diff options
author | David Luevano Alvarado <david@luevano.xyz> | 2023-05-05 03:16:06 -0600 |
---|---|---|
committer | David Luevano Alvarado <david@luevano.xyz> | 2023-05-05 03:16:06 -0600 |
commit | 70e783628b1bf863da45cc8879b06288a498840b (patch) | |
tree | 6a61d3134fbb100f0fc04e9e96782d29e24bb5ed /src/blog/a | |
parent | ec2aa74d36670d74c153aa0022ab22e79502a061 (diff) |
update css, make articles more uniform, add toc and add functionality to scroll to the top
Diffstat (limited to 'src/blog/a')
-rw-r--r-- | src/blog/a/acomodada_la_pagina_de_arte.md | 2 | ||||
-rw-r--r-- | src/blog/a/asi_nomas_esta_quedando.md | 4 | ||||
-rw-r--r-- | src/blog/a/el_blog_ya_tiene_timestamps.md | 7 | ||||
-rw-r--r-- | src/blog/a/first_blog_post.md | 6 | ||||
-rw-r--r-- | src/blog/a/git_server_with_cgit.md | 24 | ||||
-rw-r--r-- | src/blog/a/mail_server_with_postfix.md | 45 | ||||
-rw-r--r-- | src/blog/a/new_blogging_system.md | 6 | ||||
-rw-r--r-- | src/blog/a/password_manager_authenticator_setup.md | 2 | ||||
-rw-r--r-- | src/blog/a/rewrote_pyssg_again.md | 4 | ||||
-rw-r--r-- | src/blog/a/tenia_esto_descuidado.md | 8 | ||||
-rw-r--r-- | src/blog/a/volviendo_a_usar_la_pagina.md | 4 | ||||
-rw-r--r-- | src/blog/a/vpn_server_with_openvpn.md | 25 | ||||
-rw-r--r-- | src/blog/a/website_with_nginx.md | 27 | ||||
-rw-r--r-- | src/blog/a/xmpp_server_with_prosody.md | 39 |
14 files changed, 120 insertions, 83 deletions
diff --git a/src/blog/a/acomodada_la_pagina_de_arte.md b/src/blog/a/acomodada_la_pagina_de_arte.md index 2cac170..9321efb 100644 --- a/src/blog/a/acomodada_la_pagina_de_arte.md +++ b/src/blog/a/acomodada_la_pagina_de_arte.md @@ -8,6 +8,6 @@ tags: short Así es, ya quedó acomodado el sub-dominio `art.luevano.xyz` pos pal [arte](https://art.luevano.xyz) veda. Entonces pues ando feliz por eso. -Este pedo fue gracias a que me reescribí la forma en la que `pyssg` maneja los templates, ahora uso el sistema de `jinja` en vez del cochinero que hacía antes. +Este pedo fue gracias a que me reescribí la forma en la que [`pyssg`](${PYSSG_URL}) maneja los templates, ahora uso el sistema de [`jinja`](https://jinja.palletsprojects.com/en/3.1.x/) en vez del cochinero que hacía antes. Y pues nada más eso, aquí está el [primer post](https://art.luevano.xyz/a/elephant_octopus.html) y por supuesto acá está el link del RSS [https://art.luevano.xyz/rss.xml](https://art.luevano.xyz/rss.xml). diff --git a/src/blog/a/asi_nomas_esta_quedando.md b/src/blog/a/asi_nomas_esta_quedando.md index c1ed74c..6577ca8 100644 --- a/src/blog/a/asi_nomas_esta_quedando.md +++ b/src/blog/a/asi_nomas_esta_quedando.md @@ -12,6 +12,8 @@ También me puse a acomodar un servidor de [XMPP](https://xmpp.org/) el cual, en Ahorita este server es SUMISO (*compliant* en español, jeje) para jalar con la app [conversations](https://conversations.im/) y con la red social [movim](https://movim.eu/), pero realmente funcionaría con casi cualquier cliente de XMPP, amenos que ese cliente implemente algo que no tiene mi server. Y también acomodé un server de [Matrix](https://matrix.org/) que es muy similar pero es bajo otro protocolo y se siente más como un discord/slack (al menos en el [element](https://element.io/)), muy chingón también. -Si bien aún quedan cosas por hacer sobre estos dos servers que me acomodé (además de hacerles unas entradas para documentar cómo lo hice), quiero moverme a otra cosa que sería acomodar una sección de dibujos, lo cual en teoría es bien sencillo, pero como quiero poder automatizar la publicación de estos, quiero modificar un poco el [pyssg](https://github.com/luevano/pyssg) para que jale chido para este pex. +Si bien aún quedan cosas por hacer sobre estos dos servers que me acomodé (además de hacerles unas entradas para documentar cómo lo hice), quiero moverme a otra cosa que sería acomodar una sección de dibujos, lo cual en teoría es bien sencillo, pero como quiero poder automatizar la publicación de estos, quiero modificar un poco el [`pyssg`](${PYSSG_URL}) para que jale chido para este pex. Ya por último también quiero moverle un poco al CSS, porque lo dejé en un estado muy culerón y quiero meterle/ajustar unas cosas para que quede más limpio y medianamente bonito... *dentro de lo que cabe porque evidentemente me vale verga si se ve como una página del 2000*. + +**Actualización**: Ya tumbé el servidor de XMPP porque consumía bastantes recursos y no lo usaba tanto, si en un futuro consigo un mejor servidor podría volver a hostearlo.
