This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
berkeleylug:digital_resources [2019-03-09T21:18:17+0000] michael_paoli update of DNS information (notably have it all now - also added temp.berkeleylug.com) |
berkeleylug:digital_resources [2019-03-29T07:13:13+0000] michael_paoli set up (non-Google) redirector ... still need to repoint DNS |
||
---|---|---|---|
Line 9: | Line 9: | ||
DNS: | DNS: | ||
$ TZ=GMT0 date -Iseconds && (for d in berkeleylug.com. berkeleylug.org.; do NS=$(dig +short "$d" NS | sort -R | head -n 1); n=$(dig +short "$NS" A "$NS" AAAA | sort -R | head -n 1); for s in '' '*.' calendar. docs. mail. sites. temp. www.; do for t in A AAAA CNAME SOA NS MX TXT SPF ANY; do dig @"$n" +norecurse +noall +answer "$s$d" "$t"; done; done; done) | grep '^[^ ]*[Bb][Ee][Rr][Kk][Ee][Ll][Ee][Yy][Ll][Uu][Gg]\.' | sort -u | $ TZ=GMT0 date -Iseconds && (for d in berkeleylug.com. berkeleylug.org.; do NS=$(dig +short "$d" NS | sort -R | head -n 1); n=$(dig +short "$NS" A "$NS" AAAA | sort -R | head -n 1); for s in '' '*.' calendar. docs. mail. sites. temp. www.; do for t in A AAAA CNAME SOA NS MX TXT SPF ANY; do dig @"$n" +norecurse +noall +answer "$s$d" "$t"; done; done; done) | grep '^[^ ]*[Bb][Ee][Rr][Kk][Ee][Ll][Ee][Yy][Ll][Uu][Gg]\.' | sort -u | ||
- | 2019-03-09T21:15:20+00:00 | + | 2019-03-29T05:09:35+00:00 |
*.berkeleylug.com. 14400 IN CNAME berkeleylug.com. | *.berkeleylug.com. 14400 IN CNAME berkeleylug.com. | ||
berkeleylug.com. 14400 IN MX 10 aspmx.l.google.com. | berkeleylug.com. 14400 IN MX 10 aspmx.l.google.com. | ||
Line 61: | Line 61: | ||
$ | $ | ||
@berkeleylug.org does not accept email (no MX, A/AAAA times out on TCP port 25 even from known good email sender IP) | @berkeleylug.org does not accept email (no MX, A/AAAA times out on TCP port 25 even from known good email sender IP) | ||
+ | |||
+ | ------------------------------------------------------------------------ | ||
+ | [www.]berkeleylug.org - set up redirector - but still need to repoint DNS: | ||
+ | $ (for protocol_port in 'http 80' 'https 443'; do set -- $protocol_port; protocol="$1"; port="$2"; for host in www.berkeleylug.org berkeleylug.org; do for path in '' / /// /foo/bar/baz; do t="$protocol://$host$path"; echo "$t"; curl -s -I --resolve "$host":"$port":198.144.194.238 "$t" | grep -e '^HTTP/' -e '^Location: '; done; done done) | ||
+ | http://www.berkeleylug.org | ||
+ | HTTP/1.1 301 Moved Permanently | ||
+ | Location: https://berkeleylug.com/ | ||
+ | http://www.berkeleylug.org/ | ||
+ | HTTP/1.1 301 Moved Permanently | ||
+ | Location: https://berkeleylug.com/ | ||
+ | http://www.berkeleylug.org/// | ||
+ | HTTP/1.1 301 Moved Permanently | ||
+ | Location: https://berkeleylug.com/ | ||
+ | http://www.berkeleylug.org/foo/bar/baz | ||
+ | HTTP/1.1 301 Moved Permanently | ||
+ | Location: https://berkeleylug.com/foo/bar/baz | ||
+ | http://berkeleylug.org | ||
+ | HTTP/1.1 301 Moved Permanently | ||
+ | Location: https://berkeleylug.com/ | ||
+ | http://berkeleylug.org/ | ||
+ | HTTP/1.1 301 Moved Permanently | ||
+ | Location: https://berkeleylug.com/ | ||
+ | http://berkeleylug.org/// | ||
+ | HTTP/1.1 301 Moved Permanently | ||
+ | Location: https://berkeleylug.com/ | ||
+ | http://berkeleylug.org/foo/bar/baz | ||
+ | HTTP/1.1 301 Moved Permanently | ||
+ | Location: https://berkeleylug.com/foo/bar/baz | ||
+ | https://www.berkeleylug.org | ||
+ | HTTP/1.1 301 Moved Permanently | ||
+ | Location: https://berkeleylug.com/ | ||
+ | https://www.berkeleylug.org/ | ||
+ | HTTP/1.1 301 Moved Permanently | ||
+ | Location: https://berkeleylug.com/ | ||
+ | https://www.berkeleylug.org/// | ||
+ | HTTP/1.1 301 Moved Permanently | ||
+ | Location: https://berkeleylug.com/ | ||
+ | https://www.berkeleylug.org/foo/bar/baz | ||
+ | HTTP/1.1 301 Moved Permanently | ||
