1,104
edits
Technician (talk | contribs) (→Certs) |
Technician (talk | contribs) (Update IP address.) |
||
(7 intermediate revisions by the same user not shown) | |||
Line 8: | Line 8: | ||
!IP !! FQDN !! Host !! Purpose !! Ports | !IP !! FQDN !! Host !! Purpose !! Ports | ||
|- | |- | ||
| | |116.202.218.124 || feministwiki.org || || Wiki || 80, 443 | ||
|- | |- | ||
| | |116.202.218.124 || www.feministwiki.org || www || Wiki || 80, 443 | ||
|- | |- | ||
| | |116.202.218.124 || ldap.feministwiki.org || ldap || LDAP || - | ||
|- | |- | ||
| | |116.202.218.124 || blogs.feministwiki.org || blogs || Blogging || 80, 443 | ||
|- | |- | ||
| | |116.202.218.124 || chat.feministwiki.org || chat || Web-client for XMPP || 80, 443 | ||
|- | |- | ||
| | |116.202.218.124 || forum.feministwiki.org || forum || BBS Forum || 80, 443 | ||
|- | |- | ||
| | |116.202.218.124 || mail.feministwiki.org || mail || Web-client for Mail || 80, 443 | ||
|- | |- | ||
| | |116.202.218.124 || files.feministwiki.org || files || File storage || 80, 443 | ||
|- | |- | ||
| | |116.202.218.124 || imap.feministwiki.org || imap || IMAP || 993 | ||
|- | |- | ||
| | |116.202.218.124 || pop3.feministwiki.org || pop3 || POP3 || 995 | ||
|- | |- | ||
| | |116.202.218.124 || smtp.feministwiki.org || smtp || SMTP || 25, 465, 587 | ||
|- | |- | ||
| | |116.202.218.124 || xmpp.feministwiki.org || xmpp || XMPP || 5222, 5223, 5269, 5270, 5443, 7777 | ||
|- | |- | ||
| | |116.202.218.124 || irc.feministwiki.org || irc || IRC || 6697 | ||
|- | |- | ||
| | |116.202.218.124 || account.feministwiki.org || account || Account operations || 80, 443 | ||
|} | |} | ||
Line 121: | Line 121: | ||
The FeministWiki uses LetsEncrypt to acquire digital certificates for encrypted communication. | The FeministWiki uses LetsEncrypt to acquire digital certificates for encrypted communication. | ||
After certificates are generated with {{C|certbot}}, copies of them are put into {{C|/etc/ | After certificates are generated with {{C|certbot}}, copies of them are put into {{C|/etc/feministwiki/certs}}, and the group ownership and permissions of the {{C|privkey.pem}} and {{C|bundle.pem}} files are set such that any user who's in the {{C|ssl-cert}} group can read the private key and bundle. (The others can be read by anyone anyway.) A script in {{C|/etc/letsencrypt/renewal-hooks/post}} is responsible for taking care of this after automatic executions of certbot scheduled by the operating system. | ||
The file {{C|/etc/ | The file {{C|/etc/feministwiki/certs/bundle.pem}} is useful for programs that don't have the capability of reading a separate cert and key file; it combines the full certificate chain ({{C|fullchain.pem}}) with the private key in a single file. | ||
If you ever add a new domain under which the FeministWiki server will be reachable, add it as a line to the file {{C|/etc/feministwiki/domains}} and run the script {{C|/root/bin/letsencrypt-refresh}}. This script takes care of running {{C|certbot}} to refresh the cert files, and populating the {{C|/etc/ | If you ever add a new domain under which the FeministWiki server will be reachable, add it as a line to the file {{C|/etc/feministwiki/domains}} and run the script {{C|/root/bin/letsencrypt-refresh}}. This script takes care of running {{C|certbot}} to refresh the cert files, and populating the {{C|/etc/feministwiki/certs}} directory with updated files. | ||
Note that whenever you run the {{C|letsencrypt-refresh}} script, it will momentarily stop the web server. This means you're causing a short outage of the web-based services of the FeministWiki whenever you run the script. | Note that whenever you run the {{C|letsencrypt-refresh}} script, it will momentarily stop the web server. This means you're causing a short outage of the web-based services of the FeministWiki whenever you run the script. | ||
== Services == | == Services == | ||