\ No newline at end of file diff --git a/src/blog/a/el_blog_ya_tiene_timestamps.md b/src/blog/a/el_blog_ya_tiene_timestamps.md index 4fbe9bd..b011732 100644 --- a/src/blog/a/el_blog_ya_tiene_timestamps.md +++ b/src/blog/a/el_blog_ya_tiene_timestamps.md @@ -11,6 +11,9 @@ Pues eso, esta entrada es sólo para tirar update sobre mi [primer post](https:/ Ya lo único que queda es cambiar un poco el formato del blog (y de la página en general), porque en un momento de desesperación puse todo el texto en justificado y pues no se ve chido siempre, entonces queda corregir eso. *Y aunque me tomó más tiempo del que quisiera, así nomás quedó, diría un cierto personaje.* -El `ssg` modificado está en mis [dotfiles](https://git.luevano.xyz/.dots) (o directamente [aquí](https://git.luevano.xyz/.dots/tree/.local/bin/ssg)). +~~El `ssg` modificado está en mis [dotfiles](https://git.luevano.xyz/.dots) (o directamente [aquí](https://git.luevano.xyz/.dots/tree/.local/bin/ssg)).~~ +^^Como al final ya no usé el `ssg` modificado, este pex ya no existe.^^ -Por último, también quité las extensiones `.html` de las URLs, porque se veía bien pitero, pero igual los links con `.html` al final redirigen a su link sin `.html`, así que no hay rollo alguno. +Por último, también quité las extensiones `.html` de las URLs, porque se ve bien pitero, pero igual los links con `.html` al final redirigen a su link sin `.html`, así que no hay rollo alguno. + +**Actualización**: Ahora estoy usando mi propia solución en vez de `ssg`, que la llamé [`pyssg`](${PYSSG_URL}), de la cual empiezo a hablar [acá](https://blog.luevano.xyz/a/new_blogging_system.html). diff --git a/src/blog/a/first_blog_post.md b/src/blog/a/first_blog_post.md index b4851f2..1cdeb5e 100644 --- a/src/blog/a/first_blog_post.md +++ b/src/blog/a/first_blog_post.md @@ -7,8 +7,10 @@ tags: short tools english -I'm making this post just to figure out how [`ssg5`](https://www.romanzolotarev.com/ssg.html) and [`lowdown`](https://kristaps.bsd.lv/lowdown/) are supposed to work (and eventually also [`rssg`](https://www.romanzolotarev.com/rssg.html)). +I'm making this post just to figure out how [`ssg5`](https://www.romanzolotarev.com/ssg.html) and [`lowdown`](https://kristaps.bsd.lv/lowdown/) are supposed to work, and eventually [`rssg`](https://www.romanzolotarev.com/rssg.html). -At the moment, I'm not satisfied because there's no automatic date insertion into the 1) html file, 2) the blog post itself and 3) the listing system in the [blog homepage](https://blog.luevano.xyz/) (and there's also the problem with the ordering of the entries...). And all of this just because I didn't want to use [Luke's](https://github.com/LukeSmithxyz/lb) solution (don't really like that much how he handles the scripts... *but they just work*). +At the moment I'm not satisfied because there's no automatic date insertion into the 1) html file, 2) the blog post itself and 3) the listing system in the [blog homepage](https://blog.luevano.xyz/) which also has a problem with the ordering of the entries. And all of this just because I didn't want to use Luke's [lb](https://github.com/LukeSmithxyz/lb) solution as I don't really like that much how he handles the scripts (*but they just work*). Hopefully, for tomorrow all of this will be sorted out and I'll have a working blog system. + +**Update**: I'm now using my own solution which I called [`pyssg`](${PYSSG_URL}), of which I talk about [here](https://blog.luevano.xyz/a/new_blogging_system.html). diff --git a/src/blog/a/git_server_with_cgit.md b/src/blog/a/git_server_with_cgit.md index 4eb440c..63fae28 100644 --- a/src/blog/a/git_server_with_cgit.md +++ b/src/blog/a/git_server_with_cgit.md @@ -4,21 +4,26 @@ lang: en summary: How to create a git server using cgit on a server running Nginx. This is a follow up on post about creating a website with Nginx and Certbot. tags: server tools + code tutorial english -My git server is all I need to setup to actually *kill* my other server (I've been moving from servers on these last 2-3 blog entries), that's why I'm already doing this entry. I'm basically following [git's guide on setting up a server](https://git-scm.com/book/en/v2/Git-on-the-Server-Setting-Up-the-Server) plus some specific stuff for (btw i use) Arch Linux ([Arch Linux Wiki: Git server](https://wiki.archlinux.org/index.php/Git_server#Web_interfaces) and [Step by step guide on setting up git server in arch linux (pushable)](https://miracoin.wordpress.com/2014/11/25/step-by-step-guide-on-setting-up-git-server-in-arch-linux-pushable/)). +My git server is all I need to setup to actually *kill* my other server (I've been moving from servers on these last 2-3 blog entries), that's why I'm already doing this entry. I'm basically following [git's guide on setting up a server](https://git-scm.com/book/en/v2/Git-on-the-Server-Setting-Up-the-Server) plus some specific stuff for ==btw i use== Arch Linux ([Arch Linux Wiki: Git server](https://wiki.archlinux.org/index.php/Git_server#Web_interfaces) and [Step by step guide on setting up git server in arch linux (pushable)](https://miracoin.wordpress.com/2014/11/25/step-by-step-guide-on-setting-up-git-server-in-arch-linux-pushable/)). -Note that this is mostly for personal use, so there's no user/authentication control other than that of SSH. Also, most if not all commands here are run as root. +Note that this is mostly for personal use, so there's no user/authentication control other than that of normal `ssh`. And as with the other entries, most if not all commands here are run as root unless stated otherwise. -## Prerequisites +# Table of contents + +[TOC] + +# Prerequisites I might get tired of saying this (it's just copy paste, basically)... but you will need the same prerequisites as before (check my [website](https://blog.luevano.xyz/a/website_with_nginx.html) and [mail](https://blog.luevano.xyz/a/mail_server_with_postfix.html) entries), with the extras: - (Optional, if you want a "front-end") A **CNAME** for "git" and (optionally) "www.git", or some other name for your sub-domains. - An SSL certificate, if you're following the other entries, add a `git.conf` and run `certbot --nginx` to extend the certificate. -## Git +# Git [Git](https://wiki.archlinux.org/title/git) is a version control system. @@ -76,14 +81,14 @@ You're basically done. Now you should be able to push/pull repositories to your ```sh git init --bare {repo_name}.git -chown -R git:git repo_name.git +chown -R git:git {repo_name}.git ``` -Those two lines above will need to be run each time you want to add a new repository to your server (yeah, kinda lame... although there are options to "automate" this, I like it this way). +==Those two lines above will need to be run each time you want to add a new repository to your server==. There are options to "automate" this but I like it this way. After that you can already push/pull to your repository. I have my repositories (locally) set