User Tools

Site Tools


berkeleylug:digital_resources

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
berkeleylug:digital_resources [2019-03-29T14:13:04+0000]
michael_paoli various updated information (mostly) on DNS & certs
berkeleylug:digital_resources [2020-05-18T11:31:53+0000] (current)
michael_paoli
Line 5: Line 5:
 Domains: Domains:
 berkeleylug.com (primary) registrant/​owner:​ Michael Paoli - (transferred 2019-03-04) Registry Expiry Date: 2020-01-20T05:​05:​36Z berkeleylug.com (primary) registrant/​owner:​ Michael Paoli - (transferred 2019-03-04) Registry Expiry Date: 2020-01-20T05:​05:​36Z
-berkeleylug.org (alternate ​- redirects(?) to primary ​we may let this one expire, etc. Registry Expiry Date: 2019-05-17T04:​39:​28) registrant/​owner:​ Michael Paoli - (transferred 2019-03-04)+former domain (expired): ​berkeleylug.org (alternate (& non-essential ​redirected to primary) registrant/​owner:​ Michael Paoli - (transferred 2019-03-04) ​expired: 2020-05-17T04:​39:​28Z
  
 DNS: DNS:
-$ TZ=GMT0 date -Iseconds && (dig @ns0.berkeleylug.org. +noall +norecurse +answer berkeleylug.orgAXFR; for d in berkeleylug.com. ; do NS=$(dig +short "​$d"​ NS | sort -R | head -n 1); n=$(dig +short "​$NS"​ A "​$NS"​ AAAA | sort -R | head -n 1); for s in ''​ '*.' calendar. docs. mail. sites. temp. www.; do for t in A AAAA CAA CNAME SOA NS MX TXT SPF ANY; do dig @"​$n"​ +norecurse +noall +answer "​$s$d"​ "​$t";​ done; done; done| grep '​^[^ ​       ]*[Bb][Ee][Rr][Kk][Ee][Ll][Ee][Yy][Ll][Uu][Gg]\.' | sort -u +berkeleylug.com (canonical) and berkelelylug.org - data is publicly accessible via AXFR from one or more of the public authoritative nameservers. 
-2019-03-29T13:42:45+00:00 + 
-*.berkeleylug.com.      14400   ​IN ​     CNAME   ​berkeleylug.com. + 
-berkeleylug.com. ​       14400   ​IN ​     MX      10 aspmx.l.google.com. +Was WordPress.com hosted - per earlier communcations,​ was intending to migrate of the WordPress.com hosted by 2019-08-27T09:​53:​17Z ​(that would be 6 months after Michael Paoli was notified of having been granted admin access ​for the BerkeleyLUG site on its WordPress.com hosting). 
-berkeleylug.com.        14400   ​IN ​     MX      20 alt1.aspmx.l.google.com+The migration happened / was completed around ​2019-08-30. 
-berkeleylug.com       ​14400 ​  ​IN ​     MX      30 alt2.aspmx.l.google.com. + 
-berkeleylug.com. ​       14400   ​IN ​     MX      40 aspmx2.googlemail.com. +Migration process went approximately like this (this is outline that was developed and used for the process): 
-berkeleylug.com. ​       14400   ​IN ​     MX      50 aspmx3.googlemail.com. +https://berkeleylug.com/ WordPress export/​import migration outline: 
-berkeleylug.com. ​       21600   ​IN ​     NS      ns-cloud-a1.googledomains.com+o create export(s) as (partial) backups 
-berkeleylug.com. ​       21600   ​IN ​     NS      ns-cloud-a2.googledomains.com. +o import looses mtimes from media ("​upload"​) files - may want to snag those, e.gvia curl for potential restoration 
-berkeleylug.com. ​       21600   ​IN ​     NS      ns-cloud-a3.googledomains.com. +o the one unattached media: https://berkeleylug.files.wordpress.com/​2015/​05/​cropped-stroll5.jpg 
-berkeleylug.com. ​       21600   ​IN ​     NS      ns-cloud-a4.googledomains.com. +  o snag and save the above 
-berkeleylug.com.        21600   ​IN ​     SOA     ​ns-cloud-a1.googledomains.com. cloud-dns-hostmaster.google.com. 6 21600 3600 1209600 300 +  o after import, add it to the uploads 
-berkeleylug.com. ​       ​300 ​    ​IN ​     A       ​192.0.78.24 +o set up new/target site infrastructure (suitable for import, hosting, etc.) 
-berkeleylug.com. ​       300     ​IN ​     A       ​192.0.78.25 +o drop DNS TTLs suitably in advance to ease transition and speed thereof 
-berkeleylug.org. ​       172800 ​ IN      NS      ns0.berkeleylug.org+o the following (at least) twice, once from "​old"​ to temporary, and once from temporary to new; excepting "only once" steps: 
-berkeleylug.org. ​       172800 ​ IN      NS      puck.nether.net. +o only once steps: 
