dienste:bytecluster0001

Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

Beide Seiten der vorigen Revision Vorhergehende Überarbeitung
Nächste Überarbeitung
Vorhergehende Überarbeitung
dienste:bytecluster0001 [21.06.2017 18:50] mape2kdienste:bytecluster0001 [03.05.2020 17:51] (aktuell) – Limit auf 20MB angehoben mape2k
Zeile 1: Zeile 1:
-====== bytecluster0001 ======+======= bytecluster0001 =======
  
-bytecluster0001 ist ein virtueller Server, der Kommunikationsdienste für den Verein bereitstellt. Der Server wurde von der Firma Hetzner Online GmbH dankenswerter Weise zur Verfügung gestellt.+bytecluster0001 ist ein virtueller Server, der Kommunikationsdienste für den Verein bereitstellt.
  
-===== Administratoren =====+====== Administratoren ======
  
   * [[user:mape2k]]   * [[user:mape2k]]
   * [[user:mkzero:]]   * [[user:mkzero:]]
   * [[user:suicider]]   * [[user:suicider]]
 +  * [[user:hipposen:start|hipposen]]
  
-===== Benutzer =====+====== Benutzer ======
  
   * Bernd (Webseiten)   * Bernd (Webseiten)
  
-===== IPs /DNS =====+====== IPs /DNS ======
  
   * bytecluster0001.bytespeicher.org   * bytecluster0001.bytespeicher.org
Zeile 19: Zeile 20:
     * 2a01:4f8:c17:1214::2     * 2a01:4f8:c17:1214::2
  
-===== Installation =====+====== Installation ======
  
   * Debian 8.2 minimal   * Debian 8.2 minimal
  
-==== User / Gruppen ====+===== User / Gruppen =====
  
   * mkzero -> sudo   * mkzero -> sudo
   * marcel -> sudo   * marcel -> sudo
 +  * maddi -> sudo
   * stephan -> sudo   * stephan -> sudo
   * bernd -> sudo für www-data   * bernd -> sudo für www-data
Zeile 36: Zeile 38:
   * ffapi   * ffapi
   * synapse   * synapse
-==== Pakete ====+===== Pakete =====
  
   * zsh   * zsh
Zeile 46: Zeile 48:
   * debian-goodies   * debian-goodies
  
-==== Netzwerk ==== +===== Netzwerk ===== 
-=== Skript für IPv6-Adressen (benötigt für Matrix-IRC-Bridge) ===+==== Skript für IPv6-Adressen (benötigt für Matrix-IRC-Bridge) ====
 <file|/usr/local/bin/manage_ipv6_addresses.sh> <file|/usr/local/bin/manage_ipv6_addresses.sh>
 #!/bin/bash #!/bin/bash
Zeile 64: Zeile 66:
   * //**chmod +x /usr/local/bin/manage_ipv6_addresses.sh**//   * //**chmod +x /usr/local/bin/manage_ipv6_addresses.sh**//
  
-=== Konfiguration ===+==== Konfiguration ====
  
 <file|/etc/network/interfaces> <file|/etc/network/interfaces>
Zeile 84: Zeile 86:
 </file> </file>
  
-==== Konfiguration SSH ====+===== Konfiguration SSH =====
  
   * HostKey DSA entfernt   * HostKey DSA entfernt
Zeile 101: Zeile 103:
 </file> </file>
  
-==== SUDO ====+===== SUDO =====
  
   * Administrative Benutzer sind Mitglied der Gruppe "sudo"   * Administrative Benutzer sind Mitglied der Gruppe "sudo"
  
-==== IPTABLES ====+===== IPTABLES =====
  
   * iptables-persistent   * iptables-persistent
Zeile 204: Zeile 206:
 </file> </file>
  
-==== MySQL/MariaDB ====+===== MySQL/MariaDB =====
  
   * mariadb-server   * mariadb-server
Zeile 246: Zeile 248:
 </file> </file>
  
-==== NGINX ====+===== NGINX =====
  
   * nginx   * nginx
Zeile 297: Zeile 299:
 </file> </file>
  
-==== Let's Encrypt (SSL-Zertifikate) ====+===== Let's Encrypt (SSL-Zertifikate) =====
  