Line 148: | Line 142: | ||
=== Wiki === | === Wiki === | ||
Host: feministwiki.org, www.feministwiki.org, fem.wiki, feministwiki.de, www.feministwiki.de <br/> | Host: feministwiki.org, www.feministwiki.org, fem.wiki, feminist.wiki, feminism.wiki, feministwiki.de, www.feministwiki.de <br/> | ||
Software: MediaWiki | Software: MediaWiki | ||
The wiki uses a [https://www.mediawiki.org/wiki/MediaWiki MediaWiki] installation located at {{C|/var/www/wiki/w}}. It uses the [https://www.mediawiki.org/wiki/LDAP_Stack LDAP Stack] extension for login management, and the "Short URL" feature is enabled. The wiki uses the SQL database called "feministwiki" and the SQL user of the same name. | The wiki uses a [https://www.mediawiki.org/wiki/MediaWiki MediaWiki] installation located at {{C|/var/www/fw/wiki/w}}. It uses the [https://www.mediawiki.org/wiki/LDAP_Stack LDAP Stack] extension for login management, and the "Short URL" feature is enabled. The wiki uses the SQL database called "feministwiki" and the SQL user of the same name. | ||
The default wiki is in English. Parallel wiki installations for different languages are supported via a combination of Apache's URL rewriting, and conditional branches in the {{C|LocalSettings.php}} file of the MediaWiki installation: | The default wiki is in English. Parallel wiki installations for different languages are supported via a combination of Apache's URL rewriting, and conditional branches in the {{C|LocalSettings.php}} file of the MediaWiki installation: | ||
Line 161: | Line 155: | ||
** It sets the SQL database name to {{C|feministwiki_xy}}. | ** It sets the SQL database name to {{C|feministwiki_xy}}. | ||
** It configures a "foreign" image database via the [https://www.mediawiki.org/wiki/Manual:$wgForeignFileRepos#Using_files_from_a_database_that_you_can_access_:_ForeignDBRepo,_ForeignDBViaLBRepo ForeignDBRepo] method so that the media upload database of the default wiki is used by all, instead of every parallel wiki having its own media database. | ** It configures a "foreign" image database via the [https://www.mediawiki.org/wiki/Manual:$wgForeignFileRepos#Using_files_from_a_database_that_you_can_access_:_ForeignDBRepo,_ForeignDBViaLBRepo ForeignDBRepo] method so that the media upload database of the default wiki is used by all, instead of every parallel wiki having its own media database. | ||
To add a new language, follow these steps: | |||
* Clone the English wiki's database into a new one via: {{C|mysqldump feministwiki <nowiki>|</nowiki> mysql feministwiki_xy}} | |||
* Grant permissions on the new database via: {{C|GRANT ALL ON feministwiki_xy.* TO feministwiki@localhost;}} | |||
* Edit {{C|/etc/apache2/sites-available/000-wiki.conf}} to add the line: {{C|Use Wiki xy}} | |||
* Add the language to {{C|~/bin/fw-update-languages.sh}} and run it | |||
The last step will produce a lot of errors complaining about keys already existing; these can be safely ignored. | |||
The domain names feministwiki.de and www.feministwiki.de redirect to {{C|https://feministwiki.org/de}}. For instance, requesting {{C|https://feministwiki.de/wiki/Hauptseite}} will result in an HTTP redirect to {{C|https://feministwiki.org/de/wiki/Hauptseite}}. | The domain names feministwiki.de and www.feministwiki.de redirect to {{C|https://feministwiki.org/de}}. For instance, requesting {{C|https://feministwiki.de/wiki/Hauptseite}} will result in an HTTP redirect to {{C|https://feministwiki.org/de/wiki/Hauptseite}}. | ||
Line 169: | Line 172: | ||
Software: WordPress (multisite) | Software: WordPress (multisite) | ||
This is an installation of WordPress in {{C|/var/www/blogs}}, with the "multisite network" feature enabled on a path-basis, so users can have their own blogs on URLs like {{C|blogs.feministwiki.org/janedoe}}. LDAP authentication is enabled via the AD/LDAP plugin from miniOrange. | This is an installation of WordPress in {{C|/var/www/fw/blogs}}, with the "multisite network" feature enabled on a path-basis, so users can have their own blogs on URLs like {{C|blogs.feministwiki.org/janedoe}}. LDAP authentication is enabled via the AD/LDAP plugin from miniOrange. | ||