-berkeleylug.org. ​       172800 ​ IN      SOA     ​ns0.berkeleylug.org. Michael\.Paoli.cal.berkeley.edu.berkeleylug.org. 1553849364 10800 3600 1209600 86400 +  o set up web server redirect for http[s]://​www.berkeleylug.com(/.*)? 
-berkeleylug.org. ​       3600    IN      A       ​198.144.194.238 +  o only "​just"​ prior to move/import to final new: change DNS 
-berkeleylug.org. ​       3600    IN      AAAA    2001:470:​1f05:​19e::4 +  ​o change WordPress.com hosted primary domain to: berkeleylug.wordpress.com 
-berkeleylug.org. ​       86400   ​IN ​     CAA     0 iodef "​mailto:Michael.Paoli@cal.berkeley.edu"​ +  ​o wait suitable TTL period 
-berkeleylug.org. ​       86400   ​IN ​     CAA     128 issue "​letsencrypt.org"​ +  ​o configure site sending email 
-berkeleylug.org       ​86400 ​  ​IN ​     CAA     128 issuewild "​letsencrypt.org"​ +  o set (local) timezone 
-berkeleylug.org. ​       86400   ​IN ​     SPF     "​v=spf1 -all" +  o Usersset email addresses & names (where applicable) as before, reset passwords & send (or send reset links) 
-berkeleylug.org. ​       86400   ​IN ​     TXT     "​v=spf1 ​-all" +  o post migration to final new, optionally(?​)PluginAkismet Anti-Spam - update and/or activate 
-calendar.berkeleylug.com. 3600  IN      CNAME   ​ghs.googlehosted.com. +  o disable temporary(/​ies) once no longer needed(web server, DNS, clear out content) 
-docs.berkeleylug.com. ​  ​3600 ​   IN      CNAME   ​ghs.googlehosted.com. +o (re)initialize target location 
-mail.berkeleylug.com. ​  ​3600 ​   IN      CNAME   ​ghs.googlehosted.com+  o reinitialized database 
-ns0.berkeleylug.org. ​   172800 ​ IN      A       ​198.144.194.238 +  o edit config file for proper directory location for site name 
-ns0.berkeleylug.org. ​   172800 ​ IN      AAAA    2001:470:1f05:19e::+  o wipe any relevant content (empty uploads) 
-sites.berkeleylug.com ​3600 ​   IN      CNAME   ​ghs.googlehosted.com+  o set up only one user, and as Administrator,​ and not conflicting with users (login names) of export site 
-temp.berkeleylug.com. ​  ​300 ​    ​IN ​     A       ​198.144.194.238 +  o delete any default content created there (e.gsample page, post, comment) 
-temp.berkeleylug.com. ​  ​300 ​    ​IN ​     AAAA    2001:470:​1f05:​19e::​4 +  o import 
-www.berkeleylug.com. ​   14400   ​IN ​     CNAME   ​berkeleylug.com. +  o for all authors from export, create users on import, with same login name and assigning authorship to same login names 
-www.berkeleylug.org. ​   3600    IN      A       ​198.144.194.238 +  o check box to download media 
-www.berkeleylug.org.    3600    IN      AAAA    2001:​470:​1f05:​19e::​4 +  o as feasible, match configuration/​appearance to export site 
-+    o theme --> Nucleare 
 +      ​o Special Color --> #3f6d6e 
 +      ​o Site Title: BerkeleyLUG 
 +      ​o Tagline: Berkeley Linux Users Group 
 +      ​o Site Icon: Tux: uploads/​2009/​02/​penguin1.png 
 +    ​o Customizing:​ 
 +      ​o MenusMenu Options(select/​yes)Automatically add new top-level pages to this menu 
 +      o Add WidgetText, and move to top with contentNote - Blog posts are written by BerkeleyLUG members of various backgrounds,​ experience level etc... The views and opinions in each blog post do not represent the views of the group as a whole or the founders
 +      ​o Other Widgets and (otherwise default) probably fine: Text (added above), Search, Recent Posts, Recent Comments, Archives, Categories, Meta 
 +    ​o Discussion
 +      ​o Disable (uncheck):​ 
 +        o Attempt to notify any blogs linked to from the article 
 +        o Allow link notifications from other blogs (pingbacks and trackbacks) on new articles 
 +        o Comment author must fill out name and email 
 +      ​o Enable (check): 
 +        o Users must be registered and logged in to comment 
 +        o Break comments into pages with 50 top level comments per page and the last page displayed by default 
 +o robots.txt - enable on berkeleylug.com, disable (searches/​indexing by search engines) on others
  