 === Installation === === Installation ===
Zeile 375: Zeile 377:
 23 4 * * *     letsencrypt  /home/letsencrypt/letsencrypt.sh/letsencrypt.sh -c > /home/letsencrypt/letsencrypt.log 2>&1 23 4 * * *     letsencrypt  /home/letsencrypt/letsencrypt.sh/letsencrypt.sh -c > /home/letsencrypt/letsencrypt.log 2>&1
 </file> </file>
-=== Verwendung des Let'sEncrypt Client für eine neue Domain ===+=== Verwendung des LetsEncrypt Client für eine neue Domain ===
  
 Pro Zertifikat können mehrere Domains/Subdomains integriert werden. Diese müssen in der domains.txt in einer Zeile stehen. Pro Zertifikat können mehrere Domains/Subdomains integriert werden. Diese müssen in der domains.txt in einer Zeile stehen.
Zeile 416: Zeile 418:
     * **//systemctl reload nginx.service//**     * **//systemctl reload nginx.service//**
  
-==== PHP ====+===== User-Agent-Filter ===== 
 +<file|/etc/nginx/snippets/filter_useragents.conf> 
 +### Block Mastodon 
 +if ($http_user_agent ~* (Mastodon)) { 
 +    return 403; 
 +
 +</file> 
 +===== PHP =====
  
   * php5-fpm   * php5-fpm
Zeile 437: Zeile 446:
 post_max_size = 64M post_max_size = 64M
 </file> </file>
-==== Ruby ====+===== Ruby =====
  
   * ruby   * ruby
  
-==== Bytebot ====+===== Bytebot =====
  
 Pakete: Pakete:
Zeile 485: Zeile 494:
   * //**systemctl start bytebot.service**//   * //**systemctl start bytebot.service**//
  
-==== Twitterstatus / Twitterstatus Makerspace ====+===== Twitterstatus / Twitterstatus Makerspace =====
  
 Die Anleitung ist für "twitterstatus". Die Einrichtung von "twitterstatus-ms" erfolgt Die Anleitung ist für "twitterstatus". Die Einrichtung von "twitterstatus-ms" erfolgt
Zeile 549: Zeile 558:
 </code> </code>
  
-==== Freifunk-API ====+===== Freifunk-API =====
  
 === Pakete === === Pakete ===
Zeile 645: Zeile 654:
   * //**systemctl reload nginx**//   * //**systemctl reload nginx**//
  
-==== paste.bytespeicher.org ====+===== paste.bytespeicher.org =====
  
   * Datenbank: bs_paste   * Datenbank: bs_paste
Zeile 701: Zeile 710:
 </file> </file>
  
-==== bytespeicher.org ====+===== bytespeicher.org =====
  
   * Datenbank: wp_bs   * Datenbank: wp_bs
Zeile 713: Zeile 722:
  server_name www.bytespeicher.org staging.bytespeicher.org bytespeicher.org radio.bytespeicher.org;  server_name www.bytespeicher.org staging.bytespeicher.org bytespeicher.org radio.bytespeicher.org;
  
 + include snippets/filter_useragents.conf;
  include snippets/letsencrypt.conf;  include snippets/letsencrypt.conf;
  
Zeile 730: Zeile 740:
  
  server_name www.bytespeicher.org;  server_name www.bytespeicher.org;
 +
 + include snippets/filter_useragents.conf;
  
  ssl on;  ssl on;
Zeile 818: Zeile 830:
 </file> </file>
  
-==== status.bytespeicher.org ====+===== status.bytespeicher.org =====
  
   * **//useradd spacestatus -m -G www-data//**   * **//useradd spacestatus -m -G www-data//**
Zeile 885: Zeile 897:
   add_header Strict-Transport-Security "max-age=31536000";   add_header Strict-Transport-Security "max-age=31536000";
   add_header X-Frame-Options SAMEORIGIN;   add_header X-Frame-Options SAMEORIGIN;
 +  add_header Access-Control-Allow-Origin *;
      
   ssl_certificate /home/letsencrypt/letsencrypt.sh/certs/status.bytespeicher.org/fullchain.pem;   ssl_certificate /home/letsencrypt/letsencrypt.sh/certs/status.bytespeicher.org/fullchain.pem;
Zeile 894: Zeile 907:
 </file> </file>
  