+ | Location: https://berkeleylug.com/foo/bar/baz | ||
+ | https://berkeleylug.org | ||
+ | HTTP/1.1 301 Moved Permanently | ||
+ | Location: https://berkeleylug.com/ | ||
+ | https://berkeleylug.org/ | ||
+ | HTTP/1.1 301 Moved Permanently | ||
+ | Location: https://berkeleylug.com/ | ||
+ | https://berkeleylug.org/// | ||
+ | HTTP/1.1 301 Moved Permanently | ||
+ | Location: https://berkeleylug.com/ | ||
+ | https://berkeleylug.org/foo/bar/baz | ||
+ | HTTP/1.1 301 Moved Permanently | ||
+ | Location: https://berkeleylug.com/foo/bar/baz | ||
+ | $ | ||
+ | ------------------------------------------------------------------------ | ||
canonical/primary is: https://berkeleylug.com/ | canonical/primary is: https://berkeleylug.com/ | ||
Line 89: | Line 143: | ||
*ignoring domains that WordPress.com lumps in there that aren't at all BerkeleyLUG | *ignoring domains that WordPress.com lumps in there that aren't at all BerkeleyLUG | ||
+ | ######################################################################## | ||
+ | various bits to test on temp.berkeleylug.com - to presumably later be | ||
+ | berkeleylug.com | ||
Created key and obtained (non-Google) CA signed cert also covering: | Created key and obtained (non-Google) CA signed cert also covering: | ||
*.berkeleylug.com,berkeleylug.com,*.berkeleylug.org,berkeleylug.org expires: 2019-06-07T02:07:58Z | *.berkeleylug.com,berkeleylug.com,*.berkeleylug.org,berkeleylug.org expires: 2019-06-07T02:07:58Z | ||
+ | $ dig +noall +answer +nottl temp.berkeleylug.com. A temp.berkeleylug.com. AAAA | ||
+ | temp.berkeleylug.com. IN A 198.144.194.238 | ||
+ | temp.berkeleylug.com. IN AAAA 2001:470:1f05:19e::4 | ||
+ | $ </dev/null openssl s_client -servername temp.berkeleylug.com -starttls smtp -connect 198.144.194.238:25 2>>/dev/null | sed -ne '/^-----BEGIN CERTIFICATE-----$/,/^-----END CERTIFICATE-----$/p' | openssl x509 -text -noout | sed -ne '/Not After : /p;/Subject Alternative Name:/{N;p;q;}' | ||
+ | Not After : May 22 11:41:24 2019 GMT | ||
+ | X509v3 Subject Alternative Name: | ||
+ | DNS:*.balug.org, DNS:*.lists.balug.org, DNS:balug.org | ||
+ | $ | ||
+ | ... install the newer cert for SMTP (will likely end up needed for at | ||
+ | least postmaster@berkeleylug.com, for WordPress site to, e.g. send | ||
+ | user password resets, etc. | ||
+ | # pwd -P | ||
+ | /etc/exim4/eximconfig/config | ||
+ | # ls -ld tls_c*.pem | ||
+ | lrwxrwxrwx 1 root root 53 Sep 17 2017 tls_certificate_private.pem -> ../../../letsencrypt/live/lists.balug.org/privkey.pem | ||
+ | lrwxrwxrwx 1 root root 55 Sep 17 2017 tls_certificate_public.pem -> ../../../letsencrypt/live/lists.balug.org/fullchain.pem | ||
+ | # ln -sf ../../../letsencrypt/live/berkeleylug.com/privkey.pem tls_certificate_private.pem | ||
+ | # ln -sf ../../../letsencrypt/live/berkeleylug.com/fullchain.pem tls_certificate_public.pem | ||
+ | # ls -lLd tls_c*.pem | ||
+ | -r--r----- 1 root Debian-exim 3272 Mar 8 19:03 tls_certificate_private.pem | ||
+ | -r--r--r-- 1 root root 4033 Mar 8 19:08 tls_certificate_public.pem | ||
+ | # systemctl reload exim4.service | ||
+ | # | ||
+ | $ </dev/null openssl s_client -servername temp.berkeleylug.com -starttls smtp -connect 198.144.194.238:25 2>>/dev/null | sed -ne '/^-----BEGIN CERTIFICATE-----$/,/^-----END CERTIFICATE-----$/p' | openssl x509 -text -noout | sed -ne '/Not After : /p;/Subject Alternative Name:/{N;p;q;}' | ||
+ | Not After : Jun 7 02:07:58 2019 GMT | ||
+ | X509v3 Subject Alternative Name: | ||
+ | DNS:*.balug.org, DNS:*.berkeleylug.com, DNS:*.berkeleylug.org, DNS:*.lists.balug.org, DNS:balug.org, DNS:berkeleylug.com, DNS:berkeleylug.org | ||
+ | $ | ||
+ | |||
+ | ######################################################################## | ||
robots.txt: | robots.txt: |