 .org not primary, redirector in place: .org not primary, redirector in place:
Line 97: Line 114:
 Location: https://​berkeleylug.com/​foo/​bar/​baz Location: https://​berkeleylug.com/​foo/​bar/​baz
  
 +
 @berkeleylug.org neither accepts nor sends email (no MX, A/AAAA on TCP port 25 rejects connection or rejects SMTP attempts to domain, SPF - none sends, hard fail all: @berkeleylug.org neither accepts nor sends email (no MX, A/AAAA on TCP port 25 rejects connection or rejects SMTP attempts to domain, SPF - none sends, hard fail all:
 berkeleylug.org. IN SPF "​v=spf1 -all" berkeleylug.org. IN SPF "​v=spf1 -all"
Line 108: Line 126:
 $ curl -I http://​www.berkeleylug.com/​ 2>&1 | grep -i -e '​^HTTP/'​ -e '​^Location:​ ' -e '​^curl:'​ $ curl -I http://​www.berkeleylug.com/​ 2>&1 | grep -i -e '​^HTTP/'​ -e '​^Location:​ ' -e '​^curl:'​
 HTTP/1.1 301 Moved Permanently HTTP/1.1 301 Moved Permanently
-Location: https://www.berkeleylug.com/​+Location: https://​berkeleylug.com/​
 $ curl -I https://​www.berkeleylug.com/​ 2>&1 | grep -i -e '​^HTTP/'​ -e '​^Location:​ ' -e '​^curl:'​ $ curl -I https://​www.berkeleylug.com/​ 2>&1 | grep -i -e '​^HTTP/'​ -e '​^Location:​ ' -e '​^curl:'​
-HTTP/301  +HTTP/1.1 301 Moved Permanently 
-location: https://​berkeleylug.com/​+Location: https://​berkeleylug.com/​
 $ curl -I https://​berkeleylug.com/​ 2>&1 | grep -i -e '​^HTTP/'​ -e '​^Location:​ ' -e '​^curl:'​ $ curl -I https://​berkeleylug.com/​ 2>&1 | grep -i -e '​^HTTP/'​ -e '​^Location:​ ' -e '​^curl:'​
-HTTP/200 +HTTP/1.1 200 OK
  