-==== makerspace-erfurt.de / fablab-erfurt.de ====+===== makerspace-erfurt.de / fablab-erfurt.de =====
  
   * Datenbank: makerspace_wp   * Datenbank: makerspace_wp
Zeile 965: Zeile 978:
 </file> </file>
  
-==== cloud.technikkultur-erfurt.de (Owncloud) ====+===== cloud.technikkultur-erfurt.de (Nextcloud=====
  
   * Datenbank: makerspace_oc   * Datenbank: makerspace_oc
Zeile 1099: Zeile 1112:
 </file> </file>
  
-==== Redmine ====+===== Redmine =====
  
   * Datenbank: redmine   * Datenbank: redmine
Zeile 1245: Zeile 1258:
 </file> </file>
  
-==== Dokuwiki ====+===== Dokuwiki =====
  
   * DocumentRoot: /var/www/technikkultur-erfurt.de/public_html   * DocumentRoot: /var/www/technikkultur-erfurt.de/public_html
Zeile 1258: Zeile 1271:
   listen [::]:443 ssl;   listen [::]:443 ssl;
  
 +  include snippets/filter_useragents.conf;
   include snippets/letsencrypt.conf;   include snippets/letsencrypt.conf;
  
Zeile 1280: Zeile 1294:
   ssl_trusted_certificate /home/letsencrypt/letsencrypt.sh/certs/example.org/fullchain.pem;   ssl_trusted_certificate /home/letsencrypt/letsencrypt.sh/certs/example.org/fullchain.pem;
  
-  # Maximum file upload size is 4MB - change accordingly if needed +  # Maximum file upload size is 20MB - change accordingly if needed 
-  client_max_body_size 4M;+  client_max_body_size 20M;
   client_body_buffer_size 128k;   client_body_buffer_size 128k;
    
Zeile 1312: Zeile 1326:
 </file> </file>
  
-==== Pad ====+===== Pad =====
  
   * Software: Etherpad-lite   * Software: Etherpad-lite
Zeile 1427: Zeile 1441:
   * https://github.com/ether/etherpad-lite/wiki/Manipulating-the-database   * https://github.com/ether/etherpad-lite/wiki/Manipulating-the-database
  
-==== wall.technikkultur-erfurt.de ====+===== wall.technikkultur-erfurt.de =====
  
   * Config: /var/www/wall.technikkultur-erfurt.de/config.php   * Config: /var/www/wall.technikkultur-erfurt.de/config.php
Zeile 1450: Zeile 1464:
 </file> </file>
  
-==== Piwik ====+===== opendata.bytespeicher.org ===== 
 + 
 +  * Webspace: /var/www/opendata.bytepseicher.org/public_html 
 +  
 +<file|/etc/nginx/sites-available/opendata.bytespeicher.org> 
 +server { 
 +  listen 80; 
 +  listen [::]:80; 
 + 
 +  listen 443 ssl; 
 +  listen [::]:443 ssl; 
 + 
 +  include snippets/letsencrypt.conf; 
 + 
 +  root /var/www/opendata.bytespeicher.org/public_html; 
 + 
 +  index index.html; 
 + 
 +  server_name opendata.bytespeicher.org; 
 + 
 +  location / { 
 +    try_files $uri $uri/ =404; 
 +  } 
 + 
 +  # PHP 
 +  location ~ \.php$ { 
 +    fastcgi_pass   unix:/var/run/php5-fpm.sock; 
 +    include         fastcgi_params; 
 +    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 
 +    fastcgi_param REDIRECT_STATUS 200; 
 +  } 
 + 
 +  ssl on; 
 + 
 +  # Use SSL as default 
 +  # if ($scheme != "https") { 
 +  #   rewrite ^ https://$host$uri permanent; 
 +  # } 
 +  # add_header Strict-Transport-Security "max-age=31536000"; 
 + 
 +  ssl_certificate /home/letsencrypt/letsencrypt.sh/certs/opendata.bytespeicher.org/fullchain.pem; 
 +  ssl_certificate_key /home/letsencrypt/letsencrypt.sh/certs/opendata.bytespeicher.org/privkey.pem; 
 + 
 +  ssl_dhparam /etc/ssl/opendata.bytespeicher.org/dhparam.pem; 
 + 
 +  ssl_stapling on; 
 +  ssl_stapling_verify on; 
 +  ssl_trusted_certificate /home/letsencrypt/letsencrypt.sh/certs/opendata.bytespeicher.org/fullchain.pem; 
 + 
 +  # Security options 
 +  add_header X-Frame-Options SAMEORIGIN; 
 +  add_header X-Content-Type-Options nosniff; 
 +  add_header Access-Control-Allow-Origin *; 
 +
 +</file> 
 + 
 +===== Piwik =====
  
