ThinkServer:News: Difference between revisions

From ThinkServer
m Added news
m →‎Latest Server News: Typo correction
 
(7 intermediate revisions by the same user not shown)
Line 1: Line 1:
==New WebP Images==
WebP is an open source image format created by Google based on the VP8 video codec. It shows a lot of promise, allowing both lossless and lossy compression of images and allows motion (encompassing what PNG, JPG and GIF/APNG do respectively in one format) while saving space over the older formats. I have at the moment changed the images in the gallery on the Main Page to test Wikipedia and browser handling of the new format and if all is well, may convert the rest of the images on the site to WebP. Modern browsers all support WebP which is promising news.
--[[User:Sam|Sam]] ([[User talk:Sam|talk]]) 01:07, 1 March 2021 (UTC)
==Leaping back==
We are now back to using [[openSUSE Leap 15.2]] on the server. It has met our needs in providing modern TLS 1.3 support and the new charon method of configuring Strongswan rather than the old ipsec method.
We are looking forward to openSuSE Leap 15.3 as this promises to be closer to SLES 15 SP3 than ever before.
--[[User:Sam|Sam]] ([[User talk:Sam|talk]]) 18:09, 8 September 2020 (UTC)
==Latest Server News ==
==Latest Server News ==


Nextcloud has been updated to Nextcloud 18 which supports PHP 7.4 so Nextcloud is back in action. We are now awaiting an update for the Piwigo photo server which is having PHP 7.4 related issues at the moment. We have also sorted out all the niggles with redirecting on Apache so web pages redirect from HTTP to HTTPS correctly now. We have also sorted the problems with the certificates (nothing security related, just a misconfiguration) and have submitted for HSTS preloading.
Nextcloud has been updated to Nextcloud 18 which supports PHP 7.4 so Nextcloud is back in action. We are now awaiting an update for the Piwigo photo server which is having PHP 7.4 related issues at the moment. We have also sorted out all the niggles with redirecting on Apache so web pages redirect from HTTP to HTTPS correctly now. We have also sorted the problems with the certificates (nothing security related, just a misconfiguration with the wildcard) and have submitted for HSTS preloading. When generating a wildcard certificate, it needs to verify both the domain on its own and the wildcard, otherwise HSTS cannot be activated.


--[[User:Sam|Sam]] ([[User talk:Sam|talk]]) 04:25, 17 February 2020 (UTC)
--[[User:Sam|Sam]] ([[User talk:Sam|talk]]) 04:25, 17 February 2020 (UTC)
Line 16: Line 28:


* TLS 1.3 support for our web pages. TLS 1.2 is still supported as TLS 1.3 is new but we do not support any lower than TLS 1.2.
* TLS 1.3 support for our web pages. TLS 1.2 is still supported as TLS 1.3 is new but we do not support any lower than TLS 1.2.
* Letencrypt allow for wildcard certificates, which have allowed us more flexibility with the use of our certificates. We are also using ECDSA certificates using acme.sh to implement them.
* Letsencrypt now allow for wildcard certificates, which have allowed us more flexibility with the use of our certificates. We are also using ECDSA certificates using acme.sh to implement them.
* Strongswan is now implemented with the new charon interface, which is much more flexible and modular than the old ipsec interface (this was a learning curve, but we got there!)
* Strongswan is now implemented with the new charon interface, which is much more flexible and modular than the old ipsec interface (this was a learning curve, but we got there!)
* Our domain has is now https://www.freddythechick.net. Due to the nature of our internet connection, we needed DDNS support and have had to move from Gandi to Google Domains. This address is secured for the next 2 years.
* Our domain is now https://www.freddythechick.net. Due to the nature of our internet connection, we needed DDNS support and have had to move from Gandi to Google Domains. This address is secured for the next 2 years.
* We have moved over to openSUSE Tumbleweed again to implement all this great work but plan to move back to openSUSE Leap when all these things are implemented in the Leap release. We are hoping this will all be implemented by openSUSE Leap 16.
* We have moved over to openSUSE Tumbleweed again to implement all this great work but plan to move back to openSUSE Leap when all these things are implemented in the Leap release. We are hoping this will all be implemented by openSUSE Leap 16.