  
 TLS(/"​SSL"​) - Web - handful of (separate) Web certs only*: TLS(/"​SSL"​) - Web - handful of (separate) Web certs only*:
-$ nmap -Pn -r -sT -p 443 --script=ssl-cert ​berkeleylug.com calendar.berkeleylug.com docs.berkeleylug.com mail.berkeleylug.com sites.berkeleylug.com www.berkeleylug.com ​ perl -e '​while(<>​){print if /Not valid after: /o; if(/^\| Subject Alternative Name: /){chomp; s/​DNS:​(?:​(?​i)(?​![^,​ ]*berkeleylug\.))[^,​ ]+(?:, |$)//go; s/, ?$//o; print "​$_\n";​};​};'​ +$ nmap -Pn -r -sT -p 443 --script=ssl-cert berkeleylug.com www.berkeleylug.com ​perl -e '​while(<>​){print if /Not valid after: /o; if(/^\| Subject Alternative Name: /){chomp; s/​DNS:​(?:​(?​i)(?​![^,​ ]*berkeleylug\.))[^,​ ]+(?:, |$)//go; s/, ?$//o; print "​$_\n";​};​};'​ 
-| Subject Alternative Name: DNS:​berkeleylug.com +| Subject Alternative Name: DNS:*.berkeleylug.com, DNS:​*.berkeleylug.org,​ DNS:​berkeleylug.com,​ DNS:​berkeleylug.org 
-| Not valid after: ​ 2019-04-28T02:29:40 +| Not valid after: ​ 2019-11-06T10:33:09 
-| Subject Alternative Name: DNS:www.berkeleylug.com +| Subject Alternative Name: DNS:*.berkeleylug.com, DNS:​*.berkeleylug.org,​ DNS:​berkeleylug.com,​ DNS:​berkeleylug.org 
-| Not valid after: ​ 2019-06-01T14:37:18+| Not valid after: ​ 2019-11-06T10:33:09
  
-*ignoring domains that WordPress.com lumps in there that aren't at all BerkeleyLUG 
  