   * Datenbank: bs_piwik   * Datenbank: bs_piwik
Zeile 1474: Zeile 1544:
 </file> </file>
  
-==== Roundcube ====+===== Roundcube =====
  
   * Datenbank: roundcubemail   * Datenbank: roundcubemail
Zeile 1543: Zeile 1613:
  
   root /var/www/mail.bytespeicher.org/;   root /var/www/mail.bytespeicher.org/;
 +
 +  client_max_body_size 64m;
  
   index index.php index.html;   index index.php index.html;
Zeile 1589: Zeile 1661:
   * //**rm -rf /var/www/mail.bytespeicher.org/installer/**//   * //**rm -rf /var/www/mail.bytespeicher.org/installer/**//
  
-==== Matrix/Synapse ====+===== Matrix/Synapse =====
  
   * useradd -m synapse   * useradd -m synapse
Zeile 1682: Zeile 1754:
 <file|/home/synapse/.synapse/homeserver.yaml> <file|/home/synapse/.synapse/homeserver.yaml>
 --- homeserver.yaml.orig 2017-06-05 12:56:46.729514635 +0200 --- homeserver.yaml.orig 2017-06-05 12:56:46.729514635 +0200
-+++ homeserver.yaml 2017-06-05 18:44:13.546761068 +0200++++ homeserver.yaml 2018-04-17 13:40:25.760622831 +0200
 @@ -4,10 +4,10 @@ @@ -4,10 +4,10 @@
  # autogenerates on launch with your own SSL certificate + key pair  # autogenerates on launch with your own SSL certificate + key pair
Zeile 1689: Zeile 1761:
 -tls_certificate_path: "/home/synapse/.synapse/erfurt.chat.tls.crt" -tls_certificate_path: "/home/synapse/.synapse/erfurt.chat.tls.crt"
 +tls_certificate_path: "/home/synapse/ssl/fullchain.pem" +tls_certificate_path: "/home/synapse/ssl/fullchain.pem"
- +
  # PEM encoded private key for TLS  # PEM encoded private key for TLS
 -tls_private_key_path: "/home/synapse/.synapse/erfurt.chat.tls.key" -tls_private_key_path: "/home/synapse/.synapse/erfurt.chat.tls.key"
 +tls_private_key_path: "/home/synapse/ssl/privkey.pem" +tls_private_key_path: "/home/synapse/ssl/privkey.pem"
- +
  # PEM dh parameters for ephemeral keys  # PEM dh parameters for ephemeral keys
  tls_dh_params_path: "/home/synapse/.synapse/erfurt.chat.tls.dh"  tls_dh_params_path: "/home/synapse/.synapse/erfurt.chat.tls.dh"
 @@ -50,7 +50,7 @@ @@ -50,7 +50,7 @@
  pid_file: /home/synapse/.synapse/homeserver.pid  pid_file: /home/synapse/.synapse/homeserver.pid
- +
  # Whether to serve a web client from the HTTP/HTTPS root resource.  # Whether to serve a web client from the HTTP/HTTPS root resource.
 -web_client: True -web_client: True
 +web_client: False +web_client: False
- +
  # The root directory to server for the above web client.  # The root directory to server for the above web client.
  # If left undefined, synapse will serve the matrix-angular-sdk web client.  # If left undefined, synapse will serve the matrix-angular-sdk web client.
 @@ -59,7 +59,7 @@ @@ -59,7 +59,7 @@
  # web_client_location: "/path/to/web/root"  # web_client_location: "/path/to/web/root"
- +
  # The public-facing base URL for the client API (not including _matrix/...)  # The public-facing base URL for the client API (not including _matrix/...)
 -# public_baseurl: https://example.com:8448/ -# public_baseurl: https://example.com:8448/
 +public_baseurl: https://erfurt.chat:8448/ +public_baseurl: https://erfurt.chat:8448/
- +
  # Set the soft limit on the number of file descriptors synapse can use  # Set the soft limit on the number of file descriptors synapse can use
  # Zero is used to indicate synapse should set the soft limit to the  # Zero is used to indicate synapse should set the soft limit to the
-@@ -123,7 +123,7 @@+@@ -71,7 +71,9 @@ 
 + 
 + # Set the limit on the returned events in the timeline in the get 
 + # and sync operations. The default value is -1, means no upper limit. 
 +-# filter_timeline_limit: 5000 
 +
 ++## activated by maddi 
 ++filter_timeline_limit: 500 
 + 
 + # List of ports that Synapse should listen on, their purpose and their 
 + # configuration. 
 +@@ -85,11 +87,11 @@ 
 +     # Local addresses to listen on. 
 +     # This will listen on all IPv4 addresses by default. 
 +     bind_addresses: 
 +-      - '0.0.0.0' 
 ++      #- '0.0.0.0' 
 +       # Uncomment to listen on all IPv6 interfaces 
