From ec2aa74d36670d74c153aa0022ab22e79502a061 Mon Sep 17 00:00:00 2001 From: David Luevano Alvarado Date: Tue, 2 May 2023 01:33:25 -0600 Subject: update to new version of pyssg --- live/blog/a/acomodada_la_pagina_de_arte.html | 17 ++++++------- live/blog/a/asi_nomas_esta_quedando.html | 17 ++++++------- live/blog/a/devs_android_me_trozaron.html | 17 ++++++------- live/blog/a/el_blog_ya_tiene_timestamps.html | 17 ++++++------- live/blog/a/first_blog_post.html | 17 ++++++------- live/blog/a/git_server_with_cgit.html | 23 ++++++++--------- live/blog/a/hoy_toco_desarrollo_personaje.html | 17 ++++++------- live/blog/a/mail_server_with_postfix.html | 29 +++++++++++----------- live/blog/a/new_blogging_system.html | 17 ++++++------- .../a/password_manager_authenticator_setup.html | 17 ++++++------- live/blog/a/rewrote_pyssg_again.html | 17 ++++++------- live/blog/a/tenia_esto_descuidado.html | 17 ++++++------- live/blog/a/volviendo_a_usar_la_pagina.html | 17 ++++++------- live/blog/a/vpn_server_with_openvpn.html | 25 +++++++++---------- live/blog/a/website_with_nginx.html | 23 ++++++++--------- live/blog/a/xmpp_server_with_prosody.html | 27 ++++++++++---------- 16 files changed, 149 insertions(+), 165 deletions(-) (limited to 'live/blog/a') diff --git a/live/blog/a/acomodada_la_pagina_de_arte.html b/live/blog/a/acomodada_la_pagina_de_arte.html index 3c8a26a..bfd6cce 100644 --- a/live/blog/a/acomodada_la_pagina_de_arte.html +++ b/live/blog/a/acomodada_la_pagina_de_arte.html @@ -3,27 +3,26 @@ " prefix="og: https://ogp.me/ns#"> - - + Al fin ya me acomodé la página pa' los dibujos -- Luevano's Blog - - - + + + - - + + - + - + diff --git a/live/blog/a/asi_nomas_esta_quedando.html b/live/blog/a/asi_nomas_esta_quedando.html index 3ca754f..c1f9f3f 100644 --- a/live/blog/a/asi_nomas_esta_quedando.html +++ b/live/blog/a/asi_nomas_esta_quedando.html @@ -3,27 +3,26 @@ " prefix="og: https://ogp.me/ns#"> - - + Así nomás está quedando el página -- Luevano's Blog - - - + + + - - + + - + - + diff --git a/live/blog/a/devs_android_me_trozaron.html b/live/blog/a/devs_android_me_trozaron.html index 97556e7..69239fb 100644 --- a/live/blog/a/devs_android_me_trozaron.html +++ b/live/blog/a/devs_android_me_trozaron.html @@ -3,27 +3,26 @@ " prefix="og: https://ogp.me/ns#"> - - + Los devs de Android/MIUI me trozaron -- Luevano's Blog - - - + + + - - + + - + - + diff --git a/live/blog/a/el_blog_ya_tiene_timestamps.html b/live/blog/a/el_blog_ya_tiene_timestamps.html index 8a14b85..29c080e 100644 --- a/live/blog/a/el_blog_ya_tiene_timestamps.html +++ b/live/blog/a/el_blog_ya_tiene_timestamps.html @@ -3,27 +3,26 @@ " prefix="og: https://ogp.me/ns#"> - - + Así es raza, el blog ya tiene timestamps -- Luevano's Blog - - - + + + - - + + - + - + diff --git a/live/blog/a/first_blog_post.html b/live/blog/a/first_blog_post.html index efd6143..6da8afd 100644 --- a/live/blog/a/first_blog_post.html +++ b/live/blog/a/first_blog_post.html @@ -3,27 +3,26 @@ " prefix="og: https://ogp.me/ns#"> - - + This is the first blog post, just for testing purposes -- Luevano's Blog - - - + + + - - + + - + - + diff --git a/live/blog/a/git_server_with_cgit.html b/live/blog/a/git_server_with_cgit.html index 4712a9c..defcf3e 100644 --- a/live/blog/a/git_server_with_cgit.html +++ b/live/blog/a/git_server_with_cgit.html @@ -3,27 +3,26 @@ " prefix="og: https://ogp.me/ns#"> - - + Create a git server and setup cgit web app (on Nginx) -- Luevano's Blog - - - + + + - - + + - + - + @@ -78,13 +77,13 @@

My git server is all I need to setup to actually kill my other server (I’ve been moving from servers on these last 2-3 blog entries), that’s why I’m already doing this entry. I’m basically following git’s guide on setting up a server plus some specific stuff for (btw i use) Arch Linux (Arch Linux Wiki: Git server and Step by step guide on setting up git server in arch linux (pushable)).