-########################################################################​ +$ </​dev/​null openssl s_client -servername berkeleylug.com -starttls smtp -connect 198.144.194.238:​25 2>>/​dev/​null | sed -ne '/​^-----BEGIN CERTIFICATE-----$/,/​^-----END CERTIFICATE-----$/​p'​ | openssl x509 -text -noout | sed -ne '/Not After : /p;/Subject Alternative Name:/​{N;​p;​q;​}'​ 
-various bits to test on temp.berkeleylug.com - to presumably later be +            Not After : Nov  6 09:56:55 2019 GMT 
-berkeleylug.com,​ cert also for [www.]berkeleylug.org +            X509v3 Subject Alternative Name:  
-Created key and obtained (non-Google) CA signed cert also covering: +                DNS:​*.balug.org,​ DNS:​*.berkeleylug.com,​ DNS:​*.lists.balug.org,​ DNS:​balug.org,​ DNS:​berkeleylug.com 
-*.berkeleylug.com,​berkeleylug.com,​*.berkeleylug.org,​berkeleylug.org expires: 2019-06-07T02:​07:​58Z +$
-... install the newer cert for SMTP (will likely end up needed for at +
-least postmaster@berkeleylug.com,​ for WordPress site to, e.g. send +
-user password resets, etc. +
-# pwd -P +
-/​etc/​exim4/​eximconfig/​config +
-# ls -ld tls_c*.pem +
-lrwxrwxrwx 1 root root 53 Sep 17  2017 tls_certificate_private.pem -> ../​../​../​letsencrypt/​live/​lists.balug.org/​privkey.pem +
-lrwxrwxrwx 1 root root 55 Sep 17  2017 tls_certificate_public.pem -> ../​../​../​letsencrypt/​live/​lists.balug.org/​fullchain.pem +
-# ln -sf ../​../​../​letsencrypt/​live/​berkeleylug.com/​privkey.pem tls_certificate_private.pem +
-# ln -sf ../​../​../​letsencrypt/​live/​berkeleylug.com/​fullchain.pem tls_certificate_public.pem +
-# ls -lLd tls_c*.pem +
--r--r----- 1 root Debian-exim 3272 Mar  8 19:03 tls_certificate_private.pem +
--r--r--r-- 1 root root        4033 Mar  8 19:08 tls_certificate_public.pem +
-# systemctl reload exim4.service +
-#  +
-$ </​dev/​null openssl s_client -servername ​temp.berkeleylug.com -starttls smtp -connect 198.144.194.238:​25 2>>/​dev/​null | sed -ne '/​^-----BEGIN CERTIFICATE-----$/,/​^-----END CERTIFICATE-----$/​p'​ | openssl x509 -text -noout | sed -ne '/Not After : /p;/Subject Alternative Name:/​{N;​p;​q;​}'​ +
-            Not After : Jun  7 02:07:58 2019 GMT +
-            X509v3 Subject Alternative Name: +
-                DNS:​*.balug.org,​ DNS:​*.berkeleylug.com, DNS:​*.berkeleylug.org, DNS:​*.lists.balug.org,​ DNS:​balug.org,​ DNS:​berkeleylug.com, DNS:​berkeleylug.org +
-+
 Also installed on https://​[www.]berkeleylug.org/:​ Also installed on https://​[www.]berkeleylug.org/:​
 $ (TZ=GMT0 export TZ; hosts='​www.berkeleylug.org berkeleylug.org';​ { nmap -Pn -r -sT -p 443 --script=ssl-cert $hosts; nmap -6 -Pn -r -sT -p 443 --script=ssl-cert $hosts; } | grep -e '^Nmap scan report for ' -e '^PORT ' -e '​^[0-9]*/​tcp open' -e '^| Subject Alternative Name: ' -e '^| Not valid after: ') $ (TZ=GMT0 export TZ; hosts='​www.berkeleylug.org berkeleylug.org';​ { nmap -Pn -r -sT -p 443 --script=ssl-cert $hosts; nmap -6 -Pn -r -sT -p 443 --script=ssl-cert $hosts; } | grep -e '^Nmap scan report for ' -e '^PORT ' -e '​^[0-9]*/​tcp open' -e '^| Subject Alternative Name: ' -e '^| Not valid after: ')
Line 155: Line 152:
 PORT    STATE SERVICE PORT    STATE SERVICE
 443/tcp open  https 443/tcp open  https
-| Subject Alternative Name: DNS:​*.balug.org, ​DNS:​*.berkeleylug.com,​ DNS:​*.berkeleylug.org, DNS:​*.lists.balug.org,​ DNS:balug.org, DNS:​berkeleylug.com,​ DNS:​berkeleylug.org +| Subject Alternative Name: DNS:​*.berkeleylug.com,​ DNS:​*.berkeleylug.org,​ DNS:​berkeleylug.com,​ DNS:​berkeleylug.org 
-| Not valid after: ​ 2019-06-07T02:07:58+| Not valid after: ​ 2019-11-06T10:33:09
 Nmap scan report for berkeleylug.org (198.144.194.238) Nmap scan report for berkeleylug.org (198.144.194.238)
 PORT    STATE SERVICE PORT    STATE SERVICE
 443/tcp open  https 443/tcp open  https
-| Subject Alternative Name: DNS:​*.balug.org, ​DNS:​*.berkeleylug.com,​ DNS:​*.berkeleylug.org, DNS:​*.lists.balug.org,​ DNS:balug.org, DNS:​berkeleylug.com,​ DNS:​berkeleylug.org +| Subject Alternative Name: DNS:​*.berkeleylug.com,​ DNS:​*.berkeleylug.org,​ DNS:​berkeleylug.com,​ DNS:​berkeleylug.org 
-| Not valid after: ​ 2019-06-07T02:07:58+| Not valid after: ​ 2019-11-06T10:33:09
 Nmap scan report for www.berkeleylug.org (2001:​470:​1f05:​19e::​4) Nmap scan report for www.berkeleylug.org (2001:​470:​1f05:​19e::​4)
 PORT    STATE SERVICE PORT    STATE SERVICE
 443/tcp open  https 443/tcp open  https
-| Subject Alternative Name: DNS:​*.balug.org, ​DNS:​*.berkeleylug.com,​ DNS:​*.berkeleylug.org, DNS:​*.lists.balug.org,​ DNS:balug.org, DNS:​berkeleylug.com,​ DNS:​berkeleylug.org +| Subject Alternative Name: DNS:​*.berkeleylug.com,​ DNS:​*.berkeleylug.org,​ DNS:​berkeleylug.com,​ DNS:​berkeleylug.org 
-| Not valid after: ​ 2019-06-07T02:07:58+| Not valid after: ​ 2019-11-06T10:33:09
 Nmap scan report for berkeleylug.org (2001:​470:​1f05:​19e::​4) Nmap scan report for berkeleylug.org (2001:​470:​1f05:​19e::​4)
 PORT    STATE SERVICE PORT    STATE SERVICE
 443/tcp open  https 443/tcp open  https
-| Subject Alternative Name: DNS:​*.balug.org, ​DNS:​*.berkeleylug.com,​ DNS:​*.berkeleylug.org, DNS:​*.lists.balug.org,​ DNS:balug.org, DNS:​berkeleylug.com,​ DNS:​berkeleylug.org +| Subject Alternative Name: DNS:​*.berkeleylug.com,​ DNS:​*.berkeleylug.org,​ DNS:​berkeleylug.com,​ DNS:​berkeleylug.org 
-| Not valid after: ​ 2019-06-07T02:07:58 +| Not valid after: ​ 2019-11-06T10:33:09 
-+ 
 ########################################################################​ ########################################################################​
  