 +       # N.B: On at least Linux this will also listen on all IPv4 
 +       # addresses, so you will need to comment out the line above. 
 +-      # - '::' 
 ++      - '::' 
 + 
 +     # This is a 'http' listener, allows us to specify 'resources'
 +     type: http 
 +@@ -123,7 +125,7 @@
      bind_addresses: ['0.0.0.0']      bind_addresses: ['0.0.0.0']
      type: http      type: http
- +
 -    x_forwarded: false -    x_forwarded: false
 +    x_forwarded: True +    x_forwarded: True
- +
      resources:      resources:
        - names: [client, webclient]        - names: [client, webclient]
-@@ -231,7 +231,7 @@+@@ -141,14 +143,18 @@ 
 + # Database configuration 
 + database: 
 +   # The database engine name 
 +-  name: "sqlite3" 
 ++  name: "psycopg2" 
 +   # Arguments to pass to the engine 
 +   args: 
 +-    # Path to the database 
 +-    database: "/home/synapse/.synapse/homeserver.db" 
 ++    #user: synapse 
 ++    database: synapse 
 ++    #host: localhost 
 ++    #password: 
 ++    cp_min: 5 
 ++    cp_max: 25 
 + 
 + # Number of events to cache in memory. 
 +-event_cache_size: "10K" 
 ++event_cache_size: "1K" 
 + 
 + 
 + 
 +@@ -156,7 +162,7 @@ 
 + verbose:
 + 
 + # File to write logging to. Ignored if log_config is specified. 
 +-log_file: "/home/synapse/.synapse/homeserver.log" 
 ++log_file: "/home/synapse/.synapse/log/homeserver.log" 
 + 
 + # A yaml python logging config file 
 + log_config: "/home/synapse/.synapse/erfurt.chat.log.config" 
 +@@ -171,7 +177,9 @@ 
 + rc_message_burst_count: 10.0 
 + 
 + # The federation window size in milliseconds 
 +-federation_rc_window_size: 1000 
 ++## edit by maddi 
 ++# federation_rc_window_size: 2000 
 ++federation_rc_window_size: 2000 
 + 
 + # The number of federation requests from a single server in a window 
 + # before the server will delay processing the request. 
 +@@ -183,14 +191,19 @@ 
 + 
 + # The maximum number of concurrent federation requests allowed 
 + # from a single server 
 +-federation_rc_reject_limit: 50 
 ++## edit by maddi 
 ++# federation_rc_reject_limit: 50 
 ++federation_rc_reject_limit: 10 
 + 
 + # The number of federation requests to concurrently process from a 
 + # single server 
 +-federation_rc_concurrent:
 +
 +
 +
 ++#federation_rc_concurrent:
 ++## edit by maddi 
 ++federation_rc_concurrent:
 +
 ++## add by maddi 
 ++federation_domain_whitelist: ['erfurt.chat','matrix.ffggrz.de','bau-ha.us','zner0l.de','byteschmeisser.de'
 +
 + # Directory where uploaded images and attachments are stored. 
 + media_store_path: "/home/synapse/.synapse/media_store" 
 + 
 +@@ -231,7 +244,7 @@
  # Is the preview URL API enabled?  If enabled, you *must* specify  # Is the preview URL API enabled?  If enabled, you *must* specify
  # an explicit url_preview_ip_range_blacklist of IPs that the spider is  # an explicit url_preview_ip_range_blacklist of IPs that the spider is
Zeile 1729: Zeile 1894:
 -url_preview_enabled: False -url_preview_enabled: False
 +url_preview_enabled: True +url_preview_enabled: True
- +
  # List of IP address CIDR ranges that the URL preview spider is denied  # List of IP address CIDR ranges that the URL preview spider is denied
  # from accessing.  There are no defaults: you must explicitly  # from accessing.  There are no defaults: you must explicitly
-@@ -241,14 +241,14 @@+@@ -241,14 +254,14 @@
  # synapse to issue arbitrary GET requests to your internal services,  # synapse to issue arbitrary GET requests to your internal services,
  # causing serious security issues.  # causing serious security issues.
Zeile 1755: Zeile 1920:
  # to access even if they are specified in url_preview_ip_range_blacklist.  # to access even if they are specified in url_preview_ip_range_blacklist.
  # This is useful for specifying exceptions to wide-ranging blacklisted  # This is useful for specifying exceptions to wide-ranging blacklisted
-@@ -322,10 +322,10 @@+@@ -322,10 +335,10 @@
  ## Turn ##  ## Turn ##
- +
  # The public URIs of the TURN server to give to clients  # The public URIs of the TURN server to give to clients
 -turn_uris: [] -turn_uris: []
