1,104
edits
Technician (talk | contribs) (→Hosts) |
Technician (talk | contribs) (Update IP address.) |
||
(3 intermediate revisions by the same user not shown) | |||
Line 8: | Line 8: | ||
!IP !! FQDN !! Host !! Purpose !! Ports | !IP !! FQDN !! Host !! Purpose !! Ports | ||
|- | |- | ||
| | |116.202.218.124 || feministwiki.org || || Wiki || 80, 443 | ||
|- | |- | ||
| | |116.202.218.124 || www.feministwiki.org || www || Wiki || 80, 443 | ||
|- | |- | ||
| | |116.202.218.124 || ldap.feministwiki.org || ldap || LDAP || - | ||
|- | |- | ||
| | |116.202.218.124 || blogs.feministwiki.org || blogs || Blogging || 80, 443 | ||
|- | |- | ||
| | |116.202.218.124 || chat.feministwiki.org || chat || Web-client for XMPP || 80, 443 | ||
|- | |- | ||
| | |116.202.218.124 || forum.feministwiki.org || forum || BBS Forum || 80, 443 | ||
|- | |- | ||
| | |116.202.218.124 || mail.feministwiki.org || mail || Web-client for Mail || 80, 443 | ||
|- | |- | ||
| | |116.202.218.124 || files.feministwiki.org || files || File storage || 80, 443 | ||
|- | |- | ||
| | |116.202.218.124 || imap.feministwiki.org || imap || IMAP || 993 | ||
|- | |- | ||
| | |116.202.218.124 || pop3.feministwiki.org || pop3 || POP3 || 995 | ||
|- | |- | ||
| | |116.202.218.124 || smtp.feministwiki.org || smtp || SMTP || 25, 465, 587 | ||
|- | |- | ||
| | |116.202.218.124 || xmpp.feministwiki.org || xmpp || XMPP || 5222, 5223, 5269, 5270, 5443, 7777 | ||
|- | |- | ||
| | |116.202.218.124 || irc.feministwiki.org || irc || IRC || 6697 | ||
|- | |- | ||
| | |116.202.218.124 || account.feministwiki.org || account || Account operations || 80, 443 | ||
|} | |} | ||
Line 121: | Line 121: | ||
The FeministWiki uses LetsEncrypt to acquire digital certificates for encrypted communication. | The FeministWiki uses LetsEncrypt to acquire digital certificates for encrypted communication. | ||
After certificates are generated with {{C|certbot}}, copies of them are put into {{C|/etc/ | After certificates are generated with {{C|certbot}}, copies of them are put into {{C|/etc/feministwiki/certs}}, and the group ownership and permissions of the {{C|privkey.pem}} and {{C|bundle.pem}} files are set such that any user who's in the {{C|ssl-cert}} group can read the private key and bundle. (The others can be read by anyone anyway.) A script in {{C|/etc/letsencrypt/renewal-hooks/post}} is responsible for taking care of this after automatic executions of certbot scheduled by the operating system. | ||
The file {{C|/etc/ | The file {{C|/etc/feministwiki/certs/bundle.pem}} is useful for programs that don't have the capability of reading a separate cert and key file; it combines the full certificate chain ({{C|fullchain.pem}}) with the private key in a single file. | ||
If you ever add a new domain under which the FeministWiki server will be reachable, add it as a line to the file {{C|/etc/feministwiki/domains}} and run the script {{C|/root/bin/letsencrypt-refresh}}. This script takes care of running {{C|certbot}} to refresh the cert files, and populating the {{C|/etc/ | If you ever add a new domain under which the FeministWiki server will be reachable, add it as a line to the file {{C|/etc/feministwiki/domains}} and run the script {{C|/root/bin/letsencrypt-refresh}}. This script takes care of running {{C|certbot}} to refresh the cert files, and populating the {{C|/etc/feministwiki/certs}} directory with updated files. | ||
Note that whenever you run the {{C|letsencrypt-refresh}} script, it will momentarily stop the web server. This means you're causing a short outage of the web-based services of the FeministWiki whenever you run the script. | Note that whenever you run the {{C|letsencrypt-refresh}} script, it will momentarily stop the web server. This means you're causing a short outage of the web-based services of the FeministWiki whenever you run the script. | ||
== Services == | == Services == | ||
Line 151: | Line 145: | ||
Software: MediaWiki | Software: MediaWiki | ||
The wiki uses a [https://www.mediawiki.org/wiki/MediaWiki MediaWiki] installation located at {{C|/var/www/wiki/w}}. It uses the [https://www.mediawiki.org/wiki/LDAP_Stack LDAP Stack] extension for login management, and the "Short URL" feature is enabled. The wiki uses the SQL database called "feministwiki" and the SQL user of the same name. | The wiki uses a [https://www.mediawiki.org/wiki/MediaWiki MediaWiki] installation located at {{C|/var/www/fw/wiki/w}}. It uses the [https://www.mediawiki.org/wiki/LDAP_Stack LDAP Stack] extension for login management, and the "Short URL" feature is enabled. The wiki uses the SQL database called "feministwiki" and the SQL user of the same name. | ||
