Note: Currently new registrations are closed, if you want an account Contact us
Difference between revisions of "Poddery - Diaspora, Matrix and XMPP"
(→Statistics: change to new statistics page from .json) |
(→Setting up Backup: create ssh tunnel) |
||
Line 81: | Line 81: | ||
Follow steps in http://www.networkcomputing.com/storage/how-set-ssh-encrypted-mysql-replication/1111882674 to use ssh port forwarding to have encrypted replication | Follow steps in http://www.networkcomputing.com/storage/how-set-ssh-encrypted-mysql-replication/1111882674 to use ssh port forwarding to have encrypted replication | ||
# su sshtunnel | |||
$ ssh -f sshtunnel@poddery.com -L 7777:127.0.0.1:3306 -N | |||
== Maintenance history == | == Maintenance history == |
Revision as of 13:00, 23 March 2016
We run a diaspora service at poddery.com
Environment
- Username - diaspora
- Path - /home/diaspora/diaspora
We use screen to keep the process running. So look for any running instances within screens using screen command.
- Stopping - "screen -ls" will list the running screens. Switch to a screen using "screen -x <screen-name>. Press Control + C to stop the diaspora process and press Control + A D to detach screen)
- Starting - Make sure Diaspora is not running in any screens. If yes then follow above steps before proceeding. "./script/server" will start Diaspora.
a rough indicator of the progress when running migrations, compare SELECT COUNT(*) FROM tags; to SELECT COUNT(*) FROM tags WHERE taggings_count > 0;
Note: You can run the update while diaspora is running.
Homepage
Homepage and other static pages are maintained on a github repo here. You can change it directly or send pull requests.
Statistics
Coordination
Contact
You can contact admins at poddery at autistici.org
The following people have their gpg keys in the password file.
Praveen Arimbrathodiyil (piratepin) (ID: 0xCE1F9C674512), Balasankar C (ID: 0x96EDAB9B2E6B7171), Manu Krishnan T V (ID: 0x5D0064186AF037D9), Fayad Fami (fayad) (ID: 0x51C954405D432381), Abhijith PA (ID: 0x863D4DF2ED9C28EF), Syam G Krishnan (sgk) (ID: 0x6EF48CCD865A1FFC)
Setting up Backup
Backup is setup on a Scaleway C1 VPS (4 core ARM processor with 2GB RAM)
Access: backup.poddery.com (212.47.244.122)
# apt-get install lvm2 cryptsetup
Directly creating luks volume on /dev/nbd1 is not working, so we use a logical volume
# pvcreate /dev/nbd1 # vgcreate data /dev/nbd1 # lvcreate -n diaspora -L 46.5G /dev/data
# cryptsetup luksFormat /dev/data/diaspora # cryptsetup luksOpen /dev/data/diaspora diaspora
and update /etc/crypttab
# <target name> <source device> <key file> <options> diaspora /dev/data/diaspora none luks
# mkfs.ext4 /dev/mapper/diaspora # mkdir /var/lib/diaspora
and update /etc/fstab
# UNCONFIGURED FSTAB FOR BASE SYSTEM /dev/mapper/diaspora /var/lib/diaspora ext4 defaults 0 2
# mount -a # apt-get install mysql-server
Move mysql data directory to encrypted volume
# /etc/init.d/mysql stop # mv /var/lib/mysql /var/lib/diaspora/ # ln -s /var/lib/diaspora/mysql /var/lib/mysql
Follow steps in https://dev.mysql.com/doc/refman/5.5/en/replication-howto-masterbaseconfig.html for replication
Follow steps in https://www.howtoforge.com/how-to-set-up-mysql-database-replication-with-ssl-encryption-on-centos-5.4 for ssl (but ssl support is disabled in debian)
Follow steps in http://www.networkcomputing.com/storage/how-set-ssh-encrypted-mysql-replication/1111882674 to use ssh port forwarding to have encrypted replication
# su sshtunnel $ ssh -f sshtunnel@poddery.com -L 7777:127.0.0.1:3306 -N
Maintenance history
This section holds maintenance/issue history for future tracking.
1. Prosody error - Failed to load private key
certmanager error SSL/TLS: Failed to load '/etc/letsencrypt/live/poddery.com/privkey.pem': Previous error (see logs), or other system error. (for poddery.com) tls error Unable to initialize TLS: error loading private key (system lib) certmanager error SSL/TLS: Failed to load '/etc/letsencrypt/live/poddery.com/privkey.pem': Check that the permissions allow Prosody to read this file.
This error is usually when ssl certificate in freshly installed or renewed. Prosody user is unable to access the key file due to lack of privileges.
Note that Poddery uses Letsencrypt for ssl.
Fix:
- Make sure that prosody user is in 'certs' group (this group may also be called ssl-certs as setup by Letencrypt)
- /etc/letsencrypt/ is the ssl directory.
- Prosody user should have permissions to all folders importantly archive and live folders in /etc/letsencrypt. Permissions to each folder must be 750.
- Troubleshoot by checking if you can switch to each folder in /etc/letsencrypt as prosody user and cat the files.