1,086
edits
(→SMTP) |
Technician (talk | contribs) (→Blog) |
||
(13 intermediate revisions by 2 users not shown) | |||
Line 13: | Line 13: | ||
|- | |- | ||
|85.214.101.34 || ldap.feministwiki.org || ldap || LDAP | |85.214.101.34 || ldap.feministwiki.org || ldap || LDAP | ||
|- | |||
|85.214.101.34 || blog.feministwiki.org || blog || Blogging | |||
|- | |- | ||
|85.214.101.34 || chat.feministwiki.org || chat || Web-client for XMPP | |85.214.101.34 || chat.feministwiki.org || chat || Web-client for XMPP | ||
Line 23: | Line 25: | ||
|- | |- | ||
|85.214.101.34 || imap.feministwiki.org || imap || IMAP | |85.214.101.34 || imap.feministwiki.org || imap || IMAP | ||
|- | |||
|85.214.101.34 || pop3.feministwiki.org || pop3 || POP3 | |||
|- | |- | ||
|85.214.101.34 || smtp.feministwiki.org || smtp || SMTP | |85.214.101.34 || smtp.feministwiki.org || smtp || SMTP | ||
Line 39: | Line 43: | ||
== Special DNS entries == | == Special DNS entries == | ||
For CAA: | |||
{| class="wikitable" | |||
!Type !! Name !! Flag !! Tag !! Value | |||
|- | |||
|CAA || @ || 0 || issue || letsencrypt.org | |||
|- | |||
|CAA || @ || 0 || iodef || admin@feministwiki.org | |||
|} | |||
For email: | |||
{| class="wikitable" | {| class="wikitable" | ||
Line 51: | Line 65: | ||
|- | |- | ||
|TXT || _dmarc || v=DMARC1; p=reject; rua=<nowiki>mailto:admin</nowiki>@feministwiki.org || DMARC | |TXT || _dmarc || v=DMARC1; p=reject; rua=<nowiki>mailto:admin</nowiki>@feministwiki.org || DMARC | ||
|} | |||
For XMPP: | |||
{| class="wikitable" | |||
!Type !! Service !! Protocol !! Name !! Destination !! Port | |||
|- | |||
|SRV || _xmpp-client || _tcp || @ || xmpp.feministwiki.org || 5222 | |||
|- | |- | ||
| | |SRV || _xmpp-server || _tcp || @ || xmpp.feministwiki.org || 5269 | ||
|} | |} | ||
Google Site Verification: | |||
{| class="wikitable" | {| class="wikitable" | ||
! | !Type !! Host !! Data | ||
|- | |- | ||
| | |TXT || @ || google-site-verification=<key> | ||
|- | |||
|} | |} | ||
Line 79: | Line 99: | ||
The FeministWiki uses LetsEncrypt to acquire digital certificates for encrypted communication. | The FeministWiki uses LetsEncrypt to acquire digital certificates for encrypted communication. | ||
To ease use of the letsencrypt command, the file <code>/root/etc/domains</code> contains all the FQDNs used by the FeministWiki, one per line. Given that, the preferred way to populate the <code>/etc/letsencrypt/live/feministwiki.org</code> directory with fresh certs is to run the following | To ease use of the letsencrypt command, the file <code>/root/etc/domains</code> contains all the FQDNs used by the FeministWiki, one per line. Given that, the preferred way to populate the <code>/etc/letsencrypt/live/feministwiki.org</code> directory with fresh certs is to run the following commands while TCP port 80 is free (e.g. stop Apache first): | ||
# Use $() to eliminate the terminating newline, if any. | |||
domains=$(cat /root/etc/domains) | |||
domains=$(printf '%s' "$domains" | tr '\n' ',') | |||
letsencrypt certonly --authenticator standalone --keep --expand -d "$domains" | |||
Additionally, for programs that require a cert file and its private key in a single combined <code>.pem</code> file, run the following commands to generate such a file: | Additionally, for programs that require a cert file and its private key in a single combined <code>.pem</code> file, run the following commands to generate such a file: | ||
Line 96: | Line 121: | ||
The above can be used not only to refresh a cert that's running out, but also to add a new domain to the cert. Just add the domain to <code>/root/etc/domains</code> and run the commands. | The above can be used not only to refresh a cert that's running out, but also to add a new domain to the cert. Just add the domain to <code>/root/etc/domains</code> and run the commands. | ||
Note that the letsencrypt command | Note that the letsencrypt command may not work well on a "dumb" terminal such as an Emacs shell buffer. If in doubt, run it from within a proper terminal emulator. | ||
=== Readability of the key files === | === Readability of the key files === | ||
Line 157: | Line 182: | ||
The wiki uses the SQL database called "feministwiki" and the SQL user of the same name. | The wiki uses the SQL database called "feministwiki" and the SQL user of the same name. | ||
=== Blog === | |||
Host: blog.feministwiki.org <br/> | |||
Software: WordPress | |||
This is a fairly standard WordPress installation in <code>/var/www/blog</code>, with LDAP authentication enabled via the AD/LDAP plugin from miniOrange. | |||
Users from LDAP are registered as "subscriber" by default, and the admin has to change their WordPress role manually to allow contribution, authoring, or editing. | |||
The permalink structure configured in WordPress is <code>/p/%author%/%year%/%monthnum%/%postname%/</code>, where Apache handles the rewrite from <code>/p/</code> to <code>/index.php/</code> for it to actually work. | |||
WordPress uses the SQL database called "feministblog" and an SQL user of the same name. | |||
=== Chat (web interface) === | === Chat (web interface) === | ||
Line 194: | Line 232: | ||
FeministMail uses the [https://www.dovecot.org/ Dovecot] IMAP server, configured for LDAP authentication and using virtual mail boxes under <code>/home/vmail</code>. | FeministMail uses the [https://www.dovecot.org/ Dovecot] IMAP server, configured for LDAP authentication and using virtual mail boxes under <code>/home/vmail</code>. | ||
=== POP3 === | |||
Host: pop3.feministwiki.org <br/> | |||
Software: Dovecot | |||
While Dovecot is primarily an IMAP server, it also offers POP3 support, which the FeministWiki installation has enabled. | |||
=== SMTP === | === SMTP === | ||
Line 200: | Line 245: | ||
Software: Postfix, OpenDKIM | Software: Postfix, OpenDKIM | ||
FeministMail uses the [http://www.postfix.org/ Postfix] SMTP server, using SASL authentication through Dovecot | FeministMail uses the [http://www.postfix.org/ Postfix] SMTP server, using SASL authentication through Dovecot, LDAP-based virtual mail boxes under <code>/home/vmail</code>, and DKIM signing via OpenDKIM. Send a mail to a Gmail account and use the "Show original" feature of Gmail to see if the mail passes SPF, DKIM, and DMARC tests. | ||
There are also various tools on the web to automatically test the DNS settings for correctness, to check if the domain/IP is on blacklists, etc., which you can find via Google. All in all, FeministMail is probably the most complicated service of the FeministWiki, as far as technical background goes. | |||
=== XMPP === | === XMPP === |