Difference between revisions of "Poddery - Diaspora, Matrix and XMPP"

Poddery - Diaspora, Matrix and XMPP (view source)

Revision as of 11:46, 9 January 2018

143 bytes added , 11:46, 9 January 2018

Reorganized steps in actual order

Bady

Bureaucrats, Administrators

99

edits

@@ Line 1: / Line 1: @@
-We run diaspora, xmpp and matrix services at [https://poddery.com poddery.com]. Diaspora username and password can be used to access xmpp and matrix services. [https://chat.poddery.com chat.poddery.com] provides riot client (accessed by a web browser), which can be used to connect to any matrix server without installing a riot app/client.
+We run Diaspora, XMPP and Matrix services at [https://poddery.com poddery.com]. Diaspora username and password can be used to access XMPP and Matrix services. [https://chat.poddery.com chat.poddery.com] provides Riot client (accessed by a web browser), which can be used to connect to any Matrix server without installing a Riot app/client.
 = Environment =
@@ Line 8: / Line 8: @@
 * 8GB Memory
 * 50GB SSD Disk
-* 1 Flexible public IPv4
+* 1 Flexible Public IPv4
 * 300Mbit/s Unmetered bandwidth
 * 2.5Gbit/s Internal bandwidth
-* €11.99 Per month
+* €11.99 Per Month
@@ Line 19: / Line 19: @@
 * '''16GB''' Memory
 * 50GB SSD Disk
-* 1 Flexible public IPv4
+* 1 Flexible Public IPv4
 * '''500Mbit/s''' Unmeterd bandwidth
 * '''5Gbit/s''' Internal bandwidth
-* '''€17.99''' per month
+* '''€17.99''' Per Month
 * Extra '''150GB''' SSD
-* Total '''€20.99''' per month
+* Total '''€20.99''' Per Month
 == Operating System ==
-We run debian 9 stretch image provided by scaleway, with latest security updates applied.
+We run Debian 9 Stretch image provided by Scaleway, with latest security updates applied.
 === Hardening checklist ===
@@ Line 39: / Line 39: @@
    PasswordAuthentication no
    ...
-* Firewall enabled with only the ports we need opened. [https://fxdata.cloud/tutorials/set-up-a-firewall-with-ufw-on-ubuntu-16-04 ufw tutorial]
+* Firewall enabled with only the ports we need opened ([https://fxdata.cloud/tutorials/set-up-a-firewall-with-ufw-on-ubuntu-16-04 ufw tutorial])
    sudo ufw default deny incoming
    sudo ufw default allow outgoing
@@ Line 85: / Line 85: @@
 * /dev/mapper/diaspora is an ext4 file system
    sudo mkfs.ext4 /dev/mapper/diaspora
-* /var/lib/diaspora should be mounted
+* /var/lib/diaspora should be mounted. All [[#Handling_critical_data|critical data]] should be on /var/lib/diaspora.
    sudo mkdir /var/lib/diaspora
    sudo mount /dev/mapper/diaspora /var/lib/diaspora
-* All critical data should be on /var/lib/diaspora
-  sudo /etc/init.d/mysql stop
-  sudo mv /var/lib/mysql /var/lib/diaspora
-  sudo ln /var/lib/diaspora/mysql /var/lib/diaspora
-  sudo mkdir /var/lib/diaspora/uploads
-  sudo chown -R diaspora: /var/lib/diaspora/uploads
-  sudo ln -s /var/lib/diaspora/uploads /usr/share/diaspora/public/uploads
-=== Services health check ===
+== User Visible Services ==
+=== Diaspora ===
+* We use diaspora-installer-mysql package from https://people.debian.org/~praveen/diaspora/README
+* See [https://salsa.debian.org/ruby-team/diaspora-installer/blob/debian/0.6.6.0+debian1/README /usr/share/doc/diaspora-common/README] for package specific configuration.
+* [https://poddery.com/statistics live statistics]
+=== Chat/XMPP ===
+* We use Prosody and steps for setting up Prosody is given at -> https://wiki.debian.org/Diaspora/XMPP
+* We have enabled all XEPs conversations expect. We use sslh to multiplex Diaspora and Prosody on port 443.
+=== Chat/Matrix ===
-  systemctl status nginx # our web server front end for diaspora, xmpp and matrix
+* We use Synapse server for setting up the Matrix server.
-  systemctl status diaspora # diaspora service
+* We will be using https://github.com/matrix-org/synapse/#synapse-installation for setting up this instance
-  systemctl status matrix-synapse.service # synapse matrix server
+* We use nginx reverse proxy to send requests that has ''/_matrix/*'' in url to synapse on 8008. See /etc/nginx/sites-enabled/diaspora
-  systemctl status prosody # prosody xmpp server
+* We use https://git.fosscommunity.in/necessary129/synapse-diaspora-auth to authenticate synapse with Diaspora database.
-  systemctl status sslh # SSL/SSH multiplexer which allow us to provide multiple services via 443 port (to bypass stupid firewalls)
-== User Visible Services ==
 === Homepage ===
-Homepage and other static pages are maintained in our gitlab instance. You can change it directly in the master branch or send pull requests. You can edit it via web as well.
+Homepage and other static pages are maintained in our Gitlab instance. You can change it directly in the master branch or send pull requests. You can edit it via web as well.
-* poddery.com -> https://git.fosscommunity.in/community/poddery.com.
+* poddery.com -> https://git.fosscommunity.in/community/poddery.com
 * save.poddery.com -> https://git.fosscommunity.in/community/save.poddery.com
