FeministWiki:Technical documentation
This page documents the FeministWiki's technical infrastructure, the target audience being technicians.
Hosts
The following table documents the DNS configuration, and can be used as part of the /etc/hosts
file on each server to obviate the need for DNS lookups when connecting to one another.
IP | FQDN | Host | Purpose |
---|---|---|---|
85.214.101.34 | feministwiki.org | Wiki | |
85.214.101.34 | www.feministwiki.org | www | Wiki |
85.214.101.34 | ldap.feministwiki.org | ldap | LDAP |
85.214.101.34 | chat.feministwiki.org | chat | Web-client for XMPP |
85.214.101.34 | forum.feministwiki.org | forum | BBS Forum |
85.214.101.34 | mail.feministwiki.org | Web-client for Mail | |
85.214.101.34 | files.feministwiki.org | files | File storage |
85.214.101.34 | imap.feministwiki.org | imap | IMAP |
85.214.101.34 | smtp.feministwiki.org | smtp | SMTP |
85.214.101.34 | xmpp.feministwiki.org | xmpp | XMPP |
85.214.101.34 | irc.feministwiki.org | irc | IRC |
85.214.101.34 | social.feministwiki.org | social | GNU social |
85.214.101.34 | add-member.feministwiki.org | add-member | Add a member |
(As you can see, all services are on the same server for now.)
SSH access
FeministWiki hosts have ssh enabled, but password login is disabled. You must own a valid private key to log in.
Git repo of scripts and configuration
The following GitHub account hosts repositories with scripts and configuration used by the FeministWiki:
Certs
The FeministWiki uses LetsEncrypt to acquire digital certificates for encrypted communication.
To ease use of the letsencrypt command, the file /root/etc/domains
contains all the FQDNs used by the FeministWiki, one per line. Given that, the preferred way to populate the /etc/letsencrypt/live/feministwiki.org
directory with fresh certs is to run the following command while TCP port 80 is free (e.g. stop Apache first):
letsencrypt certonly --authenticator standalone -d "$(tr '\n' ',' < /root/etc/domains)"
Additionally, for programs that require a cert file and its private key in a single combined .pem
file, run the following commands to generate such a file:
cd /etc/letsencrypt/live/feministwiki.org cat fullchain.pem privkey.pem > certbundle.pem
The script /root/bin/letsencrypt-refresh
does all of the above, so in practice you just need to run the following commands to recreate the cert:
service apache2 stop # Assuming Apache is running on the machine letsencrypt-refresh service apache2 start
The above can be used not only to refresh a cert that's running out, but also to add a new domain to the cert. Just add the domain to /root/etc/domains
and run the commands.
Note that the letsencrypt command doesn't work well on a "dumb" terminal such as an Emacs shell buffer. Make sure to run it from within a proper terminal emulator.
Services
This section documents the individual services of the FeministWiki. They should work regardless of what server they're on. I.e. every service could in theory be hosted on its own server.
Wiki (feministwiki.org, www.feministwiki.org)
Software: MediaWiki
(continue here)