===== Whats's this about? ===== Notes on various services I run for myself. ===== Services ===== * **DNS:** * hosting: bind * upstream registration: gandi.net * secondary server: https://ns-global.zone/ offers these publicly, not yet tried * **SMTP:** * verification tools: * send a mail to echo@univie.ac.at and get a reply with all headers * site https://mxtoolbox.com/ to verify if you run an open relay, and DNS settings * verify which TLS modes your system offers: * https://cryptcheck.fr/ * https://www.checktls.com/ * https://www.immuniweb.com/ssl/ * As of 2020-12-28, t-online does not accept mails from me with: %%554 IP=45.136.30.123 - A problem occurred. (Ask your postmaster for help or to contact tosa@rx.t-online.de to clarify.) (BL)%% * Communication with tosa@rx.t-online.de brought up that t-online has apparently setup own rules which are not backed by RFCs. The requirements I got: * **request:** Have a system with a name like 'mail.' deliver mail to t-online. * **comment:** That makes no sense. google would then start to request me to deliver from 'foobar.', so what should I do then? The RFC allow me to deliver plainly from . I have also all DNS things like dmarc in order, I am reacting to mails to postmaster@domain and so on. * **request:** Your whois record does not have your full contact details (that's because of new data protection laws). Providing these details via https from the same domain would be acceptable. * **comment:** I already have my name and various ways to reach me described on https://fluxcoil.net . My site is not commercial, I do not need an "impressum" as per German law. This is an arbitrary request from t-online. If such a request is valid, it should be discussed in the community and find its way into RFCs. Otherwise, everybody on the internet can start to setup such "own rules". * => For now, I send mails to t-online from a different mail account, and notify the recipients that their provider is "special". * **http/https:** * verification tools: * https://www.immuniweb.com/ssl/ * https://www.ssllabs.com/ * nginx, let's encrypt cert * understand page load time: run firefox, press ++, then "network", disable cache, load a page * high latency to Japan, ~260ms * `time curl https://fluxcoil.net --tlsv1.3 >/dev/null` takes 1.4sec from Japan, and 0.022sec directly on the server * `time curl https://fluxcoil.net/files/ --tlsv1.3 >/dev/null` takes 0.83sec from Japan, 0.016sec directly on the server * sitemap validator: [[https://www.xml-sitemaps.com/validate-xml-sitemap.html|link]] * Are handed out svg files getting compressed? With default settings, nginx on Debian/Bullseye is not encrypting mime type 'image/svg+xml'. * Test if a svg file is handed out compressed: "curl -I -H 'accept-encoding:gzip, deflate' https://fluxcoil.net/static/20210224_minder5.svg" * activate compression for svg in nginx.conf: "gzip_types text/plain [..] image/svg+xml;" * **video/audio chat:** * Jitsi ===== Monitoring ===== * **availability monitoring:** * https://www.wyae.de/software/moshel/ , availability monitoring script directly running on the server * **performance monitoring:** * PCP with grafana for graphics. Network bandwidth, latency to some other servers on the internet, bind and postfix statistics and so on ===== Candidates for future services ===== * Remote desktop control * https://github.com/rustdesk/rustdesk * https://github.com/rustdesk/rustdesk-server-demo * https://rport.io/ - opensource remote control. In go, server and client components. froscon2021 video exists. * https://github.com/slackhq/nebula - mesh networking. Think of wireguard, but with the nodes directly talking with each other * https://github.com/m1k1o/neko - browser/video sharing for multiple clients, i.e. for watching a video together