Difference between revisions of "In transition"

From Anarchaserver
(11 intermediate revisions by the same user not shown)
Line 3: Line 3:
...because there is nothing more ephemeral than digital culture...
...because there is nothing more ephemeral than digital culture...


= How to use Yunohost web services =
'''[http://anarchaserver.org/mediawiki/index.php/How_to_use_yunohost The "How to use Yunohost" is in this specific page]'''
= Installation of yunohost in a LXC container =
Create the container with a debian stretch base as root :
lxc-create -n transitional -t debian -- -r stretch
Edit the config to set-up the network
nano /var/lib/lxc/transitional/config
it shoud look like :
lxc.network.type = veth
lxc.network.hwaddr = 00:16:3e:cd:ad:29
lxc.network.flags = up
lxc.network.link = lxc-nat-bridge
lxc.network.name = eth0
# you have to set a specific IP for this container (here .2)
lxc.network.ipv4 = 10.0.3.2
lxc.network.ipv4.gateway = 10.0.3.1
lxc.rootfs = /var/lib/lxc/transitional/rootfs
lxc.rootfs.backend = dir
# Common configuration
lxc.include = /usr/share/lxc/config/debian.common.conf
# Container specific configuration
lxc.tty = 4
lxc.utsname = transitional
lxc.arch = amd64
lxc.start.auto = 1
Modify + record, then start the container
lxc-start -n transitional
Log in the container as root
lxc-attach -n transitional
Then you have a shell in the container and can proceed to the installation
root@transitional:/#
apt update
apt upgrade
apt install net-tools nano git nload htop iputils-ping curl
curl https://install.yunohost.org | bash
== Setting-up the proxy in front apache ==
ToDo
* There is a need to put in vhost a specific parameter : https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyengine
SSLProxyEngine On


= Installing Yunohost for deploying quickly various web services =
= Installing Yunohost for deploying quickly various web services =


* Reference website: https://yunohost.org/#/
* Reference website: https://yunohost.org/#/
* List of apps and services maintained by Yunohost https://yunohost.org/#/apps_fr
* List of apps and services maintained by Yunohost https://yunohost.org/#/apps_en
* Lists of apps and services maintained by the community https://yunohost.org/#/apps_in_progress_fr
* Lists of apps and services maintained by the community https://yunohost.org/#/apps_in_progress_en
* For installing Yunohost in a Debian Jessie, we use the following script https://yunohost.org/#/install_on_debian_fr
* For installing Yunohost in a Debian Jessie, we use the following script https://yunohost.org/#/install_on_debian_en


Yunohost uses nginx, therefore when installing Debian, do not check the option "Web server", if not Apache will eat port 80
Yunohost uses nginx, therefore when installing Debian, do not check the option "Web server", if not Apache will eat port 80
Line 28: Line 74:
[[File:640px-Yunohostlabo.png]]
[[File:640px-Yunohostlabo.png]]


= Yunohost selection of web services installed in the VM =
'''Chat xmmp'''
Extensible Messaging and Presence Protocol (XMPP) is a communications protocol for message-oriented middleware based on XML (Extensible Markup Language). This chat will enable feminist group to create their own IRC channel.
'''Framadate'''
Enables to create small surveys without users having to log in so that people can agree on a date or possible option (a kind of simplified dudle).
'''Limesurvey'''
LimeSurvey (formerly PHPSurveyor) is an Open Source PHP web application to develop, publish and collect responses to online & offline surveys. For more information about this great open source survey tool, visit [https://en.wikipedia.org/wiki/LimeSurvey Limesurvey wikipedia].
'''Zerobin'''
It is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256bit AES in Galois Counter mode.
'''Jirafeau'''
Jirafeau is a web site permitting to upload a file in a simple way and give an unique link to it. It is like a dropbox or weshare riseup option.
= Aims VM In Transition =
This VM aims at providing selected and targeted services that are not easy to find and are lacking inside the planet of autonomous feminists servers such as:
* IRC chat for enabling feminist groups to engage trough this channel for their internal communication
* Framadate to quickly set up dates for meeting proposals (or any quick survey looking for deciding most likable options for a group of people)
* Limesurvey as a strong open free alternative to google surveys that enable feminist groups to conduct their surveys and data collection around sensible topics without high jacking the privacy of their respondents, neither the security of the data set they are collecting
* Jirafeau for easily sharing documents with others by uploading them in an encrypted way and sharing a link for downloading them
* Zerobin to create documents and sharing them with others ensuring that the server admin can not know what is being written
The VM is called In transition because we want to provide those services to feminist groups we know and collaborate with in a non permanent basis. This means that we are aware that data can become sensitive at any moment in time and that we should take care of backing them up, hosting them in safe and encrypted forms and so on, when you do not have still the tools you need, you can use our services for a limited amount of time.


