://files.feministwiki.org/ FeministFiles]<br />
* [[FeministWiki:Services#FeministIRC|FeministIRC]]<br />
* [https://add-member.feministwiki.org/ Add a member]<br />
<br />
For detailed information about each service, [[FeministWiki:Services|see here]].<br />
<br />
For an introduction to wiki editing, see [[FeministWiki:Help|our small help page]] or the bigger [https://www.mediawiki.org/wiki/Help:Contents MediaWiki help page].<br />
<br />
To become a [[FeministWiki:Membership|member]], you need to be added by an existing member.<br />
<br />
Alternatively, you can mail the [[FeministWiki:Technician|technician]] at [mailto:admin@feministwiki.org admin@feministwiki.org] and tell a little about what Feminism means to you.<br />
<br />
The FeministWiki promotes second-wave feminist literature:<br />
<br />
* [https://radfem.org/ Radical Feminist Archives]<br />
<br />
The FeministWiki promotes and stands in solidarity with the following groups and organizations:<br />
<br />
* [http://womensliberationfront.org/ WoLF]: The Women's Liberation Front<br />
* [https://feministcurrent.com/ Feminist Current]: Canadian feminist news, commentary, and podcasts<br />
* [https://nordicmodelnow.org/ Nordic Model Now]: Educational movement for the abolition of prostitution<br />
* [http://www.spaceintl.org/ SPACE International]: Survivors of Prostitution Abuse Calling for Enlightenment<br />
* [https://womansplaceuk.org/ Women's Place UK]: Women's campaigning group scrutinizing gender self-identification<br />
* [https://pussychurchofmodernwitchcraft.com/ The Pussy Church of Modern Witchcraft]: Lesbian-led Church for Women and Girls<br />
<br />
<br />
Todo-list of the technician: [[FeministWiki:Todo]]<br />
<br />
Documentation of the infrastructure: [[FeministWiki:TechnicalDocumentation]]<br />
<br />
{{#seo:<br />
|title=FeministWiki - A wiki and digital home for the feminist community<br />
|keywords=feminist feminism wiki feministwiki feminismwiki<br />
|description=Welcome to the FeministWiki, a wiki about feminism and a digital home for the feminist community<br />
|twitter:card=summary<br />
|twitter:site=@FeministWiki<br />
|twitter:image:src=https://feministwiki.org/w/resources/assets/wiki.png<br />
}}</div>SocJusWizhttps://feministwiki.org/w/index.php?title=FeministWiki:Technical_documentation&diff=114FeministWiki:Technical documentation2018-09-24T21:18:56Z<p>SocJusWiz: /* Special DNS entries */</p>
<hr />
<div>This page documents the FeministWiki's technical infrastructure, the target audience being technicians.<br />
<br />
== Hosts ==<br />
<br />
The following table documents the basic DNS configuration, and can be used as part of the <code>/etc/hosts</code> file on each server to obviate the need for DNS lookups when connecting to one another.<br />
<br />
{| class="wikitable"<br />
!IP !! FQDN !! Host !! Purpose<br />
|-<br />
|85.214.101.34 || feministwiki.org || || Wiki<br />
|-<br />
|85.214.101.34 || www.feministwiki.org || www || Wiki<br />
|-<br />
|85.214.101.34 || ldap.feministwiki.org || ldap || LDAP<br />
|-<br />
|85.214.101.34 || chat.feministwiki.org || chat || Web-client for XMPP<br />
|-<br />
|85.214.101.34 || forum.feministwiki.org || forum || BBS Forum<br />
|-<br />
|85.214.101.34 || mail.feministwiki.org || mail || Web-client for Mail<br />
|-<br />
|85.214.101.34 || files.feministwiki.org || files || File storage<br />
|-<br />
|85.214.101.34 || imap.feministwiki.org || imap || IMAP<br />
|-<br />
|85.214.101.34 || smtp.feministwiki.org || smtp || SMTP<br />
|-<br />
|85.214.101.34 || xmpp.feministwiki.org || xmpp || XMPP<br />
|-<br />
|85.214.101.34 || irc.feministwiki.org || irc || IRC<br />
|-<br />
|85.214.101.34 || social.feministwiki.org || social || GNU social<br />
|-<br />
|85.214.101.34 || add-member.feministwiki.org || add-member || Add a member<br />
|}<br />
<br />
(As you can see, all services are on the same server for now.)<br />
<br />
== Special DNS entries ==<br />
<br />
For CAA:<br />
<br />
{| class="wikitable"<br />
!Type !! Name !! Flag !! Tag !! Value <br />
|-<br />
|CAA || @ || 0 || issue || letsencrypt.org<br />
|-<br />
|CAA || @ || 0 || iodef || admin@feministwiki.org<br />
|}<br />
<br />
For email:<br />
<br />
{| class="wikitable"<br />
!Type !! Host !! Data !! Purpose<br />
|-<br />
|MX || @ || smtp.feministwiki.org || Mail server<br />
|-<br />
|TXT || @ || v=spf1 mx -all || SPF<br />
|-<br />
|TXT || mail._domainkey || v=DKIM1; k=rsa; p=<pubkey> || DKIM<br />
|-<br />
|TXT || _dmarc || v=DMARC1; p=reject; rua=<nowiki>mailto:admin</nowiki>@feministwiki.org || DMARC<br />
|-<br />
|TXT || @ || google-site-verification=<key> || Google Site Verification<br />
|}<br />
<br />
For XMPP:<br />
<br />
{| class="wikitable"<br />
!Type !! Service !! Protocol !! Name !! Destination !! Port<br />
|-<br />
|SRV || _xmpp-client || _tcp || @ || xmpp.feministwiki.org || 5222<br />
|-<br />
|SRV || _xmpp-server || _tcp || @ || xmpp.feministwiki.org || 5269<br />
|}<br />
<br />
== SSH access ==<br />
<br />
FeministWiki hosts have ssh enabled for <code>root</code> access, but password login is disabled. You must own a valid private key to log in.<br />
<br />
== Git repo of scripts and configuration ==<br />
<br />
The following GitHub account hosts repositories with scripts and configuration used by the FeministWiki:<br />
<br />
https://github.com/FeministWiki<br />
<br />
== Certs ==<br />
<br />
The FeministWiki uses LetsEncrypt to acquire digital certificates for encrypted communication.<br />
<br />
To ease use of the letsencrypt command, the file <code>/root/etc/domains</code> contains all the FQDNs used by the FeministWiki, one per line. Given that, the preferred way to populate the <code>/etc/letsencrypt/live/feministwiki.org</code> directory with fresh certs is to run the following command while TCP port 80 is free (e.g. stop Apache first):<br />
<br />
letsencrypt certonly --authenticator standalone -d "$(tr '\n' ',' < /root/etc/domains)"<br />
<br />
Additionally, for programs that require a cert file and its private key in a single combined <code>.pem</code> file, run the following commands to generate such a file:<br />
<br />
cd /etc/letsencrypt/live/feministwiki.org<br />
cat fullchain.pem privkey.pem > certbundle.pem<br />
<br />
The script <code>/root/bin/letsencrypt-refresh</code> '''does all of the above''', so in practice you just need to run the following commands to recreate the cert:<br />
<br />
service apache2 stop # Assuming Apache is running on the machine<br />
letsencrypt-refresh<br />
service apache2 start<br />
<br />
The above can be used not only to refresh a cert that's running out, but also to add a new domain to the cert. Just add the domain to <code>/root/etc/domains</code> and run the commands.<br />
<br />
Note that the letsencrypt command doesn't work well on a "dumb" terminal such as an Emacs shell buffer. Make sure to run it from within a proper terminal emulator.<br />
<br />
=== Readability of the key files ===<br />
<br />
To ensure that processes running under unprivileged users can read key files, ensure that the users they run under are members of the <code>ssl-cert</code> group, which should have read access to the files in <code>/etc/letsencrypt/live/feministwiki.org</code>.<br />
<br />
== Services ==<br />
<br />
This section documents the individual services of the FeministWiki. They should work regardless of what server they're on. I.e. every service could in theory be hosted on its own server.<br />
<br />
=== LDAP ===<br />
<br />
Host: ldap.feministwiki.org <br/><br />
Software: OpenLDAP<br />
<br />
The LDAP service contains the central database of FeministWiki members. The structure looks like this:<br />
<br />
* dc=feministwiki,dc=org<br />
** ou=members<br />
*** cn=''username'' <br/> objectClass: inetOrgPerson <br/> cn: ''username'' <br/> uid: ''username'' <br/> sn: - <br/> userPassword: {SSHA}''saltedhash'' <br/> mail: ''username''@feministwiki.org<br />
*** cn=''username2'' <br/> objectClass: inetOrgPerson <br/> cn: ''username2'' <br/> uid: ''username2'' <br/> sn: - <br/> userPassword: {SSHA}''saltedhash2'' <br/> mail: ''username2''@feministwiki.org <br/> manager: cn=''username'',ou=members,dc=feministwiki,dc=org<br />
*** ...<br />
** ou=groups<br />
*** cn=members <br/> objectClass: groupOfNames <br/> cn: members <br/> member: ''username'' <br/> member: ''username2'' <br/> member: ...<br />
<br />
Notes:<br />
* The <code>cn</code> (common name) and <code>uid</code> (user ID) fields both contain the username. This is because some software is preconfigured to look at <code>uid</code>, while most look at <code>cn</code>.<br />
* The <code>sn</code> (surname) field simply contains a minus character as a placeholder, because it's a mandatory field.<br />
* The <code>manager</code> field is optional and we use it to record the member who added the member in question.<br />
<br />
To make sure passwords are stored with the <code>{SSHA}</code> scheme rather than plain text, the <code>ppolicy</code> "password policy overlay" is used. ZYTRAX has a very nice book about LDAP which documents how to enable this: http://www.zytrax.com/books/ldap/ch6/ppolicy.html<br />
<br />
In short, the steps go as follows (these commands ''should'' work verbatim):<br />
<br />
# Add the ppolicy schema<br />
ldapadd -Y external -H ldapi:/// < /etc/ldap/schema/ppolicy.ldif<br />
<br />
# Enable the ppolicy dynamic module<br />
ldapmodify -Y external -H ldapi:/// <<EOF<br />
dn: cn=module{0},cn=config<br />
changetype: modify<br />
add: olcModuleLoad<br />
olcModuleLoad: ppolicy<br />
EOF<br />
<br />
# Add the ppolicy overlay with olcPPolicyHashCleartext set to TRUE<br />
ldapadd -Y external -H ldapi:/// <<EOF<br />
dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config<br />
objectClass: olcPPolicyConfig<br />
olcOverlay: ppolicy<br />
olcPPolicyHashCleartext: TRUE<br />
EOF<br />
<br />
=== Wiki ===<br />
<br />
Host: feministwiki.org, www.feministwiki.org <br/><br />
Software: MediaWiki<br />
<br />
The wiki uses a [https://www.mediawiki.org/wiki/MediaWiki MediaWiki] installation located at <code>/var/www/wiki/w</code> with the [https://www.mediawiki.org/wiki/Extension:LDAP_Authentication LDAP Authentication] plugin for login management and the "Short URL" feature enabled with help of Apache's vhost configuration, which is located at <code>/etc/apache2/sites-available/wiki.conf</code>.<br />
<br />
The wiki uses the SQL database called "feministwiki" and the SQL user of the same name.<br />
<br />
=== Chat (web interface) ===<br />
<br />
Host: chat.feministwiki.org <br/><br />
Software: Converse.js<br />
<br />
The web-interface for the FeministChat uses the full-screen "Impress" variant of the [https://conversejs.org/ Converse.js] XMPP client. The hosted HTML and JS files are located at <code>/var/www/chat</code>, although they load Converse.js as an external script from upstream, which is why the self-hosted HTML and JS are very minimal.<br />
<br />
=== Forum ===<br />
<br />
Host: forum.feministwiki.org <br/><br />
Software: phpBB<br />
<br />
The forum uses a [https://www.phpbb.com/ phpBB] installation located at <code>/var/www/forum</code>. Most configuration of phpBB, including LDAP authentication, is done through its administration panel. The style used by the forum is essentially Basic Orange, though the logo is changed via an inheriting style called FeministWiki.<br />
<br />
The forum uses the SQL database called "feministforum" and the SQL user of the same name.<br />
<br />
=== Mail (web interface) ===<br />
<br />
Host: mail.feministwiki.org <br/><br />
Software: Roundcube<br />
<br />
The web-interface for the FeministMail uses the [https://roundcube.net/ Roundcube] mail client, installed at <code>/var/www/mail</code>. It uses the standard "larry" style, but with some tweaks to logos and images.<br />
<br />
=== Files ===<br />
<br />
Host: files.feministwiki.org <br/><br />
Software: Nextcloud<br />
<br />
FeministFiles is a [https://nextcloud.com/ Nextcloud] installation with some branding, and LDAP authentication, installed at <code>/var/www/files</code>.<br />
<br />
=== IMAP ===<br />
<br />
Host: imap.feministwiki.org <br/><br />
Software: Dovecot<br />
<br />
FeministMail uses the [https://www.dovecot.org/ Dovecot] IMAP server, configured for LDAP authentication and using virtual mail boxes under <code>/home/vmail</code>.<br />
<br />
=== SMTP ===<br />
<br />
Host: smtp.feministwiki.org <br/><br />
Software: Postfix, OpenDKIM<br />
<br />
FeministMail uses the [http://www.postfix.org/ Postfix] SMTP server, using SASL authentication through Dovecot, LDAP-based virtual mail boxes under <code>/home/vmail</code>, and DKIM signing via OpenDKIM. Send a mail to a Gmail account and use the "Show original" feature of Gmail to see if the mail passes SPF, DKIM, and DMARC tests.<br />
<br />
There are also various tools on the web to automatically test the DNS settings for correctness, to check if the domain/IP is on blacklists, etc., which you can find via Google. All in all, FeministMail is probably the most complicated service of the FeministWiki, as far as technical background goes.<br />
<br />
=== XMPP ===<br />
<br />
Host: xmpp.feministwiki.org <br/><br />
Software: ejabberd<br />
<br />
FeministChat uses the [https://www.ejabberd.im/ ejabberd] XMPP server, configured to use LDAP authentication and an LDAP-based shared roster group for all members.<br />
<br />
=== IRC ===<br />
<br />
Host: irc.feministwiki.org <br/><br />
Software: InspIRCd<br />
<br />
FeministIRC uses the [http://www.inspircd.org/ InspIRCd] IRC server with the <code>ldapauth</code> module for LDAP authentication.<br />
<br />
=== Add a member ===<br />
<br />
Host: add-member.feministwiki.org <br/><br />
Software: custom<br />
<br />
The page to add a new member, hosted at <code>/var/www/add-member</code>, uses a bit of self-written HTML, PHP, and a setuid-root C program to invoke the shell script located at <code>/root/bin/fw-adduser</code> with root privileges.</div>SocJusWizhttps://feministwiki.org/w/index.php?title=FeministWiki:Technical_documentation&diff=113FeministWiki:Technical documentation2018-09-24T21:16:49Z<p>SocJusWiz: /* Special DNS entries */</p>
<hr />
<div>This page documents the FeministWiki's technical infrastructure, the target audience being technicians.<br />
<br />
== Hosts ==<br />
<br />
The following table documents the basic DNS configuration, and can be used as part of the <code>/etc/hosts</code> file on each server to obviate the need for DNS lookups when connecting to one another.<br />
<br />
{| class="wikitable"<br />
!IP !! FQDN !! Host !! Purpose<br />
|-<br />
|85.214.101.34 || feministwiki.org || || Wiki<br />
|-<br />
|85.214.101.34 || www.feministwiki.org || www || Wiki<br />
|-<br />
|85.214.101.34 || ldap.feministwiki.org || ldap || LDAP<br />
|-<br />
|85.214.101.34 || chat.feministwiki.org || chat || Web-client for XMPP<br />
|-<br />
|85.214.101.34 || forum.feministwiki.org || forum || BBS Forum<br />
|-<br />
|85.214.101.34 || mail.feministwiki.org || mail || Web-client for Mail<br />
|-<br />
|85.214.101.34 || files.feministwiki.org || files || File storage<br />
|-<br />
|85.214.101.34 || imap.feministwiki.org || imap || IMAP<br />
|-<br />
|85.214.101.34 || smtp.feministwiki.org || smtp || SMTP<br />
|-<br />
|85.214.101.34 || xmpp.feministwiki.org || xmpp || XMPP<br />
|-<br />
|85.214.101.34 || irc.feministwiki.org || irc || IRC<br />
|-<br />
|85.214.101.34 || social.feministwiki.org || social || GNU social<br />
|-<br />
|85.214.101.34 || add-member.feministwiki.org || add-member || Add a member<br />
|}<br />
<br />
(As you can see, all services are on the same server for now.)<br />
<br />
== Special DNS entries ==<br />
<br />
For CAA:<br />
<br />
{| class="wikitable"<br />
!Name !! Flag !! Tag !! Value <br />
|-<br />
|@ || 0 || issue || letsencrypt.org<br />
|-<br />
|@ || 0 || iodef || admin@feministwiki.org<br />
|}<br />
<br />
For email:<br />
<br />
{| class="wikitable"<br />
!Type !! Host !! Data !! Purpose<br />
|-<br />
|MX || @ || smtp.feministwiki.org || Mail server<br />
|-<br />
|TXT || @ || v=spf1 mx -all || SPF<br />
|-<br />
|TXT || mail._domainkey || v=DKIM1; k=rsa; p=<pubkey> || DKIM<br />
|-<br />
|TXT || _dmarc || v=DMARC1; p=reject; rua=<nowiki>mailto:admin</nowiki>@feministwiki.org || DMARC<br />
|-<br />
|TXT || @ || google-site-verification=<key> || Google Site Verification<br />
|}<br />
<br />
For XMPP:<br />
<br />
{| class="wikitable"<br />
!Service !! Protocol !! Name !! Destination !! Port<br />
|-<br />
|_xmpp-client || _tcp || @ || xmpp.feministwiki.org || 5222<br />
|-<br />
|_xmpp-server || _tcp || @ || xmpp.feministwiki.org || 5269<br />
|}<br />
<br />
== SSH access ==<br />
<br />
FeministWiki hosts have ssh enabled for <code>root</code> access, but password login is disabled. You must own a valid private key to log in.<br />
<br />
== Git repo of scripts and configuration ==<br />
<br />
The following GitHub account hosts repositories with scripts and configuration used by the FeministWiki:<br />
<br />
https://github.com/FeministWiki<br />
<br />
== Certs ==<br />
<br />
The FeministWiki uses LetsEncrypt to acquire digital certificates for encrypted communication.<br />
<br />
To ease use of the letsencrypt command, the file <code>/root/etc/domains</code> contains all the FQDNs used by the FeministWiki, one per line. Given that, the preferred way to populate the <code>/etc/letsencrypt/live/feministwiki.org</code> directory with fresh certs is to run the following command while TCP port 80 is free (e.g. stop Apache first):<br />
<br />
letsencrypt certonly --authenticator standalone -d "$(tr '\n' ',' < /root/etc/domains)"<br />
<br />
Additionally, for programs that require a cert file and its private key in a single combined <code>.pem</code> file, run the following commands to generate such a file:<br />
<br />
cd /etc/letsencrypt/live/feministwiki.org<br />
cat fullchain.pem privkey.pem > certbundle.pem<br />
<br />
The script <code>/root/bin/letsencrypt-refresh</code> '''does all of the above''', so in practice you just need to run the following commands to recreate the cert:<br />
<br />
service apache2 stop # Assuming Apache is running on the machine<br />
letsencrypt-refresh<br />
service apache2 start<br />
<br />
The above can be used not only to refresh a cert that's running out, but also to add a new domain to the cert. Just add the domain to <code>/root/etc/domains</code> and run the commands.<br />
<br />
Note that the letsencrypt command doesn't work well on a "dumb" terminal such as an Emacs shell buffer. Make sure to run it from within a proper terminal emulator.<br />
<br />
=== Readability of the key files ===<br />
<br />
To ensure that processes running under unprivileged users can read key files, ensure that the users they run under are members of the <code>ssl-cert</code> group, which should have read access to the files in <code>/etc/letsencrypt/live/feministwiki.org</code>.<br />
<br />
== Services ==<br />
<br />
This section documents the individual services of the FeministWiki. They should work regardless of what server they're on. I.e. every service could in theory be hosted on its own server.<br />
<br />
=== LDAP ===<br />
<br />
Host: ldap.feministwiki.org <br/><br />
Software: OpenLDAP<br />
<br />
The LDAP service contains the central database of FeministWiki members. The structure looks like this:<br />
<br />
* dc=feministwiki,dc=org<br />
** ou=members<br />
*** cn=''username'' <br/> objectClass: inetOrgPerson <br/> cn: ''username'' <br/> uid: ''username'' <br/> sn: - <br/> userPassword: {SSHA}''saltedhash'' <br/> mail: ''username''@feministwiki.org<br />
*** cn=''username2'' <br/> objectClass: inetOrgPerson <br/> cn: ''username2'' <br/> uid: ''username2'' <br/> sn: - <br/> userPassword: {SSHA}''saltedhash2'' <br/> mail: ''username2''@feministwiki.org <br/> manager: cn=''username'',ou=members,dc=feministwiki,dc=org<br />
*** ...<br />
** ou=groups<br />
*** cn=members <br/> objectClass: groupOfNames <br/> cn: members <br/> member: ''username'' <br/> member: ''username2'' <br/> member: ...<br />
<br />
Notes:<br />
* The <code>cn</code> (common name) and <code>uid</code> (user ID) fields both contain the username. This is because some software is preconfigured to look at <code>uid</code>, while most look at <code>cn</code>.<br />
* The <code>sn</code> (surname) field simply contains a minus character as a placeholder, because it's a mandatory field.<br />
* The <code>manager</code> field is optional and we use it to record the member who added the member in question.<br />
<br />
To make sure passwords are stored with the <code>{SSHA}</code> scheme rather than plain text, the <code>ppolicy</code> "password policy overlay" is used. ZYTRAX has a very nice book about LDAP which documents how to enable this: http://www.zytrax.com/books/ldap/ch6/ppolicy.html<br />
<br />
In short, the steps go as follows (these commands ''should'' work verbatim):<br />
<br />
# Add the ppolicy schema<br />
ldapadd -Y external -H ldapi:/// < /etc/ldap/schema/ppolicy.ldif<br />
<br />
# Enable the ppolicy dynamic module<br />
ldapmodify -Y external -H ldapi:/// <<EOF<br />
dn: cn=module{0},cn=config<br />
changetype: modify<br />
add: olcModuleLoad<br />
olcModuleLoad: ppolicy<br />
EOF<br />
<br />
# Add the ppolicy overlay with olcPPolicyHashCleartext set to TRUE<br />
ldapadd -Y external -H ldapi:/// <<EOF<br />
dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config<br />
objectClass: olcPPolicyConfig<br />
olcOverlay: ppolicy<br />
olcPPolicyHashCleartext: TRUE<br />
EOF<br />
<br />
=== Wiki ===<br />
<br />
Host: feministwiki.org, www.feministwiki.org <br/><br />
Software: MediaWiki<br />
<br />
The wiki uses a [https://www.mediawiki.org/wiki/MediaWiki MediaWiki] installation located at <code>/var/www/wiki/w</code> with the [https://www.mediawiki.org/wiki/Extension:LDAP_Authentication LDAP Authentication] plugin for login management and the "Short URL" feature enabled with help of Apache's vhost configuration, which is located at <code>/etc/apache2/sites-available/wiki.conf</code>.<br />
<br />
The wiki uses the SQL database called "feministwiki" and the SQL user of the same name.<br />
<br />
=== Chat (web interface) ===<br />
<br />
Host: chat.feministwiki.org <br/><br />
Software: Converse.js<br />
<br />
The web-interface for the FeministChat uses the full-screen "Impress" variant of the [https://conversejs.org/ Converse.js] XMPP client. The hosted HTML and JS files are located at <code>/var/www/chat</code>, although they load Converse.js as an external script from upstream, which is why the self-hosted HTML and JS are very minimal.<br />
<br />
=== Forum ===<br />
<br />
Host: forum.feministwiki.org <br/><br />
Software: phpBB<br />
<br />
The forum uses a [https://www.phpbb.com/ phpBB] installation located at <code>/var/www/forum</code>. Most configuration of phpBB, including LDAP authentication, is done through its administration panel. The style used by the forum is essentially Basic Orange, though the logo is changed via an inheriting style called FeministWiki.<br />
<br />
The forum uses the SQL database called "feministforum" and the SQL user of the same name.<br />
<br />
=== Mail (web interface) ===<br />
<br />
Host: mail.feministwiki.org <br/><br />
Software: Roundcube<br />
<br />
The web-interface for the FeministMail uses the [https://roundcube.net/ Roundcube] mail client, installed at <code>/var/www/mail</code>. It uses the standard "larry" style, but with some tweaks to logos and images.<br />
<br />
=== Files ===<br />
<br />
Host: files.feministwiki.org <br/><br />
Software: Nextcloud<br />
<br />
FeministFiles is a [https://nextcloud.com/ Nextcloud] installation with some branding, and LDAP authentication, installed at <code>/var/www/files</code>.<br />
<br />
=== IMAP ===<br />
<br />
Host: imap.feministwiki.org <br/><br />
Software: Dovecot<br />
<br />
FeministMail uses the [https://www.dovecot.org/ Dovecot] IMAP server, configured for LDAP authentication and using virtual mail boxes under <code>/home/vmail</code>.<br />
<br />
=== SMTP ===<br />
<br />
Host: smtp.feministwiki.org <br/><br />
Software: Postfix, OpenDKIM<br />
<br />
FeministMail uses the [http://www.postfix.org/ Postfix] SMTP server, using SASL authentication through Dovecot, LDAP-based virtual mail boxes under <code>/home/vmail</code>, and DKIM signing via OpenDKIM. Send a mail to a Gmail account and use the "Show original" feature of Gmail to see if the mail passes SPF, DKIM, and DMARC tests.<br />
<br />
There are also various tools on the web to automatically test the DNS settings for correctness, to check if the domain/IP is on blacklists, etc., which you can find via Google. All in all, FeministMail is probably the most complicated service of the FeministWiki, as far as technical background goes.<br />
<br />
=== XMPP ===<br />
<br />
Host: xmpp.feministwiki.org <br/><br />
Software: ejabberd<br />
<br />
FeministChat uses the [https://www.ejabberd.im/ ejabberd] XMPP server, configured to use LDAP authentication and an LDAP-based shared roster group for all members.<br />
<br />
=== IRC ===<br />
<br />
Host: irc.feministwiki.org <br/><br />
Software: InspIRCd<br />
<br />
FeministIRC uses the [http://www.inspircd.org/ InspIRCd] IRC server with the <code>ldapauth</code> module for LDAP authentication.<br />