up so I can push to more than one remote at the same time (my server, GitHub, GitLab, etc.); to do so, check [this gist](https://gist.github.com/rvl/c3f156e117e22a25f242). -## Cgit +# Cgit [Cgit](https://wiki.archlinux.org/title/Cgit) is a fast web interface for git. @@ -139,11 +144,10 @@ repo.url={url} repo.path={dir_path} repo.owner={owner} repo.desc={short_description} - ... ``` -Where you can uncomment the `robots` line to let web crawlers (like Google's) to index your `git` web app. And at the end keep all your repositories (the ones you want to make public), for example for my [*dotfiles*](https://git.luevano.xyz/.dots) I have: +Where you can uncomment the `robots` line to not let web crawlers (like Google's) to index your `git` web app. And at the end keep all your repositories (the ones you want to make public), for example for my [*dotfiles*](https://git.luevano.xyz/.dots) I have: ```apache ... @@ -156,6 +160,8 @@ repo.desc=These are my personal dotfiles. Otherwise you could let `cgit` to automatically detect your repositories (you have to be careful if you want to keep "private" repos) using the option `scan-path` and setup `.git/description` for each repository. For more, you can check [cgitrc(5)](https://man.archlinux.org/man/cgitrc.5). +## Cgit's file rendering + By default you can't see the files on the site, you need a highlighter to render the files, I use `highlight`. Install the `highlight` package: ```sh diff --git a/src/blog/a/mail_server_with_postfix.md b/src/blog/a/mail_server_with_postfix.md index 63bf564..cd3ba63 100644 --- a/src/blog/a/mail_server_with_postfix.md +++ b/src/blog/a/mail_server_with_postfix.md @@ -4,22 +4,27 @@ lang: en summary: How to create mail server using Postfix, Dovecot, SpamAssassin and OpenDKIM. This is a follow up on post about creating a website with Nginx and Certbot. tags: server tools + code tutorial english -The entry is going to be long because it's a *tedious* process. This is also based on [Luke Smith's script](https://github.com/LukeSmithxyz/emailwiz), but adapted to Arch Linux (his script works on debian-based distributions). This entry is mostly so I can record all the notes required while I'm in the process of installing/configuring the mail server on a new VPS of mine; also I'm going to be writing a script that does everything in one go (for Arch Linux), that will be hosted [here](https://git.luevano.xyz/server_scripts.git). +The entry is going to be long because it's a *tedious* process. This is also based on [Luke Smith's script](https://github.com/LukeSmithxyz/emailwiz), but adapted to Arch Linux (his script works on debian-based distributions). This entry is mostly so I can record all the notes required while I'm in the process of installing/configuring the mail server on a new VPS of mine; ~~also I'm going to be writing a script that does everything in one go (for Arch Linux), that will be hosted [here](https://git.luevano.xyz/server_scripts.git).~~ ^^I haven't had time to do the script so nevermind this, if I ever do it I'll make a new entry regarding it.^^ -This configuration works for local users (users that appear in `/etc/passwd`), and does not use any type of SQL Database. And note that most if not all commands executed here are run with root privileges. +This configuration works for local users (users that appear in `/etc/passwd`), and does not use any type of SQL database. And note that most if not all commands executed here are run with root privileges, unless stated otherwise. -## Prerequisites +# Table of contents + +[TOC] + +# Prerequisites Basically the same as with the [website with Nginx and Certbot](https://blog.luevano.xyz/a/website_with_nginx.html), with the extras: - You will need a **CNAME** for "mail" and (optionally) "www.mail", or whatever you want to call the sub-domains (although the [RFC 2181](https://tools.ietf.org/html/rfc2181#section-10.3) states that it NEEDS to be an **A** record, fuck the police). - An SSL certificate. You can use the SSL certificate obtained following my last post using `certbot` (just create a `mail.conf` and run `certbot --nginx` again). -- Ports 25, 587 (SMTP), 465 (SMTPS), 143 (IMAP) and 993 (IMAPS) open on the firewall. +- Ports `25`, `587` (SMTP), `465` (SMTPS), `143` (IMAP) and `993` (IMAPS) open on the firewall (I use `ufw`). -## Postfix +# Postfix [Postfix](https://wiki.archlinux.org/title/postfix) is a "mail transfer agent" which is the component of the mail server that receives and sends emails via SMTP. @@ -70,7 +75,7 @@ smtpd_sasl_security_options = noanonymous, noplaintext smtpd_sasl_tls_security_options = noanonymous ``` -Specify the mailbox home (this is going to be a directory inside your user's home containing the actual mail files): +Specify the mailbox home, this is going to be a directory inside your user's home containing the actual mail files, for example it will end up being`/home/david/Mail/Inbox`: ```apache home_mailbox = Mail/Inbox/ @@ -90,9 +95,7 @@ non_smtpd_milters = inet:127.0.0.1:8891 mailbox_command = /usr/lib/dovecot/deliver ``` -Where `{yourdomainname}` is `luevano.xyz` in my case, or if you have `localhost` configured to your domain, then use `localhost` for `myhostname` (`myhostname = localhost`). - -Lastly, if you don't want the sender's IP and user agent (application used to send the mail), add the following line: +Where `{yourdomainname}` is `luevano.xyz` in my case. Lastly, if you don't want the sender's IP and user agent (application used to send the mail), add the following line: ```apache smtp_header_checks = regexp:/etc/postfix/smtp_header_checks @@ -149,7 +152,7 @@ systemctl start postfix.service systemctl enable postfix.service ``` -## Dovecot +# Dovecot [Dovecot](https://wiki.archlinux.org/title/Dovecot) is an IMAP and POP3 server, which is what lets an email application retrieve the mail. @@ -310,9 +313,9 @@ systemctl start dovecot.service systemctl enable dovecot.service ``` -## OpenDKIM +# OpenDKIM -[OpenDKIM](https://wiki.archlinux.org/title/OpenDKIM) is needed so services like G\*\*gle (we don't mention that name here \[\[\[this is a meme\]\]\]) don't throw the mail to the trash. DKIM stands for "DomainKeys Identified Mail". +[OpenDKIM](https://wiki.archlinux.org/title/OpenDKIM) is needed so services like G\*\*gle don't throw the mail to the trash. DKIM stands for "DomainKeys Identified Mail". Install the `opendkim` package: @@ -395,7 +398,9 @@ systemctl start opendkim.service systemctl enable opendkim.service ``` -And don't forget to add the following **TXT** records on your domain registrar (these examples are for Epik): +## OpenDKIM DNS TXT records + +Add the following **TXT** records on your domain registrar (these examples are for Epik): 1. *DKIM* entry: look up your `{yoursubdomain}.txt` file, it should look something like: @@ -405,7 +410,7 @@ And don't forget to add the following **TXT** records on your domain registrar ( "..." ) ; ----- DKIM key mail for {yourdomain} ``` -In the TXT record you will place `{yoursubdomain}._domainkey` as the "Host" and `"v=DKIM1; k=rsa; s=email; " "p=..." "..."