Jump to content

FeministWiki:Technical documentation: Difference between revisions

FeministWiki:Technical documentation (view source)

Revision as of 18:36, 13 October 2018

303 bytes added ,  13 October 2018
→‎Certs
(3 intermediate revisions by the same user not shown)
Line 39: Line 39:
== Special DNS entries ==
== Special DNS entries ==


The following entries are used for email:
For CAA:
 
{| class="wikitable"
!Type !! Name !! Flag !! Tag  !! Value         
|-
|CAA  || @    || 0    || issue || letsencrypt.org
|-
|CAA  || @    || 0    || iodef || admin@feministwiki.org
|}
 
For email:


{| class="wikitable"
{| class="wikitable"
Line 51: Line 61:
|-
|-
|TXT  || _dmarc          || v=DMARC1; p=reject; rua=<nowiki>mailto:admin</nowiki>@feministwiki.org || DMARC
|TXT  || _dmarc          || v=DMARC1; p=reject; rua=<nowiki>mailto:admin</nowiki>@feministwiki.org || DMARC
|}
For XMPP:
{| class="wikitable"
!Type !! Service      !! Protocol !! Name !! Destination          !! Port
|-
|-
|TXT || @               || google-site-verification=<key>                                        || Google Site Verification
|SRV || _xmpp-client || _tcp    || @   || xmpp.feministwiki.org || 5222
|-
|SRV  || _xmpp-server || _tcp    || @    || xmpp.feministwiki.org || 5269
|}
|}


And the following SRV records for XMPP:
Google Site Verification:


{| class="wikitable"
{| class="wikitable"
!Service      !! Protocol !! Name !! Destination          !! Port
!Type !! Host            !! Data
|-
|_xmpp-client || _tcp    || @    || xmpp.feministwiki.org || 5222
|-
|-
|_xmpp-server || _tcp    || @   || xmpp.feministwiki.org || 5269
|TXT  || @               || google-site-verification=<key>
|}
|}


Line 79: Line 95:
The FeministWiki uses LetsEncrypt to acquire digital certificates for encrypted communication.
The FeministWiki uses LetsEncrypt to acquire digital certificates for encrypted communication.


To ease use of the letsencrypt command, the file <code>/root/etc/domains</code> contains all the FQDNs used by the FeministWiki, one per line.  Given that, the preferred way to populate the <code>/etc/letsencrypt/live/feministwiki.org</code> directory with fresh certs is to run the following command while TCP port 80 is free (e.g. stop Apache first):
To ease use of the letsencrypt command, the file <code>/root/etc/domains</code> contains all the FQDNs used by the FeministWiki, one per line.  Given that, the preferred way to populate the <code>/etc/letsencrypt/live/feministwiki.org</code> directory with fresh certs is to run the following commands while TCP port 80 is free (e.g. stop Apache first):


letsencrypt certonly --authenticator standalone -d "$(tr '\n' ',' < /root/etc/domains)"
  # Use $() to eliminate the terminating newline, if any.
  domains=$(cat /root/etc/domains)
 
  domains=$(printf '%s' "$domains" | tr '\n' ',')
 
  letsencrypt certonly --authenticator standalone -d "$domains"


Additionally, for programs that require a cert file and its private key in a single combined <code>.pem</code> file, run the following commands to generate such a file:
Additionally, for programs that require a cert file and its private key in a single combined <code>.pem</code> file, run the following commands to generate such a file:
Retrieved from "https://feministwiki.org/wiki/Special:MobileDiff/109...124"