<br />
=== Add a member ===<br />
<br />
Host: add-member.feministwiki.org <br/><br />
Software: custom<br />
<br />
The page to add a new member, hosted at <code>/var/www/add-member</code>, uses a bit of self-written HTML, PHP, and a setuid-root C program to invoke the shell script located at <code>/root/bin/fw-adduser</code> with root privileges.</div>SocJusWizhttps://feministwiki.org/w/index.php?title=Main_Page&diff=112Main Page2018-09-23T23:08:55Z<p>SocJusWiz: </p>
<hr />
<div>Welcome to '''FeministWiki''', a wiki and a digital home for the international Feminist community.<br />
<br />
Apart from this wiki, the FeministWiki offers the following services to its members:<br />
<br />
* [https://chat.feministwiki.org/ FeministChat]<br />
* [https://forum.feministwiki.org/ FeministForum]<br />
* [https://mail.feministwiki.org/ FeministMail]<br />
* [https://files.feministwiki.org/ FeministFiles]<br />
* [[FeministWiki:Services#FeministIRC|FeministIRC]]<br />
* [https://add-member.feministwiki.org/ Add a member]<br />
<br />
For detailed information about each service, [[FeministWiki:Services|see here]].<br />
<br />
For an introduction to wiki editing, see [[FeministWiki:Help|our small help page]] or the bigger [https://www.mediawiki.org/wiki/Help:Contents MediaWiki help page].<br />
<br />
To become a [[FeministWiki:Membership|member]], you need to be added by an existing member.<br />
<br />
Alternatively, you can mail the [[FeministWiki:Technician|technician]] at [mailto:admin@feministwiki.org admin@feministwiki.org] and tell a little about what Feminism means to you.<br />
<br />
The FeministWiki promotes second-wave feminist literature:<br />
<br />
* [https://radfem.org/ Radical Feminist Archives]<br />
<br />
The FeministWiki promotes and stands in solidarity with the following groups and organizations:<br />
<br />
* [http://womensliberationfront.org/ WoLF]: The Women's Liberation Front<br />
* [https://feministcurrent.com/ Feminist Current]: Canadian feminist news, commentary, and podcasts<br />
* [https://nordicmodelnow.org/ Nordic Model Now]: Educational movement for the abolition of prostitution<br />
* [http://www.spaceintl.org/ SPACE International]: Survivors of Prostitution Abuse Calling for Enlightenment<br />
* [https://womansplaceuk.org/ Women's Place UK]: Women's campaigning group scrutinizing gender self-identification<br />
* [https://pussychurchofmodernwitchcraft.com/ The Pussy Church of Modern Witchcraft]: Lesbian-led Church for Women and Girls<br />
<br />
<br />
Todo-list of the technician: [[FeministWiki:Todo]]<br />
<br />
Documentation of the infrastructure: [[FeministWiki:TechnicalDocumentation]]<br />
<br />
{{#seo:<br />
|title=FeministWiki - A wiki and digital home for feminists<br />
|keywords=feminist feminism wiki feministwiki<br />
|description=Welcome to the FeministWiki, a wiki about feminism and a digital home for the feminist community<br />
|twitter:card=summary<br />
|twitter:site=@FeministWiki<br />
|twitter:image:src=https://feministwiki.org/w/resources/assets/wiki.png<br />
}}</div>SocJusWizhttps://feministwiki.org/w/index.php?title=Main_Page&diff=111Main Page2018-09-23T22:07:29Z<p>SocJusWiz: </p>
<hr />
<div>Welcome to '''FeministWiki''', a wiki and a digital home for the international Feminist community.<br />
<br />
Apart from this wiki, the FeministWiki offers the following services to its members:<br />
<br />
* [https://chat.feministwiki.org/ FeministChat]<br />
* [https://forum.feministwiki.org/ FeministForum]<br />
* [https://mail.feministwiki.org/ FeministMail]<br />
* [https://files.feministwiki.org/ FeministFiles]<br />
* [[FeministWiki:Services#FeministIRC|FeministIRC]]<br />
* [https://add-member.feministwiki.org/ Add a member]<br />
<br />
For detailed information about each service, [[FeministWiki:Services|see here]].<br />
<br />
For an introduction to wiki editing, see [[FeministWiki:Help|our small help page]] or the bigger [https://www.mediawiki.org/wiki/Help:Contents MediaWiki help page].<br />
<br />
To become a [[FeministWiki:Membership|member]], you need to be added by an existing member.<br />
<br />
Alternatively, you can mail the [[FeministWiki:Technician|technician]] at [mailto:admin@feministwiki.org admin@feministwiki.org] and tell a little about what Feminism means to you.<br />
<br />
The FeministWiki promotes second-wave feminist literature:<br />
<br />
* [https://radfem.org/ Radical Feminist Archives]<br />
<br />
The FeministWiki promotes and stands in solidarity with the following groups and organizations:<br />
<br />
* [http://womensliberationfront.org/ WoLF]: The Women's Liberation Front<br />
* [https://feministcurrent.com/ Feminist Current]: Canadian feminist news, commentary, and podcasts<br />
* [https://nordicmodelnow.org/ Nordic Model Now]: Educational movement for the abolition of prostitution<br />
* [http://www.spaceintl.org/ SPACE International]: Survivors of Prostitution Abuse Calling for Enlightenment<br />
* [https://womansplaceuk.org/ Women's Place UK]: Women's campaigning group scrutinizing gender self-identification<br />
* [https://pussychurchofmodernwitchcraft.com/ The Pussy Church of Modern Witchcraft]: Lesbian-led Church for Women and Girls<br />
<br />
<br />
Todo-list of the technician: [[FeministWiki:Todo]]<br />
<br />
Documentation of the infrastructure: [[FeministWiki:TechnicalDocumentation]]<br />
<br />
{{#seo:<br />
|title=FeministWiki - A wiki and digital home for feminists<br />
|keywords=feminist feminism wiki feministwiki<br />
|description=Wiki and digital home for the feminist community<br />
|twitter:card=summary<br />
|twitter:site=@FeministWiki<br />
|twitter:image:src=https://feministwiki.org/w/resources/assets/wiki.png<br />
}}</div>SocJusWizhttps://feministwiki.org/w/index.php?title=FeministWiki:Todo&diff=110FeministWiki:Todo2018-09-23T17:05:08Z<p>SocJusWiz: </p>
<hr />
<div>* Implement single sign-on<br />
* Add blogs (WP?)<br />
* Add mailing lists<br />
* Add Mastodon<br />
* Add calendar<br />
* Add Diaspora?<br />
* Import Wikipedia features (infoboxes, citations)</div>SocJusWizhttps://feministwiki.org/w/index.php?title=FeministWiki:Technical_documentation&diff=109FeministWiki:Technical documentation2018-09-23T17:03:36Z<p>SocJusWiz: /* SMTP */</p>
<hr />
<div>This page documents the FeministWiki's technical infrastructure, the target audience being technicians.<br />
<br />
== Hosts ==<br />
<br />
The following table documents the basic DNS configuration, and can be used as part of the <code>/etc/hosts</code> file on each server to obviate the need for DNS lookups when connecting to one another.<br />
<br />
{| class="wikitable"<br />
!IP !! FQDN !! Host !! Purpose<br />
|-<br />
|85.214.101.34 || feministwiki.org || || Wiki<br />
|-<br />
|85.214.101.34 || www.feministwiki.org || www || Wiki<br />
|-<br />
|85.214.101.34 || ldap.feministwiki.org || ldap || LDAP<br />
|-<br />
|85.214.101.34 || chat.feministwiki.org || chat || Web-client for XMPP<br />
|-<br />
|85.214.101.34 || forum.feministwiki.org || forum || BBS Forum<br />
|-<br />
|85.214.101.34 || mail.feministwiki.org || mail || Web-client for Mail<br />
|-<br />
|85.214.101.34 || files.feministwiki.org || files || File storage<br />
|-<br />
|85.214.101.34 || imap.feministwiki.org || imap || IMAP<br />
|-<br />
|85.214.101.34 || smtp.feministwiki.org || smtp || SMTP<br />
|-<br />
|85.214.101.34 || xmpp.feministwiki.org || xmpp || XMPP<br />
|-<br />
|85.214.101.34 || irc.feministwiki.org || irc || IRC<br />
|-<br />
|85.214.101.34 || social.feministwiki.org || social || GNU social<br />
|-<br />
|85.214.101.34 || add-member.feministwiki.org || add-member || Add a member<br />
|}<br />
<br />
(As you can see, all services are on the same server for now.)<br />
<br />
== Special DNS entries ==<br />
<br />
The following entries are used for email:<br />
<br />
{| class="wikitable"<br />
!Type !! Host !! Data !! Purpose<br />
|-<br />
|MX || @ || smtp.feministwiki.org || Mail server<br />
|-<br />
|TXT || @ || v=spf1 mx -all || SPF<br />
|-<br />
|TXT || mail._domainkey || v=DKIM1; k=rsa; p=<pubkey> || DKIM<br />
|-<br />
|TXT || _dmarc || v=DMARC1; p=reject; rua=<nowiki>mailto:admin</nowiki>@feministwiki.org || DMARC<br />
|-<br />
|TXT || @ || google-site-verification=<key> || Google Site Verification<br />
|}<br />
<br />
And the following SRV records for XMPP:<br />
<br />
{| class="wikitable"<br />
!Service !! Protocol !! Name !! Destination !! Port<br />
|-<br />
|_xmpp-client || _tcp || @ || xmpp.feministwiki.org || 5222<br />
|-<br />
|_xmpp-server || _tcp || @ || xmpp.feministwiki.org || 5269<br />
|}<br />
<br />
== SSH access ==<br />
<br />
FeministWiki hosts have ssh enabled for <code>root</code> access, but password login is disabled. You must own a valid private key to log in.<br />
<br />
== Git repo of scripts and configuration ==<br />
<br />
The following GitHub account hosts repositories with scripts and configuration used by the FeministWiki:<br />
<br />
https://github.com/FeministWiki<br />
<br />
== Certs ==<br />
<br />
The FeministWiki uses LetsEncrypt to acquire digital certificates for encrypted communication.<br />
<br />
To ease use of the letsencrypt command, the file <code>/root/etc/domains</code> contains all the FQDNs used by the FeministWiki, one per line. Given that, the preferred way to populate the <code>/etc/letsencrypt/live/feministwiki.org</code> directory with fresh certs is to run the following command while TCP port 80 is free (e.g. stop Apache first):<br />
<br />
letsencrypt certonly --authenticator standalone -d "$(tr '\n' ',' < /root/etc/domains)"<br />
<br />
Additionally, for programs that require a cert file and its private key in a single combined <code>.pem</code> file, run the following commands to generate such a file:<br />
<br />
cd /etc/letsencrypt/live/feministwiki.org<br />
cat fullchain.pem privkey.pem > certbundle.pem<br />
<br />
The script <code>/root/bin/letsencrypt-refresh</code> '''does all of the above''', so in practice you just need to run the following commands to recreate the cert:<br />
<br />
service apache2 stop # Assuming Apache is running on the machine<br />
letsencrypt-refresh<br />
service apache2 start<br />
<br />
The above can be used not only to refresh a cert that's running out, but also to add a new domain to the cert. Just add the domain to <code>/root/etc/domains</code> and run the commands.<br />
<br />
Note that the letsencrypt command doesn't work well on a "dumb" terminal such as an Emacs shell buffer. Make sure to run it from within a proper terminal emulator.<br />
<br />
=== Readability of the key files ===<br />
<br />
To ensure that processes running under unprivileged users can read key files, ensure that the users they run under are members of the <code>ssl-cert</code> group, which should have read access to the files in <code>/etc/letsencrypt/live/feministwiki.org</code>.<br />
<br />
== Services ==<br />
<br />
This section documents the individual services of the FeministWiki. They should work regardless of what server they're on. I.e. every service could in theory be hosted on its own server.<br />
<br />
=== LDAP ===<br />
<br />
Host: ldap.feministwiki.org <br/><br />
Software: OpenLDAP<br />
<br />
The LDAP service contains the central database of FeministWiki members. The structure looks like this:<br />
<br />
* dc=feministwiki,dc=org<br />
** ou=members<br />
*** cn=''username'' <br/> objectClass: inetOrgPerson <br/> cn: ''username'' <br/> uid: ''username'' <br/> sn: - <br/> userPassword: {SSHA}''saltedhash'' <br/> mail: ''username''@feministwiki.org<br />
*** cn=''username2'' <br/> objectClass: inetOrgPerson <br/> cn: ''username2'' <br/> uid: ''username2'' <br/> sn: - <br/> userPassword: {SSHA}''saltedhash2'' <br/> mail: ''username2''@feministwiki.org <br/> manager: cn=''username'',ou=members,dc=feministwiki,dc=org<br />
*** ...<br />
** ou=groups<br />
*** cn=members <br/> objectClass: groupOfNames <br/> cn: members <br/> member: ''username'' <br/> member: ''username2'' <br/> member: ...<br />
<br />
Notes:<br />
* The <code>cn</code> (common name) and <code>uid</code> (user ID) fields both contain the username. This is because some software is preconfigured to look at <code>uid</code>, while most look at <code>cn</code>.<br />
* The <code>sn</code> (surname) field simply contains a minus character as a placeholder, because it's a mandatory field.<br />
* The <code>manager</code> field is optional and we use it to record the member who added the member in question.<br />
<br />
To make sure passwords are stored with the <code>{SSHA}</code> scheme rather than plain text, the <code>ppolicy</code> "password policy overlay" is used. ZYTRAX has a very nice book about LDAP which documents how to enable this: http://www.zytrax.com/books/ldap/ch6/ppolicy.html<br />
<br />
In short, the steps go as follows (these commands ''should'' work verbatim):<br />
<br />
# Add the ppolicy schema<br />
ldapadd -Y external -H ldapi:/// < /etc/ldap/schema/ppolicy.ldif<br />
<br />
# Enable the ppolicy dynamic module<br />
ldapmodify -Y external -H ldapi:/// <<EOF<br />
dn: cn=module{0},cn=config<br />
changetype: modify<br />
add: olcModuleLoad<br />
olcModuleLoad: ppolicy<br />
EOF<br />
<br />
# Add the ppolicy overlay with olcPPolicyHashCleartext set to TRUE<br />
ldapadd -Y external -H ldapi:/// <<EOF<br />
dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config<br />
objectClass: olcPPolicyConfig<br />
olcOverlay: ppolicy<br />
olcPPolicyHashCleartext: TRUE<br />
EOF<br />
<br />
=== Wiki ===<br />
<br />
Host: feministwiki.org, www.feministwiki.org <br/><br />
Software: MediaWiki<br />
<br />
The wiki uses a [https://www.mediawiki.org/wiki/MediaWiki MediaWiki] installation located at <code>/var/www/wiki/w</code> with the [https://www.mediawiki.org/wiki/Extension:LDAP_Authentication LDAP Authentication] plugin for login management and the "Short URL" feature enabled with help of Apache's vhost configuration, which is located at <code>/etc/apache2/sites-available/wiki.conf</code>.<br />
<br />
The wiki uses the SQL database called "feministwiki" and the SQL user of the same name.<br />
<br />
=== Chat (web interface) ===<br />
<br />
Host: chat.feministwiki.org <br/><br />
Software: Converse.js<br />
<br />
The web-interface for the FeministChat uses the full-screen "Impress" variant of the [https://conversejs.org/ Converse.js] XMPP client. The hosted HTML and JS files are located at <code>/var/www/chat</code>, although they load Converse.js as an external script from upstream, which is why the self-hosted HTML and JS are very minimal.<br />
<br />
=== Forum ===<br />
<br />
Host: forum.feministwiki.org <br/><br />
Software: phpBB<br />
<br />
The forum uses a [https://www.phpbb.com/ phpBB] installation located at <code>/var/www/forum</code>. Most configuration of phpBB, including LDAP authentication, is done through its administration panel. The style used by the forum is essentially Basic Orange, though the logo is changed via an inheriting style called FeministWiki.<br />
<br />
The forum uses the SQL database called "feministforum" and the SQL user of the same name.<br />
<br />
=== Mail (web interface) ===<br />
<br />
Host: mail.feministwiki.org <br/><br />
Software: Roundcube<br />
<br />
The web-interface for the FeministMail uses the [https://roundcube.net/ Roundcube] mail client, installed at <code>/var/www/mail</code>. It uses the standard "larry" style, but with some tweaks to logos and images.<br />
<br />
=== Files ===<br />
<br />
Host: files.feministwiki.org <br/><br />
Software: Nextcloud<br />
<br />
FeministFiles is a [https://nextcloud.com/ Nextcloud] installation with some branding, and LDAP authentication, installed at <code>/var/www/files</code>.<br />
<br />
=== IMAP ===<br />
<br />
Host: imap.feministwiki.org <br/><br />
Software: Dovecot<br />
<br />
FeministMail uses the [https://www.dovecot.org/ Dovecot] IMAP server, configured for LDAP authentication and using virtual mail boxes under <code>/home/vmail</code>.<br />
<br />
=== SMTP ===<br />
<br />
Host: smtp.feministwiki.org <br/><br />
Software: Postfix, OpenDKIM<br />
<br />
FeministMail uses the [http://www.postfix.org/ Postfix] SMTP server, using SASL authentication through Dovecot, LDAP-based virtual mail boxes under <code>/home/vmail</code>, and DKIM signing via OpenDKIM. Send a mail to a Gmail account and use the "Show original" feature of Gmail to see if the mail passes SPF, DKIM, and DMARC tests.<br />
<br />
There are also various tools on the web to automatically test the DNS settings for correctness, to check if the domain/IP is on blacklists, etc., which you can find via Google. All in all, FeministMail is probably the most complicated service of the FeministWiki, as far as technical background goes.<br />
<br />
=== XMPP ===<br />
<br />
Host: xmpp.feministwiki.org <br/><br />
Software: ejabberd<br />
<br />
FeministChat uses the [https://www.ejabberd.im/ ejabberd] XMPP server, configured to use LDAP authentication and an LDAP-based shared roster group for all members.<br />
<br />
=== IRC ===<br />
<br />
Host: irc.feministwiki.org <br/><br />
Software: InspIRCd<br />
<br />
FeministIRC uses the [http://www.inspircd.org/ InspIRCd] IRC server with the <code>ldapauth</code> module for LDAP authentication.<br />
<br />
=== Add a member ===<br />
<br />
Host: add-member.feministwiki.org <br/><br />
Software: custom<br />
<br />
The page to add a new member, hosted at <code>/var/www/add-member</code>, uses a bit of self-written HTML, PHP, and a setuid-root C program to invoke the shell script located at <code>/root/bin/fw-adduser</code> with root privileges.</div>SocJusWizhttps://feministwiki.org/w/index.php?title=FeministWiki:Technical_documentation&diff=108FeministWiki:Technical documentation2018-09-23T15:54:05Z<p>SocJusWiz: /* SMTP */</p>
<hr />
<div>This page documents the FeministWiki's technical infrastructure, the target audience being technicians.<br />
<br />
== Hosts ==<br />
<br />
The following table documents the basic DNS configuration, and can be used as part of the <code>/etc/hosts</code> file on each server to obviate the need for DNS lookups when connecting to one another.<br />
<br />
{| class="wikitable"<br />
!IP !! FQDN !! Host !! Purpose<br />
|-<br />
|85.214.101.34 || feministwiki.org || || Wiki<br />
|-<br />
|85.214.101.34 || www.feministwiki.org || www || Wiki<br />
|-<br />
|85.214.101.34 || ldap.feministwiki.org || ldap || LDAP<br />
|-<br />
|85.214.101.34 || chat.feministwiki.org || chat || Web-client for XMPP<br />
|-<br />
|85.214.101.34 || forum.feministwiki.org || forum || BBS Forum<br />
|-<br />
|85.214.101.34 || mail.feministwiki.org || mail || Web-client for Mail<br />
|-<br />
|85.214.101.34 || files.feministwiki.org || files || File storage<br />
|-<br />
|85.214.101.34 || imap.feministwiki.org || imap || IMAP<br />
|-<br />
|85.214.101.34 || smtp.feministwiki.org || smtp || SMTP<br />
|-<br />
|85.214.101.34 || xmpp.feministwiki.org || xmpp || XMPP<br />
|-<br />
|85.214.101.34 || irc.feministwiki.org || irc || IRC<br />
|-<br />
|85.214.101.34 || social.feministwiki.org || social || GNU social<br />
|-<br />
|85.214.101.34 || add-member.feministwiki.org || add-member || Add a member<br />
|}<br />
<br />
(As you can see, all services are on the same server for now.)<br />
<br />
== Special DNS entries ==<br />
<br />
The following entries are used for email:<br />
<br />
{| class="wikitable"<br />
!Type !! Host !! Data !! Purpose<br />
|-<br />
|MX || @ || smtp.feministwiki.org || Mail server<br />
|-<br />
|TXT || @ || v=spf1 mx -all || SPF<br />
|-<br />
|TXT || mail._domainkey || v=DKIM1; k=rsa; p=<pubkey> || DKIM<br />
|-<br />
|TXT || _dmarc || v=DMARC1; p=reject; rua=<nowiki>mailto:admin</nowiki>@feministwiki.org || DMARC<br />
|-<br />
|TXT || @ || google-site-verification=<key> || Google Site Verification<br />
|}<br />
<br />
And the following SRV records for XMPP:<br />
<br />
{| class="wikitable"<br />
!Service !! Protocol !! Name !! Destination !! Port<br />
|-<br />
|_xmpp-client || _tcp || @ || xmpp.feministwiki.org || 5222<br />
|-<br />
|_xmpp-server || _tcp || @ || xmpp.feministwiki.org || 5269<br />
|}<br />
<br />
== SSH access ==<br />
<br />
FeministWiki hosts have ssh enabled for <code>root</code> access, but password login is disabled. You must own a valid private key to log in.<br />
<br />
== Git repo of scripts and configuration ==<br />
<br />
The following GitHub account hosts repositories with scripts and configuration used by the FeministWiki:<br />
<br />
https://github.com/FeministWiki<br />
<br />
== Certs ==<br />
<br />
The FeministWiki uses LetsEncrypt to acquire digital certificates for encrypted communication.<br />
<br />
To ease use of the letsencrypt command, the file <code>/root/etc/domains</code> contains all the FQDNs used by the FeministWiki, one per line. Given that, the preferred way to populate the <code>/etc/letsencrypt/live/feministwiki.org</code> directory with fresh certs is to run the following command while TCP port 80 is free (e.g. stop Apache first):<br />
<br />
letsencrypt certonly --authenticator standalone -d "$(tr '\n' ',' < /root/etc/domains)"<br />
<br />
Additionally, for programs that require a cert file and its private key in a single combined <code>.pem</code> file, run the following commands to generate such a file:<br />
<br />
cd /etc/letsencrypt/live/feministwiki.org<br />
cat fullchain.pem privkey.pem > certbundle.pem<br />
<br />
The script <code>/root/bin/letsencrypt-refresh</code> '''does all of the above''', so in practice you just need to run the following commands to recreate the cert:<br />
<br />
service apache2 stop # Assuming Apache is running on the machine<br />
letsencrypt-refresh<br />
service apache2 start<br />
<br />
The above can be used not only to refresh a cert that's running out, but also to add a new domain to the cert. Just add the domain to <code>/root/etc/domains</code> and run the commands.<br />
<br />
Note that the letsencrypt command doesn't work well on a "dumb" terminal such as an Emacs shell buffer. Make sure to run it from within a proper terminal emulator.<br />
<br />
=== Readability of the key files ===<br />
<br />
To ensure that processes running under unprivileged users can read key files, ensure that the users they run under are members of the <code>ssl-cert</code> group, which should have read access to the files in <code>/etc/letsencrypt/live/feministwiki.org</code>.<br />
<br />
== Services ==<br />
<br />
This section documents the individual services of the FeministWiki. They should work regardless of what server they're on. I.e. every service could in theory be hosted on its own server.<br />
<br />
=== LDAP ===<br />
<br />
Host: ldap.feministwiki.org <br/><br />
Software: OpenLDAP<br />
<br />
The LDAP service contains the central database of FeministWiki members. The structure looks like this:<br />
<br />
* dc=feministwiki,dc=org<br />
** ou=members<br />
*** cn=''username'' <br/> objectClass: inetOrgPerson <br/> cn: ''username'' <br/> uid: ''username'' <br/> sn: - <br/> userPassword: {SSHA}''saltedhash'' <br/> mail: ''username''@feministwiki.org<br />
*** cn=''username2'' <br/> objectClass: inetOrgPerson <br/> cn: ''username2'' <br/> uid: ''username2'' <br/> sn: - <br/> userPassword: {SSHA}''saltedhash2'' <br/> mail: ''username2''@feministwiki.org <br/> manager: cn=''username'',ou=members,dc=feministwiki,dc=org<br />
*** ...<br />
** ou=groups<br />
*** cn=members <br/> objectClass: groupOfNames <br/> cn: members <br/> member: ''username'' <br/> member: ''username2'' <br/> member: ...<br />
<br />
Notes:<br />
* The <code>cn</code> (common name) and <code>uid</code> (user ID) fields both contain the username. This is because some software is preconfigured to look at <code>uid</code>, while most look at <code>cn</code>.<br />
* The <code>sn</code> (surname) field simply contains a minus character as a placeholder, because it's a mandatory field.<br />
* The <code>manager</code> field is optional and we use it to record the member who added the member in question.<br />
<br />
To make sure passwords are stored with the <code>{SSHA}</code> scheme rather than plain text, the <code>ppolicy</code> "password policy overlay" is used. ZYTRAX has a very nice book about LDAP which documents how to enable this: http://www.zytrax.com/books/ldap/ch6/ppolicy.html<br />
<br />
In short, the steps go as follows (these commands ''should'' work verbatim):<br />
<br />
# Add the ppolicy schema<br />
ldapadd -Y external -H ldapi:/// < /etc/ldap/schema/ppolicy.ldif<br />
<br />
# Enable the ppolicy dynamic module<br />
ldapmodify -Y external -H ldapi:/// <<EOF<br />
dn: cn=module{0},cn=config<br />
changetype: modify<br />
add: olcModuleLoad<br />
olcModuleLoad: ppolicy<br />
EOF<br />
<br />
# Add the ppolicy overlay with olcPPolicyHashCleartext set to TRUE<br />
ldapadd -Y external -H ldapi:/// <<EOF<br />
dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config<br />
objectClass: olcPPolicyConfig<br />
olcOverlay: ppolicy<br />
olcPPolicyHashCleartext: TRUE<br />
EOF<br />
<br />
=== Wiki ===<br />
<br />
Host: feministwiki.org, www.feministwiki.org <br/><br />
Software: MediaWiki<br />
<br />
