FeministWiki:Technical documentation: Difference between revisions

FeministWiki:Technical documentation (view source)

Revision as of 22:16, 12 May 2019

280 bytes removed , 12 May 2019

no edit summary

Technician

Bureaucrats, Interface administrators, Administrators

1,084

edits

@@ Line 6: / Line 6: @@
 {| class="wikitable"
-!IP            !! FQDN                        !! Host          !! Purpose
+!IP            !! FQDN                        !! Host          !! Purpose                 !! Ports
 |-
-|85.214.101.34 ||            feministwiki.org ||               || Wiki
+|85.214.101.34 ||            feministwiki.org ||               || Wiki                    || 80, 443
 |-
-|85.214.101.34 ||        www.feministwiki.org || www           || Wiki
+|85.214.101.34 ||        www.feministwiki.org || www           || Wiki                    || 80, 443
 |-
-|85.214.101.34 ||       ldap.feministwiki.org || ldap          || LDAP
+|85.214.101.34 ||       ldap.feministwiki.org || ldap          || LDAP                    || -
 |-
-|85.214.101.34 ||       blog.feministwiki.org || blog          || Shared blog
+|85.214.101.34 ||      blogs.feministwiki.org || blogs         || Blogging                || 80, 443
 |-
-|85.214.101.34 ||       blogs.feministwiki.org || blogs        || Personalized blogs
+|85.214.101.34 ||       chat.feministwiki.org || chat          || Web-client for XMPP     || 80, 443
 |-
-|85.214.101.34 ||       chat.feministwiki.org || chat          || Web-client for XMPP
+|85.214.101.34 ||      forum.feministwiki.org || forum         || BBS Forum               || 80, 443
 |-
-|85.214.101.34 ||      forum.feministwiki.org || forum         || BBS Forum
+|85.214.101.34 ||       mail.feministwiki.org || mail          || Web-client for Mail     || 80, 443
 |-
-|85.214.101.34 ||       mail.feministwiki.org || mail          || Web-client for Mail
+|85.214.101.34 ||      files.feministwiki.org || files         || File storage            || 80, 443
 |-
-|85.214.101.34 ||      files.feministwiki.org || files         || File storage
+|85.214.101.34 ||       imap.feministwiki.org || imap          || IMAP                    || 993
 |-
-|85.214.101.34 ||       imap.feministwiki.org || imap          || IMAP
+|85.214.101.34 ||       pop3.feministwiki.org || pop3          || POP3                    || 995
 |-
-|85.214.101.34 ||       pop3.feministwiki.org || pop3          || POP3
+|85.214.101.34 ||       smtp.feministwiki.org || smtp          || SMTP                    || 25, 465, 587
 |-
-|85.214.101.34 ||       smtp.feministwiki.org || smtp          || SMTP
+|85.214.101.34 ||       xmpp.feministwiki.org || xmpp          || XMPP                    || 5222, 5269, 5280
 |-
-|85.214.101.34 ||       xmpp.feministwiki.org || xmpp          || XMPP
+|85.214.101.34 ||        irc.feministwiki.org || irc           || IRC                     || 6697
 |-
-|85.214.101.34 ||        irc.feministwiki.org || irc           || IRC
+|85.214.101.34 || add-member.feministwiki.org || add-member    || Add a member            || 80, 443
-|-
-|85.214.101.34 ||     social.feministwiki.org || social        || GNU social
-|-
-|85.214.101.34 || add-member.feministwiki.org || add-member    || Add a member
 |}
-(As you can see, all services are on the same server for now.)
+As you can see, all services are on the same server for now.  However, it should be kept as an open possibility that the hosts are split across different IPs.  When done so, the <code>ldap</code> host should listen on 636 for LDAPS connections.
+== Firewall ==
+The simple <code>ufw</code> firewall-frontend is used to trivially limit all network I/O to the ports you can see in the host table above, plus port 22 for ssh and scp.
 == Special DNS entries ==
@@ Line 184: / Line 184: @@
 The wiki uses the SQL database called "feministwiki" and the SQL user of the same name.
-=== Blog ===
-Host: blog.feministwiki.org <br/>
-Software: WordPress
-This is a fairly standard WordPress installation in <code>/var/www/blog</code>, with LDAP authentication enabled via the AD/LDAP plugin from miniOrange.
-Users from LDAP are registered as "subscriber" by default, and the admin has to change their WordPress role manually to allow contribution, authoring, or editing.
-The permalink structure configured in WordPress is <code>/p/%author%/%year%/%monthnum%/%postname%/</code>, where Apache handles the rewrite from <code>/p/</code> to <code>/index.php/</code> for it to actually work.
-WordPress uses the SQL database called "feministblog" and an SQL user of the same name.
 === Blogs ===
 Host: blogs.feministwiki.org <br/>
-Software: WordPress ("Network" installation)
+Software: WordPress (multisite)
-This is an installation of WordPress in <code>/var/www/blogs</code>, with the "multisite network" feature enabled on a path-basis, so users can have their own blogs on URLs like <code>blogs.feministwiki.org/janedoe</code>.
+This is an installation of WordPress in <code>/var/www/blogs</code>, with the "multisite network" feature enabled on a path-basis, so users can have their own blogs on URLs like <code>blogs.feministwiki.org/janedoe</code>.  LDAP authentication is enabled via the AD/LDAP plugin from miniOrange.
-This FeministWiki service is disconnected from the regular membership system, and personalized blogs are set up on a per-request basis and more or less belong to the person they are set up for from that point.  (In contrast, all FeministWiki members are automatically at least a "subscriber" on the shared blog, meaning they can post comments, and making them an author is a trivial matter of configuration.)
+Users from LDAP who log in for the first time are automatically registered as "Subscriber" accounts, and the admin can change their WordPress role "Author" to allow publishing.
 This WordPress installation uses the SQL database called "blogs" and an SQL user of the same name.