Note that this is mostly for personal use, so there’s no user/authentication control other than that of SSH. Also, most if not all commands here are run as root.

-

Prerequisites

+

Prerequisites

I might get tired of saying this (it’s just copy paste, basically)… but you will need the same prerequisites as before (check my website and mail entries), with the extras:

-

Git

+

Git

Git is a version control system.

If not installed already, install the git package:

pacman -S git
@@ -122,7 +121,7 @@ chown -R git:git repo_name.git

Those two lines above will need to be run each time you want to add a new repository to your server (yeah, kinda lame… although there are options to “automate” this, I like it this way).

After that you can already push/pull to your repository. I have my repositories (locally) set up so I can push to more than one remote at the same time (my server, GitHub, GitLab, etc.); to do so, check this gist.

-

Cgit

+

Cgit

Cgit is a fast web interface for git.

This is optionally since it’s only for the web application.

Install the cgit and fcgiwrap packages:

diff --git a/live/blog/a/hoy_toco_desarrollo_personaje.html b/live/blog/a/hoy_toco_desarrollo_personaje.html index 2b1f9d6..e67976a 100644 --- a/live/blog/a/hoy_toco_desarrollo_personaje.html +++ b/live/blog/a/hoy_toco_desarrollo_personaje.html @@ -3,27 +3,26 @@ " prefix="og: https://ogp.me/ns#"> - - + Hoy me tocó desarrollo de personaje -- Luevano's Blog - - - + + + - - + + - + - + diff --git a/live/blog/a/mail_server_with_postfix.html b/live/blog/a/mail_server_with_postfix.html index 6df0765..c8acc43 100644 --- a/live/blog/a/mail_server_with_postfix.html +++ b/live/blog/a/mail_server_with_postfix.html @@ -3,27 +3,26 @@ " prefix="og: https://ogp.me/ns#"> - - + Create a mail server with Postfix, Dovecot, SpamAssassin and OpenDKIM -- Luevano's Blog - - - + + + - - + + - + - + @@ -78,14 +77,14 @@

The entry is going to be long because it’s a tedious process. This is also based on Luke Smith’s script, but adapted to Arch Linux (his script works on debian-based distributions). This entry is mostly so I can record all the notes required while I’m in the process of installing/configuring the mail server on a new VPS of mine; also I’m going to be writing a script that does everything in one go (for Arch Linux), that will be hosted here.

This configuration works for local users (users that appear in /etc/passwd), and does not use any type of SQL Database. And note that most if not all commands executed here are run with root privileges.

-

Prerequisites

+

Prerequisites

Basically the same as with the website with Nginx and Certbot, with the extras:

-

Postfix

+

Postfix

Postfix is a “mail transfer agent” which is the component of the mail server that receives and sends emails via SMTP.

Install the postfix package:

pacman -S postfix
@@ -174,7 +173,7 @@ newaliases
 
systemctl start postfix.service
 systemctl enable postfix.service
 

-
Dovecot

+
Dovecot

 
Dovecot is an IMAP and POP3 server, which is what lets an email application retrieve the mail.

 
Install the dovecot and pigeonhole (sieve for dovecot) packages:

 
pacman -S dovecot pigeonhole
@@ -289,7 +288,7 @@ account required pam_unix.so
 
systemctl start dovecot.service
 systemctl enable dovecot.service
 

-
OpenDKIM

+
OpenDKIM

 
OpenDKIM is needed so services like G**gle (we don’t mention that name here [[[this is a meme]]]) don’t throw the mail to the trash. DKIM stands for “DomainKeys Identified Mail”.

 
Install the opendkim package:

 
pacman -S opendkim
@@ -357,7 +356,7 @@ systemctl enable opendkim.service
 
 
 
And at this point you could test your mail for spoofing and more.

-
SpamAssassin

+
SpamAssassin

 
SpamAssassin is just a mail filter to identify spam.

