FeministWiki

FeministWiki:Technical documentation: Difference between revisions

← Older edit
VisualWikitext
No edit summary
 
(2 intermediate revisions by the same user not shown)
Line 8: Line 8:
!IP            !! FQDN                        !! Host          !! Purpose                !! Ports
!IP            !! FQDN                        !! Host          !! Purpose                !! Ports
|-
|-
|85.214.206.20 ||            feministwiki.org ||              || Wiki                    || 80, 443
|116.202.218.124 ||            feministwiki.org ||              || Wiki                    || 80, 443
|-
|-
|85.214.206.20 ||        www.feministwiki.org || www          || Wiki                    || 80, 443
|116.202.218.124 ||        www.feministwiki.org || www          || Wiki                    || 80, 443
|-
|-
|85.214.206.20 ||      ldap.feministwiki.org || ldap          || LDAP                    || -
|116.202.218.124 ||      ldap.feministwiki.org || ldap          || LDAP                    || -
|-
|-
|85.214.206.20 ||      blogs.feministwiki.org || blogs        || Blogging                || 80, 443
|116.202.218.124 ||      blogs.feministwiki.org || blogs        || Blogging                || 80, 443
|-
|-
|85.214.206.20 ||      chat.feministwiki.org || chat          || Web-client for XMPP    || 80, 443
|116.202.218.124 ||      chat.feministwiki.org || chat          || Web-client for XMPP    || 80, 443
|-
|-
|85.214.206.20 ||      forum.feministwiki.org || forum        || BBS Forum              || 80, 443
|116.202.218.124 ||      forum.feministwiki.org || forum        || BBS Forum              || 80, 443
|-
|-
|85.214.206.20 ||      mail.feministwiki.org || mail          || Web-client for Mail    || 80, 443
|116.202.218.124 ||      mail.feministwiki.org || mail          || Web-client for Mail    || 80, 443
|-
|-
|85.214.206.20 ||      files.feministwiki.org || files        || File storage            || 80, 443
|116.202.218.124 ||      files.feministwiki.org || files        || File storage            || 80, 443
|-
|-
|85.214.206.20 ||      imap.feministwiki.org || imap          || IMAP                    || 993
|116.202.218.124 ||      imap.feministwiki.org || imap          || IMAP                    || 993
|-
|-
|85.214.206.20 ||      pop3.feministwiki.org || pop3          || POP3                    || 995
|116.202.218.124 ||      pop3.feministwiki.org || pop3          || POP3                    || 995
|-
|-
|85.214.206.20 ||      smtp.feministwiki.org || smtp          || SMTP                    || 25, 465, 587
|116.202.218.124 ||      smtp.feministwiki.org || smtp          || SMTP                    || 25, 465, 587
|-
|-
|85.214.206.20 ||      xmpp.feministwiki.org || xmpp          || XMPP                    || 5222, 5223, 5269, 5270, 5443, 7777
|116.202.218.124 ||      xmpp.feministwiki.org || xmpp          || XMPP                    || 5222, 5223, 5269, 5270, 5443, 7777
|-
|-
|85.214.206.20 ||        irc.feministwiki.org || irc          || IRC                    || 6697
|116.202.218.124 ||        irc.feministwiki.org || irc          || IRC                    || 6697
|-
|-
|85.214.206.20 ||    account.feministwiki.org || account      || Account operations      || 80, 443
|116.202.218.124 ||    account.feministwiki.org || account      || Account operations      || 80, 443
|}
|}


Line 121: Line 121:
The FeministWiki uses LetsEncrypt to acquire digital certificates for encrypted communication.
The FeministWiki uses LetsEncrypt to acquire digital certificates for encrypted communication.


After certificates are generated with {{C|certbot}}, copies of them are put into {{C|/etc/fw-certs}}, and the group ownership and permissions of the {{C|privkey.pem}} and {{C|bundle.pem}} files are set such that any user who's in the {{C|ssl-cert}} group can read the private key and bundle.  (The others can be read by anyone anyway.)  A script in {{C|/etc/letsencrypt/renewal-hooks/post}} is responsible for taking care of this after automatic executions of certbot scheduled by the operating system.
After certificates are generated with {{C|certbot}}, copies of them are put into {{C|/etc/feministwiki/certs}}, and the group ownership and permissions of the {{C|privkey.pem}} and {{C|bundle.pem}} files are set such that any user who's in the {{C|ssl-cert}} group can read the private key and bundle.  (The others can be read by anyone anyway.)  A script in {{C|/etc/letsencrypt/renewal-hooks/post}} is responsible for taking care of this after automatic executions of certbot scheduled by the operating system.


The file {{C|/etc/fw-certs/bundle.pem}} is useful for programs that don't have the capability of reading a separate cert and key file; it combines the full certificate chain ({{C|fullchain.pem}}) with the private key in a single file.
The file {{C|/etc/feministwiki/certs/bundle.pem}} is useful for programs that don't have the capability of reading a separate cert and key file; it combines the full certificate chain ({{C|fullchain.pem}}) with the private key in a single file.


If you ever add a new domain under which the FeministWiki server will be reachable, add it as a line to the file {{C|/etc/feministwiki/domains}} and run the script {{C|/root/bin/letsencrypt-refresh}}.  This script takes care of running {{C|certbot}} to refresh the cert files, and populating the {{C|/etc/fw-certs}} directory with updated files.
If you ever add a new domain under which the FeministWiki server will be reachable, add it as a line to the file {{C|/etc/feministwiki/domains}} and run the script {{C|/root/bin/letsencrypt-refresh}}.  This script takes care of running {{C|certbot}} to refresh the cert files, and populating the {{C|/etc/feministwiki/certs}} directory with updated files.


Note that whenever you run the {{C|letsencrypt-refresh}} script, it will momentarily stop the web server.  This means you're causing a short outage of the web-based services of the FeministWiki whenever you run the script.
Note that whenever you run the {{C|letsencrypt-refresh}} script, it will momentarily stop the web server.  This means you're causing a short outage of the web-based services of the FeministWiki whenever you run the script.
Line 223: Line 223:


Host: smtp.feministwiki.org <br/>
Host: smtp.feministwiki.org <br/>
Software: Postfix, OpenDKIM
Software: Postfix, Rspamd


FeministMail uses the [http://www.postfix.org/ Postfix] SMTP server, using SASL authentication through Dovecot, LDAP-based virtual mail boxes under {{C|/home/vmail}}, and DKIM signing via OpenDKIM.  Send a mail to a Gmail account and use the "Show original" feature of Gmail to see if the mail passes SPF, DKIM, and DMARC tests.
FeministMail uses the [http://www.postfix.org/ Postfix] SMTP server, using SASL authentication through Dovecot, LDAP-based virtual mail boxes under {{C|/home/vmail}}, and DKIM signing as well as DMARC/SPF validation and spam filtering via Rspamd.  Send a mail to a Gmail account and use the "Show original" feature of Gmail to see if the mail passes SPF, DKIM, and DMARC tests.


There are also various tools on the web to automatically test the DNS settings for correctness, to check if the domain/IP is on blacklists, etc., which you can find via Google.  All in all, FeministMail is probably the most complicated service of the FeministWiki, as far as technical background goes.
There are also various tools on the web to automatically test the DNS settings for correctness, to check if the domain/IP is on blacklists, etc., which you can find via Google.  All in all, FeministMail is probably the most complicated service of the FeministWiki, as far as technical background goes.
Retrieved from "https://feministwiki.org/wiki/FeministWiki:Technical_documentation"