` in the "TXT Value" (replace the dots with the actual value you see in your file). +In the **TXT** record you will place `{yoursubdomain}._domainkey` as the "Host" and `"v=DKIM1; k=rsa; s=email; " "p=..." "..."` in the "TXT Value" (replace the dots with the actual value you see in your file). 2. *DMARC* entry: just `_dmarc.{yourdomain}` as the "Host" and `"v=DMARC1; p=reject; rua=mailto:dmarc@{yourdomain}; fo=1"` as the "TXT Value". @@ -413,7 +418,7 @@ In the TXT record you will place `{yoursubdomain}._domainkey` as the "Host" and And at this point you could test your mail for spoofing and more. -## SpamAssassin +# SpamAssassin [SpamAssassin](https://wiki.archlinux.org/title/SpamAssassin) is just *a mail filter to identify spam*. @@ -492,13 +497,13 @@ systemctl start spamassassin.service systemctl enable spamassassin.service ``` -## Wrapping up +# Wrapping up -We should have a working mail server by now. Before continuing check your journal logs (`journalctl -xe --unit={unit}`, where `{unit}` could be `spamassassin.service` for example) to see if there was any error whatsoever and try to debug it, it should be a typo somewhere (the logs are generally really descriptive) because all the settings and steps detailed here just (literally just finished doing everything on a new server as of the writing of this text) worked *(((it just werks on my machine)))*. +We should have a working mail server by now. Before continuing check your journal logs (`journalctl -xe --unit={unit}`, where `{unit}` could be `spamassassin.service` for example) to see if there was any error whatsoever and try to debug it, it should be a typo somewhere because all the settings and steps detailed here just worked; I literally just finished doing everything on a new server as of the writing of this text, ==it just werks on my machine==. Now, to actually use the mail service: first of all, you need a *normal* account (don't use root) that belongs to the `mail` group (`gpasswd -a user group` to add a user `user` to group `group`) and that has a password. -Next, to actually login into a mail app/program/whateveryouwanttocallit, you will use the following settings, at least for `thunderdbird`(I tested in windows default mail app and you don't need a lot of settings): +Next, to actually login into a mail app/program, you will use the following settings, at least for `thunderdbird`(I tested in windows default mail app and you don't need a lot of settings): - \* server: subdomain.domain (mail.luevano.xyz in my case) - **SMTP** port: 587 @@ -512,6 +517,4 @@ Next, to actually login into a mail app/program/whateveryouwanttocallit, you wil All that's left to do is test your mail server for spoofing, and to see if everything is setup correctly. Go to [DKIM Test](https://www.appmaildev.com/en/dkim) and follow the instructions (basically click next, and send an email with whatever content to the email that they provide). After you send the email, you should see something like: -![DKIM Test successful](images/b/notes/mail/dkim_test_successful.png "DKIM Test successful") - -Finally, that's actually it for this entry, if you have any problem whatsoever you can [contact me](https://luevano.xyz/contact.html). +![DKIM Test successful](${SURL}/images/b/notes/mail/dkim_test_successful.png "DKIM Test successful") diff --git a/src/blog/a/new_blogging_system.md b/src/blog/a/new_blogging_system.md index a855259..7252a2c 100644 --- a/src/blog/a/new_blogging_system.md +++ b/src/blog/a/new_blogging_system.md @@ -11,10 +11,12 @@ So, I was tired of working with `ssg` (and then `sbg` which was a modified versi The solution? Write a new program "from scratch" in *pYtHoN*. Yes it is bloated, yes it is in its early stages, but it works just as I want it to work, and I'm pretty happy so far with the results and have with even more ideas in mind to "optimize" and generally clean my wOrKfLoW to post new blog entries. I even thought of using it for posting into a "feed" like gallery for drawings or pictures in general. -I called it [`pyssg`](https://github.com/luevano/pyssg), because it sounds nice and it wasn't taken in the PyPi. It is just a terminal program that reads either a configuration file or the options passed as flags when calling the program. +I called it [`pyssg`](${PYSSG_URL}), because it sounds nice and it wasn't taken in the PyPi. It is just a terminal program that reads either a configuration file or the options passed as flags when calling the program. It still uses Markdown files because I find them very easy to work with. And instead of just having a "header" and a "footer" applied to each parsed entry, you will have templates (generated with the program) for each piece that I thought made sense (idea taken from `blogit`): the common header and footer, the common header and footer for each entry and, header, footer and list elements for articles and tags. When parsing the Markdown file these templates are applied and stitched together to make a single HTML file. Also generates an RSS feed and the `sitemap.xml` file, which is nice. -It might sound convoluted, but it works pretty well, with of course room to improve; I'm open to suggestions, issue reporting or direct contributions [here](https://github.com/luevano/pyssg). BTW, it only works on Linux for now (and don't think on making it work on windows, but feel free to do PR for the compatibility). +It might sound convoluted, but it works pretty well, with of course room to improve; I'm open to suggestions, issue reporting or direct contributions [here](https://github.com/luevano/pyssg). For now, it is only tested on Linux (and don't think on making it work on windows, but feel free to do PR for the compatibility). That's it for now, the new RSS feed is available here: [https://blog.luevano.xyz/rss.xml](https://blog.luevano.xyz/rss.xml). + +**Update**: Since writing this entry, [`pyssg`](${PYSSG_URL}) has evolved quite a bit, so not everything described here is still true. For the latest updates check the newest entries or the git repository itself. diff --git a/src/blog/a/password_manager_authenticator_setup.md b/src/blog/a/password_manager_authenticator_setup.md index f0e8c76..9c5a03b 100644 --- a/src/blog/a/password_manager_authenticator_setup.md +++ b/src/blog/a/password_manager_authenticator_setup.md @@ -8,7 +8,7 @@ tags: tools **Disclaimer**: I won't go into many technical details here of how to install/configure/use the software, this is just supposed to be a short description on my setup. -It's been a while since I started using a password manager at all, and I'm happy that I started with [KeePassXC](https://keepassxc.org/) (open source, multiplatform password manager that it's completely offline) as a direct recommendation from [lm](https://www.lmcj.xyz/); before