The default wiki is in English. Parallel wiki installations for different languages are supported via a combination of Apache's URL rewriting, and conditional branches in the {{C|LocalSettings.php}} file of the MediaWiki installation: | The default wiki is in English. Parallel wiki installations for different languages are supported via a combination of Apache's URL rewriting, and conditional branches in the {{C|LocalSettings.php}} file of the MediaWiki installation: | ||
Line 178: | Line 172: | ||
Software: WordPress (multisite) | Software: WordPress (multisite) | ||
This is an installation of WordPress in {{C|/var/www/blogs}}, with the "multisite network" feature enabled on a path-basis, so users can have their own blogs on URLs like {{C|blogs.feministwiki.org/janedoe}}. LDAP authentication is enabled via the AD/LDAP plugin from miniOrange. | This is an installation of WordPress in {{C|/var/www/fw/blogs}}, with the "multisite network" feature enabled on a path-basis, so users can have their own blogs on URLs like {{C|blogs.feministwiki.org/janedoe}}. LDAP authentication is enabled via the AD/LDAP plugin from miniOrange. | ||
Users from LDAP who log in for the first time are automatically registered as "Subscriber" accounts, and the admin can change their WordPress role "Author" to allow publishing. | Users from LDAP who log in for the first time are automatically registered as "Subscriber" accounts, and the admin can change their WordPress role "Author" to allow publishing. | ||
Line 189: | Line 183: | ||
Software: Converse.js | Software: Converse.js | ||
The web-interface for the FeministChat uses the full-screen "Impress" variant of the [https://conversejs.org/ Converse.js] XMPP client. The hosted HTML and JS files are located at {{C|/var/www/chat}}, although they load Converse.js as an external script from upstream, which is why the self-hosted HTML and JS are very minimal. | The web-interface for the FeministChat uses the full-screen "Impress" variant of the [https://conversejs.org/ Converse.js] XMPP client. The hosted HTML and JS files are located at {{C|/var/www/fw/chat}}, although they load Converse.js as an external script from upstream, which is why the self-hosted HTML and JS are very minimal. | ||
=== Forum === | === Forum === | ||
Line 196: | Line 190: | ||
Software: phpBB | Software: phpBB | ||
The forum uses a [https://www.phpbb.com/ phpBB] installation located at {{C|/var/www/forum}}. Most configuration of phpBB, including LDAP authentication, is done through its administration panel. The style used by the forum is a minimally changed "ProSilver Dark". The forum uses the SQL database called "feministforum" and the SQL user of the same name. | The forum uses a [https://www.phpbb.com/ phpBB] installation located at {{C|/var/www/fw/forum}}. Most configuration of phpBB, including LDAP authentication, is done through its administration panel. The style used by the forum is a minimally changed "ProSilver Dark". The forum uses the SQL database called "feministforum" and the SQL user of the same name. | ||
=== Mail (web interface) === | === Mail (web interface) === | ||
Line 203: | Line 197: | ||
Software: Roundcube | Software: Roundcube | ||
The web-interface for the FeministMail uses the [https://roundcube.net/ Roundcube] mail client, installed at {{C|/var/www/mail}}. It uses a FeministWiki-branded modification of the new "elastic" style. | The web-interface for the FeministMail uses the [https://roundcube.net/ Roundcube] mail client, installed at {{C|/var/www/fw/mail}}. It uses a FeministWiki-branded modification of the new "elastic" style. | ||
=== Files === | === Files === | ||
Line 210: | Line 204: | ||
Software: Nextcloud | Software: Nextcloud | ||
FeministFiles is a [https://nextcloud.com/ Nextcloud] installation with some branding, and LDAP authentication, installed at {{C|/var/www/files}}. | FeministFiles is a [https://nextcloud.com/ Nextcloud] installation with some branding, and LDAP authentication, installed at {{C|/var/www/fw/files}}. | ||
=== IMAP === | === IMAP === | ||
Line 263: | Line 257: | ||
Software: custom | Software: custom | ||
This custom web interface hosted at {{C|/var/www/account}} lets you complete several tasks related to FeministWiki membership, such as changing your account settings, resetting your password, or adding a new member. It also contains a form to request membership. The interface is written in HTML, CSS, PHP, and C. | This custom web interface hosted at {{C|/var/www/fw/account}} lets you complete several tasks related to FeministWiki membership, such as changing your account settings, resetting your password, or adding a new member. It also contains a form to request membership. The interface is written in HTML, CSS, PHP, and C. |