Line 39: Line 51:
== New Developments! ==
== New Developments! ==


We have managed to acquire and enabled a domain name to the server. This is [https://freddythechick.uk freddythechick.uk]. This has allowed us to set and use more services than before. We have set up IPSec-IKEv2 connection for VPN connections to our mobile phones. We have managed to put the website to be internet facing and have enabled TLS with Let's Encrypt so it is now trusted by all browsers, it is also persistently encrypted and we have disabled unused old ciphers, only allowing AES-GCM with modern browsers. We are currently using ECDHE-RSA for key negotiation but will use ECDHE-ECDSA as soon as Let's Encrypt support it (support is coming soon). We have set up a local DNS server to redirect requests to our domain name locally to the server instead of through the Internet.
We have managed to acquire and enabled a domain name to the server. This is <s>freddythechick.uk</s> [https://thinkserver.freddythechick.net freddytehchick.net]. This has allowed us to set up and use more services than before. We have set up IPSec-IKEv2 connection for VPN connections to our mobile phones. We have managed to put the website to be internet facing and have enabled TLS with Let's Encrypt so it is now trusted by all browsers, it is also persistently encrypted and we have disabled unused old ciphers, only allowing AES-GCM with modern browsers. We are currently using ECDHE-RSA for key negotiation but will use ECDHE-ECDSA as soon as Let's Encrypt support it (support is coming soon). We have set up a local DNS server to redirect requests to our domain name locally to the server instead of through the Internet.


Next to be sorted is possibly and e-mail server at some point - watch this space!
Next to be sorted is possibly and e-mail server at some point - watch this space!
Line 53: Line 65:
== HTTP/2 Support ==
== HTTP/2 Support ==


We have enabled HTTP/2 support on the server when used with https. <s>We only have a self signed certificate at the moment so an exception needs to be created</s>, but after that, you should notice that the site is now overall faster than before. You will need a modern browser to take advantage, however with an older browser, the site should still work.
We have enabled HTTP/2 support on the server when used with https. <s>We only have a self signed certificate at the moment so an exception needs to be created, but after that,</s> you should notice that the site is now overall faster than before. You will need a modern browser to take advantage, however with an older browser, the site should still work.


--[[User:Sam|Sam]] ([[User talk:Sam|talk]]) 20:12, 11 April 2016 (UTC)
--[[User:Sam|Sam]] ([[User talk:Sam|talk]]) 20:12, 11 April 2016 (UTC)

Latest revision as of 14:55, 30 July 2023

New WebP Images

WebP is an open source image format created by Google based on the VP8 video codec. It shows a lot of promise, allowing both lossless and lossy compression of images and allows motion (encompassing what PNG, JPG and GIF/APNG do respectively in one format) while saving space over the older formats. I have at the moment changed the images in the gallery on the Main Page to test Wikipedia and browser handling of the new format and if all is well, may convert the rest of the images on the site to WebP. Modern browsers all support WebP which is promising news.

--Sam (talk) 01:07, 1 March 2021 (UTC)

Leaping back

We are now back to using openSUSE Leap 15.2 on the server. It has met our needs in providing modern TLS 1.3 support and the new charon method of configuring Strongswan rather than the old ipsec method. We are looking forward to openSuSE Leap 15.3 as this promises to be closer to SLES 15 SP3 than ever before. --Sam (talk) 18:09, 8 September 2020 (UTC)

Latest Server News

Nextcloud has been updated to Nextcloud 18 which supports PHP 7.4 so Nextcloud is back in action. We are now awaiting an update for the Piwigo photo server which is having PHP 7.4 related issues at the moment. We have also sorted out all the niggles with redirecting on Apache so web pages redirect from HTTP to HTTPS correctly now. We have also sorted the problems with the certificates (nothing security related, just a misconfiguration with the wildcard) and have submitted for HSTS preloading. When generating a wildcard certificate, it needs to verify both the domain on its own and the wildcard, otherwise HSTS cannot be activated.

--Sam (talk) 04:25, 17 February 2020 (UTC)

Nextcloud Outage

Unfortunately, Nextcloud is out of action on the server at the minute. Our server updated to PHP 7.4 while Nextcloud only supports PHP <=7.3. Nextcloud is due to be upgraded in January to support this but for now, it will stay offline.