We will settle clear time guidelines for the creation of sondage and zerobin, inasmuch as for the transfer of documents with girafeau. The use of limesurvey will be decided on a base to base case, depending of the aims and needs of the groups requesting this option. Finally IRC chats will be our more "permanent" service inside this VM In transition.
= Post Post installation : tuning the configuration =
* A few security things : https://yunohost.org/#/security_en
* For Jirafeau, to remove the need for a password to upload, remove the password at line 77 of /var/www/jirafeau/lib/config.local.php
$cfg['upload_password'] = array();


= Guidelines for using services =
= Debug install =
If "Error: An error occurred during LDAP operation", than it is possible to reset the post install :
wget https://raw.githubusercontent.com/YunoHost/yunoScripts/master/resetPostinstall.sh
chmod +x resetPostinstall.sh
./resetPostinstall.sh
In my case, the ldap package was broken so :
apt update
apt --fix-broken install
Then
  ./resetPostinstall.sh
yunohost tools postinstall --debug


* IRC chat
To reset the admin password in LDAP :
yunohost-reset-ldap-password


TOS of 8http://www.gamers-irc.org/terms-of-service.html Gamers IRC] offers interesting lines that we could take into account at the same time is is very extensive and as we are planning to offer this service to few and selected people not sure we need it.
To make a regen conf of LDAP
yunohost service regen-conf ldap --force
Restore a backup of your ldap database too
yunohost backup restore --system conf_ldap --debug


* Framadate


Your survey will be automatically archived 60 days after the last date of your consultation. You can also define another date for this automatic archiving, however it should be not later than 90 days after the last date of your consultation.
= DNS troubleshooting inside a container =
It seems that DNS resolution is limited @tachanka to certain adresses :


* Limesurvey
So there is a need to change dns servers in the yunohost container as yunohost relies on dnsmasq with its own dns server list
nano /etc/resolv.dnsmasq.conf
nameserver 209.51.171.179
nameserver 216.66.15.28
nameserver 216.66.15.23
or FFDN ones if it doesn't work
nameserver 80.67.169.12
nameserver 80.67.169.40


This service is limited to 200 answers and we ask persons to send us an email to anarchaserver@autistiche.org in order to detail for how long they need the survey on going. This service will be negotiate for each case particular needs and once the survey is over, we will ask survey holders to export data so we can erase all answers and data related to that survey.


* Jirafeau
== DNS debug ==


The TOS of Jirafeau is very precise and looking to mitigate any possible legal action against them: http://jirafeau.net/tos.php
nslookup
Unsure if we need something that precise but could reuse some parts.
> server 127.0.0.1
Upload is currently limited to 100mb and files are stored no longer than a week.
> set debug 
> host x.org
dig @8.8.8.8 x.org
netstat -atun | grep 53


* Zerobin
cat /var/log/syslog |grep dnsmasq
dnsmasq.service: Failed to reset devices.list: Operation not permitted
not important !
nano /lib/systemd/system/dnsmasq.service
localectl and hostnamectl


Terms of Usage for Zerobin service.
Tester si dns requêtes arrivent au host
By using this service you agree to the following:
sudo tcpdump -X -i lxc-nat-bridge dst port 53 |grep x.org
You may not use bots or automation software to scrape or access urls on this website.
sudo tcpdump -X -i eth0 host 209.51.171.179 and port 53
You may not post PII; [https://en.wikipedia.org/wiki/Personally_identifiable_information Personally Identifiable Information]
Regarding expiration dates for zerobin you cqn set up for one month maximum.

Revision as of 23:17, 16 July 2020

This page is used to detail the work achieved around the VM In Transition.

...because there is nothing more ephemeral than digital culture...