this I was using the same password for everything (like a lot of people), which is a well know privacy issue as noted in detail by [Leo](https://askleo.com/different-passwords-for-everything/) (I don't personally recommed LastPass as Leo does). Note that you will still need a *master password* to lock/unlock your password database (you can additionally use a hardware key and a key file). +It's been a while since I started using a password manager at all, and I'm happy that I started with [KeePassXC](https://keepassxc.org/) (open source, multiplatform password manager that it's completely offline) as a direct recommendation from [==EL ELE EME==](https://www.lmcj.xyz/); before this I was using the same password for everything (like a lot of people), which is a well know privacy issue as noted in detail by [Leo](https://askleo.com/different-passwords-for-everything/) (I don't personally recommed LastPass as Leo does). Note that you will still need a *master password* to lock/unlock your password database (you can additionally use a hardware key and a key file). Anyways, setting up *keepass* is pretty simple, as there is a client for almost any device; note that *keepass* is basically just the format and the base for all of the clients, as its common with pretty much any open source software. In my case I'm using [KeePassXC](https://keepassxc.org/) in my computer and [KeePassDX](https://www.keepassdx.com/) in my phone (Android). The only concern is keeping everything in sync because *keepass* doesn't have any automatic method of synchronizing between devices because of security reasons (as far as I know), meaning that you have to manage that yourself. diff --git a/src/blog/a/rewrote_pyssg_again.md b/src/blog/a/rewrote_pyssg_again.md index 70ec8dd..b00538c 100644 --- a/src/blog/a/rewrote_pyssg_again.md +++ b/src/blog/a/rewrote_pyssg_again.md @@ -7,8 +7,8 @@ tags: update short english -I've been wanting to change the way [pyssg](https://github.com/luevano/pyssg) reads config files and generates `HTML` files so that it is more flexible and I don't need to have 2 separate build commands and configs (for [blog](https://blog.luevano.xyz) and [art](https://art.luevano.xyz)), and also to handle other types of "sites"; because `pyssg` was built with blogging in mind, so it was a bit limited to how it could be used. So I had to kind of *rewrite* `pyssg`, and with the latest version I can now generate the whole site and use the same templates for everything, quite neat for my use case. +I've been wanting to change the way [`pyssg`](https://github.com/luevano/pyssg) reads config files and generates `HTML` files so that it is more flexible and I don't need to have 2 separate build commands and configs (for [blog](https://blog.luevano.xyz) and [art](https://art.luevano.xyz)), and also to handle other types of "sites"; because `pyssg` was built with blogging in mind, so it was a bit limited to how it could be used. So I had to kind of *rewrite* `pyssg`, and with the latest version I can now generate the whole site and use the same templates for everything, quite neat for my use case. Anyways, so I bought a new domain for all `pyssg` related stuff, mostly because I wanted somewhere to test live builds while developing, it is of course [pyssg.xyz](https://pyssg.xyz); as of now it is the same template, CSS and scripts that I use here, probably will change in the future. I'll be testing new features and anything `pyssg` related stuff. -I should start pointing all links to `pyssg` to the actual site instead of the github repository (or my [git](https://git.luevano.xyz) repository), but I haven't decided how to handle everything.
\ No newline at end of file +I should start pointing all links to `pyssg` to the actual site instead of the github repository (or my [git](https://git.luevano.xyz) repository), but I haven't decided how to handle everything. diff --git a/src/blog/a/tenia_esto_descuidado.md b/src/blog/a/tenia_esto_descuidado.md index 1d90745..6b31530 100644 --- a/src/blog/a/tenia_esto_descuidado.md +++ b/src/blog/a/tenia_esto_descuidado.md @@ -1,4 +1,4 @@ -title: Tenia este pex algo descuidado +title: Tenía este pex algo descuidado author: David Luévano lang: es summary: Nada más un update en el estado del blog y lo que he andado haciendo. @@ -8,12 +8,12 @@ tags: short Así es, tenía un poco descuidado este pex, siendo la razón principal que andaba ocupado con cosas de *la vida profesional*, ayay. Pero ya que ando un poco más despejado y menos estresado voy a seguir usando el blog y a ver qué más hago. -Tengo unas entradas pendientes que quiero hacer del estilo de "tutorial" o "how-to", pero me lo he estado debatiendo, porque Luke ya empezó a hacerlo más de verdad en [landchad.net](https://landchad.net/), lo cual recomiendo bastante pues igual yo empecé a hacer esto por él (y por [lm](https://lmcj.xyz/)); aunque la verdad pues es muy específico a como él hace las cosas y quizá sí puede haber diferencias, pero ya veré en estos días. La próxima que quiero hacer es sobre el VPN, porque no lo he *setupeado* desde que reinicié El Página Web y La Servidor, entonces acomodaré el VPN de nuevo y de pasada tiro entrada de eso. +Tengo unas entradas pendientes que quiero hacer del estilo de "tutorial" o "how-to", pero me lo he estado debatiendo, porque Luke ya empezó a hacerlo más de verdad en [landchad.net](https://landchad.net/), lo cual recomiendo bastante pues igual yo empecé a hacer esto por él (y por [==EL ELE EME==](https://lmcj.xyz/)); aunque la verdad pues es muy específico a como él hace las cosas y quizá sí puede haber diferencias, pero ya veré en estos días. La próxima que quiero hacer es sobre el VPN, porque no lo he *setupeado* desde que reinicié El Página Web y La Servidor, entonces acomodaré el VPN de nuevo y de pasada tiro entrada de eso. -También dejé un dibujo pendiente, que la neta lo dejé por 2 cosas: está bien cabrón (porque también lo quiero colorear) y porque estaba ocupado; de lo cuál ya sólo queda el *está bien cabrón* pero no he tenido el valor de retomarlo. Lo triste es que ya pasó el tiempo del hype y ya no tengo mucha motivación para terminarlo más que el hecho de que cuando lo termine empezaré a usar Clip Studio Paint en vez de Krita, porque compré una licencia ahora que estuvo en 50% de descuento (sí, me mamé). +También dejé un dibujo pendiente, que la neta lo dejé por 2 cosas: está bien cabrón (porque también lo quiero colorear) y porque estaba ocupado; de lo cuál ya sólo queda el *está bien cabrón* pero no he tenido el valor de retomarlo. Lo triste es que ya pasó el tiempo del hype y ya no tengo mucha motivación para terminarlo más que el hecho de que cuando lo termine empezaré a usar Clip Studio Paint en vez de Krita, porque compré una licencia ahora que estuvo en 50% de descuento. Algo bueno es que me he estado sintiendo muy bien conmigo mismo últimamente, aunque casi no hable de eso. Sí hay una razón en específico, pero es una razón algo tonta. Espero así siga. -Ah, y también quería acomodarme una sección de comentarios, pero como siempre, todas las opciones están bien *bloated*, entonces pues me voy a hacer una en corto seguramente en Python para *el back*, MySQL para la base de datos y Javascript para la conexión acá en *el front*, algo tranqui. +~~Ah, y también quería acomodarme una sección de comentarios, pero como siempre, todas las opciones están bien *bloated*, entonces pues me voy a hacer una en corto seguramente en Python para *el back*, MySQL para la base de datos y Javascript para la conexión acá en *el front*, algo tranqui.