[Cc-webedit] Server work done today

Fri Oct 9 17:45:05 BST 2009

Yo,

scponly and ssh port proposals are fine by me.

On Fri, 2009-10-09 at 17:08 +0100, Jim Dog wrote:
> Ok so the second thing I have been doing today is to try and sort out
> the ssl certificate for the server, but I have reached an impass as I
> can't receive root mail for the domain www.climatecamp.org.uk
> 
> There are several ways around this, but all would require my details
> being added to the MX records for whoever does the mail relaying now
> (nologic still?) so that I receive mail for one of the following
> addresses, then someone needs to let me know which asap
> 
> root
> hostmaster
> postmaster
> admin
> webmaster

I have set up hostmaster, postmaster, admin and webmaster to forward to
root. I have then set up root to forward to you and I, as we are the two
who currently administrate the server. Hope that's okay.

> I would suggest that it is a good idea to get someone other than nologic
> to receive the mail for all of these addresses anyhow if this has not
> already been done. Ideally, I think we ought to run our own MX or at
> least use someone who will make it easier to do stuff like this in a
> hurry. Who has the logins for the DNS etc? It would make my life a lot
> easier if I could deal with this directly if the group can get consensus
> that this is necessary. Therefore I propose that I be given access to
> the DNS and MX records held with NoLogic as I can't generate a server
> certificate with CACERT without being able to do this.

Note that it is pretty quick for us to create new email addresses and
forwards. Neil and I currently have the password for this. I think it's
good having nologic worry about administrating the mail server for now,
as that's one less thing for us to have to maintain. However, as we
discussed at the gathering, there is clearly something to be desired
with respect to spam filtering and SSL for the webmail. I'd like to hear
the outcome of Neil's investigations before considering moving our mail
provider.

The domain and DNS is currently administered by nologic and records can
be changed on request. Currently *.climatecamp.org.uk points to the
tachanka server, with specific exceptions (mail.climatecamp.org.uk and
old.climatecamp.org.uk IIRC). I think this is alright, but if there was
a strong feeling we should have more direct control over it I wouldn't
stand in the way.

> The other thing related to certificates is that I ned an up to date list
> of subdomains that are being used at the moment ie
> photo.climatecamp.org.uk or foo.clim.... etc

Looking at the Apache config I've got:

bugs.climatecamp.org.uk (redmine)
code.climatecamp.org.uk (gitweb)
news.climatecamp.org.uk (unused, we should probably delete)
photo.climatecamp.org.uk (though I don't think we need SSL for this)
stats.climatecamp.org.uk

However, I have had in the back of my mind to change "bugs" to "dev" and
remove "code" as redmine has a perfectly adequate repository browser. So
it would be good to add "dev" to this certificate.

There's also cms.climatecamp.org.uk for the cms.

> Deeeeeeep breath
> 
> Hope that makes sense to someone, let me know if anyhting is too baffling

Thanks for your work on this, it made sense :)

Jon