FeministWiki:Technical documentation

    From FeministWiki
    Revision as of 19:16, 6 September 2018 by SocJusWiz (talk | contribs) (Created page with "This page documents the FeministWiki's technical infrastructure, the target audience being technicians. == Hosts == The following table documents the DNS configuration, and...")
    (diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

    This page documents the FeministWiki's technical infrastructure, the target audience being technicians.

    Hosts

    The following table documents the DNS configuration, and can be used as part of the /etc/hosts file on each server to obviate the need for DNS lookups when connecting to one another.

    IP FQDN Host
    85.214.101.34 feministwiki.org
    85.214.101.34 www.feministwiki.org www
    85.214.101.34 ldap.feministwiki.org ldap
    85.214.101.34 chat.feministwiki.org chat
    85.214.101.34 forum.feministwiki.org forum
    85.214.101.34 mail.feministwiki.org mail
    85.214.101.34 files.feministwiki.org files
    85.214.101.34 imap.feministwiki.org imap
    85.214.101.34 smtp.feministwiki.org smtp
    85.214.101.34 xmpp.feministwiki.org xmpp
    85.214.101.34 irc.feministwiki.org irc
    85.214.101.34 social.feministwiki.org social
    85.214.101.34 add-member.feministwiki.org add-member

    (As you can see, all services are on the same server for now.)

    Certs

    The FeministWiki uses LetsEncrypt to acquire digital certificates for encrypted communication.

    To ease use of the letsencrypt command, the file /root/domains contains all the FQDNs used by the FeministWiki, one per line. The final line of the file should not end in a newline character. Given that, the preferred way to populate the /etc/letsencrypt/live/feministwiki.org directory with fresh certs is to run the following command while TCP port 80 is free (e.g. stop Apache first):

    letsencrypt certonly --authenticator standalone -d "$(tr '\n' ',' < /root/domains)"
    

    Additionally, for programs that require a cert file and its private key in a single combined .pem file, run the following commands to generate such a file:

    cd /etc/letsencrypt/live/feministwiki.org
    cat fullchain.pem privkey.pem > certbundle.pem
    

    The script /root/bin/letsencrypt-refresh does all of the above, so in practice you just need to run the following commands to recreate the cert:

    service apache2 stop
    letsencrypt-refresh
    service apache2 start
    

    The above can be used not only to refresh a cert that's running out, but also to add a new domain to the cert. Just add the domain to /root/domains and run the commands.

    Note that the letsencrypt command doesn't work well on a "dumb" terminal such as an Emacs shell buffer. Make sure to run it from within a proper terminal emulator.

    Services

    This section documents the individual services of the FeministWiki. They should work regardless of what server they're on. I.e. every service could in theory be hosted on its own server.

    Wiki (feministwiki.org, www.feministwiki.org)

    Software: MediaWiki

    (continue here)