ThinkServer:News: Difference between revisions

(8 intermediate revisions by the same user not shown)

Line 1:

==New WebP Images==

WebP is an open source image format created by Google based on the VP8 video codec. It shows a lot of promise, allowing both lossless and lossy compression of images and allows motion (encompassing what PNG, JPG and GIF/APNG do respectively in one format) while saving space over the older formats. I have at the moment changed the images in the gallery on the Main Page to test Wikipedia and browser handling of the new format and if all is well, may convert the rest of the images on the site to WebP. Modern browsers all support WebP which is promising news.

--[[User:Sam|Sam]] ([[User talk:Sam|talk]]) 01:07, 1 March 2021 (UTC)

==Leaping back==

We are now back to using [[openSUSE Leap 15.2]] on the server. It has met our needs in providing modern TLS 1.3 support and the new charon method of configuring Strongswan rather than the old ipsec method.

We are looking forward to openSuSE Leap 15.3 as this promises to be closer to SLES 15 SP3 than ever before.

--[[User:Sam|Sam]] ([[User talk:Sam|talk]]) 18:09, 8 September 2020 (UTC)

==Latest Server News ==

Nextcloud has been updated to Nextcloud 18 which supports PHP 7.4 so Nextcloud is back in action. We are now awaiting an update for the Piwigo photo server which is having PHP 7.4 related issues at the moment. We have also sorted out all the niggles with redirecting on Apache so web pages redirect from HTTP to HTTPS correctly now. We have also sorted the problems with the certificates (nothing security related, just a misconfiguration with the wildcard) and have submitted for HSTS preloading. When generating a wildcard certificate, it needs to verify both the domain on its own and the wildcard, otherwise HSTS cannot be activated.

--[[User:Sam|Sam]] ([[User talk:Sam|talk]]) 04:25, 17 February 2020 (UTC)

== Nextcloud Outage ==

Unfortunately, Nextcloud is out of action on the server at the minute. Our server updated to PHP 7.4 while Nextcloud only supports PHP <=7.3. Nextcloud is due to be upgraded January to support this but for now, it will stay offline.

Unfortunately, Nextcloud is out of action on the server at the minute. Our server updated to PHP 7.4 while Nextcloud only supports PHP <=7.3. Nextcloud is due to be upgraded in January to support this but for now, it will stay offline.

--[[User:Sam|Sam]] ([[User talk:Sam|talk]]) 02:15, 8 January 2020 (UTC)

Line 10:

Line 28:

* TLS 1.3 support for our web pages. TLS 1.2 is still supported as TLS 1.3 is new but we do not support any lower than TLS 1.2.

* ~~Letencrypt~~ allow for wildcard certificates, which have allowed us more flexibility with the use of our certificates. We are also using ECDSA certificates using acme.sh to implement them.

* Letsencrypt now allow for wildcard certificates, which have allowed us more flexibility with the use of our certificates. We are also using ECDSA certificates using acme.sh to implement them.

* Strongswan is now implemented with the new charon interface, which is much more flexible and modular than the old ipsec interface (this was a learning curve, but we got there!)

* Our domain ~~has~~ is now https://www.freddythechick.net. Due to the nature of our internet connection, we needed DDNS support and have had to move from Gandi to Google Domains. This address is secured for the next 2 years.

* Our domain is now https://www.freddythechick.net. Due to the nature of our internet connection, we needed DDNS support and have had to move from Gandi to Google Domains. This address is secured for the next 2 years.

* We have moved over to openSUSE Tumbleweed again to implement all this great work but plan to move back to openSUSE Leap when all these things are implemented in the Leap release. We are hoping this will all be implemented by openSUSE Leap 16.