The wiki uses a [https://www.mediawiki.org/wiki/MediaWiki MediaWiki] installation located at <code>/var/www/wiki/w</code> with the [https://www.mediawiki.org/wiki/Extension:LDAP_Authentication LDAP Authentication] plugin for login management and the "Short URL" feature enabled with help of Apache's vhost configuration, which is located at <code>/etc/apache2/sites-available/wiki.conf</code>.<br />
<br />
The wiki uses the SQL database called "feministwiki" and the SQL user of the same name.<br />
<br />
=== Chat (web interface) ===<br />
<br />
Host: chat.feministwiki.org <br/><br />
Software: Converse.js<br />
<br />
The web-interface for the FeministChat uses the full-screen "Impress" variant of the [https://conversejs.org/ Converse.js] XMPP client. The hosted HTML and JS files are located at <code>/var/www/chat</code>, although they load Converse.js as an external script from upstream, which is why the self-hosted HTML and JS are very minimal.<br />
<br />
=== Forum ===<br />
<br />
Host: forum.feministwiki.org <br/><br />
Software: phpBB<br />
<br />
The forum uses a [https://www.phpbb.com/ phpBB] installation located at <code>/var/www/forum</code>. Most configuration of phpBB, including LDAP authentication, is done through its administration panel. The style used by the forum is essentially Basic Orange, though the logo is changed via an inheriting style called FeministWiki.<br />
<br />
The forum uses the SQL database called "feministforum" and the SQL user of the same name.<br />
<br />
=== Mail (web interface) ===<br />
<br />
Host: mail.feministwiki.org <br/><br />
Software: Roundcube<br />
<br />
The web-interface for the FeministMail uses the [https://roundcube.net/ Roundcube] mail client, installed at <code>/var/www/mail</code>. It uses the standard "larry" style, but with some tweaks to logos and images.<br />
<br />
=== Files ===<br />
<br />
Host: files.feministwiki.org <br/><br />
Software: Nextcloud<br />
<br />
FeministFiles is a [https://nextcloud.com/ Nextcloud] installation with some branding, and LDAP authentication, installed at <code>/var/www/files</code>.<br />
<br />
=== IMAP ===<br />
<br />
Host: imap.feministwiki.org <br/><br />
Software: Dovecot<br />
<br />
FeministMail uses the [https://www.dovecot.org/ Dovecot] IMAP server, configured for LDAP authentication and using virtual mail boxes under <code>/home/vmail</code>.<br />
<br />
=== SMTP ===<br />
<br />
Host: smtp.feministwiki.org <br/><br />
Software: Postfix, OpenDKIM<br />
<br />
FeministMail uses the [http://www.postfix.org/ Postfix] SMTP server, using SASL authentication through Dovecot and LDAP-based virtual mail boxes under <code>/home/vmail</code>.<br />
<br />
Postfix is configured to use OpenDKIM to sign outgoing mail. If using a Unix socket to make the processes communicate, make sure the <code>postfix</code> user has permissions to open the socket.<br />
<br />
=== XMPP ===<br />
<br />
Host: xmpp.feministwiki.org <br/><br />
Software: ejabberd<br />
<br />
FeministChat uses the [https://www.ejabberd.im/ ejabberd] XMPP server, configured to use LDAP authentication and an LDAP-based shared roster group for all members.<br />
<br />
=== IRC ===<br />
<br />
Host: irc.feministwiki.org <br/><br />
Software: InspIRCd<br />
<br />
FeministIRC uses the [http://www.inspircd.org/ InspIRCd] IRC server with the <code>ldapauth</code> module for LDAP authentication.<br />
<br />
=== Add a member ===<br />
<br />
Host: add-member.feministwiki.org <br/><br />
Software: custom<br />
<br />
The page to add a new member, hosted at <code>/var/www/add-member</code>, uses a bit of self-written HTML, PHP, and a setuid-root C program to invoke the shell script located at <code>/root/bin/fw-adduser</code> with root privileges.</div>SocJusWizhttps://feministwiki.org/w/index.php?title=FeministWiki:Technical_documentation&diff=107FeministWiki:Technical documentation2018-09-23T15:51:27Z<p>SocJusWiz: /* Certs */</p>
<hr />
<div>This page documents the FeministWiki's technical infrastructure, the target audience being technicians.<br />
<br />
== Hosts ==<br />
<br />
The following table documents the basic DNS configuration, and can be used as part of the <code>/etc/hosts</code> file on each server to obviate the need for DNS lookups when connecting to one another.<br />
<br />
{| class="wikitable"<br />
!IP !! FQDN !! Host !! Purpose<br />
|-<br />
|85.214.101.34 || feministwiki.org || || Wiki<br />
|-<br />
|85.214.101.34 || www.feministwiki.org || www || Wiki<br />
|-<br />
|85.214.101.34 || ldap.feministwiki.org || ldap || LDAP<br />
|-<br />
|85.214.101.34 || chat.feministwiki.org || chat || Web-client for XMPP<br />
|-<br />
|85.214.101.34 || forum.feministwiki.org || forum || BBS Forum<br />
|-<br />
|85.214.101.34 || mail.feministwiki.org || mail || Web-client for Mail<br />
|-<br />
|85.214.101.34 || files.feministwiki.org || files || File storage<br />
|-<br />
|85.214.101.34 || imap.feministwiki.org || imap || IMAP<br />
|-<br />
|85.214.101.34 || smtp.feministwiki.org || smtp || SMTP<br />
|-<br />
|85.214.101.34 || xmpp.feministwiki.org || xmpp || XMPP<br />
|-<br />
|85.214.101.34 || irc.feministwiki.org || irc || IRC<br />
|-<br />
|85.214.101.34 || social.feministwiki.org || social || GNU social<br />
|-<br />
|85.214.101.34 || add-member.feministwiki.org || add-member || Add a member<br />
|}<br />
<br />
(As you can see, all services are on the same server for now.)<br />
<br />
== Special DNS entries ==<br />
<br />
The following entries are used for email:<br />
<br />
{| class="wikitable"<br />
!Type !! Host !! Data !! Purpose<br />
|-<br />
|MX || @ || smtp.feministwiki.org || Mail server<br />
|-<br />
|TXT || @ || v=spf1 mx -all || SPF<br />
|-<br />
|TXT || mail._domainkey || v=DKIM1; k=rsa; p=<pubkey> || DKIM<br />
|-<br />
|TXT || _dmarc || v=DMARC1; p=reject; rua=<nowiki>mailto:admin</nowiki>@feministwiki.org || DMARC<br />
|-<br />
|TXT || @ || google-site-verification=<key> || Google Site Verification<br />
|}<br />
<br />
And the following SRV records for XMPP:<br />
<br />
{| class="wikitable"<br />
!Service !! Protocol !! Name !! Destination !! Port<br />
|-<br />
|_xmpp-client || _tcp || @ || xmpp.feministwiki.org || 5222<br />
|-<br />
|_xmpp-server || _tcp || @ || xmpp.feministwiki.org || 5269<br />
|}<br />
<br />
== SSH access ==<br />
<br />
FeministWiki hosts have ssh enabled for <code>root</code> access, but password login is disabled. You must own a valid private key to log in.<br />
<br />
== Git repo of scripts and configuration ==<br />
<br />
The following GitHub account hosts repositories with scripts and configuration used by the FeministWiki:<br />
<br />
https://github.com/FeministWiki<br />
<br />
== Certs ==<br />
<br />
The FeministWiki uses LetsEncrypt to acquire digital certificates for encrypted communication.<br />
<br />
To ease use of the letsencrypt command, the file <code>/root/etc/domains</code> contains all the FQDNs used by the FeministWiki, one per line. Given that, the preferred way to populate the <code>/etc/letsencrypt/live/feministwiki.org</code> directory with fresh certs is to run the following command while TCP port 80 is free (e.g. stop Apache first):<br />
<br />
letsencrypt certonly --authenticator standalone -d "$(tr '\n' ',' < /root/etc/domains)"<br />
<br />
Additionally, for programs that require a cert file and its private key in a single combined <code>.pem</code> file, run the following commands to generate such a file:<br />
<br />
cd /etc/letsencrypt/live/feministwiki.org<br />
cat fullchain.pem privkey.pem > certbundle.pem<br />
<br />
The script <code>/root/bin/letsencrypt-refresh</code> '''does all of the above''', so in practice you just need to run the following commands to recreate the cert:<br />
<br />
service apache2 stop # Assuming Apache is running on the machine<br />
letsencrypt-refresh<br />
service apache2 start<br />
<br />
The above can be used not only to refresh a cert that's running out, but also to add a new domain to the cert. Just add the domain to <code>/root/etc/domains</code> and run the commands.<br />
<br />
Note that the letsencrypt command doesn't work well on a "dumb" terminal such as an Emacs shell buffer. Make sure to run it from within a proper terminal emulator.<br />
<br />
=== Readability of the key files ===<br />
<br />
To ensure that processes running under unprivileged users can read key files, ensure that the users they run under are members of the <code>ssl-cert</code> group, which should have read access to the files in <code>/etc/letsencrypt/live/feministwiki.org</code>.<br />
<br />
== Services ==<br />
<br />
This section documents the individual services of the FeministWiki. They should work regardless of what server they're on. I.e. every service could in theory be hosted on its own server.<br />
<br />
=== LDAP ===<br />
<br />
Host: ldap.feministwiki.org <br/><br />
Software: OpenLDAP<br />
<br />
The LDAP service contains the central database of FeministWiki members. The structure looks like this:<br />
<br />
* dc=feministwiki,dc=org<br />
** ou=members<br />
*** cn=''username'' <br/> objectClass: inetOrgPerson <br/> cn: ''username'' <br/> uid: ''username'' <br/> sn: - <br/> userPassword: {SSHA}''saltedhash'' <br/> mail: ''username''@feministwiki.org<br />
*** cn=''username2'' <br/> objectClass: inetOrgPerson <br/> cn: ''username2'' <br/> uid: ''username2'' <br/> sn: - <br/> userPassword: {SSHA}''saltedhash2'' <br/> mail: ''username2''@feministwiki.org <br/> manager: cn=''username'',ou=members,dc=feministwiki,dc=org<br />
*** ...<br />
** ou=groups<br />
*** cn=members <br/> objectClass: groupOfNames <br/> cn: members <br/> member: ''username'' <br/> member: ''username2'' <br/> member: ...<br />
<br />
Notes:<br />
* The <code>cn</code> (common name) and <code>uid</code> (user ID) fields both contain the username. This is because some software is preconfigured to look at <code>uid</code>, while most look at <code>cn</code>.<br />
* The <code>sn</code> (surname) field simply contains a minus character as a placeholder, because it's a mandatory field.<br />
* The <code>manager</code> field is optional and we use it to record the member who added the member in question.<br />
<br />
To make sure passwords are stored with the <code>{SSHA}</code> scheme rather than plain text, the <code>ppolicy</code> "password policy overlay" is used. ZYTRAX has a very nice book about LDAP which documents how to enable this: http://www.zytrax.com/books/ldap/ch6/ppolicy.html<br />
<br />
In short, the steps go as follows (these commands ''should'' work verbatim):<br />
<br />
# Add the ppolicy schema<br />
ldapadd -Y external -H ldapi:/// < /etc/ldap/schema/ppolicy.ldif<br />
<br />
# Enable the ppolicy dynamic module<br />
ldapmodify -Y external -H ldapi:/// <<EOF<br />
dn: cn=module{0},cn=config<br />
changetype: modify<br />
add: olcModuleLoad<br />
olcModuleLoad: ppolicy<br />
EOF<br />
<br />
# Add the ppolicy overlay with olcPPolicyHashCleartext set to TRUE<br />
ldapadd -Y external -H ldapi:/// <<EOF<br />
dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config<br />
objectClass: olcPPolicyConfig<br />
olcOverlay: ppolicy<br />
olcPPolicyHashCleartext: TRUE<br />
EOF<br />
<br />
=== Wiki ===<br />
<br />
Host: feministwiki.org, www.feministwiki.org <br/><br />
Software: MediaWiki<br />
<br />
The wiki uses a [https://www.mediawiki.org/wiki/MediaWiki MediaWiki] installation located at <code>/var/www/wiki/w</code> with the [https://www.mediawiki.org/wiki/Extension:LDAP_Authentication LDAP Authentication] plugin for login management and the "Short URL" feature enabled with help of Apache's vhost configuration, which is located at <code>/etc/apache2/sites-available/wiki.conf</code>.<br />
<br />
The wiki uses the SQL database called "feministwiki" and the SQL user of the same name.<br />
<br />
=== Chat (web interface) ===<br />
<br />
Host: chat.feministwiki.org <br/><br />
Software: Converse.js<br />
<br />
The web-interface for the FeministChat uses the full-screen "Impress" variant of the [https://conversejs.org/ Converse.js] XMPP client. The hosted HTML and JS files are located at <code>/var/www/chat</code>, although they load Converse.js as an external script from upstream, which is why the self-hosted HTML and JS are very minimal.<br />
<br />
=== Forum ===<br />
<br />
Host: forum.feministwiki.org <br/><br />
Software: phpBB<br />
<br />
The forum uses a [https://www.phpbb.com/ phpBB] installation located at <code>/var/www/forum</code>. Most configuration of phpBB, including LDAP authentication, is done through its administration panel. The style used by the forum is essentially Basic Orange, though the logo is changed via an inheriting style called FeministWiki.<br />
<br />
The forum uses the SQL database called "feministforum" and the SQL user of the same name.<br />
<br />
=== Mail (web interface) ===<br />
<br />
Host: mail.feministwiki.org <br/><br />
Software: Roundcube<br />
<br />
The web-interface for the FeministMail uses the [https://roundcube.net/ Roundcube] mail client, installed at <code>/var/www/mail</code>. It uses the standard "larry" style, but with some tweaks to logos and images.<br />
<br />
=== Files ===<br />
<br />
Host: files.feministwiki.org <br/><br />
Software: Nextcloud<br />
<br />
FeministFiles is a [https://nextcloud.com/ Nextcloud] installation with some branding, and LDAP authentication, installed at <code>/var/www/files</code>.<br />
<br />
=== IMAP ===<br />
<br />
Host: imap.feministwiki.org <br/><br />
Software: Dovecot<br />
<br />
FeministMail uses the [https://www.dovecot.org/ Dovecot] IMAP server, configured for LDAP authentication and using virtual mail boxes under <code>/home/vmail</code>.<br />
<br />
=== SMTP ===<br />
<br />
Host: smtp.feministwiki.org <br/><br />
Software: Postfix<br />
<br />
FeministMail uses the [http://www.postfix.org/ Postfix] SMTP server, using SASL authentication through Dovecot and LDAP-based virtual mail boxes under <code>/home/vmail</code>.<br />
<br />
=== XMPP ===<br />
<br />
Host: xmpp.feministwiki.org <br/><br />
Software: ejabberd<br />
<br />
FeministChat uses the [https://www.ejabberd.im/ ejabberd] XMPP server, configured to use LDAP authentication and an LDAP-based shared roster group for all members.<br />
<br />
=== IRC ===<br />
<br />
Host: irc.feministwiki.org <br/><br />
Software: InspIRCd<br />
<br />
FeministIRC uses the [http://www.inspircd.org/ InspIRCd] IRC server with the <code>ldapauth</code> module for LDAP authentication.<br />
<br />
=== Add a member ===<br />
<br />
Host: add-member.feministwiki.org <br/><br />
Software: custom<br />
<br />
The page to add a new member, hosted at <code>/var/www/add-member</code>, uses a bit of self-written HTML, PHP, and a setuid-root C program to invoke the shell script located at <code>/root/bin/fw-adduser</code> with root privileges.</div>SocJusWizhttps://feministwiki.org/w/index.php?title=FeministWiki:Technical_documentation&diff=106FeministWiki:Technical documentation2018-09-23T15:26:08Z<p>SocJusWiz: /* Special DNS entries */</p>
<hr />
<div>This page documents the FeministWiki's technical infrastructure, the target audience being technicians.<br />
<br />
== Hosts ==<br />
<br />
The following table documents the basic DNS configuration, and can be used as part of the <code>/etc/hosts</code> file on each server to obviate the need for DNS lookups when connecting to one another.<br />
<br />
{| class="wikitable"<br />
!IP !! FQDN !! Host !! Purpose<br />
|-<br />
|85.214.101.34 || feministwiki.org || || Wiki<br />
|-<br />
|85.214.101.34 || www.feministwiki.org || www || Wiki<br />
|-<br />
|85.214.101.34 || ldap.feministwiki.org || ldap || LDAP<br />
|-<br />
|85.214.101.34 || chat.feministwiki.org || chat || Web-client for XMPP<br />
|-<br />
|85.214.101.34 || forum.feministwiki.org || forum || BBS Forum<br />
|-<br />
|85.214.101.34 || mail.feministwiki.org || mail || Web-client for Mail<br />
|-<br />
|85.214.101.34 || files.feministwiki.org || files || File storage<br />
|-<br />
|85.214.101.34 || imap.feministwiki.org || imap || IMAP<br />
|-<br />
|85.214.101.34 || smtp.feministwiki.org || smtp || SMTP<br />
|-<br />
|85.214.101.34 || xmpp.feministwiki.org || xmpp || XMPP<br />
|-<br />
|85.214.101.34 || irc.feministwiki.org || irc || IRC<br />
|-<br />
|85.214.101.34 || social.feministwiki.org || social || GNU social<br />
|-<br />
|85.214.101.34 || add-member.feministwiki.org || add-member || Add a member<br />
|}<br />
<br />
(As you can see, all services are on the same server for now.)<br />
<br />
== Special DNS entries ==<br />
<br />
The following entries are used for email:<br />
<br />
{| class="wikitable"<br />
!Type !! Host !! Data !! Purpose<br />
|-<br />
|MX || @ || smtp.feministwiki.org || Mail server<br />
|-<br />
|TXT || @ || v=spf1 mx -all || SPF<br />
|-<br />
|TXT || mail._domainkey || v=DKIM1; k=rsa; p=<pubkey> || DKIM<br />
|-<br />
|TXT || _dmarc || v=DMARC1; p=reject; rua=<nowiki>mailto:admin</nowiki>@feministwiki.org || DMARC<br />
|-<br />
|TXT || @ || google-site-verification=<key> || Google Site Verification<br />
|}<br />
<br />
And the following SRV records for XMPP:<br />
<br />
{| class="wikitable"<br />
!Service !! Protocol !! Name !! Destination !! Port<br />
|-<br />
|_xmpp-client || _tcp || @ || xmpp.feministwiki.org || 5222<br />
|-<br />
|_xmpp-server || _tcp || @ || xmpp.feministwiki.org || 5269<br />
|}<br />
<br />
== SSH access ==<br />
<br />
FeministWiki hosts have ssh enabled for <code>root</code> access, but password login is disabled. You must own a valid private key to log in.<br />
<br />
== Git repo of scripts and configuration ==<br />
<br />
The following GitHub account hosts repositories with scripts and configuration used by the FeministWiki:<br />
<br />
https://github.com/FeministWiki<br />
<br />
== Certs ==<br />
<br />
The FeministWiki uses LetsEncrypt to acquire digital certificates for encrypted communication.<br />
<br />
To ease use of the letsencrypt command, the file <code>/root/etc/domains</code> contains all the FQDNs used by the FeministWiki, one per line. Given that, the preferred way to populate the <code>/etc/letsencrypt/live/feministwiki.org</code> directory with fresh certs is to run the following command while TCP port 80 is free (e.g. stop Apache first):<br />
<br />
letsencrypt certonly --authenticator standalone -d "$(tr '\n' ',' < /root/etc/domains)"<br />
<br />
Additionally, for programs that require a cert file and its private key in a single combined <code>.pem</code> file, run the following commands to generate such a file:<br />
<br />
cd /etc/letsencrypt/live/feministwiki.org<br />
cat fullchain.pem privkey.pem > certbundle.pem<br />
<br />
The script <code>/root/bin/letsencrypt-refresh</code> '''does all of the above''', so in practice you just need to run the following commands to recreate the cert:<br />
<br />
service apache2 stop # Assuming Apache is running on the machine<br />
letsencrypt-refresh<br />
service apache2 start<br />
<br />
The above can be used not only to refresh a cert that's running out, but also to add a new domain to the cert. Just add the domain to <code>/root/etc/domains</code> and run the commands.<br />
<br />
Note that the letsencrypt command doesn't work well on a "dumb" terminal such as an Emacs shell buffer. Make sure to run it from within a proper terminal emulator.<br />
<br />
== Services ==<br />
<br />
This section documents the individual services of the FeministWiki. They should work regardless of what server they're on. I.e. every service could in theory be hosted on its own server.<br />
<br />
=== LDAP ===<br />
<br />
Host: ldap.feministwiki.org <br/><br />
Software: OpenLDAP<br />
<br />
The LDAP service contains the central database of FeministWiki members. The structure looks like this:<br />
<br />
* dc=feministwiki,dc=org<br />
** ou=members<br />
*** cn=''username'' <br/> objectClass: inetOrgPerson <br/> cn: ''username'' <br/> uid: ''username'' <br/> sn: - <br/> userPassword: {SSHA}''saltedhash'' <br/> mail: ''username''@feministwiki.org<br />
*** cn=''username2'' <br/> objectClass: inetOrgPerson <br/> cn: ''username2'' <br/> uid: ''username2'' <br/> sn: - <br/> userPassword: {SSHA}''saltedhash2'' <br/> mail: ''username2''@feministwiki.org <br/> manager: cn=''username'',ou=members,dc=feministwiki,dc=org<br />
*** ...<br />
** ou=groups<br />
*** cn=members <br/> objectClass: groupOfNames <br/> cn: members <br/> member: ''username'' <br/> member: ''username2'' <br/> member: ...<br />
<br />
Notes:<br />
* The <code>cn</code> (common name) and <code>uid</code> (user ID) fields both contain the username. This is because some software is preconfigured to look at <code>uid</code>, while most look at <code>cn</code>.<br />
* The <code>sn</code> (surname) field simply contains a minus character as a placeholder, because it's a mandatory field.<br />
* The <code>manager</code> field is optional and we use it to record the member who added the member in question.<br />
<br />
To make sure passwords are stored with the <code>{SSHA}</code> scheme rather than plain text, the <code>ppolicy</code> "password policy overlay" is used. ZYTRAX has a very nice book about LDAP which documents how to enable this: http://www.zytrax.com/books/ldap/ch6/ppolicy.html<br />
<br />
In short, the steps go as follows (these commands ''should'' work verbatim):<br />
<br />
# Add the ppolicy schema<br />
ldapadd -Y external -H ldapi:/// < /etc/ldap/schema/ppolicy.ldif<br />
<br />
# Enable the ppolicy dynamic module<br />
ldapmodify -Y external -H ldapi:/// <<EOF<br />
dn: cn=module{0},cn=config<br />
changetype: modify<br />
add: olcModuleLoad<br />
olcModuleLoad: ppolicy<br />
EOF<br />
<br />
# Add the ppolicy overlay with olcPPolicyHashCleartext set to TRUE<br />
ldapadd -Y external -H ldapi:/// <<EOF<br />
dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config<br />
objectClass: olcPPolicyConfig<br />
olcOverlay: ppolicy<br />
olcPPolicyHashCleartext: TRUE<br />
EOF<br />
<br />
=== Wiki ===<br />
<br />
Host: feministwiki.org, www.feministwiki.org <br/><br />
Software: MediaWiki<br />
<br />
The wiki uses a [https://www.mediawiki.org/wiki/MediaWiki MediaWiki] installation located at <code>/var/www/wiki/w</code> with the [https://www.mediawiki.org/wiki/Extension:LDAP_Authentication LDAP Authentication] plugin for login management and the "Short URL" feature enabled with help of Apache's vhost configuration, which is located at <code>/etc/apache2/sites-available/wiki.conf</code>.<br />
<br />
The wiki uses the SQL database called "feministwiki" and the SQL user of the same name.<br />
<br />
=== Chat (web interface) ===<br />
<br />
Host: chat.feministwiki.org <br/><br />
Software: Converse.js<br />
<br />
The web-interface for the FeministChat uses the full-screen "Impress" variant of the [https://conversejs.org/ Converse.js] XMPP client. The hosted HTML and JS files are located at <code>/var/www/chat</code>, although they load Converse.js as an external script from upstream, which is why the self-hosted HTML and JS are very minimal.<br />
<br />
=== Forum ===<br />
<br />
Host: forum.feministwiki.org <br/><br />
Software: phpBB<br />
<br />
The forum uses a [https://www.phpbb.com/ phpBB] installation located at <code>/var/www/forum</code>. Most configuration of phpBB, including LDAP authentication, is done through its administration panel. The style used by the forum is essentially Basic Orange, though the logo is changed via an inheriting style called FeministWiki.<br />
<br />
The forum uses the SQL database called "feministforum" and the SQL user of the same name.<br />
<br />
=== Mail (web interface) ===<br />
<br />
Host: mail.feministwiki.org <br/><br />
Software: Roundcube<br />
<br />
The web-interface for the FeministMail uses the [https://roundcube.net/ Roundcube] mail client, installed at <code>/var/www/mail</code>. It uses the standard "larry" style, but with some tweaks to logos and images.<br />
<br />
=== Files ===<br />
<br />
Host: files.feministwiki.org <br/><br />
Software: Nextcloud<br />
<br />
FeministFiles is a [https://nextcloud.com/ Nextcloud] installation with some branding, and LDAP authentication, installed at <code>/var/www/files</code>.<br />
<br />
=== IMAP ===<br />
<br />
Host: imap.feministwiki.org <br/><br />
Software: Dovecot<br />
<br />
FeministMail uses the [https://www.dovecot.org/ Dovecot] IMAP server, configured for LDAP authentication and using virtual mail boxes under <code>/home/vmail</code>.<br />
<br />
=== SMTP ===<br />
<br />
Host: smtp.feministwiki.org <br/><br />
Software: Postfix<br />
<br />
FeministMail uses the [http://www.postfix.org/ Postfix] SMTP server, using SASL authentication through Dovecot and LDAP-based virtual mail boxes under <code>/home/vmail</code>.<br />
<br />
=== XMPP ===<br />
<br />
Host: xmpp.feministwiki.org <br/><br />
Software: ejabberd<br />
<br />
FeministChat uses the [https://www.ejabberd.im/ ejabberd] XMPP server, configured to use LDAP authentication and an LDAP-based shared roster group for all members.<br />
<br />
=== IRC ===<br />
<br />
Host: irc.feministwiki.org <br/><br />
Software: InspIRCd<br />
<br />
FeministIRC uses the [http://www.inspircd.org/ InspIRCd] IRC server with the <code>ldapauth</code> module for LDAP authentication.<br />
<br />
=== Add a member ===<br />
<br />
Host: add-member.feministwiki.org <br/><br />
Software: custom<br />
<br />
