1,084
edits
Technician (talk | contribs) |
Technician (talk | contribs) |
||
(7 intermediate revisions by the same user not shown) | |||
Line 68: | Line 68: | ||
|TXT || _dmarc || v=DMARC1; p=reject; rua=<nowiki>mailto:admin</nowiki>@feministwiki.org || DMARC | |TXT || _dmarc || v=DMARC1; p=reject; rua=<nowiki>mailto:admin</nowiki>@feministwiki.org || DMARC | ||
|} | |} | ||
'''Note:''' There must be a direct A or AAAA record (not a CNAME record) for the domain name specified in the MX record. | |||
For XMPP: | For XMPP: | ||
Line 115: | Line 117: | ||
cat fullchain.pem privkey.pem > certbundle.pem | cat fullchain.pem privkey.pem > certbundle.pem | ||
The script <code>/root/bin/letsencrypt-refresh</code> '''does all of the above''', | The script <code>/root/bin/letsencrypt-refresh</code> '''does all of the above''' automatically. It stops Apache, runs the commands described above, and starts Apache again. This can be used not only to refresh a cert that's running out, but also to add a new domain to the cert. Just add the domain to <code>/root/etc/domains</code> and run the commands. Note that the letsencrypt command may not work well on a "dumb" terminal such as an Emacs shell buffer. If in doubt, run it from within a proper terminal emulator. | ||
=== Readability of the key files === | |||
To ensure that processes running under unprivileged users can read key files, ensure that the users they run under are members of the <code>ssl-cert</code> group, which should have read access to the files in <code>/etc/letsencrypt/live/feministwiki.org</code>. | |||
== Ubuntu package repositories == | |||
Currently, FeministWiki runs on Ubuntu 16.04 LTS (Xenial), which has rather old Apache and PHP packages. We use the Ubuntu PPAs <code>ondrej/apache2</code> and <code>ondrej/php</code> to get newer versions. | |||
For F-Droid packages, we use the <code>fdroid/fdroidserver</code> Ubuntu PPA. | |||
== Services == | == Services == | ||
Line 212: | Line 212: | ||
There are also various tools on the web to automatically test the DNS settings for correctness, to check if the domain/IP is on blacklists, etc., which you can find via Google. All in all, FeministMail is probably the most complicated service of the FeministWiki, as far as technical background goes. | There are also various tools on the web to automatically test the DNS settings for correctness, to check if the domain/IP is on blacklists, etc., which you can find via Google. All in all, FeministMail is probably the most complicated service of the FeministWiki, as far as technical background goes. | ||
=== Mailing lists === | |||
Email domain: lists.feministwiki.org <br/> | |||
Software: GNU Mailman, Postfix | |||
Postfix is configured to recognize <code>lists.feministwiki.org</code> as a "local" domain. This means it uses the file specified in the <code>alias_maps</code> configuration directive (typically <code>/etc/aliases</code>) to decide the final recipient of an e-mail sent to this domain. Correspondingly, we populate <code>/etc/aliases</code> with the aliases needed by Mailman to operate each mailing list it controls. | |||
Note that there is no DNS entry for <code>lists.feministwiki.org</code> because e-mail software just checks the MX record for <code>feministwiki.org</code> when the recipient is from the domain <code><em>anything</em>.feministwiki.org</code>. | |||
=== XMPP === | === XMPP === | ||
Line 232: | Line 241: | ||
Software: custom | Software: custom | ||
This custom web interface hosted at <code>/var/www/account</code> lets you complete several tasks related to FeministWiki membership, such as | This custom web interface hosted at <code>/var/www/account</code> lets you complete several tasks related to FeministWiki membership, such as changing your account settings, resetting your password, or adding a new member. It also contains a form to request membership. The interface is written in HTML, CSS, PHP, and C. |