 
Install the spamassassin package (which will install a bunch of ugly perl packages…):

 
pacman -S spamassassin
@@ -410,7 +409,7 @@ ExecStart=/usr/bin/vendor_perl/spamd -x -u spamd -g spamd --listen=/run/spamd/sp
 
systemctl start spamassassin.service
 systemctl enable spamassassin.service
 

-
Wrapping up

+
Wrapping up

 
We should have a working mail server by now. Before continuing check your journal logs (journalctl -xe --unit={unit}, where {unit} could be spamassassin.service for example) to see if there was any error whatsoever and try to debug it, it should be a typo somewhere (the logs are generally really descriptive) because all the settings and steps detailed here just (literally just finished doing everything on a new server as of the writing of this text) worked (((it just werks on my machine))).

 
Now, to actually use the mail service: first of all, you need a normal account (don’t use root) that belongs to the mail group (gpasswd -a user group to add a user user to group group) and that has a password.

 
Next, to actually login into a mail app/program/whateveryouwanttocallit, you will use the following settings, at least for thunderdbird(I tested in windows default mail app and you don’t need a lot of settings):

diff --git a/live/blog/a/new_blogging_system.html b/live/blog/a/new_blogging_system.html
index add7b56..066f288 100644
--- a/live/blog/a/new_blogging_system.html
+++ b/live/blog/a/new_blogging_system.html
@@ -3,27 +3,26 @@
 "
   prefix="og: https://ogp.me/ns#">
   
-    
     
     
-    
+    
 I'm using a new blogging system -- Luevano's Blog
   
 
     
-    
-    
-    
+    
+    
+    
     
-    
-    
+    
+    
     
 
-
+
 
-
+
 
     
   
diff --git a/live/blog/a/password_manager_authenticator_setup.html b/live/blog/a/password_manager_authenticator_setup.html
index 3c83a59..afd0e45 100644
--- a/live/blog/a/password_manager_authenticator_setup.html
+++ b/live/blog/a/password_manager_authenticator_setup.html
@@ -3,27 +3,26 @@
 "
   prefix="og: https://ogp.me/ns#">
   
-    
     
     
-    
+    
 My setup for a password manager and MFA authenticator -- Luevano's Blog
   
 
     
-    
-    
-    
+    
+    
+    
     
-    
-    
+    
+    
     
 
-
+
 
-
+
 
     
   
diff --git a/live/blog/a/rewrote_pyssg_again.html b/live/blog/a/rewrote_pyssg_again.html
index faff8bb..481cb45 100644
--- a/live/blog/a/rewrote_pyssg_again.html
+++ b/live/blog/a/rewrote_pyssg_again.html
@@ -3,27 +3,26 @@
 "
   prefix="og: https://ogp.me/ns#">
   
-    
     
     
-    
+    
 Rewrote pyssg again -- Luevano's Blog
   
 
     
-    
-    
-    
+    
+    
+    
     
-    
-    
+    
+    
     
 
-
+
 
-
+
 
     
   
diff --git a/live/blog/a/tenia_esto_descuidado.html b/live/blog/a/tenia_esto_descuidado.html
index bfe8f3f..76fa1ed 100644
--- a/live/blog/a/tenia_esto_descuidado.html
+++ b/live/blog/a/tenia_esto_descuidado.html
@@ -3,27 +3,26 @@
 "
   prefix="og: https://ogp.me/ns#">
   
-    
     
     
-    
+    
 Tenia este pex algo descuidado -- Luevano's Blog
   
 
     
-    
-    
-    
+    
+    
+    
     
-    
-    
+    
+    
     
 
-
+
 
-
+
 
     
   
diff --git a/live/blog/a/volviendo_a_usar_la_pagina.html b/live/blog/a/volviendo_a_usar_la_pagina.html
index 1911902..8380991 100644
--- a/live/blog/a/volviendo_a_usar_la_pagina.html
+++ b/live/blog/a/volviendo_a_usar_la_pagina.html
@@ -3,27 +3,26 @@
 "
   prefix="og: https://ogp.me/ns#">
   
-    
     
     
-    
+    
 Volviendo a usar la página -- Luevano's Blog
   
 
     
-    
-    
-    
+    
+    
+    
     
-    
-    
+    
+    
     
 
-
+
 
-
+
 
     
   
diff --git a/live/blog/a/vpn_server_with_openvpn.html b/live/blog/a/vpn_server_with_openvpn.html
index 205caec..de80c45 100644
--- a/live/blog/a/vpn_server_with_openvpn.html
+++ b/live/blog/a/vpn_server_with_openvpn.html
@@ -3,27 +3,26 @@
 "
   prefix="og: https://ogp.me/ns#">
   
-    
     
     
-    
+    
 Create a VPN server with OpenVPN (IPv4) -- Luevano's Blog
   
 
     
-    
-    
-    
+    
+    
+    
     
-    
-    
+    
+    
     
 
-
+
 
-
+
 
     
   
@@ -79,13 +78,13 @@
   
I’ve been wanting to do this entry, but had no time to do it since I also have to set up the VPN service as well to make sure what I’m writing makes sense, today is the day.