The page to add a new member, hosted at <code>/var/www/add-member</code>, uses a bit of self-written HTML, PHP, and a setuid-root C program to invoke the shell script located at <code>/root/bin/fw-adduser</code> with root privileges.</div>SocJusWizhttps://feministwiki.org/w/index.php?title=FeministWiki:Technical_documentation&diff=105FeministWiki:Technical documentation2018-09-23T15:21:40Z<p>SocJusWiz: /* Special DNS entries */</p>
<hr />
<div>This page documents the FeministWiki's technical infrastructure, the target audience being technicians.<br />
<br />
== Hosts ==<br />
<br />
The following table documents the basic DNS configuration, and can be used as part of the <code>/etc/hosts</code> file on each server to obviate the need for DNS lookups when connecting to one another.<br />
<br />
{| class="wikitable"<br />
!IP !! FQDN !! Host !! Purpose<br />
|-<br />
|85.214.101.34 || feministwiki.org || || Wiki<br />
|-<br />
|85.214.101.34 || www.feministwiki.org || www || Wiki<br />
|-<br />
|85.214.101.34 || ldap.feministwiki.org || ldap || LDAP<br />
|-<br />
|85.214.101.34 || chat.feministwiki.org || chat || Web-client for XMPP<br />
|-<br />
|85.214.101.34 || forum.feministwiki.org || forum || BBS Forum<br />
|-<br />
|85.214.101.34 || mail.feministwiki.org || mail || Web-client for Mail<br />
|-<br />
|85.214.101.34 || files.feministwiki.org || files || File storage<br />
|-<br />
|85.214.101.34 || imap.feministwiki.org || imap || IMAP<br />
|-<br />
|85.214.101.34 || smtp.feministwiki.org || smtp || SMTP<br />
|-<br />
|85.214.101.34 || xmpp.feministwiki.org || xmpp || XMPP<br />
|-<br />
|85.214.101.34 || irc.feministwiki.org || irc || IRC<br />
|-<br />
|85.214.101.34 || social.feministwiki.org || social || GNU social<br />
|-<br />
|85.214.101.34 || add-member.feministwiki.org || add-member || Add a member<br />
|}<br />
<br />
(As you can see, all services are on the same server for now.)<br />
<br />
== Special DNS entries ==<br />
<br />
The following entries are used for email:<br />
<br />
{| class="wikitable"<br />
!Type !! Host !! Data !! Purpose<br />
|-<br />
|MX || @ || smtp.feministwiki.org || Mail server<br />
|-<br />
|TXT || @ || v=spf1 mx -all || SPF<br />
|-<br />
|TXT || mail._domainkey || v=DKIM1; k=rsa; p=<pubkey> || DKIM<br />
|-<br />
|TXT || _dmarc || v=DMARC1; p=reject; rua=mailto:admin@feministwiki.org || DMARC<br />
|-<br />
|TXT || @ || google-site-verification=<key> || Google Site Verification<br />
|}<br />
<br />
And the following SRV records for XMPP:<br />
<br />
{| class="wikitable"<br />
!Service !! Protocol !! Name !! Destination !! Port<br />
|-<br />
|_xmpp-client || _tcp || @ || xmpp.feministwiki.org || 5222<br />
|-<br />
|_xmpp-server || _tcp || @ || xmpp.feministwiki.org || 5269<br />
|}<br />
<br />
== SSH access ==<br />
<br />
FeministWiki hosts have ssh enabled for <code>root</code> access, but password login is disabled. You must own a valid private key to log in.<br />
<br />
== Git repo of scripts and configuration ==<br />
<br />
The following GitHub account hosts repositories with scripts and configuration used by the FeministWiki:<br />
<br />
https://github.com/FeministWiki<br />
<br />
== Certs ==<br />
<br />
The FeministWiki uses LetsEncrypt to acquire digital certificates for encrypted communication.<br />
<br />
To ease use of the letsencrypt command, the file <code>/root/etc/domains</code> contains all the FQDNs used by the FeministWiki, one per line. Given that, the preferred way to populate the <code>/etc/letsencrypt/live/feministwiki.org</code> directory with fresh certs is to run the following command while TCP port 80 is free (e.g. stop Apache first):<br />
<br />
letsencrypt certonly --authenticator standalone -d "$(tr '\n' ',' < /root/etc/domains)"<br />
<br />
Additionally, for programs that require a cert file and its private key in a single combined <code>.pem</code> file, run the following commands to generate such a file:<br />
<br />
cd /etc/letsencrypt/live/feministwiki.org<br />
cat fullchain.pem privkey.pem > certbundle.pem<br />
<br />
The script <code>/root/bin/letsencrypt-refresh</code> '''does all of the above''', so in practice you just need to run the following commands to recreate the cert:<br />
<br />
service apache2 stop # Assuming Apache is running on the machine<br />
letsencrypt-refresh<br />
service apache2 start<br />
<br />
The above can be used not only to refresh a cert that's running out, but also to add a new domain to the cert. Just add the domain to <code>/root/etc/domains</code> and run the commands.<br />
<br />
Note that the letsencrypt command doesn't work well on a "dumb" terminal such as an Emacs shell buffer. Make sure to run it from within a proper terminal emulator.<br />
<br />
== Services ==<br />
<br />
This section documents the individual services of the FeministWiki. They should work regardless of what server they're on. I.e. every service could in theory be hosted on its own server.<br />
<br />
=== LDAP ===<br />
<br />
Host: ldap.feministwiki.org <br/><br />
Software: OpenLDAP<br />
<br />
The LDAP service contains the central database of FeministWiki members. The structure looks like this:<br />
<br />
* dc=feministwiki,dc=org<br />
** ou=members<br />
*** cn=''username'' <br/> objectClass: inetOrgPerson <br/> cn: ''username'' <br/> uid: ''username'' <br/> sn: - <br/> userPassword: {SSHA}''saltedhash'' <br/> mail: ''username''@feministwiki.org<br />
*** cn=''username2'' <br/> objectClass: inetOrgPerson <br/> cn: ''username2'' <br/> uid: ''username2'' <br/> sn: - <br/> userPassword: {SSHA}''saltedhash2'' <br/> mail: ''username2''@feministwiki.org <br/> manager: cn=''username'',ou=members,dc=feministwiki,dc=org<br />
*** ...<br />
** ou=groups<br />
*** cn=members <br/> objectClass: groupOfNames <br/> cn: members <br/> member: ''username'' <br/> member: ''username2'' <br/> member: ...<br />
<br />
Notes:<br />
* The <code>cn</code> (common name) and <code>uid</code> (user ID) fields both contain the username. This is because some software is preconfigured to look at <code>uid</code>, while most look at <code>cn</code>.<br />
* The <code>sn</code> (surname) field simply contains a minus character as a placeholder, because it's a mandatory field.<br />
* The <code>manager</code> field is optional and we use it to record the member who added the member in question.<br />
<br />
To make sure passwords are stored with the <code>{SSHA}</code> scheme rather than plain text, the <code>ppolicy</code> "password policy overlay" is used. ZYTRAX has a very nice book about LDAP which documents how to enable this: http://www.zytrax.com/books/ldap/ch6/ppolicy.html<br />
<br />
In short, the steps go as follows (these commands ''should'' work verbatim):<br />
<br />
# Add the ppolicy schema<br />
ldapadd -Y external -H ldapi:/// < /etc/ldap/schema/ppolicy.ldif<br />
<br />
# Enable the ppolicy dynamic module<br />
ldapmodify -Y external -H ldapi:/// <<EOF<br />
dn: cn=module{0},cn=config<br />
changetype: modify<br />
add: olcModuleLoad<br />
olcModuleLoad: ppolicy<br />
EOF<br />
<br />
# Add the ppolicy overlay with olcPPolicyHashCleartext set to TRUE<br />
ldapadd -Y external -H ldapi:/// <<EOF<br />
dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config<br />
objectClass: olcPPolicyConfig<br />
olcOverlay: ppolicy<br />
olcPPolicyHashCleartext: TRUE<br />
EOF<br />
<br />
=== Wiki ===<br />
<br />
Host: feministwiki.org, www.feministwiki.org <br/><br />
Software: MediaWiki<br />
<br />
The wiki uses a [https://www.mediawiki.org/wiki/MediaWiki MediaWiki] installation located at <code>/var/www/wiki/w</code> with the [https://www.mediawiki.org/wiki/Extension:LDAP_Authentication LDAP Authentication] plugin for login management and the "Short URL" feature enabled with help of Apache's vhost configuration, which is located at <code>/etc/apache2/sites-available/wiki.conf</code>.<br />
<br />
The wiki uses the SQL database called "feministwiki" and the SQL user of the same name.<br />
<br />
=== Chat (web interface) ===<br />
<br />
Host: chat.feministwiki.org <br/><br />
Software: Converse.js<br />
<br />
The web-interface for the FeministChat uses the full-screen "Impress" variant of the [https://conversejs.org/ Converse.js] XMPP client. The hosted HTML and JS files are located at <code>/var/www/chat</code>, although they load Converse.js as an external script from upstream, which is why the self-hosted HTML and JS are very minimal.<br />
<br />
=== Forum ===<br />
<br />
Host: forum.feministwiki.org <br/><br />
Software: phpBB<br />
<br />
The forum uses a [https://www.phpbb.com/ phpBB] installation located at <code>/var/www/forum</code>. Most configuration of phpBB, including LDAP authentication, is done through its administration panel. The style used by the forum is essentially Basic Orange, though the logo is changed via an inheriting style called FeministWiki.<br />
<br />
The forum uses the SQL database called "feministforum" and the SQL user of the same name.<br />
<br />
=== Mail (web interface) ===<br />
<br />
Host: mail.feministwiki.org <br/><br />
Software: Roundcube<br />
<br />
The web-interface for the FeministMail uses the [https://roundcube.net/ Roundcube] mail client, installed at <code>/var/www/mail</code>. It uses the standard "larry" style, but with some tweaks to logos and images.<br />
<br />
=== Files ===<br />
<br />
Host: files.feministwiki.org <br/><br />
Software: Nextcloud<br />
<br />
FeministFiles is a [https://nextcloud.com/ Nextcloud] installation with some branding, and LDAP authentication, installed at <code>/var/www/files</code>.<br />
<br />
=== IMAP ===<br />
<br />
Host: imap.feministwiki.org <br/><br />
Software: Dovecot<br />
<br />
FeministMail uses the [https://www.dovecot.org/ Dovecot] IMAP server, configured for LDAP authentication and using virtual mail boxes under <code>/home/vmail</code>.<br />
<br />
=== SMTP ===<br />
<br />
Host: smtp.feministwiki.org <br/><br />
Software: Postfix<br />
<br />
FeministMail uses the [http://www.postfix.org/ Postfix] SMTP server, using SASL authentication through Dovecot and LDAP-based virtual mail boxes under <code>/home/vmail</code>.<br />
<br />
=== XMPP ===<br />
<br />
Host: xmpp.feministwiki.org <br/><br />
Software: ejabberd<br />
<br />
FeministChat uses the [https://www.ejabberd.im/ ejabberd] XMPP server, configured to use LDAP authentication and an LDAP-based shared roster group for all members.<br />
<br />
=== IRC ===<br />
<br />
Host: irc.feministwiki.org <br/><br />
Software: InspIRCd<br />
<br />
FeministIRC uses the [http://www.inspircd.org/ InspIRCd] IRC server with the <code>ldapauth</code> module for LDAP authentication.<br />
<br />
=== Add a member ===<br />
<br />
Host: add-member.feministwiki.org <br/><br />
Software: custom<br />
<br />
The page to add a new member, hosted at <code>/var/www/add-member</code>, uses a bit of self-written HTML, PHP, and a setuid-root C program to invoke the shell script located at <code>/root/bin/fw-adduser</code> with root privileges.</div>SocJusWizhttps://feministwiki.org/w/index.php?title=FeministWiki:Technical_documentation&diff=104FeministWiki:Technical documentation2018-09-23T13:24:18Z<p>SocJusWiz: </p>
<hr />
<div>This page documents the FeministWiki's technical infrastructure, the target audience being technicians.<br />
<br />
== Hosts ==<br />
<br />
The following table documents the basic DNS configuration, and can be used as part of the <code>/etc/hosts</code> file on each server to obviate the need for DNS lookups when connecting to one another.<br />
<br />
{| class="wikitable"<br />
!IP !! FQDN !! Host !! Purpose<br />
|-<br />
|85.214.101.34 || feministwiki.org || || Wiki<br />
|-<br />
|85.214.101.34 || www.feministwiki.org || www || Wiki<br />
|-<br />
|85.214.101.34 || ldap.feministwiki.org || ldap || LDAP<br />
|-<br />
|85.214.101.34 || chat.feministwiki.org || chat || Web-client for XMPP<br />
|-<br />
|85.214.101.34 || forum.feministwiki.org || forum || BBS Forum<br />
|-<br />
|85.214.101.34 || mail.feministwiki.org || mail || Web-client for Mail<br />
|-<br />
|85.214.101.34 || files.feministwiki.org || files || File storage<br />
|-<br />
|85.214.101.34 || imap.feministwiki.org || imap || IMAP<br />
|-<br />
|85.214.101.34 || smtp.feministwiki.org || smtp || SMTP<br />
|-<br />
|85.214.101.34 || xmpp.feministwiki.org || xmpp || XMPP<br />
|-<br />
|85.214.101.34 || irc.feministwiki.org || irc || IRC<br />
|-<br />
|85.214.101.34 || social.feministwiki.org || social || GNU social<br />
|-<br />
|85.214.101.34 || add-member.feministwiki.org || add-member || Add a member<br />
|}<br />
<br />
(As you can see, all services are on the same server for now.)<br />
<br />
== Special DNS entries ==<br />
<br />
The following entries are used for email:<br />
<br />
{| class="wikitable"<br />
!Type !! Host !! Data !! Purpose<br />
|-<br />
|MX || @ || smtp.feministwiki.org || Mail server<br />
|-<br />
|TXT || @ || v=spf1 mx -all || Sender Policy Framework<br />
|}<br />
<br />
And the following SRV records for XMPP:<br />
<br />
{| class="wikitable"<br />
!Service !! Protocol !! Name !! Destination !! Port<br />
|-<br />
|_xmpp-client || _tcp || @ || xmpp.feministwiki.org || 5222<br />
|-<br />
|_xmpp-server || _tcp || @ || xmpp.feministwiki.org || 5269<br />
|}<br />
<br />
== SSH access ==<br />
<br />
FeministWiki hosts have ssh enabled for <code>root</code> access, but password login is disabled. You must own a valid private key to log in.<br />
<br />
== Git repo of scripts and configuration ==<br />
<br />
The following GitHub account hosts repositories with scripts and configuration used by the FeministWiki:<br />
<br />
https://github.com/FeministWiki<br />
<br />
== Certs ==<br />
<br />
The FeministWiki uses LetsEncrypt to acquire digital certificates for encrypted communication.<br />
<br />
To ease use of the letsencrypt command, the file <code>/root/etc/domains</code> contains all the FQDNs used by the FeministWiki, one per line. Given that, the preferred way to populate the <code>/etc/letsencrypt/live/feministwiki.org</code> directory with fresh certs is to run the following command while TCP port 80 is free (e.g. stop Apache first):<br />
<br />
letsencrypt certonly --authenticator standalone -d "$(tr '\n' ',' < /root/etc/domains)"<br />
<br />
Additionally, for programs that require a cert file and its private key in a single combined <code>.pem</code> file, run the following commands to generate such a file:<br />
<br />
cd /etc/letsencrypt/live/feministwiki.org<br />
cat fullchain.pem privkey.pem > certbundle.pem<br />
<br />
The script <code>/root/bin/letsencrypt-refresh</code> '''does all of the above''', so in practice you just need to run the following commands to recreate the cert:<br />
<br />
service apache2 stop # Assuming Apache is running on the machine<br />
letsencrypt-refresh<br />
service apache2 start<br />
<br />
The above can be used not only to refresh a cert that's running out, but also to add a new domain to the cert. Just add the domain to <code>/root/etc/domains</code> and run the commands.<br />
<br />
Note that the letsencrypt command doesn't work well on a "dumb" terminal such as an Emacs shell buffer. Make sure to run it from within a proper terminal emulator.<br />
<br />
== Services ==<br />
<br />
This section documents the individual services of the FeministWiki. They should work regardless of what server they're on. I.e. every service could in theory be hosted on its own server.<br />
<br />
=== LDAP ===<br />
<br />
Host: ldap.feministwiki.org <br/><br />
Software: OpenLDAP<br />
<br />
The LDAP service contains the central database of FeministWiki members. The structure looks like this:<br />
<br />
* dc=feministwiki,dc=org<br />
** ou=members<br />
*** cn=''username'' <br/> objectClass: inetOrgPerson <br/> cn: ''username'' <br/> uid: ''username'' <br/> sn: - <br/> userPassword: {SSHA}''saltedhash'' <br/> mail: ''username''@feministwiki.org<br />
*** cn=''username2'' <br/> objectClass: inetOrgPerson <br/> cn: ''username2'' <br/> uid: ''username2'' <br/> sn: - <br/> userPassword: {SSHA}''saltedhash2'' <br/> mail: ''username2''@feministwiki.org <br/> manager: cn=''username'',ou=members,dc=feministwiki,dc=org<br />
*** ...<br />
** ou=groups<br />
*** cn=members <br/> objectClass: groupOfNames <br/> cn: members <br/> member: ''username'' <br/> member: ''username2'' <br/> member: ...<br />
<br />
Notes:<br />
* The <code>cn</code> (common name) and <code>uid</code> (user ID) fields both contain the username. This is because some software is preconfigured to look at <code>uid</code>, while most look at <code>cn</code>.<br />
* The <code>sn</code> (surname) field simply contains a minus character as a placeholder, because it's a mandatory field.<br />
* The <code>manager</code> field is optional and we use it to record the member who added the member in question.<br />
<br />
To make sure passwords are stored with the <code>{SSHA}</code> scheme rather than plain text, the <code>ppolicy</code> "password policy overlay" is used. ZYTRAX has a very nice book about LDAP which documents how to enable this: http://www.zytrax.com/books/ldap/ch6/ppolicy.html<br />
<br />
In short, the steps go as follows (these commands ''should'' work verbatim):<br />
<br />
# Add the ppolicy schema<br />
ldapadd -Y external -H ldapi:/// < /etc/ldap/schema/ppolicy.ldif<br />
<br />
# Enable the ppolicy dynamic module<br />
ldapmodify -Y external -H ldapi:/// <<EOF<br />
dn: cn=module{0},cn=config<br />
changetype: modify<br />
add: olcModuleLoad<br />
olcModuleLoad: ppolicy<br />
EOF<br />
<br />
# Add the ppolicy overlay with olcPPolicyHashCleartext set to TRUE<br />
ldapadd -Y external -H ldapi:/// <<EOF<br />
dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config<br />
objectClass: olcPPolicyConfig<br />
olcOverlay: ppolicy<br />
olcPPolicyHashCleartext: TRUE<br />
EOF<br />
<br />
=== Wiki ===<br />
<br />
Host: feministwiki.org, www.feministwiki.org <br/><br />
Software: MediaWiki<br />
<br />
The wiki uses a [https://www.mediawiki.org/wiki/MediaWiki MediaWiki] installation located at <code>/var/www/wiki/w</code> with the [https://www.mediawiki.org/wiki/Extension:LDAP_Authentication LDAP Authentication] plugin for login management and the "Short URL" feature enabled with help of Apache's vhost configuration, which is located at <code>/etc/apache2/sites-available/wiki.conf</code>.<br />
<br />
The wiki uses the SQL database called "feministwiki" and the SQL user of the same name.<br />
<br />
=== Chat (web interface) ===<br />
<br />
Host: chat.feministwiki.org <br/><br />
Software: Converse.js<br />
<br />
The web-interface for the FeministChat uses the full-screen "Impress" variant of the [https://conversejs.org/ Converse.js] XMPP client. The hosted HTML and JS files are located at <code>/var/www/chat</code>, although they load Converse.js as an external script from upstream, which is why the self-hosted HTML and JS are very minimal.<br />
<br />
=== Forum ===<br />
<br />
Host: forum.feministwiki.org <br/><br />
Software: phpBB<br />
<br />
The forum uses a [https://www.phpbb.com/ phpBB] installation located at <code>/var/www/forum</code>. Most configuration of phpBB, including LDAP authentication, is done through its administration panel. The style used by the forum is essentially Basic Orange, though the logo is changed via an inheriting style called FeministWiki.<br />
<br />
The forum uses the SQL database called "feministforum" and the SQL user of the same name.<br />
<br />
=== Mail (web interface) ===<br />
<br />
Host: mail.feministwiki.org <br/><br />
Software: Roundcube<br />
<br />
The web-interface for the FeministMail uses the [https://roundcube.net/ Roundcube] mail client, installed at <code>/var/www/mail</code>. It uses the standard "larry" style, but with some tweaks to logos and images.<br />
<br />
=== Files ===<br />
<br />
Host: files.feministwiki.org <br/><br />
Software: Nextcloud<br />
<br />
FeministFiles is a [https://nextcloud.com/ Nextcloud] installation with some branding, and LDAP authentication, installed at <code>/var/www/files</code>.<br />
<br />
=== IMAP ===<br />
<br />
Host: imap.feministwiki.org <br/><br />
Software: Dovecot<br />
<br />
FeministMail uses the [https://www.dovecot.org/ Dovecot] IMAP server, configured for LDAP authentication and using virtual mail boxes under <code>/home/vmail</code>.<br />
<br />
=== SMTP ===<br />
<br />
Host: smtp.feministwiki.org <br/><br />
Software: Postfix<br />
<br />
FeministMail uses the [http://www.postfix.org/ Postfix] SMTP server, using SASL authentication through Dovecot and LDAP-based virtual mail boxes under <code>/home/vmail</code>.<br />
<br />
=== XMPP ===<br />
<br />
Host: xmpp.feministwiki.org <br/><br />
Software: ejabberd<br />
<br />
FeministChat uses the [https://www.ejabberd.im/ ejabberd] XMPP server, configured to use LDAP authentication and an LDAP-based shared roster group for all members.<br />
<br />
=== IRC ===<br />
<br />
Host: irc.feministwiki.org <br/><br />
Software: InspIRCd<br />
<br />
FeministIRC uses the [http://www.inspircd.org/ InspIRCd] IRC server with the <code>ldapauth</code> module for LDAP authentication.<br />
<br />
=== Add a member ===<br />
<br />
Host: add-member.feministwiki.org <br/><br />
Software: custom<br />
<br />
The page to add a new member, hosted at <code>/var/www/add-member</code>, uses a bit of self-written HTML, PHP, and a setuid-root C program to invoke the shell script located at <code>/root/bin/fw-adduser</code> with root privileges.</div>SocJusWizhttps://feministwiki.org/w/index.php?title=FeministWiki:Technical_documentation&diff=103FeministWiki:Technical documentation2018-09-23T13:10:02Z<p>SocJusWiz: /* Hosts */</p>
<hr />
<div>This page documents the FeministWiki's technical infrastructure, the target audience being technicians.<br />
<br />
== Hosts ==<br />
<br />
The following table documents the basic DNS configuration, and can be used as part of the <code>/etc/hosts</code> file on each server to obviate the need for DNS lookups when connecting to one another.<br />
<br />
{| class="wikitable"<br />
!IP !! FQDN !! Host !! Purpose<br />
|-<br />
|85.214.101.34 || feministwiki.org || || Wiki<br />
|-<br />
|85.214.101.34 || www.feministwiki.org || www || Wiki<br />
|-<br />
|85.214.101.34 || ldap.feministwiki.org || ldap || LDAP<br />
|-<br />
|85.214.101.34 || chat.feministwiki.org || chat || Web-client for XMPP<br />
|-<br />
|85.214.101.34 || forum.feministwiki.org || forum || BBS Forum<br />
|-<br />
|85.214.101.34 || mail.feministwiki.org || mail || Web-client for Mail<br />
|-<br />
|85.214.101.34 || files.feministwiki.org || files || File storage<br />
|-<br />
|85.214.101.34 || imap.feministwiki.org || imap || IMAP<br />
|-<br />
|85.214.101.34 || smtp.feministwiki.org || smtp || SMTP<br />
|-<br />
|85.214.101.34 || xmpp.feministwiki.org || xmpp || XMPP<br />
|-<br />
|85.214.101.34 || irc.feministwiki.org || irc || IRC<br />
|-<br />
|85.214.101.34 || social.feministwiki.org || social || GNU social<br />
|-<br />
|85.214.101.34 || add-member.feministwiki.org || add-member || Add a member<br />
|}<br />
<br />
(As you can see, all services are on the same server for now.)<br />
<br />
== SSH access ==<br />
<br />
FeministWiki hosts have ssh enabled for <code>root</code> access, but password login is disabled. You must own a valid private key to log in.<br />
<br />
== Git repo of scripts and configuration ==<br />
<br />
The following GitHub account hosts repositories with scripts and configuration used by the FeministWiki:<br />
<br />
https://github.com/FeministWiki<br />
<br />
== Certs ==<br />
<br />
The FeministWiki uses LetsEncrypt to acquire digital certificates for encrypted communication.<br />
<br />
To ease use of the letsencrypt command, the file <code>/root/etc/domains</code> contains all the FQDNs used by the FeministWiki, one per line. Given that, the preferred way to populate the <code>/etc/letsencrypt/live/feministwiki.org</code> directory with fresh certs is to run the following command while TCP port 80 is free (e.g. stop Apache first):<br />
<br />
letsencrypt certonly --authenticator standalone -d "$(tr '\n' ',' < /root/etc/domains)"<br />
<br />
Additionally, for programs that require a cert file and its private key in a single combined <code>.pem</code> file, run the following commands to generate such a file:<br />
<br />
cd /etc/letsencrypt/live/feministwiki.org<br />
cat fullchain.pem privkey.pem > certbundle.pem<br />
<br />
The script <code>/root/bin/letsencrypt-refresh</code> '''does all of the above''', so in practice you just need to run the following commands to recreate the cert:<br />
<br />
service apache2 stop # Assuming Apache is running on the machine<br />
letsencrypt-refresh<br />
service apache2 start<br />
<br />
The above can be used not only to refresh a cert that's running out, but also to add a new domain to the cert. Just add the domain to <code>/root/etc/domains</code> and run the commands.<br />
<br />
Note that the letsencrypt command doesn't work well on a "dumb" terminal such as an Emacs shell buffer. Make sure to run it from within a proper terminal emulator.<br />
<br />
== Services ==<br />
<br />
This section documents the individual services of the FeministWiki. They should work regardless of what server they're on. I.e. every service could in theory be hosted on its own server.<br />