Users from LDAP who log in for the first time are automatically registered as "Subscriber" accounts, and the admin can change their WordPress role "Author" to allow publishing. | Users from LDAP who log in for the first time are automatically registered as "Subscriber" accounts, and the admin can change their WordPress role "Author" to allow publishing. | ||
Line 180: | Line 183: | ||
Software: Converse.js | Software: Converse.js | ||
The web-interface for the FeministChat uses the full-screen "Impress" variant of the [https://conversejs.org/ Converse.js] XMPP client. The hosted HTML and JS files are located at {{C|/var/www/chat}}, although they load Converse.js as an external script from upstream, which is why the self-hosted HTML and JS are very minimal. | The web-interface for the FeministChat uses the full-screen "Impress" variant of the [https://conversejs.org/ Converse.js] XMPP client. The hosted HTML and JS files are located at {{C|/var/www/fw/chat}}, although they load Converse.js as an external script from upstream, which is why the self-hosted HTML and JS are very minimal. | ||
=== Forum === | === Forum === | ||
Line 187: | Line 190: | ||
Software: phpBB | Software: phpBB | ||
The forum uses a [https://www.phpbb.com/ phpBB] installation located at {{C|/var/www/forum}}. Most configuration of phpBB, including LDAP authentication, is done through its administration panel. The style used by the forum is a minimally changed "ProSilver Dark". The forum uses the SQL database called "feministforum" and the SQL user of the same name. | The forum uses a [https://www.phpbb.com/ phpBB] installation located at {{C|/var/www/fw/forum}}. Most configuration of phpBB, including LDAP authentication, is done through its administration panel. The style used by the forum is a minimally changed "ProSilver Dark". The forum uses the SQL database called "feministforum" and the SQL user of the same name. | ||
=== Mail (web interface) === | === Mail (web interface) === | ||
Line 194: | Line 197: | ||
Software: Roundcube | Software: Roundcube | ||
The web-interface for the FeministMail uses the [https://roundcube.net/ Roundcube] mail client, installed at {{C|/var/www/mail}}. It uses a FeministWiki-branded modification of the new "elastic" style. | The web-interface for the FeministMail uses the [https://roundcube.net/ Roundcube] mail client, installed at {{C|/var/www/fw/mail}}. It uses a FeministWiki-branded modification of the new "elastic" style. | ||
=== Files === | === Files === | ||
Line 201: | Line 204: | ||
Software: Nextcloud | Software: Nextcloud | ||
FeministFiles is a [https://nextcloud.com/ Nextcloud] installation with some branding, and LDAP authentication, installed at {{C|/var/www/files}}. | FeministFiles is a [https://nextcloud.com/ Nextcloud] installation with some branding, and LDAP authentication, installed at {{C|/var/www/fw/files}}. | ||
=== IMAP === | === IMAP === | ||
Line 254: | Line 257: | ||
Software: custom | Software: custom | ||
This custom web interface hosted at {{C|/var/www/account}} lets you complete several tasks related to FeministWiki membership, such as changing your account settings, resetting your password, or adding a new member. It also contains a form to request membership. The interface is written in HTML, CSS, PHP, and C. | This custom web interface hosted at {{C|/var/www/fw/account}} lets you complete several tasks related to FeministWiki membership, such as changing your account settings, resetting your password, or adding a new member. It also contains a form to request membership. The interface is written in HTML, CSS, PHP, and C. |