~~ ^^Nel, siempre no ocupo esto, pa' qué.^^ Sobres pues. diff --git a/src/blog/a/volviendo_a_usar_la_pagina.md b/src/blog/a/volviendo_a_usar_la_pagina.md index de6d0cc..265f6f0 100644 --- a/src/blog/a/volviendo_a_usar_la_pagina.md +++ b/src/blog/a/volviendo_a_usar_la_pagina.md @@ -8,8 +8,8 @@ tags: short Después de mucho tiempo de estar luchando con querer volver a usar este pex (maldita *d* word y demás), ya me volví a acomodar el setup para agregar nuevas entradas. -Entre las cosas que tuve que hacer fue actualizar el [pyssg](https://github.com/luevano/pyssg) porque no lo podía usar de una como estaba; y de pasado le agregue una que otra feature nueva. Luego quiero agregarle más funcionalidad para poder *buildear* la página completa; por ahora se hace en segmentos: todo lo de [luevano.xyz](https://luevano.xyz) está hecho manual, mientras que [blog](https://blog.luevano.xyz) y [art](https://art.luevano.xyz) usan [pyssg](https://github.com/luevano/pyssghttps://github.com/luevano/pyssg). +Entre las cosas que tuve que hacer fue actualizar el [`pyssg`](${PYSSG_URL}) porque no lo podía usar de una como estaba; y de pasado le agregue una que otra feature nueva. Luego quiero agregarle más funcionalidad para poder *buildear* la página completa; por ahora se hace en segmentos: todo lo de [luevano.xyz](https://luevano.xyz) está hecho manual, mientras que [blog](https://blog.luevano.xyz) y [art](https://art.luevano.xyz) usan [pyssg](${PYSSG_URL}). Otra cosa es que quizá me devuelva a editar alguans entradas nada más para homogeneizar las entradas específicas a *Create a...* (tiene más sentido que sean *Setup x...* o algo similar). -En otras noticias, estoy muy agusto en el jale que tengo actualmente aunque lleve alrededor de 3 semanas de un infierno por problemas debidos a varias razones (del jale). Debo pensar en si debo omitir cosas personales o del trabajo aquí, ya que quién sabe quién se pueda llegar a topar con esto *\*thinking emoji\**. +En otras noticias, estoy muy agusto en el jale que tengo actualmente aunque lleve alrededor de 3 semanas de un infierno en el jale. Debo pensar en si debo omitir cosas personales o del trabajo aquí, ya que quién sabe quién se pueda llegar a topar con esto *\*thinking emoji\**. diff --git a/src/blog/a/vpn_server_with_openvpn.md b/src/blog/a/vpn_server_with_openvpn.md index 7346264..f36d845 100644 --- a/src/blog/a/vpn_server_with_openvpn.md +++ b/src/blog/a/vpn_server_with_openvpn.md @@ -4,6 +4,7 @@ lang: en summary: How to create a VPN server using OpenVPN on a server running Nginx. Only for IPv4. tags: server tools + code tutorial english @@ -11,16 +12,20 @@ I've been wanting to do this entry, but had no time to do it since I also have t Like with any other of my entries I based my setup on the [Arch Wiki](https://wiki.archlinux.org/title/OpenVPN), [this install script](https://github.com/Nyr/openvpn-install) and [this profile generator script](https://github.com/graysky2/ovpngen). -This will be installed and working alongside the other stuff I've wrote about on other posts (see the [server](https://blog.luevano.xyz/tag/@server.html) tag). All commands here are executes as root unless specified otherwise. Also, this is intended only for IPv4 (it's not that hard to include IPv6, but meh). +This will be installed and working alongside the other stuff I've wrote about on other posts (see the [server](https://blog.luevano.xyz/tag/@server.html) tag). All commands here are executes as root unless specified otherwise. Also, this is intended only for IPv4 (it's not that hard to include IPv6, but meh). As always, all commands are executed as root unless stated otherwise. -## Prerequisites +# Table of contents + +[TOC] + +# Prerequisites Pretty simple: -- Working server with root access, and with Ufw as the firewall. -- Depending on what port you want to run the VPN on, the default `1194`, or as a fallback on `443` (click [here](https://openvpn.net/vpn-server-resources/advanced-option-settings-on-the-command-line/) for more). I will do mine on port `1194` but it's just a matter of changing 2 lines of configuration and one Ufw rule. +- Working server with root access, and with `ufw` as the firewall. +- Depending on what port you want to run the VPN on, the default `1194`, or as a fallback on `443` (click [here](https://openvpn.net/vpn-server-resources/advanced-option-settings-on-the-command-line/) for more). I will do mine on port `1194` but it's just a matter of changing 2 lines of configuration and one `ufw` rule. -## Create PKI from scratch +# Create PKI from scratch PKI stands for *Public Key Infrastructure* and basically it's required for certificates, private keys and more. This is supposed to work between two servers and one client: a server in charge of creating, signing and verifying the certificates, a server with the OpenVPN service running and the client making the request. @@ -92,9 +97,9 @@ openvpn --genkey secret ta.key That's it for the PKI stuff and general certificate configuration. -## OpenVPN +# OpenVPN -[OpenVPN](https://wiki.archlinux.org/title/OpenVPN) is a robust and highly flexible VPN daemon, that's pretty complete feature wise. +[OpenVPN](https://wiki.archlinux.org/title/OpenVPN) is a robust and highly flexible VPN daemon, that's pretty complete feature-wise. Install the `openvpn` package: @@ -204,6 +209,8 @@ explicit-exit-notify 1 `#` and `;` are comments. Read each and every line, you might want to change some stuff (like the logging), specially the first line which is your server public IP. +### Enable forwarding + Now, we need to enable *packet forwarding* (so we can access the web while connected to the VPN), which can be enabled on the interface level or globally (you can check the different options with `sysctl -a | grep forward`). I'll do it globally, run: ```sh @@ -272,7 +279,7 @@ systemctl enable openvpn-server@server.service Where the `server` after `@` is the name of your configuration, `server.conf` without the `.conf` in my case. -### Create client configurations +## Create client configurations You might notice that I didn't specify how to actually connect to our server. For that we need to do a few more steps. We actually need a configuration file similar to the `server.conf` file that we created. @@ -357,6 +364,6 @@ chmod o+r