 +turn_uris: [ "turn:erfurt.chat:3478?transport=udp", "turn:erfurt.chat:3478?transport=tcp" ] +turn_uris: [ "turn:erfurt.chat:3478?transport=udp", "turn:erfurt.chat:3478?transport=tcp" ]
- +
  # The shared secret used to compute passwords for the TURN server  # The shared secret used to compute passwords for the TURN server
 -turn_shared_secret: "YOUR_SHARED_SECRET" -turn_shared_secret: "YOUR_SHARED_SECRET"
 +turn_shared_secret: "$$$SECRET$$$" +turn_shared_secret: "$$$SECRET$$$"
- +
  # The Username and password if the TURN server needs them and  # The Username and password if the TURN server needs them and
  # does not use a token  # does not use a token
-@@ -346,7 +346,7 @@+@@ -346,7 +359,7 @@
  ## Registration ##  ## Registration ##
- +
  # Enable registration for new users.  # Enable registration for new users.
 -enable_registration: False -enable_registration: False
 +enable_registration: True +enable_registration: True
- +
  # If set, allows registration by anyone who also has the shared  # If set, allows registration by anyone who also has the shared
  # secret, even if registration is otherwise disabled.  # secret, even if registration is otherwise disabled.
-@@ -360,7 +360,7 @@+@@ -360,7 +373,7 @@
  # Allows users to register as guests without a password/email/etc, and  # Allows users to register as guests without a password/email/etc, and
  # participate in rooms hosted on this server which have been made  # participate in rooms hosted on this server which have been made
Zeile 1783: Zeile 1948:
 -allow_guest_access: False -allow_guest_access: False
 +allow_guest_access: True +allow_guest_access: True
- +
  # The list of identity servers trusted to verify third party  # The list of identity servers trusted to verify third party
  # identifiers by this server.  # identifiers by this server.
-@@ -388,7 +388,@@ +@@ -388,7 +401,@@ 
-  + 
- +
  # A list of application service config file to use  # A list of application service config file to use
 -app_service_config_files: [] -app_service_config_files: []
-+app_service_config_files: [ "ircbridge_registration.yaml"++#app_service_config_files: [ "ircbridge_registration.yaml" 
-  ++## deactivated by maddi 
- ++app_service_config_files:
 + 
  macaroon_secret_key: "$$$SECRET$$$"  macaroon_secret_key: "$$$SECRET$$$"
-@@ -461,7 +461,8 @@+@@ -402,7 +417,7 @@ 
 + signing_key_path: "/home/synapse/.synapse/erfurt.chat.signing.key" 
 + 
 + # The keys that the server used to sign messages with but won't use 
 +-# to sign new messages. E.g. it has lost its private key 
 ++# to sign new messages. dE.g. it has lost its private key 
 + old_signing_keys: {} 
 + #  "ed25519:auto": 
 + #    # Base64 encoded public key 
 +@@ -461,7 +476,8 @@
     enabled: true     enabled: true
     # Uncomment and change to a secret random string for extra security.     # Uncomment and change to a secret random string for extra security.
Zeile 1802: Zeile 1978:
 +   pepper: "$$$SECRET$$$" +   pepper: "$$$SECRET$$$"
 + +
-  + 
-  + 
-  + 
-@@ -473,20 +474,20 @@+@@ -473,20 +489,20 @@
  # If your SMTP server requires authentication, the optional smtp_user &  # If your SMTP server requires authentication, the optional smtp_user &
  # smtp_pass variables should be used  # smtp_pass variables should be used
Zeile 1832: Zeile 2008:
 +   notif_from: "Your Friendly %(app)s Home Server <noreply@erfurt.chat>" +   notif_from: "Your Friendly %(app)s Home Server <noreply@erfurt.chat>"
 +   app_name: Matrix +   app_name: Matrix
-+   template_dir: res/templates++   template_dir: /home/synapse/.synapse/res/templates/
 +   notif_template_html: notif_mail.html +   notif_template_html: notif_mail.html
 +   notif_template_text: notif_mail.txt +   notif_template_text: notif_mail.txt
 +   notif_for_new_users: True +   notif_for_new_users: True
 +   riot_base_url: "https://erfurt.chat/riot" +   riot_base_url: "https://erfurt.chat/riot"
-  + 
- +
  # password_providers:  # password_providers:
 </file> </file>
  
