software:selfhosting
Table of Contents
Whats's this about?
Notes on various services I run for myself.
Services
- DNS:
- hosting: bind
- upstream registration: gandi.net
- secondary server: https://ns-global.zone/ offers these publicly, not yet tried
- SMTP:
- verification tools:
- send a mail to echo@univie.ac.at and get a reply with all headers
- site https://mxtoolbox.com/ to verify if you run an open relay, and DNS settings
- verify which TLS modes your system offers:
- As of 2020-12-28, t-online does not accept mails from me with: 554 IP=45.136.30.123 - A problem occurred. (Ask your postmaster for help or to contact tosa@rx.t-online.de to clarify.) (BL)
- Communication with tosa@rx.t-online.de brought up that t-online has apparently setup own rules which are not backed by RFCs. The requirements I got:
- request: Have a system with a name like 'mail.<domain>' deliver mail to t-online.
- comment: That makes no sense. google would then start to request me to deliver from 'foobar.<domain>', so what should I do then? The RFC allow me to deliver plainly from <domain>. I have also all DNS things like dmarc in order, I am reacting to mails to postmaster@domain and so on.
- request: Your whois record does not have your full contact details (that's because of new data protection laws). Providing these details via https from the same domain would be acceptable.
- comment: I already have my name and various ways to reach me described on https://fluxcoil.net . My site is not commercial, I do not need an “impressum” as per German law. This is an arbitrary request from t-online. If such a request is valid, it should be discussed in the community and find its way into RFCs. Otherwise, everybody on the internet can start to setup such “own rules”.
- ⇒ For now, I send mails to t-online from a different mail account, and notify the recipients that their provider is “special”.
- http/https:
- verification tools:
- nginx, let's encrypt cert
- nginx 1.15.4 will have ssl_early_data, Debian Bullseye was the first stable Debian release providing that
- understand page load time: run firefox, press <ctrl>+<shift>+<i>, then “network”, disable cache, load a page
- high latency to Japan, ~260ms
- `time curl https://fluxcoil.net –tlsv1.3 >/dev/null` takes 1.4sec from Japan, and 0.022sec directly on the server
- `time curl https://fluxcoil.net/files/ –tlsv1.3 >/dev/null` takes 0.83sec from Japan, 0.016sec directly on the server
- sitemap validator: link
- Are handed out svg files getting compressed? With default settings, nginx on Debian/Bullseye is not encrypting mime type 'image/svg+xml'.
- Test if a svg file is handed out compressed: “curl -I -H 'accept-encoding:gzip, deflate' https://fluxcoil.net/static/20210224_minder5.svg”
- activate compression for svg in nginx.conf: “gzip_types text/plain [..] image/svg+xml;”
- video/audio chat:
- Jitsi
Monitoring
- availability monitoring:
- https://www.wyae.de/software/moshel/ , availability monitoring script directly running on the server
- performance monitoring:
- PCP with grafana for graphics. Network bandwidth, latency to some other servers on the internet, bind and postfix statistics and so on
Candidates for future services
- Remote desktop control
- https://rport.io/ - opensource remote control. In go, server and client components. froscon2021 video exists.
- https://github.com/slackhq/nebula - mesh networking. Think of wireguard, but with the nodes directly talking with each other
- https://github.com/m1k1o/neko - browser/video sharing for multiple clients, i.e. for watching a video together
software/selfhosting.txt · Last modified: 2022/12/24 15:05 by chris