<br />
=== LDAP ===<br />
<br />
Host: ldap.feministwiki.org <br/><br />
Software: OpenLDAP<br />
<br />
The LDAP service contains the central database of FeministWiki members. The structure looks like this:<br />
<br />
* dc=feministwiki,dc=org<br />
** ou=members<br />
*** cn=''username'' <br/> objectClass: inetOrgPerson <br/> cn: ''username'' <br/> uid: ''username'' <br/> sn: - <br/> userPassword: {SSHA}''saltedhash'' <br/> mail: ''username''@feministwiki.org<br />
*** cn=''username2'' <br/> objectClass: inetOrgPerson <br/> cn: ''username2'' <br/> uid: ''username2'' <br/> sn: - <br/> userPassword: {SSHA}''saltedhash2'' <br/> mail: ''username2''@feministwiki.org <br/> manager: cn=''username'',ou=members,dc=feministwiki,dc=org<br />
*** ...<br />
** ou=groups<br />
*** cn=members <br/> objectClass: groupOfNames <br/> cn: members <br/> member: ''username'' <br/> member: ''username2'' <br/> member: ...<br />
<br />
Notes:<br />
* The <code>cn</code> (common name) and <code>uid</code> (user ID) fields both contain the username. This is because some software is preconfigured to look at <code>uid</code>, while most look at <code>cn</code>.<br />
* The <code>sn</code> (surname) field simply contains a minus character as a placeholder, because it's a mandatory field.<br />
* The <code>manager</code> field is optional and we use it to record the member who added the member in question.<br />
<br />
To make sure passwords are stored with the <code>{SSHA}</code> scheme rather than plain text, the <code>ppolicy</code> "password policy overlay" is used. ZYTRAX has a very nice book about LDAP which documents how to enable this: http://www.zytrax.com/books/ldap/ch6/ppolicy.html<br />
<br />
In short, the steps go as follows (these commands ''should'' work verbatim):<br />
<br />
# Add the ppolicy schema<br />
ldapadd -Y external -H ldapi:/// < /etc/ldap/schema/ppolicy.ldif<br />
<br />
# Enable the ppolicy dynamic module<br />
ldapmodify -Y external -H ldapi:/// <<EOF<br />
dn: cn=module{0},cn=config<br />
changetype: modify<br />
add: olcModuleLoad<br />
olcModuleLoad: ppolicy<br />
EOF<br />
<br />
# Add the ppolicy overlay with olcPPolicyHashCleartext set to TRUE<br />
ldapadd -Y external -H ldapi:/// <<EOF<br />
dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config<br />
objectClass: olcPPolicyConfig<br />
olcOverlay: ppolicy<br />
olcPPolicyHashCleartext: TRUE<br />
EOF<br />
<br />
=== Wiki ===<br />
<br />
Host: feministwiki.org, www.feministwiki.org <br/><br />
Software: MediaWiki<br />
<br />
The wiki uses a [https://www.mediawiki.org/wiki/MediaWiki MediaWiki] installation located at <code>/var/www/wiki/w</code> with the [https://www.mediawiki.org/wiki/Extension:LDAP_Authentication LDAP Authentication] plugin for login management and the "Short URL" feature enabled with help of Apache's vhost configuration, which is located at <code>/etc/apache2/sites-available/wiki.conf</code>.<br />
<br />
The wiki uses the SQL database called "feministwiki" and the SQL user of the same name.<br />
<br />
=== Chat (web interface) ===<br />
<br />
Host: chat.feministwiki.org <br/><br />
Software: Converse.js<br />
<br />
The web-interface for the FeministChat uses the full-screen "Impress" variant of the [https://conversejs.org/ Converse.js] XMPP client. The hosted HTML and JS files are located at <code>/var/www/chat</code>, although they load Converse.js as an external script from upstream, which is why the self-hosted HTML and JS are very minimal.<br />
<br />
=== Forum ===<br />
<br />
Host: forum.feministwiki.org <br/><br />
Software: phpBB<br />
<br />
The forum uses a [https://www.phpbb.com/ phpBB] installation located at <code>/var/www/forum</code>. Most configuration of phpBB, including LDAP authentication, is done through its administration panel. The style used by the forum is essentially Basic Orange, though the logo is changed via an inheriting style called FeministWiki.<br />
<br />
The forum uses the SQL database called "feministforum" and the SQL user of the same name.<br />
<br />
=== Mail (web interface) ===<br />
<br />
Host: mail.feministwiki.org <br/><br />
Software: Roundcube<br />
<br />
The web-interface for the FeministMail uses the [https://roundcube.net/ Roundcube] mail client, installed at <code>/var/www/mail</code>. It uses the standard "larry" style, but with some tweaks to logos and images.<br />
<br />
=== Files ===<br />
<br />
Host: files.feministwiki.org <br/><br />
Software: Nextcloud<br />
<br />
FeministFiles is a [https://nextcloud.com/ Nextcloud] installation with some branding, and LDAP authentication, installed at <code>/var/www/files</code>.<br />
<br />
=== IMAP ===<br />
<br />
Host: imap.feministwiki.org <br/><br />
Software: Dovecot<br />
<br />
FeministMail uses the [https://www.dovecot.org/ Dovecot] IMAP server, configured for LDAP authentication and using virtual mail boxes under <code>/home/vmail</code>.<br />
<br />
=== SMTP ===<br />
<br />
Host: smtp.feministwiki.org <br/><br />
Software: Postfix<br />
<br />
FeministMail uses the [http://www.postfix.org/ Postfix] SMTP server, using SASL authentication through Dovecot and LDAP-based virtual mail boxes under <code>/home/vmail</code>.<br />
<br />
=== XMPP ===<br />
<br />
Host: xmpp.feministwiki.org <br/><br />
Software: ejabberd<br />
<br />
FeministChat uses the [https://www.ejabberd.im/ ejabberd] XMPP server, configured to use LDAP authentication and an LDAP-based shared roster group for all members.<br />
<br />
=== IRC ===<br />
<br />
Host: irc.feministwiki.org <br/><br />
Software: InspIRCd<br />
<br />
FeministIRC uses the [http://www.inspircd.org/ InspIRCd] IRC server with the <code>ldapauth</code> module for LDAP authentication.<br />
<br />
=== Add a member ===<br />
<br />
Host: add-member.feministwiki.org <br/><br />
Software: custom<br />
<br />
The page to add a new member, hosted at <code>/var/www/add-member</code>, uses a bit of self-written HTML, PHP, and a setuid-root C program to invoke the shell script located at <code>/root/bin/fw-adduser</code> with root privileges.</div>SocJusWizhttps://feministwiki.org/w/index.php?title=FeministWiki:Todo&diff=102FeministWiki:Todo2018-09-22T23:28:32Z<p>SocJusWiz: </p>
<hr />
<div>* Use DKIM and DMARC<br />
* Improve technical documentation: DNS stuff<br />
* Implement single sign-on<br />
* Add blogs (WP?)<br />
* Add mailing lists<br />
* Add Mastodon<br />
* Add calendar<br />
* Add Diaspora?<br />
* Import Wikipedia features (infoboxes, citations)</div>SocJusWizhttps://feministwiki.org/w/index.php?title=Main_Page&diff=101Main Page2018-09-22T16:04:30Z<p>SocJusWiz: </p>
<hr />
<div>Welcome to '''FeministWiki''', a wiki and a digital home for the international Feminist community.<br />
<br />
Apart from this wiki, the FeministWiki offers the following services to its members:<br />
<br />
* [https://chat.feministwiki.org/ FeministChat]<br />
* [https://forum.feministwiki.org/ FeministForum]<br />
* [https://mail.feministwiki.org/ FeministMail]<br />
* [https://files.feministwiki.org/ FeministFiles]<br />
* [[FeministWiki:Services#FeministIRC|FeministIRC]]<br />
* [https://add-member.feministwiki.org/ Add a member]<br />
<br />
For detailed information about each service, [[FeministWiki:Services|see here]].<br />
<br />
For an introduction to wiki editing, see [[FeministWiki:Help|our small help page]] or the bigger [https://www.mediawiki.org/wiki/Help:Contents MediaWiki help page].<br />
<br />
To become a [[FeministWiki:Membership|member]], you need to be added by an existing member.<br />
<br />
Alternatively, you can mail the [[FeministWiki:Technician|technician]] at [mailto:admin@feministwiki.org admin@feministwiki.org] and tell a little about what Feminism means to you.<br />
<br />
The FeministWiki promotes second-wave feminist literature:<br />
<br />
* [https://radfem.org/ Radical Feminist Archives]<br />
<br />
The FeministWiki promotes and stands in solidarity with the following groups and organizations:<br />
<br />
* [http://womensliberationfront.org/ WoLF]: The Women's Liberation Front<br />
* [https://feministcurrent.com/ Feminist Current]: Canadian feminist news, commentary, and podcasts<br />
* [https://nordicmodelnow.org/ Nordic Model Now]: Educational movement for the abolition of prostitution<br />
* [http://www.spaceintl.org/ SPACE International]: Survivors of Prostitution Abuse Calling for Enlightenment<br />
* [https://womansplaceuk.org/ Women's Place UK]: Women's campaigning group scrutinizing gender self-identification<br />
* [https://pussychurchofmodernwitchcraft.com/ The Pussy Church of Modern Witchcraft]: Lesbian-led Church for Women and Girls<br />
<br />
<br />
Todo-list of the technician: [[FeministWiki:Todo]]<br />
<br />
Documentation of the infrastructure: [[FeministWiki:TechnicalDocumentation]]<br />
<br />
{{#seo:<br />
|title=FeministWiki<br />
|keywords=feminist feminism wiki feministwiki<br />
|description=Wiki and digital home for the feminist community<br />
|twitter:card=summary<br />
|twitter:site=@FeministWiki<br />
|twitter:image:src=https://feministwiki.org/w/resources/assets/wiki.png<br />
}}</div>SocJusWizhttps://feministwiki.org/w/index.php?title=Main_Page&diff=100Main Page2018-09-22T15:53:13Z<p>SocJusWiz: </p>
<hr />
<div>Welcome to '''FeministWiki''', a wiki and a digital home for the international Feminist community.<br />
<br />
Apart from this wiki, the FeministWiki offers the following services to its members:<br />
<br />
* [https://chat.feministwiki.org/ FeministChat]<br />
* [https://forum.feministwiki.org/ FeministForum]<br />
* [https://mail.feministwiki.org/ FeministMail]<br />
* [https://files.feministwiki.org/ FeministFiles]<br />
* [[FeministWiki:Services#FeministIRC|FeministIRC]]<br />
* [https://add-member.feministwiki.org/ Add a member]<br />
<br />
For detailed information about each service, [[FeministWiki:Services|see here]].<br />
<br />
For an introduction to wiki editing, see [[FeministWiki:Help|our small help page]] or the bigger [https://www.mediawiki.org/wiki/Help:Contents MediaWiki help page].<br />
<br />
To become a [[FeministWiki:Membership|member]], you need to be added by an existing member.<br />
<br />
Alternatively, you can mail the [[FeministWiki:Technician|technician]] at [mailto:admin@feministwiki.org admin@feministwiki.org] and tell a little about what Feminism means to you.<br />
<br />
The FeministWiki promotes second-wave feminist literature:<br />
<br />
* [https://radfem.org/ Radical Feminist Archives]<br />
<br />
The FeministWiki promotes and stands in solidarity with the following groups and organizations:<br />
<br />
* [http://womensliberationfront.org/ WoLF]: The Women's Liberation Front<br />
* [https://feministcurrent.com/ Feminist Current]: Canadian feminist news, commentary, and podcasts<br />
* [https://nordicmodelnow.org/ Nordic Model Now]: Educational movement for the abolition of prostitution<br />
* [http://www.spaceintl.org/ SPACE International]: Survivors of Prostitution Abuse Calling for Enlightenment<br />
* [https://womansplaceuk.org/ Women's Place UK]: Women's campaigning group scrutinizing gender self-identification<br />
* [https://pussychurchofmodernwitchcraft.com/ The Pussy Church of Modern Witchcraft]: Lesbian-led Church for Women and Girls<br />
<br />
<br />
Todo-list of the technician: [[FeministWiki:Todo]]<br />
<br />
Documentation of the infrastructure: [[FeministWiki:TechnicalDocumentation]]<br />
<br />
{{#seo:<br />
|title=FeministWiki<br />
|keywords=feminist feminism wiki feministwiki<br />
|description=Wiki and digital home for the feminist community<br />
|twitter:card=summary<br />
|twitter:site=@FeministWiki<br />
|twitter:image=https://feministwiki.org/w/resources/assets/wiki.png<br />
}}</div>SocJusWizhttps://feministwiki.org/w/index.php?title=Main_Page&diff=99Main Page2018-09-22T15:50:13Z<p>SocJusWiz: </p>
<hr />
<div>Welcome to '''FeministWiki''', a wiki and a digital home for the international Feminist community.<br />
<br />
Apart from this wiki, the FeministWiki offers the following services to its members:<br />
<br />
* [https://chat.feministwiki.org/ FeministChat]<br />
* [https://forum.feministwiki.org/ FeministForum]<br />
* [https://mail.feministwiki.org/ FeministMail]<br />
* [https://files.feministwiki.org/ FeministFiles]<br />
* [[FeministWiki:Services#FeministIRC|FeministIRC]]<br />
* [https://add-member.feministwiki.org/ Add a member]<br />
<br />
For detailed information about each service, [[FeministWiki:Services|see here]].<br />
<br />
For an introduction to wiki editing, see [[FeministWiki:Help|our small help page]] or the bigger [https://www.mediawiki.org/wiki/Help:Contents MediaWiki help page].<br />
<br />
To become a [[FeministWiki:Membership|member]], you need to be added by an existing member.<br />
<br />
Alternatively, you can mail the [[FeministWiki:Technician|technician]] at [mailto:admin@feministwiki.org admin@feministwiki.org] and tell a little about what Feminism means to you.<br />
<br />
The FeministWiki promotes second-wave feminist literature:<br />
<br />
* [https://radfem.org/ Radical Feminist Archives]<br />
<br />
The FeministWiki promotes and stands in solidarity with the following groups and organizations:<br />
<br />
* [http://womensliberationfront.org/ WoLF]: The Women's Liberation Front<br />
* [https://feministcurrent.com/ Feminist Current]: Canadian feminist news, commentary, and podcasts<br />
* [https://nordicmodelnow.org/ Nordic Model Now]: Educational movement for the abolition of prostitution<br />
* [http://www.spaceintl.org/ SPACE International]: Survivors of Prostitution Abuse Calling for Enlightenment<br />
* [https://womansplaceuk.org/ Women's Place UK]: Women's campaigning group scrutinizing gender self-identification<br />
* [https://pussychurchofmodernwitchcraft.com/ The Pussy Church of Modern Witchcraft]: Lesbian-led Church for Women and Girls<br />
<br />
<br />
Todo-list of the technician: [[FeministWiki:Todo]]<br />
<br />
Documentation of the infrastructure: [[FeministWiki:TechnicalDocumentation]]<br />
<br />
{{#seo:<br />
|title=FeministWiki<br />
|keywords=feminist feminism wiki feministwiki<br />
|description=Wiki and digital home for the feminist community<br />
|twitter:card=summary<br />
|twitter:site=@FeministWiki<br />
}}</div>SocJusWizhttps://feministwiki.org/w/index.php?title=Main_Page&diff=98Main Page2018-09-22T15:46:27Z<p>SocJusWiz: </p>
<hr />
<div>Welcome to '''FeministWiki''', a wiki and a digital home for the international Feminist community.<br />
<br />
Apart from this wiki, the FeministWiki offers the following services to its members:<br />
<br />
* [https://chat.feministwiki.org/ FeministChat]<br />
* [https://forum.feministwiki.org/ FeministForum]<br />
* [https://mail.feministwiki.org/ FeministMail]<br />
* [https://files.feministwiki.org/ FeministFiles]<br />
* [[FeministWiki:Services#FeministIRC|FeministIRC]]<br />
* [https://add-member.feministwiki.org/ Add a member]<br />
<br />
For detailed information about each service, [[FeministWiki:Services|see here]].<br />
<br />
For an introduction to wiki editing, see [[FeministWiki:Help|our small help page]] or the bigger [https://www.mediawiki.org/wiki/Help:Contents MediaWiki help page].<br />
<br />
To become a [[FeministWiki:Membership|member]], you need to be added by an existing member.<br />
<br />
Alternatively, you can mail the [[FeministWiki:Technician|technician]] at [mailto:admin@feministwiki.org admin@feministwiki.org] and tell a little about what Feminism means to you.<br />
<br />
The FeministWiki promotes second-wave feminist literature:<br />
<br />
* [https://radfem.org/ Radical Feminist Archives]<br />
<br />
The FeministWiki promotes and stands in solidarity with the following groups and organizations:<br />
<br />
* [http://womensliberationfront.org/ WoLF]: The Women's Liberation Front<br />
* [https://feministcurrent.com/ Feminist Current]: Canadian feminist news, commentary, and podcasts<br />
* [https://nordicmodelnow.org/ Nordic Model Now]: Educational movement for the abolition of prostitution<br />
* [http://www.spaceintl.org/ SPACE International]: Survivors of Prostitution Abuse Calling for Enlightenment<br />
* [https://womansplaceuk.org/ Women's Place UK]: Women's campaigning group scrutinizing gender self-identification<br />
* [https://pussychurchofmodernwitchcraft.com/ The Pussy Church of Modern Witchcraft]: Lesbian-led Church for Women and Girls<br />
<br />
<br />
Todo-list of the technician: [[FeministWiki:Todo]]<br />
<br />
Documentation of the infrastructure: [[FeministWiki:TechnicalDocumentation]]<br />
<br />
{{#seo:<br />
|title=FeministWiki<br />
|keywords=feminist feminism wiki feministwiki<br />
|description=Wiki and digital home for the feminist community<br />
}}</div>SocJusWizhttps://feministwiki.org/w/index.php?title=FeministWiki:Technical_documentation&diff=97FeministWiki:Technical documentation2018-09-22T14:41:35Z<p>SocJusWiz: /* Forum */</p>
<hr />
<div>This page documents the FeministWiki's technical infrastructure, the target audience being technicians.<br />
<br />
== Hosts ==<br />
<br />
The following table documents the DNS configuration, and can be used as part of the <code>/etc/hosts</code> file on each server to obviate the need for DNS lookups when connecting to one another.<br />
<br />
{| class="wikitable"<br />
!IP !! FQDN !! Host !! Purpose<br />
|-<br />
|85.214.101.34 || feministwiki.org || || Wiki<br />
|-<br />
|85.214.101.34 || www.feministwiki.org || www || Wiki<br />
|-<br />
|85.214.101.34 || ldap.feministwiki.org || ldap || LDAP<br />
|-<br />
|85.214.101.34 || chat.feministwiki.org || chat || Web-client for XMPP<br />
|-<br />
|85.214.101.34 || forum.feministwiki.org || forum || BBS Forum<br />
|-<br />
|85.214.101.34 || mail.feministwiki.org || mail || Web-client for Mail<br />
|-<br />
|85.214.101.34 || files.feministwiki.org || files || File storage<br />
|-<br />
|85.214.101.34 || imap.feministwiki.org || imap || IMAP<br />
|-<br />
|85.214.101.34 || smtp.feministwiki.org || smtp || SMTP<br />
|-<br />
|85.214.101.34 || xmpp.feministwiki.org || xmpp || XMPP<br />
|-<br />
|85.214.101.34 || irc.feministwiki.org || irc || IRC<br />
|-<br />
|85.214.101.34 || social.feministwiki.org || social || GNU social<br />
|-<br />
|85.214.101.34 || add-member.feministwiki.org || add-member || Add a member<br />
|}<br />
<br />
(As you can see, all services are on the same server for now.)<br />
<br />
== SSH access ==<br />
<br />
FeministWiki hosts have ssh enabled for <code>root</code> access, but password login is disabled. You must own a valid private key to log in.<br />
<br />
== Git repo of scripts and configuration ==<br />
<br />
The following GitHub account hosts repositories with scripts and configuration used by the FeministWiki:<br />
<br />
https://github.com/FeministWiki<br />
<br />
== Certs ==<br />
<br />
The FeministWiki uses LetsEncrypt to acquire digital certificates for encrypted communication.<br />
<br />
To ease use of the letsencrypt command, the file <code>/root/etc/domains</code> contains all the FQDNs used by the FeministWiki, one per line. Given that, the preferred way to populate the <code>/etc/letsencrypt/live/feministwiki.org</code> directory with fresh certs is to run the following command while TCP port 80 is free (e.g. stop Apache first):<br />
<br />
letsencrypt certonly --authenticator standalone -d "$(tr '\n' ',' < /root/etc/domains)"<br />
<br />
Additionally, for programs that require a cert file and its private key in a single combined <code>.pem</code> file, run the following commands to generate such a file:<br />
<br />
cd /etc/letsencrypt/live/feministwiki.org<br />
cat fullchain.pem privkey.pem > certbundle.pem<br />
<br />
The script <code>/root/bin/letsencrypt-refresh</code> '''does all of the above''', so in practice you just need to run the following commands to recreate the cert:<br />
<br />
service apache2 stop # Assuming Apache is running on the machine<br />
letsencrypt-refresh<br />
service apache2 start<br />
<br />
The above can be used not only to refresh a cert that's running out, but also to add a new domain to the cert. Just add the domain to <code>/root/etc/domains</code> and run the commands.<br />
<br />
Note that the letsencrypt command doesn't work well on a "dumb" terminal such as an Emacs shell buffer. Make sure to run it from within a proper terminal emulator.<br />
<br />
== Services ==<br />
<br />
This section documents the individual services of the FeministWiki. They should work regardless of what server they're on. I.e. every service could in theory be hosted on its own server.<br />
<br />
=== LDAP ===<br />
<br />
Host: ldap.feministwiki.org <br/><br />
Software: OpenLDAP<br />
<br />
The LDAP service contains the central database of FeministWiki members. The structure looks like this:<br />
<br />
* dc=feministwiki,dc=org<br />
** ou=members<br />
*** cn=''username'' <br/> objectClass: inetOrgPerson <br/> cn: ''username'' <br/> uid: ''username'' <br/> sn: - <br/> userPassword: {SSHA}''saltedhash'' <br/> mail: ''username''@feministwiki.org<br />
*** cn=''username2'' <br/> objectClass: inetOrgPerson <br/> cn: ''username2'' <br/> uid: ''username2'' <br/> sn: - <br/> userPassword: {SSHA}''saltedhash2'' <br/> mail: ''username2''@feministwiki.org <br/> manager: cn=''username'',ou=members,dc=feministwiki,dc=org<br />
*** ...<br />
** ou=groups<br />
*** cn=members <br/> objectClass: groupOfNames <br/> cn: members <br/> member: ''username'' <br/> member: ''username2'' <br/> member: ...<br />
<br />
Notes:<br />
* The <code>cn</code> (common name) and <code>uid</code> (user ID) fields both contain the username. This is because some software is preconfigured to look at <code>uid</code>, while most look at <code>cn</code>.<br />
* The <code>sn</code> (surname) field simply contains a minus character as a placeholder, because it's a mandatory field.<br />
* The <code>manager</code> field is optional and we use it to record the member who added the member in question.<br />
<br />
To make sure passwords are stored with the <code>{SSHA}</code> scheme rather than plain text, the <code>ppolicy</code> "password policy overlay" is used. ZYTRAX has a very nice book about LDAP which documents how to enable this: http://www.zytrax.com/books/ldap/ch6/ppolicy.html<br />
<br />
In short, the steps go as follows (these commands ''should'' work verbatim):<br />
<br />
# Add the ppolicy schema<br />
ldapadd -Y external -H ldapi:/// < /etc/ldap/schema/ppolicy.ldif<br />
<br />
# Enable the ppolicy dynamic module<br />
ldapmodify -Y external -H ldapi:/// <<EOF<br />
dn: cn=module{0},cn=config<br />
changetype: modify<br />
add: olcModuleLoad<br />
olcModuleLoad: ppolicy<br />
EOF<br />
<br />
# Add the ppolicy overlay with olcPPolicyHashCleartext set to TRUE<br />
ldapadd -Y external -H ldapi:/// <<EOF<br />
dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config<br />
objectClass: olcPPolicyConfig<br />
olcOverlay: ppolicy<br />
olcPPolicyHashCleartext: TRUE<br />
EOF<br />
<br />
=== Wiki ===<br />
<br />
Host: feministwiki.org, www.feministwiki.org <br/><br />
Software: MediaWiki<br />
<br />
The wiki uses a [https://www.mediawiki.org/wiki/MediaWiki MediaWiki] installation located at <code>/var/www/wiki/w</code> with the [https://www.mediawiki.org/wiki/Extension:LDAP_Authentication LDAP Authentication] plugin for login management and the "Short URL" feature enabled with help of Apache's vhost configuration, which is located at <code>/etc/apache2/sites-available/wiki.conf</code>.<br />
<br />
The wiki uses the SQL database called "feministwiki" and the SQL user of the same name.<br />
<br />
=== Chat (web interface) ===<br />
<br />
Host: chat.feministwiki.org <br/><br />
Software: Converse.js<br />
<br />
The web-interface for the FeministChat uses the full-screen "Impress" variant of the [https://conversejs.org/ Converse.js] XMPP client. The hosted HTML and JS files are located at <code>/var/www/chat</code>, although they load Converse.js as an external script from upstream, which is why the self-hosted HTML and JS are very minimal.<br />
<br />
=== Forum ===<br />
<br />
Host: forum.feministwiki.org <br/><br />
Software: phpBB<br />
<br />
The forum uses a [https://www.phpbb.com/ phpBB] installation located at <code>/var/www/forum</code>. Most configuration of phpBB, including LDAP authentication, is done through its administration panel. The style used by the forum is essentially Basic Orange, though the logo is changed via an inheriting style called FeministWiki.<br />
<br />
The forum uses the SQL database called "feministforum" and the SQL user of the same name.<br />
<br />
=== Mail (web interface) ===<br />
<br />
Host: mail.feministwiki.org <br/><br />
Software: Roundcube<br />
<br />
The web-interface for the FeministMail uses the [https://roundcube.net/ Roundcube] mail client, installed at <code>/var/www/mail</code>. It uses the standard "larry" style, but with some tweaks to logos and images.<br />
<br />
=== Files ===<br />
<br />
Host: files.feministwiki.org <br/><br />
Software: Nextcloud<br />
<br />
FeministFiles is a [https://nextcloud.com/ Nextcloud] installation with some branding, and LDAP authentication, installed at <code>/var/www/files</code>.<br />
<br />
=== IMAP ===<br />
<br />
Host: imap.feministwiki.org <br/><br />
Software: Dovecot<br />
<br />