 
Like with any other of my entries I based my setup on the Arch Wiki, this install script and this profile generator script.

 
This will be installed and working alongside the other stuff I’ve wrote about on other posts (see the server tag). All commands here are executes as root unless specified otherwise. Also, this is intended only for IPv4 (it’s not that hard to include IPv6, but meh).

-
Prerequisites

+
Prerequisites

 
Pretty simple:

 
    
 
  • Working server with root access, and with Ufw as the firewall.
    • 
 
  • Depending on what port you want to run the VPN on, the default 1194, or as a fallback on 443 (click here for more). I will do mine on port 1194 but it’s just a matter of changing 2 lines of configuration and one Ufw rule.
    • 
 

-
Create PKI from scratch

+
Create PKI from scratch

 
PKI stands for Public Key Infrastructure and basically it’s required for certificates, private keys and more. This is supposed to work between two servers and one client: a server in charge of creating, signing and verifying the certificates, a server with the OpenVPN service running and the client making the request.

 
This is supposed to work something like: 1) a client wants to use the VPN service, so it creates a requests and sends it to the signing server, 2) this server checks the requests and signs the request, returning the certificates to both the VPN service and the client and 3) the client can now connect to the VPN service using the signed certificate which the OpenVPN server knows about. In a nutshell, I’m no expert.

 
… but, to be honest, all of this is a hassle and (in my case) I want something simple to use and manage. So I’m gonna do all on one server and then just give away the configuration file for the clients, effectively generating files that anyone can run and will work, meaning that you need to be careful who you give this files (it also comes with a revoking mechanism, so no worries).

@@ -129,7 +128,7 @@ openssl dhparam -out dh.pem 2048
 openvpn --genkey secret ta.key
 

 
That’s it for the PKI stuff and general certificate configuration.

-
OpenVPN

+
OpenVPN

 
OpenVPN is a robust and highly flexible VPN daemon, that’s pretty complete feature wise.

 
Install the openvpn package:

 
pacman -S openvpn
@@ -277,7 +276,7 @@ ufw reload
 systemctl enable openvpn-server@server.service
 

 
Where the server after @ is the name of your configuration, server.conf without the .conf in my case.

-
Create client configurations

+
Create client configurations

 
You might notice that I didn’t specify how to actually connect to our server. For that we need to do a few more steps. We actually need a configuration file similar to the server.conf file that we created.

 
The real way of doing this would be to run similar steps as the ones with easy-rsa locally, send them to the server, sign them, and retrieve them. Nah, we’ll just create all configuration files on the server as I was mentioning earlier.

 
Also, the client configuration file has to match the server one (to some degree), to make this easier you can create a client-common file in /etc/openvpn/server with the following content:

diff --git a/live/blog/a/website_with_nginx.html b/live/blog/a/website_with_nginx.html
index bf5d581..386b95d 100644
--- a/live/blog/a/website_with_nginx.html
+++ b/live/blog/a/website_with_nginx.html
@@ -3,27 +3,26 @@
 "
   prefix="og: https://ogp.me/ns#">
   
-    
     
     
-    
+    
 Create a website with Nginx and Certbot -- Luevano's Blog
   
 
     
-    
-    
-    
+    
+    
+    
     
-    
-    
+    
+    
     
 
-
+
 
-
+
 
     
   
@@ -78,7 +77,7 @@
 
   
These are general notes on how to setup a Nginx web server plus Certbot for SSL certificates, initially learned from Luke’s video and after some use and research I added more stuff to the mix. And, actually at the time of writing this entry, I’m configuring the web server again on a new VPS instance, so this is going to be fresh.

 
As a side note, (((i use arch btw))) so everything here es aimed at an Arch Linux distro, and I’m doing everything on a VPS. Also note that most if not all commands here are executed with root privileges.

-
Prerequisites

+
Prerequisites

 
You will need two things:

 
    
 
  • A domain name (duh!). I got mine on Epik (affiliate link, btw).
      