pki/crl.pem cd $CPWD ``` -And the way to use is to run `vpn_script new/rev client_name` as sudo (when revoking, it doesn't actually deletes the `.ovpn` file in `~/ovpn`). Again, this is a little script that I put together, so you should check it out, it may need tweaks (depending on your directory structure for `easy-rsa`) and it could have errors. +And the way to use is to run `vpn_script new/rev client_name` as sudo (when revoking, it doesn't actually delete the `.ovpn` file in `~/ovpn`). Again, this is a little script that I put together, so you should check it out, it may need tweaks (depending on your directory structure for `easy-rsa`). Now, just get the `.ovpn` file generated, import it to OpenVPN in your client of preference and you should have a working VPN service. diff --git a/src/blog/a/website_with_nginx.md b/src/blog/a/website_with_nginx.md index 7e4624a..11d4406 100644 --- a/src/blog/a/website_with_nginx.md +++ b/src/blog/a/website_with_nginx.md @@ -4,25 +4,30 @@ lang: en summary: How to create website that runs on Nginx and uses Certbot for SSL certificates. This is a base for future blog posts about similar topics. tags: server tools + code tutorial english These are general notes on how to setup a Nginx web server plus Certbot for SSL certificates, initially learned from [Luke's video](https://www.youtube.com/watch?v=OWAqilIVNgE) and after some use and research I added more stuff to the mix. And, actually at the time of writing this entry, I'm configuring the web server again on a new VPS instance, so this is going to be fresh. -As a side note, (((i use arch btw))) so everything here es aimed at an Arch Linux distro, and I'm doing everything on a VPS. Also note that most if not all commands here are executed with root privileges. +As a side note, ==i use arch btw== so everything here es aimed at an Arch Linux distro, and I'm doing everything on a VPS. Also note that most if not all commands here are executed with root privileges. -## Prerequisites +# Table of contents + +[TOC] + +# Prerequisites You will need two things: - A domain name (duh!). I got mine on [Epik](https://www.epik.com/?affid=da5ne9ru4) (affiliate link, btw). - - With the corresponding **A** and **AAA** records pointing to the VPS' IPs ("A" record points to the ipv4 address and "AAA" to the ipv6, basically). I have three records for each type: empty one, "www" and "\*" for a wildcard, that way "domain.name", "www.domain.name", "anythingelse.domain.name" point to the same VPS (meaning that you can have several VPS for different sub-domains). -- A VPS or somewhere else to host it. I'm using [Vultr](https://www.vultr.com/?ref=8732849) (also an affiliate link). + - With the corresponding **A** and **AAA** records pointing to the VPS' IPs. I have three records for each type: empty string, "www" and "\*" for a wildcard, that way "domain.name", "www.domain.name", "anythingelse.domain.name" point to the same VPS (meaning that you can have several VPS for different sub-domains). These depend on the VPS provider. +- A VPS or somewhere else to host it. I'm using [Vultr](https://www.vultr.com/?ref=8732849) (also an affiliate link, btw). - With `ssh` already configured both on the local machine and on the remote machine. - - Firewall already configured to allow ports 80 (HTTP) and 443 (HTTPS). I use `ufw` so it's just a matter of doing `ufw allow 80,443/tcp` as root and you're golden. - - `cron` installed if you follow along (you could use `systemd` timers, or some other method you prefer to automate running commands every X time). + - Firewall already configured to allow ports `80` (HTTP) and `443` (HTTPS). I use `ufw` so it's just a matter of doing `ufw allow 80,443/tcp` (for example) as root and you're golden. + - `cron` installed if you follow along (you could use `systemd` timers, or some other method you prefer to automate running commands every certain time). -## Nginx +# Nginx [Nginx](https://wiki.archlinux.org/title/Nginx) is a web (HTTP) server and reverse proxy server. @@ -36,7 +41,7 @@ systemctl start nginx.service And that's it, at this point you can already look at the default initial page of Nginx if you enter the IP of your server in a web browser. You should see something like this: -![Nginx welcome page](images/b/notes/nginx/nginx_welcome_page.png "Nginx welcome page") +![Nginx welcome page](${SURL}/images/b/notes/nginx/nginx_welcome_page.png "Nginx welcome page") As stated in the welcome page, configuration is needed, head to the directory of Nginx: @@ -121,7 +126,7 @@ systemctl restart nginx If everything goes correctly, you can now go to your website by typing `domain.name` on a web browser. But you will see a "404 Not Found" page like the following (maybe with different Nginx version): -![Nginx 404 Not Found page](images/b/notes/nginx/nginx_404_page.png "Nginx 404 Not Found page") +![Nginx 404 Not Found page](${SURL}/images/b/notes/nginx/nginx_404_page.png "Nginx 404 Not Found page") That's no problem, because it means that the web server it's actually working. Just add an `index.html` file with something simple to see it in action (in the `/var/www/some_folder` that you decided upon). If you keep seeing the 404 page make sure your `root` line is correct and that the directory/index file exists. @@ -137,7 +142,7 @@ server { ... ``` -## Certbot +# Certbot [Certbot](https://wiki.archlinux.org/title/Certbot) is what provides the SSL certificates via [Let's Encrypt](https://letsencrypt.org/). @@ -161,6 +166,6 @@ Now, the certificate given by `certbot` expires every 3 months or something like crontab -e ``` -And a file will be opened where you need to add a new rule for Certbot, just append the line: `1 1 1 * * certbot renew` (renew on the first day of every month) and you're good. Alternatively use `systemd` timers as stated in the [Arch Linux Wiki](https://wiki.archlinux.org/title/Certbot#Automatic_renewal). +And a file will be opened where you need to add a new rule for Certbot, just append the line: `1 1 1 * * certbot renew --quiet --agree-tos --deploy-hook "systemctl reload nginx.service"` (renew on the first day of every month) and you're good. Alternatively use `systemd` timers as stated in the [Arch Linux Wiki](https://wiki.archlinux.org/title/Certbot#Automatic_renewal). That's it, you now have a website with SSL certificate. diff --git a/src/blog/a/xmpp_server_with_prosody.md b/src/blog/a/xmpp_server_with_prosody.md index e3ed291..bf25e9d 100644 --- a/src/blog/a/xmpp_server_with_prosody.md +++ b/src/blog/a/xmpp_server_with_prosody.md @@ -4,16 +4,23 @@ lang: en summary: How to create an XMPP server using Prosody on a server running Nginx. This server will be compatible with at least Conversations and Movim. tags: server tools + code tutorial english -Recently I set up an XMPP server (and a Matrix one, too) for my personal use and for friends if they want one; made one for ==[EL ELE EME](https://lmcj.xyz)== for example. So, here