1,104
edits
Technician (talk | contribs) No edit summary |
Technician (talk | contribs) (Update IP address.) |
||
(One intermediate revision by the same user not shown) | |||
Line 8: | Line 8: | ||
!IP !! FQDN !! Host !! Purpose !! Ports | !IP !! FQDN !! Host !! Purpose !! Ports | ||
|- | |- | ||
| | |116.202.218.124 || feministwiki.org || || Wiki || 80, 443 | ||
|- | |- | ||
| | |116.202.218.124 || www.feministwiki.org || www || Wiki || 80, 443 | ||
|- | |- | ||
| | |116.202.218.124 || ldap.feministwiki.org || ldap || LDAP || - | ||
|- | |- | ||
| | |116.202.218.124 || blogs.feministwiki.org || blogs || Blogging || 80, 443 | ||
|- | |- | ||
| | |116.202.218.124 || chat.feministwiki.org || chat || Web-client for XMPP || 80, 443 | ||
|- | |- | ||
| | |116.202.218.124 || forum.feministwiki.org || forum || BBS Forum || 80, 443 | ||
|- | |- | ||
| | |116.202.218.124 || mail.feministwiki.org || mail || Web-client for Mail || 80, 443 | ||
|- | |- | ||
| | |116.202.218.124 || files.feministwiki.org || files || File storage || 80, 443 | ||
|- | |- | ||
| | |116.202.218.124 || imap.feministwiki.org || imap || IMAP || 993 | ||
|- | |- | ||
| | |116.202.218.124 || pop3.feministwiki.org || pop3 || POP3 || 995 | ||
|- | |- | ||
| | |116.202.218.124 || smtp.feministwiki.org || smtp || SMTP || 25, 465, 587 | ||
|- | |- | ||
| | |116.202.218.124 || xmpp.feministwiki.org || xmpp || XMPP || 5222, 5223, 5269, 5270, 5443, 7777 | ||
|- | |- | ||
| | |116.202.218.124 || irc.feministwiki.org || irc || IRC || 6697 | ||
|- | |- | ||
| | |116.202.218.124 || account.feministwiki.org || account || Account operations || 80, 443 | ||
|} | |} | ||
Line 121: | Line 121: | ||
The FeministWiki uses LetsEncrypt to acquire digital certificates for encrypted communication. | The FeministWiki uses LetsEncrypt to acquire digital certificates for encrypted communication. | ||
After certificates are generated with {{C|certbot}}, copies of them are put into {{C|/etc/ | After certificates are generated with {{C|certbot}}, copies of them are put into {{C|/etc/feministwiki/certs}}, and the group ownership and permissions of the {{C|privkey.pem}} and {{C|bundle.pem}} files are set such that any user who's in the {{C|ssl-cert}} group can read the private key and bundle. (The others can be read by anyone anyway.) A script in {{C|/etc/letsencrypt/renewal-hooks/post}} is responsible for taking care of this after automatic executions of certbot scheduled by the operating system. | ||
The file {{C|/etc/ | The file {{C|/etc/feministwiki/certs/bundle.pem}} is useful for programs that don't have the capability of reading a separate cert and key file; it combines the full certificate chain ({{C|fullchain.pem}}) with the private key in a single file. | ||
If you ever add a new domain under which the FeministWiki server will be reachable, add it as a line to the file {{C|/etc/feministwiki/domains}} and run the script {{C|/root/bin/letsencrypt-refresh}}. This script takes care of running {{C|certbot}} to refresh the cert files, and populating the {{C|/etc/ | If you ever add a new domain under which the FeministWiki server will be reachable, add it as a line to the file {{C|/etc/feministwiki/domains}} and run the script {{C|/root/bin/letsencrypt-refresh}}. This script takes care of running {{C|certbot}} to refresh the cert files, and populating the {{C|/etc/feministwiki/certs}} directory with updated files. | ||
Note that whenever you run the {{C|letsencrypt-refresh}} script, it will momentarily stop the web server. This means you're causing a short outage of the web-based services of the FeministWiki whenever you run the script. | Note that whenever you run the {{C|letsencrypt-refresh}} script, it will momentarily stop the web server. This means you're causing a short outage of the web-based services of the FeministWiki whenever you run the script. |