 +<file|/home/synapse/.synapse/erfurt.chat.log.config>
 +
 +version: 1
 +
 +formatters:
 +  precise:
 +   format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s- %(message)s'
 +
 +filters:
 +  context:
 +    (): synapse.util.logcontext.LoggingContextFilter
 +    request: ""
 +
 +handlers:
 +  file:
 +    class: logging.handlers.RotatingFileHandler
 +    formatter: precise
 +    filename: /home/synapse/.synapse/log/homeserver.log
 +    maxBytes: 104857600
 +    backupCount: 10
 +    filters: [context]
 +  console:
 +    class: logging.StreamHandler
 +    formatter: precise
 +    filters: [context]
 +
 +loggers:
 +    synapse:
 +        level: INFO
 +
 +    synapse.storage.SQL:
 +        # beware: increasing this to DEBUG will make synapse log sensitive
 +        # information such as access tokens.
 +        level: INFO
 +
 +root:
 +    level: INFO
 +    handlers: [file]
 +#    handlers: [file, console]
 +</file>
 <file|/etc/systemd/system/synapse.service> <file|/etc/systemd/system/synapse.service>
 [Unit] [Unit]
Zeile 1882: Zeile 2098:
 </file> </file>
  
-=== Matrix IRC Bridge ===+==== Matrix IRC Bridge ====
  
   * curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash -   * curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash -
Zeile 2264: Zeile 2480:
   * systemctl start matrix-irc-bridge.service   * systemctl start matrix-irc-bridge.service
  
