ThinkServer:News
Latest Server News
Nextcloud has been updated to Nextcloud 18 which supports PHP 7.4 so Nextcloud is back in action. We are now awaiting an update for the Piwigo photo server which is having PHP 7.4 related issues at the moment. We have also sorted out all the niggles with redirecting on Apache so web pages redirect from HTTP to HTTPS correctly now. We have also sorted the problems with the certificates (nothing security related, just a misconfiguration) and have submitted for HSTS preloading.
Nextcloud Outage
Unfortunately, Nextcloud is out of action on the server at the minute. Our server updated to PHP 7.4 while Nextcloud only supports PHP <=7.3. Nextcloud is due to be upgraded in January to support this but for now, it will stay offline.
Latest Server News
Sorry it's been a bit quiet around here lately. I have been studying at college and am now studying Nursing at University. Unfortunately, the server has been on the back burner for a bit and has had to have been self sufficient for a while. Nevertheless, during this time, we have had some great achievements such as:
- TLS 1.3 support for our web pages. TLS 1.2 is still supported as TLS 1.3 is new but we do not support any lower than TLS 1.2.
- Letencrypt allow for wildcard certificates, which have allowed us more flexibility with the use of our certificates. We are also using ECDSA certificates using acme.sh to implement them.
- Strongswan is now implemented with the new charon interface, which is much more flexible and modular than the old ipsec interface (this was a learning curve, but we got there!)
- Our domain has is now https://www.freddythechick.net. Due to the nature of our internet connection, we needed DDNS support and have had to move from Gandi to Google Domains. This address is secured for the next 2 years.
- We have moved over to openSUSE Tumbleweed again to implement all this great work but plan to move back to openSUSE Leap when all these things are implemented in the Leap release. We are hoping this will all be implemented by openSUSE Leap 16.
So once again, sorry for the quietness, it has all been happening behind the scenes and I will update you all when time allows. Thanks for your patience!
Subdomain reshuffle
To take advantage of the features and security of same-origin policy, we have changed the sites to their own subdomains now rather than a directory after the main domain. Don't worry, redirects have been configured so that your old links to the site will still work.
Asterisk now running on Xen
We have moved the Asterisk virtual machine from a KVM/QEMU machine to a Xen Hypervisor. Xen is a bit closer to the metal and is now included as standard in the standard Kernel modules. We wanted to use Xen originally but the separate kernel had problems. Now it is integrated, it is a lot easier to set up and get going, with no negligible impact.
New Developments!
We have managed to acquire and enabled a domain name to the server. This is freddythechick.uk. This has allowed us to set and use more services than before. We have set up IPSec-IKEv2 connection for VPN connections to our mobile phones. We have managed to put the website to be internet facing and have enabled TLS with Let's Encrypt so it is now trusted by all browsers, it is also persistently encrypted and we have disabled unused old ciphers, only allowing AES-GCM with modern browsers. We are currently using ECDHE-RSA for key negotiation but will use ECDHE-ECDSA as soon as Let's Encrypt support it (support is coming soon). We have set up a local DNS server to redirect requests to our domain name locally to the server instead of through the Internet.
Next to be sorted is possibly and e-mail server at some point - watch this space!
PHP 7 Support
PHP has been updated to PHP 7, which is supposed to have a large speed boost over previous versions. We are pushing this version and keeping an eye out for any issues as this is the first major PHP release in many years. So far everything seems to be OK as before.
HTTP/2 Support
We have enabled HTTP/2 support on the server when used with https. We only have a self signed certificate at the moment so an exception needs to be created, but after that, you should notice that the site is now overall faster than before. You will need a modern browser to take advantage, however with an older browser, the site should still work.
--Sam (talk) 20:12, 11 April 2016 (UTC)
EDIT: We are no longer using self signed certificates, our certificate is signed by LetsEncrypt and should not throw up an error (unless there is actually a problem) any more.
Welcome back all!
Due to a hardware failure, the server has been down for over a month. The CPU and motherboard had failed. After contacting IBM and getting it fixed under warranty, the server is now back up and running! No data was lost as a result. The new CPU has been reseated with more heat sink paste than the original, this was the suspected cause of the first failure. All seems to be running fine now. Thanks for your patience.