Line 33:

Line 51:

== New Developments! ==

We have managed to acquire and enabled a domain name to the server. This is [https://freddythechick.~~uk freddythechick~~.uk]. This has allowed us to set and use more services than before. We have set up IPSec-IKEv2 connection for VPN connections to our mobile phones. We have managed to put the website to be internet facing and have enabled TLS with Let's Encrypt so it is now trusted by all browsers, it is also persistently encrypted and we have disabled unused old ciphers, only allowing AES-GCM with modern browsers. We are currently using ECDHE-RSA for key negotiation but will use ECDHE-ECDSA as soon as Let's Encrypt support it (support is coming soon). We have set up a local DNS server to redirect requests to our domain name locally to the server instead of through the Internet.

We have managed to acquire and enabled a domain name to the server. This is <s>freddythechick.uk</s> [https://thinkserver.freddythechick.net freddytehchick.net]. This has allowed us to set up and use more services than before. We have set up IPSec-IKEv2 connection for VPN connections to our mobile phones. We have managed to put the website to be internet facing and have enabled TLS with Let's Encrypt so it is now trusted by all browsers, it is also persistently encrypted and we have disabled unused old ciphers, only allowing AES-GCM with modern browsers. We are currently using ECDHE-RSA for key negotiation but will use ECDHE-ECDSA as soon as Let's Encrypt support it (support is coming soon). We have set up a local DNS server to redirect requests to our domain name locally to the server instead of through the Internet.

Next to be sorted is possibly and e-mail server at some point - watch this space!

Line 47:

Line 65:

== HTTP/2 Support ==

We have enabled HTTP/2 support on the server when used with https. <s>We only have a self signed certificate at the moment so an exception needs to be created~~</s>~~, but after that, you should notice that the site is now overall faster than before. You will need a modern browser to take advantage, however with an older browser, the site should still work.

We have enabled HTTP/2 support on the server when used with https. <s>We only have a self signed certificate at the moment so an exception needs to be created, but after that,</s> you should notice that the site is now overall faster than before. You will need a modern browser to take advantage, however with an older browser, the site should still work.

--[[User:Sam|Sam]] ([[User talk:Sam|talk]]) 20:12, 11 April 2016 (UTC)