FeministMail uses the [https://www.dovecot.org/ Dovecot] IMAP server, configured for LDAP authentication and using virtual mail boxes under <code>/home/vmail</code>.<br />
<br />
=== SMTP ===<br />
<br />
Host: smtp.feministwiki.org <br/><br />
Software: Postfix<br />
<br />
FeministMail uses the [http://www.postfix.org/ Postfix] SMTP server, using SASL authentication through Dovecot and LDAP-based virtual mail boxes under <code>/home/vmail</code>.<br />
<br />
=== XMPP ===<br />
<br />
Host: xmpp.feministwiki.org <br/><br />
Software: ejabberd<br />
<br />
FeministChat uses the [https://www.ejabberd.im/ ejabberd] XMPP server, configured to use LDAP authentication and an LDAP-based shared roster group for all members.<br />
<br />
=== IRC ===<br />
<br />
Host: irc.feministwiki.org <br/><br />
Software: InspIRCd<br />
<br />
FeministIRC uses the [http://www.inspircd.org/ InspIRCd] IRC server with the <code>ldapauth</code> module for LDAP authentication.<br />
<br />
=== Add a member ===<br />
<br />
Host: add-member.feministwiki.org <br/><br />
Software: custom<br />
<br />
The page to add a new member, hosted at <code>/var/www/add-member</code>, uses a bit of self-written HTML, PHP, and a setuid-root C program to invoke the shell script located at <code>/root/bin/fw-adduser</code> with root privileges.</div>SocJusWizhttps://feministwiki.org/w/index.php?title=FeministWiki:Technical_documentation&diff=96FeministWiki:Technical documentation2018-09-22T13:46:21Z<p>SocJusWiz: /* Services */</p>
<hr />
<div>This page documents the FeministWiki's technical infrastructure, the target audience being technicians.<br />
<br />
== Hosts ==<br />
<br />
The following table documents the DNS configuration, and can be used as part of the <code>/etc/hosts</code> file on each server to obviate the need for DNS lookups when connecting to one another.<br />
<br />
{| class="wikitable"<br />
!IP !! FQDN !! Host !! Purpose<br />
|-<br />
|85.214.101.34 || feministwiki.org || || Wiki<br />
|-<br />
|85.214.101.34 || www.feministwiki.org || www || Wiki<br />
|-<br />
|85.214.101.34 || ldap.feministwiki.org || ldap || LDAP<br />
|-<br />
|85.214.101.34 || chat.feministwiki.org || chat || Web-client for XMPP<br />
|-<br />
|85.214.101.34 || forum.feministwiki.org || forum || BBS Forum<br />
|-<br />
|85.214.101.34 || mail.feministwiki.org || mail || Web-client for Mail<br />
|-<br />
|85.214.101.34 || files.feministwiki.org || files || File storage<br />
|-<br />
|85.214.101.34 || imap.feministwiki.org || imap || IMAP<br />
|-<br />
|85.214.101.34 || smtp.feministwiki.org || smtp || SMTP<br />
|-<br />
|85.214.101.34 || xmpp.feministwiki.org || xmpp || XMPP<br />
|-<br />
|85.214.101.34 || irc.feministwiki.org || irc || IRC<br />
|-<br />
|85.214.101.34 || social.feministwiki.org || social || GNU social<br />
|-<br />
|85.214.101.34 || add-member.feministwiki.org || add-member || Add a member<br />
|}<br />
<br />
(As you can see, all services are on the same server for now.)<br />
<br />
== SSH access ==<br />
<br />
FeministWiki hosts have ssh enabled for <code>root</code> access, but password login is disabled. You must own a valid private key to log in.<br />
<br />
== Git repo of scripts and configuration ==<br />
<br />
The following GitHub account hosts repositories with scripts and configuration used by the FeministWiki:<br />
<br />
https://github.com/FeministWiki<br />
<br />
== Certs ==<br />
<br />
The FeministWiki uses LetsEncrypt to acquire digital certificates for encrypted communication.<br />
<br />
To ease use of the letsencrypt command, the file <code>/root/etc/domains</code> contains all the FQDNs used by the FeministWiki, one per line. Given that, the preferred way to populate the <code>/etc/letsencrypt/live/feministwiki.org</code> directory with fresh certs is to run the following command while TCP port 80 is free (e.g. stop Apache first):<br />
<br />
letsencrypt certonly --authenticator standalone -d "$(tr '\n' ',' < /root/etc/domains)"<br />
<br />
Additionally, for programs that require a cert file and its private key in a single combined <code>.pem</code> file, run the following commands to generate such a file:<br />
<br />
cd /etc/letsencrypt/live/feministwiki.org<br />
cat fullchain.pem privkey.pem > certbundle.pem<br />
<br />
The script <code>/root/bin/letsencrypt-refresh</code> '''does all of the above''', so in practice you just need to run the following commands to recreate the cert:<br />
<br />
service apache2 stop # Assuming Apache is running on the machine<br />
letsencrypt-refresh<br />
service apache2 start<br />
<br />
The above can be used not only to refresh a cert that's running out, but also to add a new domain to the cert. Just add the domain to <code>/root/etc/domains</code> and run the commands.<br />
<br />
Note that the letsencrypt command doesn't work well on a "dumb" terminal such as an Emacs shell buffer. Make sure to run it from within a proper terminal emulator.<br />
<br />
== Services ==<br />
<br />
This section documents the individual services of the FeministWiki. They should work regardless of what server they're on. I.e. every service could in theory be hosted on its own server.<br />
<br />
=== LDAP ===<br />
<br />
Host: ldap.feministwiki.org <br/><br />
Software: OpenLDAP<br />
<br />
The LDAP service contains the central database of FeministWiki members. The structure looks like this:<br />
<br />
* dc=feministwiki,dc=org<br />
** ou=members<br />
*** cn=''username'' <br/> objectClass: inetOrgPerson <br/> cn: ''username'' <br/> uid: ''username'' <br/> sn: - <br/> userPassword: {SSHA}''saltedhash'' <br/> mail: ''username''@feministwiki.org<br />
*** cn=''username2'' <br/> objectClass: inetOrgPerson <br/> cn: ''username2'' <br/> uid: ''username2'' <br/> sn: - <br/> userPassword: {SSHA}''saltedhash2'' <br/> mail: ''username2''@feministwiki.org <br/> manager: cn=''username'',ou=members,dc=feministwiki,dc=org<br />
*** ...<br />
** ou=groups<br />
*** cn=members <br/> objectClass: groupOfNames <br/> cn: members <br/> member: ''username'' <br/> member: ''username2'' <br/> member: ...<br />
<br />
Notes:<br />
* The <code>cn</code> (common name) and <code>uid</code> (user ID) fields both contain the username. This is because some software is preconfigured to look at <code>uid</code>, while most look at <code>cn</code>.<br />
* The <code>sn</code> (surname) field simply contains a minus character as a placeholder, because it's a mandatory field.<br />
* The <code>manager</code> field is optional and we use it to record the member who added the member in question.<br />
<br />
To make sure passwords are stored with the <code>{SSHA}</code> scheme rather than plain text, the <code>ppolicy</code> "password policy overlay" is used. ZYTRAX has a very nice book about LDAP which documents how to enable this: http://www.zytrax.com/books/ldap/ch6/ppolicy.html<br />
<br />
In short, the steps go as follows (these commands ''should'' work verbatim):<br />
<br />
# Add the ppolicy schema<br />
ldapadd -Y external -H ldapi:/// < /etc/ldap/schema/ppolicy.ldif<br />
<br />
# Enable the ppolicy dynamic module<br />
ldapmodify -Y external -H ldapi:/// <<EOF<br />
dn: cn=module{0},cn=config<br />
changetype: modify<br />
add: olcModuleLoad<br />
olcModuleLoad: ppolicy<br />
EOF<br />
<br />
# Add the ppolicy overlay with olcPPolicyHashCleartext set to TRUE<br />
ldapadd -Y external -H ldapi:/// <<EOF<br />
dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config<br />
objectClass: olcPPolicyConfig<br />
olcOverlay: ppolicy<br />
olcPPolicyHashCleartext: TRUE<br />
EOF<br />
<br />
=== Wiki ===<br />
<br />
Host: feministwiki.org, www.feministwiki.org <br/><br />
Software: MediaWiki<br />
<br />
The wiki uses a [https://www.mediawiki.org/wiki/MediaWiki MediaWiki] installation located at <code>/var/www/wiki/w</code> with the [https://www.mediawiki.org/wiki/Extension:LDAP_Authentication LDAP Authentication] plugin for login management and the "Short URL" feature enabled with help of Apache's vhost configuration, which is located at <code>/etc/apache2/sites-available/wiki.conf</code>.<br />
<br />
The wiki uses the SQL database called "feministwiki" and the SQL user of the same name.<br />
<br />
=== Chat (web interface) ===<br />
<br />
Host: chat.feministwiki.org <br/><br />
Software: Converse.js<br />
<br />
The web-interface for the FeministChat uses the full-screen "Impress" variant of the [https://conversejs.org/ Converse.js] XMPP client. The hosted HTML and JS files are located at <code>/var/www/chat</code>, although they load Converse.js as an external script from upstream, which is why the self-hosted HTML and JS are very minimal.<br />
<br />
=== Forum ===<br />
<br />
Host: forum.feministwiki.org <br/><br />
Software: phpBB<br />
<br />
The forum uses a [https://www.phpbb.com/ phpBB] installation located at <code>/var/www/forum</code>. The style is a copy of the "orange" variant of the "basic" style, with only the logo swapped.<br />
<br />
Most configuration of phpBB, including LDAP authentication, is done through its administration panel.<br />
<br />
The forum uses the SQL database called "feministforum" and the SQL user of the same name.<br />
<br />
=== Mail (web interface) ===<br />
<br />
Host: mail.feministwiki.org <br/><br />
Software: Roundcube<br />
<br />
The web-interface for the FeministMail uses the [https://roundcube.net/ Roundcube] mail client, installed at <code>/var/www/mail</code>. It uses the standard "larry" style, but with some tweaks to logos and images.<br />
<br />
=== Files ===<br />
<br />
Host: files.feministwiki.org <br/><br />
Software: Nextcloud<br />
<br />
FeministFiles is a [https://nextcloud.com/ Nextcloud] installation with some branding, and LDAP authentication, installed at <code>/var/www/files</code>.<br />
<br />
=== IMAP ===<br />
<br />
Host: imap.feministwiki.org <br/><br />
Software: Dovecot<br />
<br />
FeministMail uses the [https://www.dovecot.org/ Dovecot] IMAP server, configured for LDAP authentication and using virtual mail boxes under <code>/home/vmail</code>.<br />
<br />
=== SMTP ===<br />
<br />
Host: smtp.feministwiki.org <br/><br />
Software: Postfix<br />
<br />
FeministMail uses the [http://www.postfix.org/ Postfix] SMTP server, using SASL authentication through Dovecot and LDAP-based virtual mail boxes under <code>/home/vmail</code>.<br />
<br />
=== XMPP ===<br />
<br />
Host: xmpp.feministwiki.org <br/><br />
Software: ejabberd<br />
<br />
FeministChat uses the [https://www.ejabberd.im/ ejabberd] XMPP server, configured to use LDAP authentication and an LDAP-based shared roster group for all members.<br />
<br />
=== IRC ===<br />
<br />
Host: irc.feministwiki.org <br/><br />
Software: InspIRCd<br />
<br />
FeministIRC uses the [http://www.inspircd.org/ InspIRCd] IRC server with the <code>ldapauth</code> module for LDAP authentication.<br />
<br />
=== Add a member ===<br />
<br />
Host: add-member.feministwiki.org <br/><br />
Software: custom<br />
<br />
The page to add a new member, hosted at <code>/var/www/add-member</code>, uses a bit of self-written HTML, PHP, and a setuid-root C program to invoke the shell script located at <code>/root/bin/fw-adduser</code> with root privileges.</div>SocJusWizhttps://feministwiki.org/w/index.php?title=FeministWiki:Technical_documentation&diff=95FeministWiki:Technical documentation2018-09-22T12:57:14Z<p>SocJusWiz: /* Services */</p>
<hr />
<div>This page documents the FeministWiki's technical infrastructure, the target audience being technicians.<br />
<br />
== Hosts ==<br />
<br />
The following table documents the DNS configuration, and can be used as part of the <code>/etc/hosts</code> file on each server to obviate the need for DNS lookups when connecting to one another.<br />
<br />
{| class="wikitable"<br />
!IP !! FQDN !! Host !! Purpose<br />
|-<br />
|85.214.101.34 || feministwiki.org || || Wiki<br />
|-<br />
|85.214.101.34 || www.feministwiki.org || www || Wiki<br />
|-<br />
|85.214.101.34 || ldap.feministwiki.org || ldap || LDAP<br />
|-<br />
|85.214.101.34 || chat.feministwiki.org || chat || Web-client for XMPP<br />
|-<br />
|85.214.101.34 || forum.feministwiki.org || forum || BBS Forum<br />
|-<br />
|85.214.101.34 || mail.feministwiki.org || mail || Web-client for Mail<br />
|-<br />
|85.214.101.34 || files.feministwiki.org || files || File storage<br />
|-<br />
|85.214.101.34 || imap.feministwiki.org || imap || IMAP<br />
|-<br />
|85.214.101.34 || smtp.feministwiki.org || smtp || SMTP<br />
|-<br />
|85.214.101.34 || xmpp.feministwiki.org || xmpp || XMPP<br />
|-<br />
|85.214.101.34 || irc.feministwiki.org || irc || IRC<br />
|-<br />
|85.214.101.34 || social.feministwiki.org || social || GNU social<br />
|-<br />
|85.214.101.34 || add-member.feministwiki.org || add-member || Add a member<br />
|}<br />
<br />
(As you can see, all services are on the same server for now.)<br />
<br />
== SSH access ==<br />
<br />
FeministWiki hosts have ssh enabled for <code>root</code> access, but password login is disabled. You must own a valid private key to log in.<br />
<br />
== Git repo of scripts and configuration ==<br />
<br />
The following GitHub account hosts repositories with scripts and configuration used by the FeministWiki:<br />
<br />
https://github.com/FeministWiki<br />
<br />
== Certs ==<br />
<br />
The FeministWiki uses LetsEncrypt to acquire digital certificates for encrypted communication.<br />
<br />
To ease use of the letsencrypt command, the file <code>/root/etc/domains</code> contains all the FQDNs used by the FeministWiki, one per line. Given that, the preferred way to populate the <code>/etc/letsencrypt/live/feministwiki.org</code> directory with fresh certs is to run the following command while TCP port 80 is free (e.g. stop Apache first):<br />
<br />
letsencrypt certonly --authenticator standalone -d "$(tr '\n' ',' < /root/etc/domains)"<br />
<br />
Additionally, for programs that require a cert file and its private key in a single combined <code>.pem</code> file, run the following commands to generate such a file:<br />
<br />
cd /etc/letsencrypt/live/feministwiki.org<br />
cat fullchain.pem privkey.pem > certbundle.pem<br />
<br />
The script <code>/root/bin/letsencrypt-refresh</code> '''does all of the above''', so in practice you just need to run the following commands to recreate the cert:<br />
<br />
service apache2 stop # Assuming Apache is running on the machine<br />
letsencrypt-refresh<br />
service apache2 start<br />
<br />
The above can be used not only to refresh a cert that's running out, but also to add a new domain to the cert. Just add the domain to <code>/root/etc/domains</code> and run the commands.<br />
<br />
Note that the letsencrypt command doesn't work well on a "dumb" terminal such as an Emacs shell buffer. Make sure to run it from within a proper terminal emulator.<br />
<br />
== Services ==<br />
<br />
This section documents the individual services of the FeministWiki. They should work regardless of what server they're on. I.e. every service could in theory be hosted on its own server.<br />
<br />
=== LDAP ===<br />
<br />
Host: ldap.feministwiki.org <br/><br />
Software: OpenLDAP<br />
<br />
The LDAP service contains the central database of FeministWiki members. The structure looks like this:<br />
<br />
* dc=feministwiki,dc=org<br />
** ou=members<br />
*** cn=''username'' <br/> objectClass: inetOrgPerson <br/> cn: ''username'' <br/> uid: ''username'' <br/> sn: - <br/> userPassword: {SSHA}''saltedhash'' <br/> mail: ''username''@feministwiki.org<br />
*** cn=''username2'' <br/> objectClass: inetOrgPerson <br/> cn: ''username2'' <br/> uid: ''username2'' <br/> sn: - <br/> userPassword: {SSHA}''saltedhash2'' <br/> mail: ''username2''@feministwiki.org <br/> manager: cn=''username'',ou=members,dc=feministwiki,dc=org<br />
*** ...<br />
** ou=groups<br />
*** cn=members <br/> objectClass: groupOfNames <br/> cn: members <br/> member: ''username'' <br/> member: ''username2'' <br/> member: ...<br />
<br />
Notes:<br />
* The <code>cn</code> (common name) and <code>uid</code> (user ID) fields both contain the username. This is because some software is preconfigured to look at <code>uid</code>, while most look at <code>cn</code>.<br />
* The <code>sn</code> (surname) field simply contains a minus character as a placeholder, because it's a mandatory field.<br />
* The <code>manager</code> field is optional and we use it to record the member who added the member in question.<br />
<br />
To make sure passwords are stored with the <code>{SSHA}</code> scheme rather than plain text, the <code>ppolicy</code> "password policy overlay" is used. ZYTRAX has a very nice book about LDAP which documents how to enable this: http://www.zytrax.com/books/ldap/ch6/ppolicy.html<br />
<br />
In short, the steps go as follows (these commands ''should'' work verbatim):<br />
<br />
# Add the ppolicy schema<br />
ldapadd -Y external -H ldapi:/// < /etc/ldap/schema/ppolicy.ldif<br />
<br />
# Enable the ppolicy dynamic module<br />
ldapmodify -Y external -H ldapi:/// <<EOF<br />
dn: cn=module{0},cn=config<br />
changetype: modify<br />
add: olcModuleLoad<br />
olcModuleLoad: ppolicy<br />
EOF<br />
<br />
# Add the ppolicy overlay with olcPPolicyHashCleartext set to TRUE<br />
ldapadd -Y external -H ldapi:/// <<EOF<br />
dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config<br />
objectClass: olcPPolicyConfig<br />
olcOverlay: ppolicy<br />
olcPPolicyHashCleartext: TRUE<br />
EOF<br />
<br />
=== Wiki ===<br />
<br />
Host: feministwiki.org, www.feministwiki.org <br/><br />
Software: MediaWiki<br />
<br />
The wiki uses a [https://www.mediawiki.org/wiki/MediaWiki MediaWiki] installation located at <code>/var/www/wiki/w</code> with the [https://www.mediawiki.org/wiki/Extension:LDAP_Authentication LDAP Authentication] plugin for login management and the "Short URL" feature enabled with help of Apache's vhost configuration, which is located at <code>/etc/apache2/sites-available/wiki.conf</code>.<br />
<br />
The wiki uses the SQL database called "feministwiki" and the SQL user of the same name.<br />
<br />
=== Chat (web interface) ===<br />
<br />
Host: chat.feministwiki.org <br/><br />
Software: Converse.js<br />
<br />
The web-interface for the FeministChat uses the full-screen "Impress" variant of the [https://conversejs.org/ Converse.js] XMPP client. The hosted HTML and JS files are located at <code>/var/www/chat</code>, although they load Converse.js as an external script from upstream, which is why the self-hosted HTML and JS are very minimal.<br />
<br />
=== Forum ===<br />
<br />
Host: forum.feministwiki.org <br/><br />
Software: phpBB<br />
<br />
The forum uses a [https://www.phpbb.com/ phpBB] installation located at <code>/var/www/forum</code>. The style is a copy of the "orange" variant of the "basic" style, with only the logo swapped.<br />
<br />
Most configuration of phpBB, including LDAP authentication, is done through its administration panel.<br />
<br />
The forum uses the SQL database called "feministforum" and the SQL user of the same name.<br />
<br />
=== Mail (web interface) ===<br />
<br />
Host: mail.feministwiki.org <br/><br />
Software: Roundcube<br />
<br />
The web-interface for the FeministMail uses the [https://roundcube.net/ Roundcube] mail client, installed at <code>/var/www/mail</code>. It uses the standard "larry" style, but with some tweaks to logos and images.<br />
<br />
=== Files ===<br />
<br />
Host: files.feministwiki.org <br/><br />
Software: Nextcloud<br />
<br />
FeministFiles is a [https://nextcloud.com/ Nextcloud] installation with some branding, and LDAP authentication, installed at <code>/var/www/files</code>.<br />
<br />
=== IMAP ===<br />
<br />
Host: imap.feministwiki.org <br/><br />
Software: Dovecot<br />
<br />
FeministMail uses the [https://www.dovecot.org/ Dovecot] IMAP server, configured for LDAP authentication and using virtual mail boxes under <code>/home/vmail</code>.<br />
<br />
=== SMTP ===<br />
<br />
Host: smtp.feministwiki.org <br/><br />
Software: Postfix<br />
<br />
FeministMail uses the [http://www.postfix.org/ Postfix] SMTP server, using SASL authentication through Dovecot.<br />
<br />
=== XMPP ===<br />
<br />
Host: xmpp.feministwiki.org <br/><br />
Software: ejabberd<br />
<br />
FeministChat uses the [https://www.ejabberd.im/ ejabberd] XMPP server, configured to use LDAP authentication and an LDAP-based shared roster group for all members.<br />
<br />
=== IRC ===<br />
<br />
Host: irc.feministwiki.org <br/><br />
Software: InspIRCd<br />
<br />
FeministIRC uses the [http://www.inspircd.org/ InspIRCd] IRC server with the <code>ldapauth</code> module for LDAP authentication.<br />
<br />
=== Add a member ===<br />
<br />
Host: add-member.feministwiki.org <br/><br />
Software: custom<br />
<br />
The page to add a new member, hosted at <code>/var/www/add-member</code>, uses a bit of self-written HTML, PHP, and a setuid-root C program to invoke the shell script located at <code>/root/bin/fw-adduser</code> with root privileges.</div>SocJusWizhttps://feministwiki.org/w/index.php?title=FeministWiki:Technical_documentation&diff=94FeministWiki:Technical documentation2018-09-22T12:30:16Z<p>SocJusWiz: /* Services */</p>
<hr />
<div>This page documents the FeministWiki's technical infrastructure, the target audience being technicians.<br />
<br />
== Hosts ==<br />
<br />
The following table documents the DNS configuration, and can be used as part of the <code>/etc/hosts</code> file on each server to obviate the need for DNS lookups when connecting to one another.<br />
<br />
{| class="wikitable"<br />
!IP !! FQDN !! Host !! Purpose<br />
|-<br />
|85.214.101.34 || feministwiki.org || || Wiki<br />
|-<br />
|85.214.101.34 || www.feministwiki.org || www || Wiki<br />
|-<br />
|85.214.101.34 || ldap.feministwiki.org || ldap || LDAP<br />
|-<br />
|85.214.101.34 || chat.feministwiki.org || chat || Web-client for XMPP<br />
|-<br />
|85.214.101.34 || forum.feministwiki.org || forum || BBS Forum<br />
|-<br />
|85.214.101.34 || mail.feministwiki.org || mail || Web-client for Mail<br />
|-<br />
|85.214.101.34 || files.feministwiki.org || files || File storage<br />
|-<br />
|85.214.101.34 || imap.feministwiki.org || imap || IMAP<br />
|-<br />
|85.214.101.34 || smtp.feministwiki.org || smtp || SMTP<br />
|-<br />
|85.214.101.34 || xmpp.feministwiki.org || xmpp || XMPP<br />
|-<br />
|85.214.101.34 || irc.feministwiki.org || irc || IRC<br />
|-<br />
|85.214.101.34 || social.feministwiki.org || social || GNU social<br />
|-<br />
|85.214.101.34 || add-member.feministwiki.org || add-member || Add a member<br />
|}<br />
<br />
(As you can see, all services are on the same server for now.)<br />
<br />
== SSH access ==<br />
<br />
FeministWiki hosts have ssh enabled for <code>root</code> access, but password login is disabled. You must own a valid private key to log in.<br />
<br />
== Git repo of scripts and configuration ==<br />
<br />
The following GitHub account hosts repositories with scripts and configuration used by the FeministWiki:<br />
<br />
https://github.com/FeministWiki<br />
<br />
== Certs ==<br />
<br />
The FeministWiki uses LetsEncrypt to acquire digital certificates for encrypted communication.<br />
<br />
To ease use of the letsencrypt command, the file <code>/root/etc/domains</code> contains all the FQDNs used by the FeministWiki, one per line. Given that, the preferred way to populate the <code>/etc/letsencrypt/live/feministwiki.org</code> directory with fresh certs is to run the following command while TCP port 80 is free (e.g. stop Apache first):<br />
<br />
letsencrypt certonly --authenticator standalone -d "$(tr '\n' ',' < /root/etc/domains)"<br />
<br />
Additionally, for programs that require a cert file and its private key in a single combined <code>.pem</code> file, run the following commands to generate such a file:<br />
<br />
cd /etc/letsencrypt/live/feministwiki.org<br />
cat fullchain.pem privkey.pem > certbundle.pem<br />
<br />
The script <code>/root/bin/letsencrypt-refresh</code> '''does all of the above''', so in practice you just need to run the following commands to recreate the cert:<br />
<br />
service apache2 stop # Assuming Apache is running on the machine<br />
letsencrypt-refresh<br />
service apache2 start<br />
<br />
The above can be used not only to refresh a cert that's running out, but also to add a new domain to the cert. Just add the domain to <code>/root/etc/domains</code> and run the commands.<br />
<br />
Note that the letsencrypt command doesn't work well on a "dumb" terminal such as an Emacs shell buffer. Make sure to run it from within a proper terminal emulator.<br />
<br />
== Services ==<br />
<br />
This section documents the individual services of the FeministWiki. They should work regardless of what server they're on. I.e. every service could in theory be hosted on its own server.<br />
<br />
=== LDAP ===<br />
<br />
Host: ldap.feministwiki.org <br/><br />
Software: OpenLDAP<br />
<br />
The LDAP service contains the central database of FeministWiki members. The structure looks like this:<br />
<br />
* dc=feministwiki,dc=org<br />
