Site Tools


software:selfhosting

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
software:selfhosting [2022/12/24 14:05] – [Candidates for future services] chrissoftware:selfhosting [2024/03/03 11:36] (current) chris
Line 1: Line 1:
 +===== Whats's this about? =====
 +Notes on various services I run for myself.
  
 +===== Services =====
 +  * **DNS:**
 +    * hosting: bind
 +    * upstream registration: gandi.net
 +    * secondary server: https://ns-global.zone/ offers these publicly, not yet tried
 +  * **SMTP:**
 +    * verification tools:
 +      * send a mail to echo@univie.ac.at and get a reply with all headers
 +      * site https://mxtoolbox.com/ to verify if you run an open relay, and DNS settings
 +      * verify which TLS modes your system offers:
 +        * https://cryptcheck.fr/
 +        * https://www.checktls.com/
 +        * https://www.immuniweb.com/ssl/
 +    * As of 2020-12-28, t-online does not accept mails from me with: %%554 IP=45.136.30.123 - A problem occurred. (Ask your postmaster for help or to contact tosa@rx.t-online.de to clarify.) (BL)%%
 +    * Communication with tosa@rx.t-online.de brought up that t-online has apparently setup own rules which are not backed by RFCs. The requirements I got:
 +      * **request:** Have a system with a name like 'mail.<domain>' deliver mail to t-online.
 +      * **comment:** That makes no sense. google would then start to request me to deliver from 'foobar.<domain>', so what should I do then? The RFC allow me to deliver plainly from <domain> I have also all DNS things like dmarc in order, I am reacting to mails to postmaster@domain and so on.
 +      * **request:** Your whois record does not have your full contact details (that's because of new data protection laws). Providing these details via https from the same domain would be acceptable.
 +      * **comment:** I already have my name and various ways to reach me described on https://fluxcoil.net .  My site is not commercial, I do not need an "impressum" as per German law. This is an arbitrary request from t-online. If such a request is valid, it should be discussed in the community and find its way into RFCs.  Otherwise, everybody on the internet can start to setup such "own rules".
 +    * => For now, I send mails to t-online from a different mail account, and notify the recipients that their provider is "special".
 +  * **http/https:**
 +    * verification tools:
 +      * https://www.immuniweb.com/ssl/
 +      * https://www.ssllabs.com/
 +    * nginx, let's encrypt cert
 +    * understand page load time: run firefox, press <ctrl>+<shift>+<i>, then "network", disable cache, load a page
 +      * high latency to Japan, ~260ms
 +      * `time curl https://fluxcoil.net --tlsv1.3 >/dev/null` takes 1.4sec from Japan, and 0.022sec directly on the server
 +      * `time curl https://fluxcoil.net/files/ --tlsv1.3 >/dev/null` takes 0.83sec from Japan, 0.016sec directly on the server
 +    * sitemap validator: [[https://www.xml-sitemaps.com/validate-xml-sitemap.html|link]]
 +    * Are handed out svg files getting compressed?  With default settings, nginx on Debian/Bullseye is not encrypting mime type 'image/svg+xml'.
 +      * Test if a svg file is handed out compressed: "curl -I -H 'accept-encoding:gzip, deflate' https://fluxcoil.net/static/20210224_minder5.svg"
 +      * activate compression for svg in nginx.conf: "gzip_types text/plain [..] image/svg+xml;"
 +  * **video/audio chat:**
 +    * Jitsi
 +
 +===== Monitoring =====
 +  * **availability monitoring:**
 +    * https://www.wyae.de/software/moshel/ , availability monitoring script directly running on the server
 +  * **performance monitoring:**
 +    * PCP with grafana for graphics. Network bandwidth, latency to some other servers on the internet, bind and postfix statistics and so on
 +
 +===== Candidates for future services =====
 +  * Remote desktop control
 +    * https://github.com/rustdesk/rustdesk
 +    * https://github.com/rustdesk/rustdesk-server-demo
 +  * https://rport.io/ - opensource remote control. In go, server and client components. froscon2021 video exists.
 +  * https://github.com/slackhq/nebula - mesh networking. Think of wireguard, but with the nodes directly talking with each other
 +  * https://github.com/m1k1o/neko - browser/video sharing for multiple clients, i.e. for watching a video together
software/selfhosting.txt · Last modified: 2024/03/03 11:36 by chris