 robots.txt: robots.txt:
-$ TZ=GMT0 date -Iseconds && curl -s https://​berkeleylug.com/​robots.txt +$ TZ=GMT0 date -Iseconds && ​(set -x; curl -s https://​berkeleylug.com/​robots.txt; curl -https://berkeleylug.wordpress.com/​robots.txt) 
-2019-03-05T15:​54:​12+00:​00 +2019-09-19T03:55:09+00:00 
-# If you are regularly crawling WordPress.com sites, please use our firehose to receive real-time push updates instead. ++ curl -s https://​berkeleylug.com/​robots.txt
-# Please see https://developer.wordpress.com/​docs/​firehose/​ for more details+
- +
-Sitemaphttps://​berkeleylug.com/​sitemap.xml +
-Sitemap: ​https://​berkeleylug.com/​news-sitemap.xml +
 User-agent: * User-agent: *
 Disallow: /wp-admin/ Disallow: /wp-admin/
 Allow: /​wp-admin/​admin-ajax.php Allow: /​wp-admin/​admin-ajax.php
-Disallow: /wp-login.php ++ curl -s https://berkeleylug.wordpress.com/robots.txt 
-Disallow: /wp-signup.php +User-agent* 
-Disallow: ​/press-this.php +Disallow: /
-Disallow: ​/remote-login.php +
-Disallow: /​activate/​ +
-Disallow: /cgi-bin/ +
-Disallow/mshots/v1/ +
-Disallow: ​/next/ +
-Disallow: /public.api/+
  
-# This file was generated on Mon19 Nov 2018 07:12:09 +0000+# This file was generated on Tue03 Sep 2019 00:02:23 +0000
  
  
-web site managed via: http://​berkeleylug.wordpress.com/​ +(new/​current) web site (hosting) WordPress aspects mostly managed via: 
-Looks like the WordPress.com hosting is likely presently the $4.00/month billed yearly plan, notably includes:+https://​berkeleylug.com/​wp-login.php 
 + 
 +old/"​former" ​web site managed via: http://​berkeleylug.wordpress.com/​ 
 +Looks like the WordPress.com hosting is likely presently the $4.00/month billed yearly plan 
 +(looks like it has been prepaid and presently expires 2020-04-07: "​Expires on April 72020"​),​ 
 +notably includes:
 custom domain custom domain
 Remove WordPress.com Ads Remove WordPress.com Ads
Line 220: Line 211:
 Michael Paoli Michael Paoli
 Grant Bowman Grant Bowman
-Not that this calendar mostly only exists for historical purposes, and has mostly been superseded by:+Note that this calendar mostly only exists for historical purposes, and has mostly been superseded by:
 SF Bay Area Open Source/​Linux Events https://​calendar.google.com/​calendar/​embed?​src=caj9iea2ol69b7n2uqdek4ocso%40group.calendar.google.com&​ctz=America%2FLos_Angeles SF Bay Area Open Source/​Linux Events https://​calendar.google.com/​calendar/​embed?​src=caj9iea2ol69b7n2uqdek4ocso%40group.calendar.google.com&​ctz=America%2FLos_Angeles
-Which Michael Paoli (and many other folks) have access to Make changes to events.+Which Michael Paoli (and many other folks) have access to make changes to events.
  
 Fosstodon instance on Mastodon Fosstodon instance on Mastodon
berkeleylug/digital_resources.1553868784.txt.bz2 · Last modified: 2019-03-29T14:13:04+0000 by michael_paoli