-=== Externe Synapse Dokumentation ===+==== Upgrade zu Postgres ==== 
 +  * wget -q https://www.postgresql.org/media/keys/ACCC4CF8.asc -O - | sudo apt-key add - 
 +  * echo deb http://apt.postgresql.org/pub/repos/apt/ jessie-pgdg main > /etc/apt/sources.list.d/pgdg.list 
 +  * apt update 
 +  * apt install postgresql-10 postgresql-client-10 libpq-dev 
 +  * sudo -u postgres createuser -e  synapse 
 +  * sudo -u postgres psql -c "CREATE DATABASE synapse ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER synapse_user;" 
 +  * service synapse stop 
 +  * cp -a /home/synapse/.synapse/homeserver.db{,.snapshot} 
 +  * cp -a /home/synapse/.synapse/homeserver{,-postgres}.yaml 
 + 
 +<file|/home/synapse/.synapse/homeserver-postgres.yaml> 
 +[...] 
 + 
 +# Database configuration 
 +database: 
 +  # The database engine name 
 +  name: "psycopg2" 
 +  # Arguments to pass to the engine 
 +  args: 
 +    database: synapse 
 +    cp_min: 5  
 +    cp_max: 25 
 +     
 +[...] 
 +</file> 
 + 
 +  * service synapse start 
 +  * sudo -u synapse bash 
 +  * source ~/.synapse/bin/activate 
 +  * pip install psycopg2 
 +  * cd ~/.synapse 
 +  * synapse_port_db --sqlite-database homeserver.db.snapshot --postgres-config homeserver-postgres.yaml 
 +  * (as root) service synapse stop 
 +  * synapse_port_db --sqlite-database homeserver.db --postgres-config homeserver-postgres.yaml 
 +  * mv homeserver.yaml{,.old-sqlite} 
 +  * mv homeserver{-postgres,}.yaml 
 +  * mv homeserver.db{,.unused} 
 +  * exit 
 +  * service synapse start 
 + 
 + 
 +Es wurde https://github.com/matrix-org/synapse/pull/3099 mit eingspielt. 
 + 
 +==== Externe Synapse Dokumentation ====
   * https://github.com/matrix-org/synapse/blob/master/README.rst#synapse-installation   * https://github.com/matrix-org/synapse/blob/master/README.rst#synapse-installation
   * https://github.com/matrix-org/synapse/blob/master/README.rst#setting-up-federation   * https://github.com/matrix-org/synapse/blob/master/README.rst#setting-up-federation
   * https://github.com/matrix-org/synapse/blob/master/docs/turn-howto.rst   * https://github.com/matrix-org/synapse/blob/master/docs/turn-howto.rst
-==== users.bytespeicher.org ====+===== users.bytespeicher.org =====
  
 <file|/etc/nginx/sites-available/users.bytespeicher.org> <file|/etc/nginx/sites-available/users.bytespeicher.org>
Zeile 2291: Zeile 2551:
 </file> </file>
  
-===== Datensicherung =====+====== Datensicherung ======
  
 Die Datensicherung erfolgt verschlüsselt auf einen Server von [[user:mape2k]] und einen Server von [[user:mkzero]]: Die Datensicherung erfolgt verschlüsselt auf einen Server von [[user:mape2k]] und einen Server von [[user:mkzero]]:
Zeile 2417: Zeile 2677:
 30 2   * * *   root    HOME=/root && duply mkzero-backup backup 30 2   * * *   root    HOME=/root && duply mkzero-backup backup
 </file> </file>
 +
 +====== Postfächer und Forward-Konten ======
 +
 +Als Mailserver wird Postfix eingesetzt. 
 +Aliase für Forwarding-Postfächer werden in der Datei ''/etc/postfix/virtual gepeichert.'' Änderungen werden erst durch Ausführen von ''postmap /etc/postfix/virtual'' übernommen.
 +
 +[mehr Dokumentation nötig…] 
 +
 +
 +=====  Postfach anlegen ====
 +
 +mit ''doveadm pw -s ssha'' Passwort erzeugen.
 +
 +Passwort-Hash mit FQDN-Mail in /etc/dovecot/users eintragen
 +
 +
 +in den mail-ordner Wechsel und Postfach-Ordner anlegen und Besitzer sowie Rechte anpassen
 +
 +
 +''chown vmail:vmail postfach''
 +
 +''chmod 700 postfach''
 +
 +''systemctl restart dovecot''
 +
 +
 +
 +
  • dienste/bytecluster0001.1498063846.txt.gz
  • Zuletzt geändert: 21.06.2017 18:50
  • von mape2k