--Sam (talk) 02:15, 8 January 2020 (UTC)

Latest Server News

Sorry it's been a bit quiet around here lately. I have been studying at college and am now studying Nursing at University. Unfortunately, the server has been on the back burner for a bit and has had to have been self sufficient for a while. Nevertheless, during this time, we have had some great achievements such as:

  • TLS 1.3 support for our web pages. TLS 1.2 is still supported as TLS 1.3 is new but we do not support any lower than TLS 1.2.
  • Letsencrypt now allow for wildcard certificates, which have allowed us more flexibility with the use of our certificates. We are also using ECDSA certificates using acme.sh to implement them.
  • Strongswan is now implemented with the new charon interface, which is much more flexible and modular than the old ipsec interface (this was a learning curve, but we got there!)
  • Our domain is now https://www.freddythechick.net. Due to the nature of our internet connection, we needed DDNS support and have had to move from Gandi to Google Domains. This address is secured for the next 2 years.
  • We have moved over to openSUSE Tumbleweed again to implement all this great work but plan to move back to openSUSE Leap when all these things are implemented in the Leap release. We are hoping this will all be implemented by openSUSE Leap 16.

So once again, sorry for the quietness, it has all been happening behind the scenes and I will update you all when time allows. Thanks for your patience!

--Sam (talk) 02:02, 26 June 2019 (UTC)

Subdomain reshuffle

To take advantage of the features and security of same-origin policy, we have changed the sites to their own subdomains now rather than a directory after the main domain. Don't worry, redirects have been configured so that your old links to the site will still work.

--Sam (talk) 02:00, 3 August 2017 (UTC)

Asterisk now running on Xen

We have moved the Asterisk virtual machine from a KVM/QEMU machine to a Xen Hypervisor. Xen is a bit closer to the metal and is now included as standard in the standard Kernel modules. We wanted to use Xen originally but the separate kernel had problems. Now it is integrated, it is a lot easier to set up and get going, with no negligible impact.

--Sam (talk) 02:53, 30 March 2017 (UTC)

New Developments!

We have managed to acquire and enabled a domain name to the server. This is freddythechick.uk freddytehchick.net. This has allowed us to set up and use more services than before. We have set up IPSec-IKEv2 connection for VPN connections to our mobile phones. We have managed to put the website to be internet facing and have enabled TLS with Let's Encrypt so it is now trusted by all browsers, it is also persistently encrypted and we have disabled unused old ciphers, only allowing AES-GCM with modern browsers. We are currently using ECDHE-RSA for key negotiation but will use ECDHE-ECDSA as soon as Let's Encrypt support it (support is coming soon). We have set up a local DNS server to redirect requests to our domain name locally to the server instead of through the Internet.

Next to be sorted is possibly and e-mail server at some point - watch this space!

--Sam (talk) 03:20, 7 June 2016 (UTC)

PHP 7 Support

PHP has been updated to PHP 7, which is supposed to have a large speed boost over previous versions. We are pushing this version and keeping an eye out for any issues as this is the first major PHP release in many years. So far everything seems to be OK as before.

--Sam (talk) 22:43, 6 May 2016 (UTC)

HTTP/2 Support

We have enabled HTTP/2 support on the server when used with https. We only have a self signed certificate at the moment so an exception needs to be created, but after that, you should notice that the site is now overall faster than before. You will need a modern browser to take advantage, however with an older browser, the site should still work.

--Sam (talk) 20:12, 11 April 2016 (UTC)

EDIT: We are no longer using self signed certificates, our certificate is signed by LetsEncrypt and should not throw up an error (unless there is actually a problem) any more.

--Sam (talk) 04:47, 30 November 2016 (UTC)

Welcome back all!

Due to a hardware failure, the server has been down for over a month. The CPU and motherboard had failed. After contacting IBM and getting it fixed under warranty, the server is now back up and running! No data was lost as a result. The new CPU has been reseated with more heat sink paste than the original, this was the suspected cause of the first failure. All seems to be running fine now. Thanks for your patience.

--Sam (talk) 01:31, 26 February 2016 (UTC)