@@ Line 133: / Line 136: @@
 2 * * 1 /etc/init.d/nginx reload
 2 * * 1 /etc/init.d/prosody reload
-=== Diaspora ===
-* We use diaspora-installer-mysql package from https://people.debian.org/~praveen/diaspora/README
-* See [https://salsa.debian.org/ruby-team/diaspora-installer/blob/debian/0.6.6.0+debian1/README /usr/share/doc/diaspora-common/README] for package specific configuration.
-* [https://poddery.com/statistics live statistics]
-=== Chat/XMPP ===
-* We use prosody and steps for setting up prosody is given at -> https://wiki.debian.org/Diaspora/XMPP
-* We have enabled all XEPs conversations expect. We use sslh to multiplex diaspora and prosody on port 443.
-=== Chat/Matrix ===
-* We use synapse server for setting up the matrix server.
-* We will be using https://github.com/matrix-org/synapse/#synapse-installation for setting up this instance
-* We use nginx reverse proxy to send requests that has ''/_matrix/*'' in url to synapse on 8008. See /etc/nginx/sites-enabled/diaspora
-* We use https://git.fosscommunity.in/necessary129/synapse-diaspora-auth to authenticate synapse with diaspora database.
 == Backend Services ==
 === nginx ===
-Front end for diaspora and matrix.
+Front-end for Diaspora and Matrix.
 === PostgreSQL ===
-Backend for matrix.
+Backend for Matrix.
 === MySQL ===
-Backend for diaspora. TODO: consider migrating to PostgreSQL to optimize resources (we can reduce one service and RAM usage).
+Backend for Diaspora.
+TODO: consider migrating to PostgreSQL to optimize resources (we can reduce one service and RAM usage).
 === sslh ===
-Port multiplexer to allow xmpp and diaspora to share 443 port. This allows us to fool stupid firewalls which blocks all ports except 80 and 443 (hence xmpp).
+Port multiplexer to allow XMPP and Diaspora to share 443 port. This allows us to fool stupid firewalls which blocks all ports except 80 and 443 (hence XMPP).
+=== Handling critical data ===
+  sudo /etc/init.d/mysql stop
+  sudo mv /var/lib/mysql /var/lib/diaspora
+  sudo ln /var/lib/diaspora/mysql /var/lib/diaspora
+  sudo mkdir /var/lib/diaspora/uploads
+  sudo chown -R diaspora: /var/lib/diaspora/uploads
+  sudo ln -s /var/lib/diaspora/uploads /usr/share/diaspora/public/uploads
+=== Services health check ===
+  systemctl status nginx # Our web server front-end for Diaspora, XMPP and Matrix
+  systemctl status diaspora # Diaspora service
+  systemctl status matrix-synapse.service # Synapse Matrix Server
+  systemctl status prosody # Prosody XMPP Server
+  systemctl status sslh # SSL/SSH multiplexer which allow us to provide multiple services via 443 port (to bypass stupid firewalls)
 = Coordination =
 *[https://www.loomio.org/g/2bjVXqAu/fosscommunity-in-poddery-com-maintainer-s-group loomio group] - we use this for decision making.
-* Hangout with us in our matrix room [https://matrix.to/#/#poddery:poddery.com #poddery:poddery.com]
+* Hangout with us in our Matrix room [https://matrix.to/#/#poddery:poddery.com #poddery:poddery.com]
 === Contact ===
@@ Line 178: / Line 181: @@
 Email: poddery at autistici.org (alias that reaches Akhilan, Abhijith Balan, Fayad, Balasankar, Julius, Praveen, Prasobh, Sruthi, Shirish, Vamsee and Manukrishnan)
-The following people have their gpg keys in the password file.
+The following people have their GPG keys in the password file.
-Praveen Arimbrathodiyil (piratepin) (ID: 0xCE1F9C674512), Balasankar C (ID: 0x96EDAB9B2E6B7171), Manu Krishnan T V (ID: 0x5D0064186AF037D9), Fayad Fami (fayad) (ID: 0x51C954405D432381), Abhijith PA (ID: 0x863D4DF2ED9C28EF), Syam G Krishnan (sgk) (ID: 0x6EF48CCD865A1FFC), Sagar Ippalpalli (ID: 0xFD49D0BC6FEAECDA)
+Praveen Arimbrathodiyil (piratepin) (ID: 0xCE1F9C674512), Balasankar C (ID: 0x96EDAB9B2E6B7171), Manu Krishnan T V (ID: 0x5D0064186AF037D9), Fayad Fami (fayad) (ID: 0x51C954405D432381), Abhijith PA (ID: 0x863D4DF2ED9C28EF), Syam G Krishnan (sgk) (ID: 0x6EF48CCD865A1FFC), Sagar Ippalpalli (ID: 0xFD49D0BC6FEAECDA), Pirate Bady (piratesin) (ID: 0x92FDAB42A95FF20C), Kannan (ID: 0x0B1955F40C691CCE)
-We recommend you setup [http://www.vim.org/scripts/script.php?script_id=3645 vim gpg plugin] for transparent editing. If you are new to gpg, then follow [https://www.madboa.com/geek/gpg-quickstart/ this guide].
+We recommend you setup [http://www.vim.org/scripts/script.php?script_id=3645 Vim GPG Plugin] for transparent editing. If you are new to GPG, then follow [https://www.madboa.com/geek/gpg-quickstart/ this guide].
 === Server Access ===
@@ Line 219: / Line 222: @@
   # apt-get install mysql-server
-Move mysql data directory to encrypted volume
+Move MySQL data directory to encrypted volume
   # /etc/init.d/mysql stop
   # mv /var/lib/mysql /var/lib/diaspora/
@@ Line 233: / Line 236: @@
   # su sshtunnel
-Generate ssh key pair and copy public key to target system
+Generate SSH key pair and copy public key to target system
   $ ssh-keygen -t rsa
   $ ssh -f sshtunnel@poddery.com -L 7777:127.0.0.1:3306 -N