** ou=members<br />
*** cn=''username'' <br/> objectClass: inetOrgPerson <br/> cn: ''username'' <br/> uid: ''username'' <br/> sn: - <br/> userPassword: {SSHA}''saltedhash'' <br/> mail: ''username''@feministwiki.org<br />
*** cn=''username2'' <br/> objectClass: inetOrgPerson <br/> cn: ''username2'' <br/> uid: ''username2'' <br/> sn: - <br/> userPassword: {SSHA}''saltedhash2'' <br/> mail: ''username2''@feministwiki.org <br/> manager: cn=''username'',ou=members,dc=feministwiki,dc=org<br />
*** ...<br />
** ou=groups<br />
*** cn=members <br/> objectClass: groupOfNames <br/> cn: members <br/> member: ''username'' <br/> member: ''username2'' <br/> member: ...<br />
<br />
Notes:<br />
* The <code>cn</code> (common name) and <code>uid</code> (user ID) fields both contain the username. This is because some software is preconfigured to look at <code>uid</code>, while most look at <code>cn</code>.<br />
* The <code>sn</code> (surname) field simply contains a minus character as a placeholder, because it's a mandatory field.<br />
* The <code>manager</code> field is optional and we use it to record the member who added the member in question.<br />
<br />
To make sure passwords are stored with the <code>{SSHA}</code> scheme rather than plain text, the <code>ppolicy</code> "password policy overlay" is used. ZYTRAX has a very nice book about LDAP which documents how to enable this: http://www.zytrax.com/books/ldap/ch6/ppolicy.html<br />
<br />
In short, the steps go as follows (these commands ''should'' work verbatim):<br />
<br />
# Add the ppolicy schema<br />
ldapadd -Y external -H ldapi:/// < /etc/ldap/schema/ppolicy.ldif<br />
<br />
# Enable the ppolicy dynamic module<br />
ldapmodify -Y external -H ldapi:/// <<EOF<br />
dn: cn=module{0},cn=config<br />
changetype: modify<br />
add: olcModuleLoad<br />
olcModuleLoad: ppolicy<br />
EOF<br />
<br />
# Add the ppolicy overlay with olcPPolicyHashCleartext set to TRUE<br />
ldapadd -Y external -H ldapi:/// <<EOF<br />
dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config<br />
objectClass: olcPPolicyConfig<br />
olcOverlay: ppolicy<br />
olcPPolicyHashCleartext: TRUE<br />
EOF<br />
<br />
=== Wiki ===<br />
<br />
Host: feministwiki.org, www.feministwiki.org <br/><br />
Software: MediaWiki<br />
<br />
The wiki uses a [https://www.mediawiki.org/wiki/MediaWiki MediaWiki] installation located at <code>/var/www/wiki/w</code> with the [https://www.mediawiki.org/wiki/Extension:LDAP_Authentication LDAP Authentication] plugin for login management and the "Short URL" feature enabled with help of Apache's vhost configuration, which is located at <code>/etc/apache2/sites-available/wiki.conf</code>.<br />
<br />
The wiki uses the SQL database called "feministwiki" and the SQL user of the same name.<br />
<br />
=== Chat (web interface) ===<br />
<br />
Host: chat.feministwiki.org <br/><br />
Software: Converse.js<br />
<br />
The web-interface for the FeministChat uses the full-screen "Impress" variant of the [https://conversejs.org/ Converse.js] XMPP client. The hosted HTML and JS files are located at <code>/var/www/chat</code>, although they load Converse.js as an external script from upstream, which is why the self-hosted HTML and JS are very minimal.<br />
<br />
=== Forum ===<br />
<br />
Host: forum.feministwiki.org <br/><br />
Software: phpBB<br />
<br />
The forum uses a [https://www.phpbb.com/ phpBB] installation located at <code>/var/www/forum</code>. The style is a copy of the "orange" variant of the "basic" style, with only the logo swapped.<br />
<br />
Most configuration of phpBB, including LDAP authentication, is done through its administration panel.<br />
<br />
The forum uses the SQL database called "feministforum" and the SQL user of the same name.<br />
<br />
=== Mail (web interface) ===<br />
<br />
Host: mail.feministwiki.org <br/><br />
Software: Roundcube<br />
<br />
The web-interface for the FeministMail uses the [https://roundcube.net/ Roundcube] mail client, installed at <code>/var/www/mail</code>. It uses the standard "larry" style, but with some tweaks to logos and images.<br />
<br />
=== Files ===<br />
<br />
Host: files.feministwiki.org <br/><br />
Software: Nextcloud<br />
<br />
FeministFiles is a [https://nextcloud.com/ Nextcloud] installation with some branding, and LDAP authentication, installed at <code>/var/www/files</code>.<br />
<br />
=== IMAP ===<br />
<br />
Host: imap.feministwiki.org <br/><br />
Software: Dovecot<br />
<br />
FeministMail uses the [https://www.dovecot.org/ Dovecot] IMAP server, configured for LDAP authentication and using virtual mail boxes under <code>/home/vmail</code>.<br />
<br />
=== SMTP ===<br />
<br />
Host: smtp.feministwiki.org <br/><br />
Software: Postfix<br />
<br />
FeministMail uses the [http://www.postfix.org/ Postfix] SMTP server, using SASL authentication through Dovecot.</div>SocJusWizhttps://feministwiki.org/w/index.php?title=FeministWiki:Technical_documentation&diff=93FeministWiki:Technical documentation2018-09-22T12:09:02Z<p>SocJusWiz: /* Forum */</p>
<hr />
<div>This page documents the FeministWiki's technical infrastructure, the target audience being technicians.<br />
<br />
== Hosts ==<br />
<br />
The following table documents the DNS configuration, and can be used as part of the <code>/etc/hosts</code> file on each server to obviate the need for DNS lookups when connecting to one another.<br />
<br />
{| class="wikitable"<br />
!IP !! FQDN !! Host !! Purpose<br />
|-<br />
|85.214.101.34 || feministwiki.org || || Wiki<br />
|-<br />
|85.214.101.34 || www.feministwiki.org || www || Wiki<br />
|-<br />
|85.214.101.34 || ldap.feministwiki.org || ldap || LDAP<br />
|-<br />
|85.214.101.34 || chat.feministwiki.org || chat || Web-client for XMPP<br />
|-<br />
|85.214.101.34 || forum.feministwiki.org || forum || BBS Forum<br />
|-<br />
|85.214.101.34 || mail.feministwiki.org || mail || Web-client for Mail<br />
|-<br />
|85.214.101.34 || files.feministwiki.org || files || File storage<br />
|-<br />
|85.214.101.34 || imap.feministwiki.org || imap || IMAP<br />
|-<br />
|85.214.101.34 || smtp.feministwiki.org || smtp || SMTP<br />
|-<br />
|85.214.101.34 || xmpp.feministwiki.org || xmpp || XMPP<br />
|-<br />
|85.214.101.34 || irc.feministwiki.org || irc || IRC<br />
|-<br />
|85.214.101.34 || social.feministwiki.org || social || GNU social<br />
|-<br />
|85.214.101.34 || add-member.feministwiki.org || add-member || Add a member<br />
|}<br />
<br />
(As you can see, all services are on the same server for now.)<br />
<br />
== SSH access ==<br />
<br />
FeministWiki hosts have ssh enabled for <code>root</code> access, but password login is disabled. You must own a valid private key to log in.<br />
<br />
== Git repo of scripts and configuration ==<br />
<br />
The following GitHub account hosts repositories with scripts and configuration used by the FeministWiki:<br />
<br />
https://github.com/FeministWiki<br />
<br />
== Certs ==<br />
<br />
The FeministWiki uses LetsEncrypt to acquire digital certificates for encrypted communication.<br />
<br />
To ease use of the letsencrypt command, the file <code>/root/etc/domains</code> contains all the FQDNs used by the FeministWiki, one per line. Given that, the preferred way to populate the <code>/etc/letsencrypt/live/feministwiki.org</code> directory with fresh certs is to run the following command while TCP port 80 is free (e.g. stop Apache first):<br />
<br />
letsencrypt certonly --authenticator standalone -d "$(tr '\n' ',' < /root/etc/domains)"<br />
<br />
Additionally, for programs that require a cert file and its private key in a single combined <code>.pem</code> file, run the following commands to generate such a file:<br />
<br />
cd /etc/letsencrypt/live/feministwiki.org<br />
cat fullchain.pem privkey.pem > certbundle.pem<br />
<br />
The script <code>/root/bin/letsencrypt-refresh</code> '''does all of the above''', so in practice you just need to run the following commands to recreate the cert:<br />
<br />
service apache2 stop # Assuming Apache is running on the machine<br />
letsencrypt-refresh<br />
service apache2 start<br />
<br />
The above can be used not only to refresh a cert that's running out, but also to add a new domain to the cert. Just add the domain to <code>/root/etc/domains</code> and run the commands.<br />
<br />
Note that the letsencrypt command doesn't work well on a "dumb" terminal such as an Emacs shell buffer. Make sure to run it from within a proper terminal emulator.<br />
<br />
== Services ==<br />
<br />
This section documents the individual services of the FeministWiki. They should work regardless of what server they're on. I.e. every service could in theory be hosted on its own server.<br />
<br />
=== LDAP ===<br />
<br />
Host: ldap.feministwiki.org <br/><br />
Software: OpenLDAP<br />
<br />
The LDAP service contains the central database of FeministWiki members. The structure looks like this:<br />
<br />
* dc=feministwiki,dc=org<br />
** ou=members<br />
*** cn=''username'' <br/> objectClass: inetOrgPerson <br/> cn: ''username'' <br/> uid: ''username'' <br/> sn: - <br/> userPassword: {SSHA}''saltedhash'' <br/> mail: ''username''@feministwiki.org<br />
*** cn=''username2'' <br/> objectClass: inetOrgPerson <br/> cn: ''username2'' <br/> uid: ''username2'' <br/> sn: - <br/> userPassword: {SSHA}''saltedhash2'' <br/> mail: ''username2''@feministwiki.org <br/> manager: cn=''username'',ou=members,dc=feministwiki,dc=org<br />
*** ...<br />
** ou=groups<br />
*** cn=members <br/> objectClass: groupOfNames <br/> cn: members <br/> member: ''username'' <br/> member: ''username2'' <br/> member: ...<br />
<br />
Notes:<br />
* The <code>cn</code> (common name) and <code>uid</code> (user ID) fields both contain the username. This is because some software is preconfigured to look at <code>uid</code>, while most look at <code>cn</code>.<br />
* The <code>sn</code> (surname) field simply contains a minus character as a placeholder, because it's a mandatory field.<br />
* The <code>manager</code> field is optional and we use it to record the member who added the member in question.<br />
<br />
To make sure passwords are stored with the <code>{SSHA}</code> scheme rather than plain text, the <code>ppolicy</code> "password policy overlay" is used. ZYTRAX has a very nice book about LDAP which documents how to enable this: http://www.zytrax.com/books/ldap/ch6/ppolicy.html<br />
<br />
In short, the steps go as follows (these commands ''should'' work verbatim):<br />
<br />
# Add the ppolicy schema<br />
ldapadd -Y external -H ldapi:/// < /etc/ldap/schema/ppolicy.ldif<br />
<br />
# Enable the ppolicy dynamic module<br />
ldapmodify -Y external -H ldapi:/// <<EOF<br />
dn: cn=module{0},cn=config<br />
changetype: modify<br />
add: olcModuleLoad<br />
olcModuleLoad: ppolicy<br />
EOF<br />
<br />
# Add the ppolicy overlay with olcPPolicyHashCleartext set to TRUE<br />
ldapadd -Y external -H ldapi:/// <<EOF<br />
dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config<br />
objectClass: olcPPolicyConfig<br />
olcOverlay: ppolicy<br />
olcPPolicyHashCleartext: TRUE<br />
EOF<br />
<br />
=== Wiki ===<br />
<br />
Host: feministwiki.org, www.feministwiki.org <br/><br />
Software: MediaWiki<br />
<br />
The wiki uses a [https://www.mediawiki.org/wiki/MediaWiki MediaWiki] installation located at <code>/var/www/wiki/w</code> with the [https://www.mediawiki.org/wiki/Extension:LDAP_Authentication LDAP Authentication] plugin for login management and the "Short URL" feature enabled with help of Apache's vhost configuration, which is located at <code>/etc/apache2/sites-available/wiki.conf</code>.<br />
<br />
The wiki uses the SQL database called "feministwiki" and the SQL user of the same name.<br />
<br />
=== Chat (web interface) ===<br />
<br />
Host: chat.feministwiki.org <br/><br />
Software: Converse.js<br />
<br />
The web-interface for the FeministChat uses the full-screen "Impress" variant of the [https://conversejs.org/ Converse.js] XMPP client. The hosted HTML and JS files are located at <code>/var/www/chat</code>, although they load Converse.js as an external script from upstream, which is why the self-hosted HTML and JS are very minimal.<br />
<br />
=== Forum ===<br />
<br />
Host: forum.feministwiki.org <br/><br />
Software: phpBB<br />
<br />
The forum uses a [https://www.phpbb.com/ phpBB] installation located at <code>/var/www/forum</code>. The style is a copy of the "orange" variant of the "basic" style, with only the logo swapped.<br />
<br />
Most configuration of phpBB, including LDAP authentication, is done through its administration panel.<br />
<br />
The forum uses the SQL database called "feministforum" and the SQL user of the same name.<br />
<br />
=== Mail (web interface) ===<br />
<br />
Host: mail.feministwiki.org <br/><br />
Software: Roundcube<br />
<br />
The web-interface for the FeministMail uses the [https://roundcube.net/ Roundcube] mail client, installed at <code>/var/www/mail</code>. It uses the standard "larry" style, but with some tweaks to logos and images.<br />
<br />
=== Files ===<br />
<br />
Host: files.feministwiki.org <br/><br />
Software: Nextcloud<br />
<br />
FeministFiles is a [https://nextcloud.com/ Nextcloud] installation with some branding, and LDAP authentication.</div>SocJusWizhttps://feministwiki.org/w/index.php?title=FeministWiki:Technical_documentation&diff=92FeministWiki:Technical documentation2018-09-22T12:07:01Z<p>SocJusWiz: /* Services */</p>
<hr />
<div>This page documents the FeministWiki's technical infrastructure, the target audience being technicians.<br />
<br />
== Hosts ==<br />
<br />
The following table documents the DNS configuration, and can be used as part of the <code>/etc/hosts</code> file on each server to obviate the need for DNS lookups when connecting to one another.<br />
<br />
{| class="wikitable"<br />
!IP !! FQDN !! Host !! Purpose<br />
|-<br />
|85.214.101.34 || feministwiki.org || || Wiki<br />
|-<br />
|85.214.101.34 || www.feministwiki.org || www || Wiki<br />
|-<br />
|85.214.101.34 || ldap.feministwiki.org || ldap || LDAP<br />
|-<br />
|85.214.101.34 || chat.feministwiki.org || chat || Web-client for XMPP<br />
|-<br />
|85.214.101.34 || forum.feministwiki.org || forum || BBS Forum<br />
|-<br />
|85.214.101.34 || mail.feministwiki.org || mail || Web-client for Mail<br />
|-<br />
|85.214.101.34 || files.feministwiki.org || files || File storage<br />
|-<br />
|85.214.101.34 || imap.feministwiki.org || imap || IMAP<br />
|-<br />
|85.214.101.34 || smtp.feministwiki.org || smtp || SMTP<br />
|-<br />
|85.214.101.34 || xmpp.feministwiki.org || xmpp || XMPP<br />
|-<br />
|85.214.101.34 || irc.feministwiki.org || irc || IRC<br />
|-<br />
|85.214.101.34 || social.feministwiki.org || social || GNU social<br />
|-<br />
|85.214.101.34 || add-member.feministwiki.org || add-member || Add a member<br />
|}<br />
<br />
(As you can see, all services are on the same server for now.)<br />
<br />
== SSH access ==<br />
<br />
FeministWiki hosts have ssh enabled for <code>root</code> access, but password login is disabled. You must own a valid private key to log in.<br />
<br />
== Git repo of scripts and configuration ==<br />
<br />
The following GitHub account hosts repositories with scripts and configuration used by the FeministWiki:<br />
<br />
https://github.com/FeministWiki<br />
<br />
== Certs ==<br />
<br />
The FeministWiki uses LetsEncrypt to acquire digital certificates for encrypted communication.<br />
<br />
To ease use of the letsencrypt command, the file <code>/root/etc/domains</code> contains all the FQDNs used by the FeministWiki, one per line. Given that, the preferred way to populate the <code>/etc/letsencrypt/live/feministwiki.org</code> directory with fresh certs is to run the following command while TCP port 80 is free (e.g. stop Apache first):<br />
<br />
letsencrypt certonly --authenticator standalone -d "$(tr '\n' ',' < /root/etc/domains)"<br />
<br />
Additionally, for programs that require a cert file and its private key in a single combined <code>.pem</code> file, run the following commands to generate such a file:<br />
<br />
cd /etc/letsencrypt/live/feministwiki.org<br />
cat fullchain.pem privkey.pem > certbundle.pem<br />
<br />
The script <code>/root/bin/letsencrypt-refresh</code> '''does all of the above''', so in practice you just need to run the following commands to recreate the cert:<br />
<br />
service apache2 stop # Assuming Apache is running on the machine<br />
letsencrypt-refresh<br />
service apache2 start<br />
<br />
The above can be used not only to refresh a cert that's running out, but also to add a new domain to the cert. Just add the domain to <code>/root/etc/domains</code> and run the commands.<br />
<br />
Note that the letsencrypt command doesn't work well on a "dumb" terminal such as an Emacs shell buffer. Make sure to run it from within a proper terminal emulator.<br />
<br />
== Services ==<br />
<br />
This section documents the individual services of the FeministWiki. They should work regardless of what server they're on. I.e. every service could in theory be hosted on its own server.<br />
<br />
=== LDAP ===<br />
<br />
Host: ldap.feministwiki.org <br/><br />
Software: OpenLDAP<br />
<br />
The LDAP service contains the central database of FeministWiki members. The structure looks like this:<br />
<br />
* dc=feministwiki,dc=org<br />
** ou=members<br />
*** cn=''username'' <br/> objectClass: inetOrgPerson <br/> cn: ''username'' <br/> uid: ''username'' <br/> sn: - <br/> userPassword: {SSHA}''saltedhash'' <br/> mail: ''username''@feministwiki.org<br />
*** cn=''username2'' <br/> objectClass: inetOrgPerson <br/> cn: ''username2'' <br/> uid: ''username2'' <br/> sn: - <br/> userPassword: {SSHA}''saltedhash2'' <br/> mail: ''username2''@feministwiki.org <br/> manager: cn=''username'',ou=members,dc=feministwiki,dc=org<br />
*** ...<br />
** ou=groups<br />
*** cn=members <br/> objectClass: groupOfNames <br/> cn: members <br/> member: ''username'' <br/> member: ''username2'' <br/> member: ...<br />
<br />
Notes:<br />
* The <code>cn</code> (common name) and <code>uid</code> (user ID) fields both contain the username. This is because some software is preconfigured to look at <code>uid</code>, while most look at <code>cn</code>.<br />
* The <code>sn</code> (surname) field simply contains a minus character as a placeholder, because it's a mandatory field.<br />
* The <code>manager</code> field is optional and we use it to record the member who added the member in question.<br />
<br />
To make sure passwords are stored with the <code>{SSHA}</code> scheme rather than plain text, the <code>ppolicy</code> "password policy overlay" is used. ZYTRAX has a very nice book about LDAP which documents how to enable this: http://www.zytrax.com/books/ldap/ch6/ppolicy.html<br />
<br />
In short, the steps go as follows (these commands ''should'' work verbatim):<br />
<br />
# Add the ppolicy schema<br />
ldapadd -Y external -H ldapi:/// < /etc/ldap/schema/ppolicy.ldif<br />
<br />
# Enable the ppolicy dynamic module<br />
ldapmodify -Y external -H ldapi:/// <<EOF<br />
dn: cn=module{0},cn=config<br />
changetype: modify<br />
add: olcModuleLoad<br />
olcModuleLoad: ppolicy<br />
EOF<br />
<br />
# Add the ppolicy overlay with olcPPolicyHashCleartext set to TRUE<br />
ldapadd -Y external -H ldapi:/// <<EOF<br />
dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config<br />
objectClass: olcPPolicyConfig<br />
olcOverlay: ppolicy<br />
olcPPolicyHashCleartext: TRUE<br />
EOF<br />
<br />
=== Wiki ===<br />
<br />
Host: feministwiki.org, www.feministwiki.org <br/><br />
Software: MediaWiki<br />
<br />
The wiki uses a [https://www.mediawiki.org/wiki/MediaWiki MediaWiki] installation located at <code>/var/www/wiki/w</code> with the [https://www.mediawiki.org/wiki/Extension:LDAP_Authentication LDAP Authentication] plugin for login management and the "Short URL" feature enabled with help of Apache's vhost configuration, which is located at <code>/etc/apache2/sites-available/wiki.conf</code>.<br />
<br />
The wiki uses the SQL database called "feministwiki" and the SQL user of the same name.<br />
<br />
=== Chat (web interface) ===<br />
<br />
Host: chat.feministwiki.org <br/><br />
Software: Converse.js<br />
<br />
The web-interface for the FeministChat uses the full-screen "Impress" variant of the [https://conversejs.org/ Converse.js] XMPP client. The hosted HTML and JS files are located at <code>/var/www/chat</code>, although they load Converse.js as an external script from upstream, which is why the self-hosted HTML and JS are very minimal.<br />
<br />
=== Forum ===<br />
<br />
Host: forum.feministwiki.org <br/><br />
Software: phpBB<br />
<br />
The forum uses a [https://www.phpbb.com/ phpBB] installation located at <code>/var/www/forum</code>. The style is a copy of the "orange" variant of the "basic" style, with only the logo swapped.<br />
<br />
The forum uses the SQL database called "feministforum" and the SQL user of the same name.<br />
<br />
=== Mail (web interface) ===<br />
<br />
Host: mail.feministwiki.org <br/><br />
Software: Roundcube<br />
<br />
The web-interface for the FeministMail uses the [https://roundcube.net/ Roundcube] mail client, installed at <code>/var/www/mail</code>. It uses the standard "larry" style, but with some tweaks to logos and images.<br />
<br />
=== Files ===<br />
<br />
Host: files.feministwiki.org <br/><br />
Software: Nextcloud<br />
<br />
FeministFiles is a [https://nextcloud.com/ Nextcloud] installation with some branding, and LDAP authentication.</div>SocJusWizhttps://feministwiki.org/w/index.php?title=FeministWiki:Technical_documentation&diff=91FeministWiki:Technical documentation2018-09-22T12:05:06Z<p>SocJusWiz: /* Services */</p>
<hr />
<div>This page documents the FeministWiki's technical infrastructure, the target audience being technicians.<br />
<br />
== Hosts ==<br />
<br />
The following table documents the DNS configuration, and can be used as part of the <code>/etc/hosts</code> file on each server to obviate the need for DNS lookups when connecting to one another.<br />
<br />
{| class="wikitable"<br />
!IP !! FQDN !! Host !! Purpose<br />
|-<br />
|85.214.101.34 || feministwiki.org || || Wiki<br />
|-<br />
|85.214.101.34 || www.feministwiki.org || www || Wiki<br />
|-<br />
|85.214.101.34 || ldap.feministwiki.org || ldap || LDAP<br />
|-<br />
|85.214.101.34 || chat.feministwiki.org || chat || Web-client for XMPP<br />
|-<br />
|85.214.101.34 || forum.feministwiki.org || forum || BBS Forum<br />
|-<br />
|85.214.101.34 || mail.feministwiki.org || mail || Web-client for Mail<br />
|-<br />
|85.214.101.34 || files.feministwiki.org || files || File storage<br />
|-<br />
|85.214.101.34 || imap.feministwiki.org || imap || IMAP<br />
|-<br />
|85.214.101.34 || smtp.feministwiki.org || smtp || SMTP<br />
|-<br />
|85.214.101.34 || xmpp.feministwiki.org || xmpp || XMPP<br />
|-<br />
|85.214.101.34 || irc.feministwiki.org || irc || IRC<br />
|-<br />
|85.214.101.34 || social.feministwiki.org || social || GNU social<br />
|-<br />
|85.214.101.34 || add-member.feministwiki.org || add-member || Add a member<br />
|}<br />
<br />
(As you can see, all services are on the same server for now.)<br />
<br />
== SSH access ==<br />
<br />
FeministWiki hosts have ssh enabled for <code>root</code> access, but password login is disabled. You must own a valid private key to log in.<br />
<br />
== Git repo of scripts and configuration ==<br />
<br />
The following GitHub account hosts repositories with scripts and configuration used by the FeministWiki:<br />
<br />
https://github.com/FeministWiki<br />
<br />
== Certs ==<br />
<br />
The FeministWiki uses LetsEncrypt to acquire digital certificates for encrypted communication.<br />
<br />
To ease use of the letsencrypt command, the file <code>/root/etc/domains</code> contains all the FQDNs used by the FeministWiki, one per line. Given that, the preferred way to populate the <code>/etc/letsencrypt/live/feministwiki.org</code> directory with fresh certs is to run the following command while TCP port 80 is free (e.g. stop Apache first):<br />
<br />
letsencrypt certonly --authenticator standalone -d "$(tr '\n' ',' < /root/etc/domains)"<br />
<br />
Additionally, for programs that require a cert file and its private key in a single combined <code>.pem</code> file, run the following commands to generate such a file:<br />
<br />
cd /etc/letsencrypt/live/feministwiki.org<br />
cat fullchain.pem privkey.pem > certbundle.pem<br />
<br />
The script <code>/root/bin/letsencrypt-refresh</code> '''does all of the above''', so in practice you just need to run the following commands to recreate the cert:<br />
<br />
service apache2 stop # Assuming Apache is running on the machine<br />
letsencrypt-refresh<br />
service apache2 start<br />
<br />
The above can be used not only to refresh a cert that's running out, but also to add a new domain to the cert. Just add the domain to <code>/root/etc/domains</code> and run the commands.<br />
<br />
Note that the letsencrypt command doesn't work well on a "dumb" terminal such as an Emacs shell buffer. Make sure to run it from within a proper terminal emulator.<br />
<br />
== Services ==<br />
<br />
This section documents the individual services of the FeministWiki. They should work regardless of what server they're on. I.e. every service could in theory be hosted on its own server.<br />
<br />
=== LDAP ===<br />
<br />
Host: ldap.feministwiki.org <br/><br />
Software: OpenLDAP<br />
<br />