@@ Line 1: / Line 1: @@
+==New WebP Images==
+WebP is an open source image format created by Google based on the VP8 video codec. It shows a lot of promise, allowing both lossless and lossy compression of images and allows motion (encompassing what PNG, JPG and GIF/APNG do respectively in one format) while saving space over the older formats. I have at the moment changed the images in the gallery on the Main Page to test Wikipedia and browser handling of the new format and if all is well, may convert the rest of the images on the site to WebP. Modern browsers all support WebP which is promising news.
+--[[User:Sam|Sam]] ([[User talk:Sam|talk]]) 01:07, 1 March 2021 (UTC)
+==Leaping back==
+We are now back to using [[openSUSE Leap 15.2]] on the server. It has met our needs in providing modern TLS 1.3 support and the new charon method of configuring Strongswan rather than the old ipsec method.
+We are looking forward to openSuSE Leap 15.3 as this promises to be closer to SLES 15 SP3 than ever before.
+--[[User:Sam|Sam]] ([[User talk:Sam|talk]]) 18:09, 8 September 2020 (UTC)
+==Latest Server News ==
+Nextcloud has been updated to Nextcloud 18 which supports PHP 7.4 so Nextcloud is back in action. We are now awaiting an update for the Piwigo photo server which is having PHP 7.4 related issues at the moment. We have also sorted out all the niggles with redirecting on Apache so web pages redirect from HTTP to HTTPS correctly now. We have also sorted the problems with the certificates (nothing security related, just a misconfiguration with the wildcard) and have submitted for HSTS preloading. When generating a wildcard certificate, it needs to verify both the domain on its own and the wildcard, otherwise HSTS cannot be activated.
+--[[User:Sam|Sam]] ([[User talk:Sam|talk]]) 04:25, 17 February 2020 (UTC)
 == Nextcloud Outage ==
-Unfortunately, Nextcloud is out of action on the server at the minute. Our server updated to PHP 7.4 while Nextcloud only supports PHP <=7.3. Nextcloud is due to be upgraded January to support this but for now, it will stay offline.
+Unfortunately, Nextcloud is out of action on the server at the minute. Our server updated to PHP 7.4 while Nextcloud only supports PHP <=7.3. Nextcloud is due to be upgraded in January to support this but for now, it will stay offline.
 --[[User:Sam|Sam]] ([[User talk:Sam|talk]]) 02:15, 8 January 2020 (UTC)
@@ Line 10: / Line 28: @@
 * TLS 1.3 support for our web pages. TLS 1.2 is still supported as TLS 1.3 is new but we do not support any lower than TLS 1.2.
-* Letencrypt allow for wildcard certificates, which have allowed us more flexibility with the use of our certificates. We are also using ECDSA certificates using acme.sh to implement them.
+* Letsencrypt now allow for wildcard certificates, which have allowed us more flexibility with the use of our certificates. We are also using ECDSA certificates using acme.sh to implement them.
 * Strongswan is now implemented with the new charon interface, which is much more flexible and modular than the old ipsec interface (this was a learning curve, but we got there!)
-* Our domain has is now https://www.freddythechick.net. Due to the nature of our internet connection, we needed DDNS support and have had to move from Gandi to Google Domains. This address is secured for the next 2 years.
+* Our domain is now https://www.freddythechick.net. Due to the nature of our internet connection, we needed DDNS support and have had to move from Gandi to Google Domains. This address is secured for the next 2 years.
 * We have moved over to openSUSE Tumbleweed again to implement all this great work but plan to move back to openSUSE Leap when all these things are implemented in the Leap release. We are hoping this will all be implemented by openSUSE Leap 16.
@@ Line 33: / Line 51: @@
 == New Developments! ==
-We have managed to acquire and enabled a domain name to the server. This is [https://freddythechick.uk freddythechick.uk]. This has allowed us to set and use more services than before. We have set up IPSec-IKEv2 connection for VPN connections to our mobile phones. We have managed to put the website to be internet facing and have enabled TLS with Let's Encrypt so it is now trusted by all browsers, it is also persistently encrypted and we have disabled unused old ciphers, only allowing AES-GCM with modern browsers. We are currently using ECDHE-RSA for key negotiation but will use ECDHE-ECDSA as soon as Let's Encrypt support it (support is coming soon). We have set up a local DNS server to redirect requests to our domain name locally to the server instead of through the Internet.
+We have managed to acquire and enabled a domain name to the server. This is <s>freddythechick.uk</s> [https://thinkserver.freddythechick.net freddytehchick.net]. This has allowed us to set up and use more services than before. We have set up IPSec-IKEv2 connection for VPN connections to our mobile phones. We have managed to put the website to be internet facing and have enabled TLS with Let's Encrypt so it is now trusted by all browsers, it is also persistently encrypted and we have disabled unused old ciphers, only allowing AES-GCM with modern browsers. We are currently using ECDHE-RSA for key negotiation but will use ECDHE-ECDSA as soon as Let's Encrypt support it (support is coming soon). We have set up a local DNS server to redirect requests to our domain name locally to the server instead of through the Internet.
 Next to be sorted is possibly and e-mail server at some point - watch this space!
@@ Line 47: / Line 65: @@
 == HTTP/2 Support ==
-We have enabled HTTP/2 support on the server when used with https. <s>We only have a self signed certificate at the moment so an exception needs to be created</s>, but after that, you should notice that the site is now overall faster than before. You will need a modern browser to take advantage, however with an older browser, the site should still work.
+We have enabled HTTP/2 support on the server when used with https. <s>We only have a self signed certificate at the moment so an exception needs to be created, but after that,</s> you should notice that the site is now overall faster than before. You will need a modern browser to take advantage, however with an older browser, the site should still work.
 --[[User:Sam|Sam]] ([[User talk:Sam|talk]]) 20:12, 11 April 2016 (UTC)