are the notes on how I set up the server that is compatible with the [Conversations](https://conversations.im/) app and the [Movim](https://movim.eu/) social network. You can see my addresses in [contact](https://luevano.xyz/contact.html) and the XMPP compliance/score of the server. +**Update**: I no longer host this XMPP server as it consumed a lot of resources and I wasn't using it that much. I'll probably re-create it in the future, though. -One of the best resources I found that helped me a lot was [Installing and Configuring Prosody XMPP Server on Debian 9](https://community.hetzner.com/tutorials/prosody-debian9), and of course the [Arch Wiki](https://wiki.archlinux.org/title/Prosody) and the [oficial documentation](https://prosody.im/). +Recently I set up an [XMPP](https://xmpp.org/) server (and a Matrix one, too) for my personal use and for friends if they want one; made one for [==EL ELE EME==](https://lmcj.xyz) for example. So, here are the notes on how I set up the server that is compatible with the [Conversations](https://conversations.im/) app and the [Movim](https://movim.eu/) social network. You can see my addresses at [contact](https://luevano.xyz/contact.html) and the XMPP compliance/score of the server. -As with my other entries, this is under a server running Arch Linux, with the Nginx web server and Certbot certificates. And all commands here are executed as root (unless specified otherwise) +One of the best resources I found that helped me a lot was [Installing and Configuring Prosody XMPP Server on Debian 9](https://community.hetzner.com/tutorials/prosody-debian9), the [Arch Wiki](https://wiki.archlinux.org/title/Prosody) and the [oficial documentation](https://prosody.im/). -## Prerequisites +As with my other entries, this is under a server running Arch Linux, with the Nginx web server and Certbot certificates. And all commands here are executed as root, unless specified otherwise. + +# Table of contents + +[TOC] + +# Prerequisites Same as with my other entries ([website](https://luevano.xyz/a/website_with_nginx.html), [mail](https://blog.luevano.xyz/a/mail_server_with_postfix.html) and [git](https://blog.luevano.xyz/a/git_server_with_cgit.html)) plus: @@ -24,14 +31,14 @@ Same as with my other entries ([website](https://luevano.xyz/a/website_with_ngin - `proxy`: a proxy in case one of the users needs it. - `vjud`: user directory. - (Optionally, but recommended) the following **SRV** DNS records; make sure it is pointing to an **A** or **AAA** record (matching the records from the last point, for example): - - `_xmpp-client._tcp.**your.domain**.` for port `5222` pointing to `xmpp.**your.domain**.` - - `_xmpp-server._tcp.**your.domain**.` for port `5269` pointing to `xmpp.**your.domain**.` - - `_xmpp-server._tcp.muc.**your.domain**.` for port `5269` pointing to `xmpp.**your.domain**.` + - `_xmpp-client._tcp.{your.domain}.` for port `5222` pointing to `xmpp.{your.domain}.` + - `_xmpp-server._tcp.{your.domain}.` for port `5269` pointing to `xmpp.{your.domain}.` + - `_xmpp-server._tcp.muc.{your.domain}.` for port `5269` pointing to `xmpp.{your.domain}.` * SSL certificates for the previous subdomains; similar that with my other entries just create the appropriate `prosody.conf` (where `server_name` will be all the subdomains defined above) file and run `certbot --nginx`. You can find the example configuration file almost at the end of this entry. - Email addresses for `admin`, `abuse`, `contact`, `security`, etc. Or use your own email for all of them, doesn't really matter much as long as you define them in the configuration and are valid, I have aliases so those emails are forwarded to me. - Allow ports `5000`, `5222`, `5269`, `5280` and `5281` for [Prosody](https://prosody.im/doc/ports) and, `3478` and `5349` for [Turnserver](https://webrtc.org/getting-started/turn-server) which are the defaults for `coturn`. -## Prosody +# Prosody [Prosody](https://wiki.archlinux.org/title/Prosody) is an implementation of the XMPP protocol that is flexible and extensible. @@ -54,11 +61,11 @@ You can see that I follow a similar approach that I used with Nginx and the serv Make symbolic links to the following modules: ``` -ln -s /var/lib/prosody/modules-available/MODULE_NAME /var/lib/prosody/modules-enabled/ +ln -s /var/lib/prosody/modules-available/{module_name} /var/lib/prosody/modules-enabled/ ... ``` -- Modules: +- Modules (`{module_name}`): - `mod_bookmarks` - `mod_cache_c2s_caps` - `mod_checkcerts` @@ -407,9 +414,9 @@ ln -s your.domain.key SUBDOMAIN.your.domain.key That's basically all the configuration that needs Prosody itself, but we still have to configure Nginx and Coturn before starting/enabling the `prosody` service. -## Nginx configuration file +# Nginx configuration file -Since this is not an ordinary configuration file I'm going to describe this too. Your `prosody.conf` file should have the following location blocks under the main server block (the one that listens to HTTPS): +Since this is not an ordinary configuration file I'm going to describe this, too. Your `prosody.conf` file should have the following location blocks under the main server block (the one that listens to HTTPS): ```nginx # HTTPS server block @@ -515,14 +522,14 @@ And `host-meta.json` file: } ``` -Remember to have your `prosody.conf` file symlinked (or discoverable by Nginx) to the `sites-enabled` directory. You can now restart your `nginx` service (and test the configuration, optionally): +Remember to have your `prosody.conf` file symlinked (or discoverable by Nginx) to the `sites-enabled` directory. You can now test and restart your `nginx` service (and test the configuration, optionally): ```sh nginx -t systemctl restart nginx.service ``` -## Coturn +# Coturn [Coturn](https://github.com/coturn/coturn) is the implementation of TURN and STUN server, which in general is for (at least in the XMPP world) voice support and external service discovery. @@ -551,7 +558,7 @@ systemctl enable turnserver.service You can test if your TURN server works at [Trickle ICE](https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/). You may need to add a user in the `turnserver.conf` to test this. -## Wrapping up +# Wrapping up At this point you should have a working XMPP server, start/enable the `prosody` service now: @@ -576,4 +583,4 @@ Additionally, you can test the security of your server in [IM Observatory](https You can now log in into your XMPP client of choice, if it asks for the server it should be `xmpp.your.domain` (or `your.domain` for some clients) and your login credentials `you@your.domain` and the password you chose (which you can change in most clients). -That's it, send me a message <a href="xmpp:david@luevano.xyz">david@luevano.xyz</a> if you were able to set up the server successfully. +That's it, send me a message at <a href="xmpp:david@luevano.xyz">david@luevano.xyz</a> if you were able to set up the server successfully. |