How to use Yunohost web services

The "How to use Yunohost" is in this specific page


Installation of yunohost in a LXC container

Create the container with a debian stretch base as root : 

lxc-create -n transitional -t debian -- -r stretch

Edit the config to set-up the network 

nano /var/lib/lxc/transitional/config

it shoud look like : 

lxc.network.type = veth
lxc.network.hwaddr = 00:16:3e:cd:ad:29
lxc.network.flags = up
lxc.network.link = lxc-nat-bridge
lxc.network.name = eth0
# you have to set a specific IP for this container (here .2)
lxc.network.ipv4 = 10.0.3.2
lxc.network.ipv4.gateway = 10.0.3.1
lxc.rootfs = /var/lib/lxc/transitional/rootfs
lxc.rootfs.backend = dir

# Common configuration
lxc.include = /usr/share/lxc/config/debian.common.conf

# Container specific configuration
lxc.tty = 4
lxc.utsname = transitional
lxc.arch = amd64
lxc.start.auto = 1

Modify + record, then start the container 

lxc-start -n transitional

Log in the container as root 

lxc-attach -n transitional

Then you have a shell in the container and can proceed to the installation 

root@transitional:/#
apt update
apt upgrade
apt install net-tools nano git nload htop iputils-ping curl
curl https://install.yunohost.org | bash


Setting-up the proxy in front apache

ToDo 

SSLProxyEngine On

Installing Yunohost for deploying quickly various web services

Yunohost uses nginx, therefore when installing Debian, do not check the option "Web server", if not Apache will eat port 80

  • Instal Git
sudo apt-get install git
  • Clone the repository of installation of YunoHost
git clone https://github.com/YunoHost/install_script /tmp/install_script
  • The root user need to have a password, if it is not the case, create one (if not the install script will fail):
sudo passwd root
  • Launch the install script
cd /tmp/install_script && sudo ./install_yunohostv2
  • You need then to connect to the server through a web browser, once the install process is over, the server screen (if there is one) will indicate the IP where you need to connect
  • You will need to define an administrator password
  • And a domain name, either you dispose of a domain or sub-domain that you direct towards the server, either you can use a dyndns proposed by yunohost, for instance anarchaserver.nohost.me
  • Once everything is achieved, you can install applications, and the overall results looks like:

640px-Yunohostlabo.png


Post Post installation : tuning the configuration

  • A few security things : https://yunohost.org/#/security_en
  • For Jirafeau, to remove the need for a password to upload, remove the password at line 77 of /var/www/jirafeau/lib/config.local.php
$cfg['upload_password'] = array();

Debug install

If "Error: An error occurred during LDAP operation", than it is possible to reset the post install : 

wget https://raw.githubusercontent.com/YunoHost/yunoScripts/master/resetPostinstall.sh
chmod +x resetPostinstall.sh
./resetPostinstall.sh

In my case, the ldap package was broken so : 

apt update
apt --fix-broken install

Then 

 ./resetPostinstall.sh
yunohost tools postinstall --debug

To reset the admin password in LDAP : 

yunohost-reset-ldap-password

To make a regen conf of LDAP 

yunohost service regen-conf ldap --force

Restore a backup of your ldap database too 

yunohost backup restore --system conf_ldap --debug


DNS troubleshooting inside a container

It seems that DNS resolution is limited @tachanka to certain adresses :

So there is a need to change dns servers in the yunohost container as yunohost relies on dnsmasq with its own dns server list 

nano /etc/resolv.dnsmasq.conf
nameserver 209.51.171.179
nameserver 216.66.15.28
nameserver 216.66.15.23

or FFDN ones if it doesn't work 

nameserver 80.67.169.12
nameserver 80.67.169.40


DNS debug

nslookup
> server 127.0.0.1
> set debug   
> host x.org
dig @8.8.8.8 x.org
netstat -atun | grep 53

cat /var/log/syslog |grep dnsmasq
dnsmasq.service: Failed to reset devices.list: Operation not permitted

not important ! 

nano /lib/systemd/system/dnsmasq.service
localectl and hostnamectl

Tester si dns requêtes arrivent au host 

sudo tcpdump -X -i lxc-nat-bridge dst port 53 |grep x.org
sudo tcpdump -X -i eth0 host 209.51.171.179 and port 53
Retrieved from "https://alexandria.anarchaserver.org/index.php?title=In_transition&oldid=730"