The LDAP service contains the central database of FeministWiki members. The structure looks like this:<br />
<br />
* dc=feministwiki,dc=org<br />
** ou=members<br />
*** cn=''username'' <br/> objectClass: inetOrgPerson <br/> cn: ''username'' <br/> uid: ''username'' <br/> sn: - <br/> userPassword: {SSHA}''saltedhash'' <br/> mail: ''username''@feministwiki.org<br />
*** cn=''username2'' <br/> objectClass: inetOrgPerson <br/> cn: ''username2'' <br/> uid: ''username2'' <br/> sn: - <br/> userPassword: {SSHA}''saltedhash2'' <br/> mail: ''username2''@feministwiki.org <br/> manager: cn=''username'',ou=members,dc=feministwiki,dc=org<br />
*** ...<br />
** ou=groups<br />
*** cn=members <br/> objectClass: groupOfNames <br/> cn: members <br/> member: ''username'' <br/> member: ''username2'' <br/> member: ...<br />
<br />
Notes:<br />
* The <code>cn</code> (common name) and <code>uid</code> (user ID) fields both contain the username. This is because some software is preconfigured to look at <code>uid</code>, while most look at <code>cn</code>.<br />
* The <code>sn</code> (surname) field simply contains a minus character as a placeholder, because it's a mandatory field.<br />
* The <code>manager</code> field is optional and we use it to record the member who added the member in question.<br />
<br />
To make sure passwords are stored with the <code>{SSHA}</code> scheme rather than plain text, the <code>ppolicy</code> "password policy overlay" is used. ZYTRAX has a very nice book about LDAP which documents how to enable this: http://www.zytrax.com/books/ldap/ch6/ppolicy.html<br />
<br />
In short, the steps go as follows (these commands ''should'' work verbatim):<br />
<br />
# Add the ppolicy schema<br />
ldapadd -Y external -H ldapi:/// < /etc/ldap/schema/ppolicy.ldif<br />
<br />
# Enable the ppolicy dynamic module<br />
ldapmodify -Y external -H ldapi:/// <<EOF<br />
dn: cn=module{0},cn=config<br />
changetype: modify<br />
add: olcModuleLoad<br />
olcModuleLoad: ppolicy<br />
EOF<br />
<br />
# Add the ppolicy overlay with olcPPolicyHashCleartext set to TRUE<br />
ldapadd -Y external -H ldapi:/// <<EOF<br />
dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config<br />
objectClass: olcPPolicyConfig<br />
olcOverlay: ppolicy<br />
olcPPolicyHashCleartext: TRUE<br />
EOF<br />
<br />
=== Wiki ===<br />
<br />
Host: feministwiki.org, www.feministwiki.org <br/><br />
Software: MediaWiki<br />
<br />
The wiki uses a [https://www.mediawiki.org/wiki/MediaWiki MediaWiki] installation located at <code>/var/www/wiki/w</code> with the [https://www.mediawiki.org/wiki/Extension:LDAP_Authentication LDAP Authentication] plugin for login management and the "Short URL" feature enabled with help of Apache's vhost configuration, which is located at <code>/etc/apache2/sites-available/wiki.conf</code>.<br />
<br />
The wiki uses the SQL database called "feministwiki" and the SQL user of the same name.<br />
<br />
=== Chat (web interface) ===<br />
<br />
Host: chat.feministwiki.org <br/><br />
Software: Converse.js<br />
<br />
The web-interface for the FeministChat uses the full-screen "Impress" variant of the [https://conversejs.org/ Converse.js] XMPP client. The hosted HTML and JS files are located at <code>/var/www/chat</code>, although they load Converse.js as an external script from upstream, which is why the self-hosted HTML and JS are very minimal.<br />
<br />
=== Forum ===<br />
<br />
Host: forum.feministwiki.org <br/><br />
Software: phpBB<br />
<br />
The forum uses a [https://www.phpbb.com/ phpBB] installation located at <code>/var/www/forum</code>. The style is a copy of the "orange" variant of the "basic" style, with only the logo swapped.<br />
<br />
The forum uses the SQL database called "feministforum" and the SQL user of the same name.<br />
<br />
=== Mail (web interface) ===<br />
<br />
Host: mail.feministwiki.org <br/><br />
Software: Roundcube<br />
<br />
The web-interface for the FeministMail uses the [https://roundcube.net/ Roundcube] mail client, installed at <code>/var/www/mail</code>. It uses the standard "larry" style, but with some tweaks to logos and images.</div>SocJusWizhttps://feministwiki.org/w/index.php?title=FeministWiki:Technical_documentation&diff=90FeministWiki:Technical documentation2018-09-22T12:03:13Z<p>SocJusWiz: /* Services */</p>
<hr />
<div>This page documents the FeministWiki's technical infrastructure, the target audience being technicians.<br />
<br />
== Hosts ==<br />
<br />
The following table documents the DNS configuration, and can be used as part of the <code>/etc/hosts</code> file on each server to obviate the need for DNS lookups when connecting to one another.<br />
<br />
{| class="wikitable"<br />
!IP !! FQDN !! Host !! Purpose<br />
|-<br />
|85.214.101.34 || feministwiki.org || || Wiki<br />
|-<br />
|85.214.101.34 || www.feministwiki.org || www || Wiki<br />
|-<br />
|85.214.101.34 || ldap.feministwiki.org || ldap || LDAP<br />
|-<br />
|85.214.101.34 || chat.feministwiki.org || chat || Web-client for XMPP<br />
|-<br />
|85.214.101.34 || forum.feministwiki.org || forum || BBS Forum<br />
|-<br />
|85.214.101.34 || mail.feministwiki.org || mail || Web-client for Mail<br />
|-<br />
|85.214.101.34 || files.feministwiki.org || files || File storage<br />
|-<br />
|85.214.101.34 || imap.feministwiki.org || imap || IMAP<br />
|-<br />
|85.214.101.34 || smtp.feministwiki.org || smtp || SMTP<br />
|-<br />
|85.214.101.34 || xmpp.feministwiki.org || xmpp || XMPP<br />
|-<br />
|85.214.101.34 || irc.feministwiki.org || irc || IRC<br />
|-<br />
|85.214.101.34 || social.feministwiki.org || social || GNU social<br />
|-<br />
|85.214.101.34 || add-member.feministwiki.org || add-member || Add a member<br />
|}<br />
<br />
(As you can see, all services are on the same server for now.)<br />
<br />
== SSH access ==<br />
<br />
FeministWiki hosts have ssh enabled for <code>root</code> access, but password login is disabled. You must own a valid private key to log in.<br />
<br />
== Git repo of scripts and configuration ==<br />
<br />
The following GitHub account hosts repositories with scripts and configuration used by the FeministWiki:<br />
<br />
https://github.com/FeministWiki<br />
<br />
== Certs ==<br />
<br />
The FeministWiki uses LetsEncrypt to acquire digital certificates for encrypted communication.<br />
<br />
To ease use of the letsencrypt command, the file <code>/root/etc/domains</code> contains all the FQDNs used by the FeministWiki, one per line. Given that, the preferred way to populate the <code>/etc/letsencrypt/live/feministwiki.org</code> directory with fresh certs is to run the following command while TCP port 80 is free (e.g. stop Apache first):<br />
<br />
letsencrypt certonly --authenticator standalone -d "$(tr '\n' ',' < /root/etc/domains)"<br />
<br />
Additionally, for programs that require a cert file and its private key in a single combined <code>.pem</code> file, run the following commands to generate such a file:<br />
<br />
cd /etc/letsencrypt/live/feministwiki.org<br />
cat fullchain.pem privkey.pem > certbundle.pem<br />
<br />
The script <code>/root/bin/letsencrypt-refresh</code> '''does all of the above''', so in practice you just need to run the following commands to recreate the cert:<br />
<br />
service apache2 stop # Assuming Apache is running on the machine<br />
letsencrypt-refresh<br />
service apache2 start<br />
<br />
The above can be used not only to refresh a cert that's running out, but also to add a new domain to the cert. Just add the domain to <code>/root/etc/domains</code> and run the commands.<br />
<br />
Note that the letsencrypt command doesn't work well on a "dumb" terminal such as an Emacs shell buffer. Make sure to run it from within a proper terminal emulator.<br />
<br />
== Services ==<br />
<br />
This section documents the individual services of the FeministWiki. They should work regardless of what server they're on. I.e. every service could in theory be hosted on its own server.<br />
<br />
=== LDAP ===<br />
<br />
Host: ldap.feministwiki.org <br/><br />
Software: OpenLDAP<br />
<br />
The LDAP service contains the central database of FeministWiki members. The structure looks like this:<br />
<br />
* dc=feministwiki,dc=org<br />
** ou=members<br />
*** cn=''username'' <br/> objectClass: inetOrgPerson <br/> cn: ''username'' <br/> uid: ''username'' <br/> sn: - <br/> userPassword: {SSHA}''saltedhash'' <br/> mail: ''username''@feministwiki.org<br />
*** cn=''username2'' <br/> objectClass: inetOrgPerson <br/> cn: ''username2'' <br/> uid: ''username2'' <br/> sn: - <br/> userPassword: {SSHA}''saltedhash2'' <br/> mail: ''username2''@feministwiki.org <br/> manager: cn=''username'',ou=members,dc=feministwiki,dc=org<br />
*** ...<br />
** ou=groups<br />
*** cn=members <br/> objectClass: groupOfNames <br/> cn: members <br/> member: ''username'' <br/> member: ''username2'' <br/> member: ...<br />
<br />
Notes:<br />
* The <code>cn</code> (common name) and <code>uid</code> (user ID) fields both contain the username. This is because some software is preconfigured to look at <code>uid</code>, while most look at <code>cn</code>.<br />
* The <code>sn</code> (surname) field simply contains a minus character as a placeholder, because it's a mandatory field.<br />
* The <code>manager</code> field is optional and we use it to record the member who added the member in question.<br />
<br />
To make sure passwords are stored with the <code>{SSHA}</code> scheme rather than plain text, the <code>ppolicy</code> "password policy overlay" is used. ZYTRAX has a very nice book about LDAP which documents how to enable this: http://www.zytrax.com/books/ldap/ch6/ppolicy.html<br />
<br />
In short, the steps go as follows (these commands ''should'' work verbatim):<br />
<br />
# Add the ppolicy schema<br />
ldapadd -Y external -H ldapi:/// < /etc/ldap/schema/ppolicy.ldif<br />
<br />
# Enable the ppolicy dynamic module<br />
ldapmodify -Y external -H ldapi:/// <<EOF<br />
dn: cn=module{0},cn=config<br />
changetype: modify<br />
add: olcModuleLoad<br />
olcModuleLoad: ppolicy<br />
EOF<br />
<br />
# Add the ppolicy overlay with olcPPolicyHashCleartext set to TRUE<br />
ldapadd -Y external -H ldapi:/// <<EOF<br />
dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config<br />
objectClass: olcPPolicyConfig<br />
olcOverlay: ppolicy<br />
olcPPolicyHashCleartext: TRUE<br />
EOF<br />
<br />
=== Wiki ===<br />
<br />
Host: feministwiki.org, www.feministwiki.org <br/><br />
Software: MediaWiki<br />
<br />
The wiki uses a [https://www.mediawiki.org/wiki/MediaWiki MediaWiki] installation located at <code>/var/www/wiki/w</code> with the [https://www.mediawiki.org/wiki/Extension:LDAP_Authentication LDAP Authentication] plugin for login management and the "Short URL" feature enabled with help of Apache's vhost configuration, which is located at <code>/etc/apache2/sites-available/wiki.conf</code>.<br />
<br />
The wiki uses the SQL database called "feministwiki" and the SQL user of the same name.<br />
<br />
=== Forum ===<br />
<br />
Host: forum.feministwiki.org <br/><br />
Software: phpBB<br />
<br />
The forum uses a [https://www.phpbb.com/ phpBB] installation located at <code>/var/www/forum</code>. The style is a copy of the "orange" variant of the "basic" style, with only the logo swapped.<br />
<br />
The forum uses the SQL database called "feministforum" and the SQL user of the same name.<br />
<br />
=== Chat (web interface) ===<br />
<br />
Host: chat.feministwiki.org <br/><br />
Software: Converse.js<br />
<br />
The web-interface for the FeministChat uses the full-screen "Impress" variant of the [https://conversejs.org/ Converse.js] XMPP client. The hosted HTML and JS files are located at <code>/var/www/chat</code>, although they load Converse.js as an external script from upstream, which is why the self-hosted HTML and JS are very minimal.<br />
<br />
=== Mail (web interface) ===<br />
<br />
Host: mail.feministwiki.org <br/><br />
Software: Roundcube<br />
<br />
The web-interface for the FeministMail uses the [https://roundcube.net/ Roundcube] mail client, installed at <code>/var/www/mail</code>. It uses the standard "larry" style, but with some tweaks to logos and images.</div>SocJusWizhttps://feministwiki.org/w/index.php?title=FeministWiki:Technical_documentation&diff=89FeministWiki:Technical documentation2018-09-22T11:47:58Z<p>SocJusWiz: /* Wiki */</p>
<hr />
<div>This page documents the FeministWiki's technical infrastructure, the target audience being technicians.<br />
<br />
== Hosts ==<br />
<br />
The following table documents the DNS configuration, and can be used as part of the <code>/etc/hosts</code> file on each server to obviate the need for DNS lookups when connecting to one another.<br />
<br />
{| class="wikitable"<br />
!IP !! FQDN !! Host !! Purpose<br />
|-<br />
|85.214.101.34 || feministwiki.org || || Wiki<br />
|-<br />
|85.214.101.34 || www.feministwiki.org || www || Wiki<br />
|-<br />
|85.214.101.34 || ldap.feministwiki.org || ldap || LDAP<br />
|-<br />
|85.214.101.34 || chat.feministwiki.org || chat || Web-client for XMPP<br />
|-<br />
|85.214.101.34 || forum.feministwiki.org || forum || BBS Forum<br />
|-<br />
|85.214.101.34 || mail.feministwiki.org || mail || Web-client for Mail<br />
|-<br />
|85.214.101.34 || files.feministwiki.org || files || File storage<br />
|-<br />
|85.214.101.34 || imap.feministwiki.org || imap || IMAP<br />
|-<br />
|85.214.101.34 || smtp.feministwiki.org || smtp || SMTP<br />
|-<br />
|85.214.101.34 || xmpp.feministwiki.org || xmpp || XMPP<br />
|-<br />
|85.214.101.34 || irc.feministwiki.org || irc || IRC<br />
|-<br />
|85.214.101.34 || social.feministwiki.org || social || GNU social<br />
|-<br />
|85.214.101.34 || add-member.feministwiki.org || add-member || Add a member<br />
|}<br />
<br />
(As you can see, all services are on the same server for now.)<br />
<br />
== SSH access ==<br />
<br />
FeministWiki hosts have ssh enabled for <code>root</code> access, but password login is disabled. You must own a valid private key to log in.<br />
<br />
== Git repo of scripts and configuration ==<br />
<br />
The following GitHub account hosts repositories with scripts and configuration used by the FeministWiki:<br />
<br />
https://github.com/FeministWiki<br />
<br />
== Certs ==<br />
<br />
The FeministWiki uses LetsEncrypt to acquire digital certificates for encrypted communication.<br />
<br />
To ease use of the letsencrypt command, the file <code>/root/etc/domains</code> contains all the FQDNs used by the FeministWiki, one per line. Given that, the preferred way to populate the <code>/etc/letsencrypt/live/feministwiki.org</code> directory with fresh certs is to run the following command while TCP port 80 is free (e.g. stop Apache first):<br />
<br />
letsencrypt certonly --authenticator standalone -d "$(tr '\n' ',' < /root/etc/domains)"<br />
<br />
Additionally, for programs that require a cert file and its private key in a single combined <code>.pem</code> file, run the following commands to generate such a file:<br />
<br />
cd /etc/letsencrypt/live/feministwiki.org<br />
cat fullchain.pem privkey.pem > certbundle.pem<br />
<br />
The script <code>/root/bin/letsencrypt-refresh</code> '''does all of the above''', so in practice you just need to run the following commands to recreate the cert:<br />
<br />
service apache2 stop # Assuming Apache is running on the machine<br />
letsencrypt-refresh<br />
service apache2 start<br />
<br />
The above can be used not only to refresh a cert that's running out, but also to add a new domain to the cert. Just add the domain to <code>/root/etc/domains</code> and run the commands.<br />
<br />
Note that the letsencrypt command doesn't work well on a "dumb" terminal such as an Emacs shell buffer. Make sure to run it from within a proper terminal emulator.<br />
<br />
== Services ==<br />
<br />
This section documents the individual services of the FeministWiki. They should work regardless of what server they're on. I.e. every service could in theory be hosted on its own server.<br />
<br />
=== LDAP ===<br />
<br />
Host: ldap.feministwiki.org <br/><br />
Software: OpenLDAP<br />
<br />
The LDAP service contains the central database of FeministWiki members. The structure looks like this:<br />
<br />
* dc=feministwiki,dc=org<br />
** ou=members<br />
*** cn=''username'' <br/> objectClass: inetOrgPerson <br/> cn: ''username'' <br/> uid: ''username'' <br/> sn: - <br/> userPassword: {SSHA}''saltedhash'' <br/> mail: ''username''@feministwiki.org<br />
*** cn=''username2'' <br/> objectClass: inetOrgPerson <br/> cn: ''username2'' <br/> uid: ''username2'' <br/> sn: - <br/> userPassword: {SSHA}''saltedhash2'' <br/> mail: ''username2''@feministwiki.org <br/> manager: cn=''username'',ou=members,dc=feministwiki,dc=org<br />
*** ...<br />
** ou=groups<br />
*** cn=members <br/> objectClass: groupOfNames <br/> cn: members <br/> member: ''username'' <br/> member: ''username2'' <br/> member: ...<br />
<br />
Notes:<br />
* The <code>cn</code> (common name) and <code>uid</code> (user ID) fields both contain the username. This is because some software is preconfigured to look at <code>uid</code>, while most look at <code>cn</code>.<br />
* The <code>sn</code> (surname) field simply contains a minus character as a placeholder, because it's a mandatory field.<br />
* The <code>manager</code> field is optional and we use it to record the member who added the member in question.<br />
<br />
To make sure passwords are stored with the <code>{SSHA}</code> scheme rather than plain text, the <code>ppolicy</code> "password policy overlay" is used. ZYTRAX has a very nice book about LDAP which documents how to enable this: http://www.zytrax.com/books/ldap/ch6/ppolicy.html<br />
<br />
In short, the steps go as follows (these commands ''should'' work verbatim):<br />
<br />
# Add the ppolicy schema<br />
ldapadd -Y external -H ldapi:/// < /etc/ldap/schema/ppolicy.ldif<br />
<br />
# Enable the ppolicy dynamic module<br />
ldapmodify -Y external -H ldapi:/// <<EOF<br />
dn: cn=module{0},cn=config<br />
changetype: modify<br />
add: olcModuleLoad<br />
olcModuleLoad: ppolicy<br />
EOF<br />
<br />
# Add the ppolicy overlay with olcPPolicyHashCleartext set to TRUE<br />
ldapadd -Y external -H ldapi:/// <<EOF<br />
dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config<br />
objectClass: olcPPolicyConfig<br />
olcOverlay: ppolicy<br />
olcPPolicyHashCleartext: TRUE<br />
EOF<br />
<br />
=== Wiki ===<br />
<br />
Host: feministwiki.org, www.feministwiki.org <br/><br />
Software: MediaWiki<br />
<br />
The wiki uses a [https://www.mediawiki.org/wiki/MediaWiki MediaWiki] installation located at <code>/var/www/wiki/w</code> with the [https://www.mediawiki.org/wiki/Extension:LDAP_Authentication LDAP Authentication] plugin for login management and the "Short URL" feature enabled with help of Apache's vhost configuration, which is located at <code>/etc/apache2/sites-available/wiki.conf</code>.</div>SocJusWizhttps://feministwiki.org/w/index.php?title=FeministWiki:Technical_documentation&diff=85FeministWiki:Technical documentation2018-09-09T17:34:57Z<p>SocJusWiz: /* LDAP */</p>
<hr />
<div>This page documents the FeministWiki's technical infrastructure, the target audience being technicians.<br />
<br />
== Hosts ==<br />
<br />
The following table documents the DNS configuration, and can be used as part of the <code>/etc/hosts</code> file on each server to obviate the need for DNS lookups when connecting to one another.<br />
<br />
{| class="wikitable"<br />
!IP !! FQDN !! Host !! Purpose<br />
|-<br />
|85.214.101.34 || feministwiki.org || || Wiki<br />
|-<br />
|85.214.101.34 || www.feministwiki.org || www || Wiki<br />
|-<br />
|85.214.101.34 || ldap.feministwiki.org || ldap || LDAP<br />
|-<br />
|85.214.101.34 || chat.feministwiki.org || chat || Web-client for XMPP<br />
|-<br />
|85.214.101.34 || forum.feministwiki.org || forum || BBS Forum<br />
|-<br />
|85.214.101.34 || mail.feministwiki.org || mail || Web-client for Mail<br />
|-<br />
|85.214.101.34 || files.feministwiki.org || files || File storage<br />
|-<br />
|85.214.101.34 || imap.feministwiki.org || imap || IMAP<br />
|-<br />
|85.214.101.34 || smtp.feministwiki.org || smtp || SMTP<br />
|-<br />
|85.214.101.34 || xmpp.feministwiki.org || xmpp || XMPP<br />
|-<br />
|85.214.101.34 || irc.feministwiki.org || irc || IRC<br />
|-<br />
|85.214.101.34 || social.feministwiki.org || social || GNU social<br />
|-<br />
|85.214.101.34 || add-member.feministwiki.org || add-member || Add a member<br />
|}<br />
<br />
(As you can see, all services are on the same server for now.)<br />
<br />
== SSH access ==<br />
<br />
FeministWiki hosts have ssh enabled for <code>root</code> access, but password login is disabled. You must own a valid private key to log in.<br />
<br />
== Git repo of scripts and configuration ==<br />
<br />
The following GitHub account hosts repositories with scripts and configuration used by the FeministWiki:<br />
<br />
https://github.com/FeministWiki<br />
<br />
== Certs ==<br />
<br />
The FeministWiki uses LetsEncrypt to acquire digital certificates for encrypted communication.<br />
<br />
To ease use of the letsencrypt command, the file <code>/root/etc/domains</code> contains all the FQDNs used by the FeministWiki, one per line. Given that, the preferred way to populate the <code>/etc/letsencrypt/live/feministwiki.org</code> directory with fresh certs is to run the following command while TCP port 80 is free (e.g. stop Apache first):<br />
<br />
letsencrypt certonly --authenticator standalone -d "$(tr '\n' ',' < /root/etc/domains)"<br />
<br />
Additionally, for programs that require a cert file and its private key in a single combined <code>.pem</code> file, run the following commands to generate such a file:<br />
<br />
cd /etc/letsencrypt/live/feministwiki.org<br />
cat fullchain.pem privkey.pem > certbundle.pem<br />
<br />
The script <code>/root/bin/letsencrypt-refresh</code> '''does all of the above''', so in practice you just need to run the following commands to recreate the cert:<br />
<br />
service apache2 stop # Assuming Apache is running on the machine<br />
letsencrypt-refresh<br />
service apache2 start<br />
<br />
The above can be used not only to refresh a cert that's running out, but also to add a new domain to the cert. Just add the domain to <code>/root/etc/domains</code> and run the commands.<br />
<br />
Note that the letsencrypt command doesn't work well on a "dumb" terminal such as an Emacs shell buffer. Make sure to run it from within a proper terminal emulator.<br />
<br />
== Services ==<br />
<br />
This section documents the individual services of the FeministWiki. They should work regardless of what server they're on. I.e. every service could in theory be hosted on its own server.<br />
<br />
=== LDAP ===<br />
<br />
Host: ldap.feministwiki.org <br/><br />
Software: OpenLDAP<br />
<br />
The LDAP service contains the central database of FeministWiki members. The structure looks like this:<br />
<br />
* dc=feministwiki,dc=org<br />
** ou=members<br />
*** cn=''username'' <br/> objectClass: inetOrgPerson <br/> cn: ''username'' <br/> uid: ''username'' <br/> sn: - <br/> userPassword: {SSHA}''saltedhash'' <br/> mail: ''username''@feministwiki.org<br />
*** cn=''username2'' <br/> objectClass: inetOrgPerson <br/> cn: ''username2'' <br/> uid: ''username2'' <br/> sn: - <br/> userPassword: {SSHA}''saltedhash2'' <br/> mail: ''username2''@feministwiki.org <br/> manager: cn=''username'',ou=members,dc=feministwiki,dc=org<br />
*** ...<br />
** ou=groups<br />
*** cn=members <br/> objectClass: groupOfNames <br/> cn: members <br/> member: ''username'' <br/> member: ''username2'' <br/> member: ...<br />
<br />
Notes:<br />
* The <code>cn</code> (common name) and <code>uid</code> (user ID) fields both contain the username. This is because some software is preconfigured to look at <code>uid</code>, while most look at <code>cn</code>.<br />
* The <code>sn</code> (surname) field simply contains a minus character as a placeholder, because it's a mandatory field.<br />
* The <code>manager</code> field is optional and we use it to record the member who added the member in question.<br />
<br />
To make sure passwords are stored with the <code>{SSHA}</code> scheme rather than plain text, the <code>ppolicy</code> "password policy overlay" is used. ZYTRAX has a very nice book about LDAP which documents how to enable this: http://www.zytrax.com/books/ldap/ch6/ppolicy.html<br />
<br />
In short, the steps go as follows (these commands ''should'' work verbatim):<br />
<br />
# Add the ppolicy schema<br />
ldapadd -Y external -H ldapi:/// < /etc/ldap/schema/ppolicy.ldif<br />
<br />
# Enable the ppolicy dynamic module<br />
ldapmodify -Y external -H ldapi:/// <<EOF<br />
dn: cn=module{0},cn=config<br />
changetype: modify<br />
add: olcModuleLoad<br />
olcModuleLoad: ppolicy<br />
EOF<br />
<br />
# Add the ppolicy overlay with olcPPolicyHashCleartext set to TRUE<br />
ldapadd -Y external -H ldapi:/// <<EOF<br />
dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config<br />
objectClass: olcPPolicyConfig<br />
olcOverlay: ppolicy<br />
olcPPolicyHashCleartext: TRUE<br />
EOF<br />
<br />
=== Wiki ===<br />
<br />
Host: feministwiki.org, www.feministwiki.org <br/><br />
Software: MediaWiki<br />
<br />
(continue here)</div>SocJusWiz