@@ -92,7 +91,7 @@
 
    
 
    • 
 

-
Nginx

+
Nginx

 
Nginx is a web (HTTP) server and reverse proxy server.

 
You have two options: nginx and nginx-mainline. I prefer nginx-mainline because it’s the “up to date” package even though nginx is labeled to be the “stable” version. Install the package and enable/start the service:

 
pacman -S nginx-mainline
@@ -181,7 +180,7 @@ systemctl restart nginx
     try_files $uri/index.html $uri.html $uri/ $uri =404;
     ...
 

-
Certbot

+
Certbot

 
Certbot is what provides the SSL certificates via Let’s Encrypt.

 
The only “bad” (bloated) thing about Certbot, is that it uses python, but for me it doesn’t matter too much. You may want to look up another alternative if you prefer. Install the packages certbot and certbot-nginx:

 
pacman -S certbot certbot-nginx
diff --git a/live/blog/a/xmpp_server_with_prosody.html b/live/blog/a/xmpp_server_with_prosody.html
index 7f7b168..20418ca 100644
--- a/live/blog/a/xmpp_server_with_prosody.html
+++ b/live/blog/a/xmpp_server_with_prosody.html
@@ -3,27 +3,26 @@
 "
   prefix="og: https://ogp.me/ns#">
   
-    
     
     
-    
+    
 Create an XMPP server with Prosody compatible with Conversations and Movim -- Luevano's Blog
   
 
     
-    
-    
-    
+    
+    
+    
     
-    
-    
+    
+    
     
 
-
+
 
-
+
 
     
   
@@ -79,7 +78,7 @@
   
Recently I set up an XMPP server (and a Matrix one, too) for my personal use and for friends if they want one; made one for EL ELE EME for example. So, here are the notes on how I set up the server that is compatible with the Conversations app and the Movim social network. You can see my addresses in contact and the XMPP compliance/score of the server.

 
One of the best resources I found that helped me a lot was Installing and Configuring Prosody XMPP Server on Debian 9, and of course the Arch Wiki and the oficial documentation.

 
As with my other entries, this is under a server running Arch Linux, with the Nginx web server and Certbot certificates. And all commands here are executed as root (unless specified otherwise)

-
Prerequisites

+
Prerequisites

 
Same as with my other entries (website, mail and git) plus:

 
    
 
  • A and (optionally) AAA DNS records for:
      
@@ -100,7 +99,7 @@
 
    • Email addresses for admin, abuse, contact, security, etc. Or use your own email for all of them, doesn’t really matter much as long as you define them in the configuration and are valid, I have aliases so those emails are forwarded to me.
      • 
 
    • Allow ports 5000, 5222, 5269, 5280 and 5281 for Prosody and, 3478 and 5349 for Turnserver which are the defaults for coturn.
      • 
 
    
-
    Prosody
    
+
    Prosody
    
 
    Prosody is an implementation of the XMPP protocol that is flexible and extensible.
    
 
    Install the prosody package (with optional dependencies) and the mercurial package:
    
 
    pacman -S prosody, mercurial, lua52-sec, lua52-dbi, lua52-zlib
@@ -444,7 +443,7 @@ ln -s your.domain.key SUBDOMAIN.your.domain.key
 ...
 
    
 
    That’s basically all the configuration that needs Prosody itself, but we still have to configure Nginx and Coturn before starting/enabling the prosody service.
    
-
    Nginx configuration file
    
+
    Nginx configuration file
    
 
    Since this is not an ordinary configuration file I’m going to describe this too. Your prosody.conf file should have the following location blocks under the main server block (the one that listens to HTTPS):
    
 
    # HTTPS server block
 server {
@@ -542,7 +541,7 @@ server {
 
    nginx -t
 systemctl restart nginx.service
 
    
-
    Coturn
    
+
    Coturn
    
 
    Coturn is the implementation of TURN and STUN server, which in general is for (at least in the XMPP world) voice support and external service discovery.
    
 
    Install the coturn package:
    
 
    pacman -S coturn
@@ -558,7 +557,7 @@ static-auth-secret=YOUR SUPER SECRET TURN PASSWORD
 systemctl enable turnserver.service
 
    
 
    You can test if your TURN server works at Trickle ICE. You may need to add a user in the turnserver.conf to test this.
    
-
    Wrapping up
    
+
    Wrapping up
    
 
    At this point you should have a working XMPP server, start/enable the prosody service now:
    
 
    systemctl start prosody.service
 systemctl enable prosody.service
-- 
cgit v1.2.3-70-g09d2