Merge branch 'master' of git.deuxfleurs.fr:Deuxfleurs/site
This commit is contained in:
commit
9ff5e0be6a
4 changed files with 152 additions and 11 deletions
|
@ -6,15 +6,11 @@ Nous vous prodiguerons conseil, guidance, et hébergement pour que vos plus bell
|
||||||
|
|
||||||
## Plus en détail
|
## Plus en détail
|
||||||
|
|
||||||
Nous hébergeons gratuitement les sites dont l'adresse web ressemble à `monbeausite.deuxfleurs.fr`. Si vous souhaitez votre propre nom de domaine (par exemple `monbeausite.fr`), la location du nom de domaine sera à votre charge (~15-20€/an).
|
Nous avons de l'expérience en hébergement de sites fonctionnant avec [Wordpress](https://fr.wordpress.org/). C'est un système de gestion de contenu ([CMS](https://fr.wikipedia.org/wiki/Syst%C3%A8me_de_gestion_de_contenu) en anglais) qui permet de construire et d'administrer un site Internet *facilement et sans connaissances préalables*. Si Wordpress ne vous convient pas, on peut trouver ensemble une autre solution adaptée à vos besoins et envies.
|
||||||
|
|
||||||
Nous sommes compétents pour installer des sites fonctionnant avec [Wordpress](https://fr.wordpress.org/). C'est un système de gestion de contenu ([CMS](https://fr.wikipedia.org/wiki/Syst%C3%A8me_de_gestion_de_contenu) en anglais) qui permet de construire et d'administrer un site Internet *facilement et sans connaissances préalables*. Si Wordpress ne vous convient pas, on déterminera ensemble une solution adaptée à vos besoins et envies.
|
Nous assurons aussi la gestion de **sauvegardes de données** : en hébergeant vos données chez nous, vous avez la certitude de ne pas tout perdre en cas de pépin (tel que le décès prématuré d'un disque dur).
|
||||||
|
|
||||||
Nous assurons enfin la gestion de **sauvegardes de données** : en hébergeant vos données chez nous, vous avez la certitude de ne pas tout perdre en cas de pépin (tel que le décès prématuré d'un disque dur).
|
|
||||||
|
|
||||||
## En conclusion
|
## En conclusion
|
||||||
|
|
||||||
Venez chez nous ! On vous fera un havre numérique aux petits oignons. Aider Internet à retrouver sa diversité d'antan, c'est important pour nous. On veut voir des blogs en pagaille, des réseaux sociaux délaissés, des thèmes loufoques et la mort de l'uniformisation graphique.
|
Venez chez nous ! On vous fera un havre numérique aux petits oignons. Aider Internet à retrouver sa diversité d'antan, c'est important pour nous. On veut voir des blogs en pagaille, des réseaux sociaux délaissés, des thèmes loufoques et la mort de l'uniformisation graphique.
|
||||||
|
|
||||||
À terme, on demandera (sans doute) de s'inscrire à l'association pour être hébergé, mais pour le moment c'est gratuit et ouvert à tou.te.s, profitez-en !
|
|
||||||
|
|
||||||
|
|
|
@ -2,6 +2,146 @@
|
||||||
|
|
||||||
Store pile of bytes in your garage.
|
Store pile of bytes in your garage.
|
||||||
|
|
||||||
|
## Quickstart on an existing deployment
|
||||||
|
|
||||||
|
First, chances are that your garage deployment is secured by TLS.
|
||||||
|
All your commands must be prefixed with their certificates.
|
||||||
|
I will define an alias once and for all to ease future commands.
|
||||||
|
Please adapt the path of the binary and certificates to your installation!
|
||||||
|
|
||||||
|
```
|
||||||
|
alias grg="/garage/garage --ca-cert /secrets/garage-ca.crt --client-cert /secrets/garage.crt --client-key /secrets/garage.key"
|
||||||
|
```
|
||||||
|
|
||||||
|
Now we can check that everything is going well by checking our cluster status:
|
||||||
|
|
||||||
|
```
|
||||||
|
grg status
|
||||||
|
```
|
||||||
|
|
||||||
|
Don't forget that `help` command and `--help` subcommands can help you anywhere, the CLI tool is self-documented! Two examples:
|
||||||
|
|
||||||
|
```
|
||||||
|
grg help
|
||||||
|
grg bucket allow --help
|
||||||
|
```
|
||||||
|
|
||||||
|
Fine, now let's create a bucket (we imagine that you want to deploy nextcloud):
|
||||||
|
|
||||||
|
```
|
||||||
|
grg bucket create nextcloud-bucket
|
||||||
|
```
|
||||||
|
|
||||||
|
Check that everything went well:
|
||||||
|
|
||||||
|
```
|
||||||
|
grg bucket list
|
||||||
|
grg bucket info nextcloud-bucket
|
||||||
|
```
|
||||||
|
|
||||||
|
Now we will generate an API key to access this bucket.
|
||||||
|
Note that API keys are independent of buckets: one key can access multiple buckets, multiple keys can access one bucket.
|
||||||
|
|
||||||
|
Now, let's start by creating a key only for our PHP application:
|
||||||
|
|
||||||
|
```
|
||||||
|
grg key new --name nextcloud-app-key
|
||||||
|
```
|
||||||
|
|
||||||
|
You will have the following output (this one is fake, `key_id` and `secret_key` were generated with the openssl CLI tool):
|
||||||
|
|
||||||
|
```
|
||||||
|
Key { key_id: "GK3515373e4c851ebaad366558", secret_key: "7d37d093435a41f2aab8f13c19ba067d9776c90215f56614adad6ece597dbb34", name: "nextcloud-app-key", name_timestamp: 1603280506694, deleted: false, authorized_buckets: [] }
|
||||||
|
```
|
||||||
|
|
||||||
|
Check that everything works as intended (be careful, info works only with your key identifier and not with its friendly name!):
|
||||||
|
|
||||||
|
```
|
||||||
|
grg key list
|
||||||
|
grg key info GK3515373e4c851ebaad366558
|
||||||
|
```
|
||||||
|
|
||||||
|
Now that we have a bucket and a key, we need to give permissions to the key on the bucket!
|
||||||
|
|
||||||
|
```
|
||||||
|
grg bucket allow --read --write nextcloud-bucket --key GK3515373e4c851ebaad366558
|
||||||
|
```
|
||||||
|
|
||||||
|
You can check at any times allowed keys on your bucket with:
|
||||||
|
|
||||||
|
```
|
||||||
|
grg bucket info nextcloud-bucket
|
||||||
|
```
|
||||||
|
|
||||||
|
Now, let's move to the S3 API!
|
||||||
|
We will use the `s3cmd` CLI tool.
|
||||||
|
You can install it via your favorite package manager.
|
||||||
|
Otherwise, check [their website](https://s3tools.org/s3cmd)
|
||||||
|
|
||||||
|
We will configure `s3cmd` with its interactive configuration tool, be careful not all endpoints are implemented!
|
||||||
|
Especially, the test run at the end does not work (yet).
|
||||||
|
|
||||||
|
```
|
||||||
|
$ s3cmd --configure
|
||||||
|
|
||||||
|
Enter new values or accept defaults in brackets with Enter.
|
||||||
|
Refer to user manual for detailed description of all options.
|
||||||
|
|
||||||
|
Access key and Secret key are your identifiers for Amazon S3. Leave them empty for using the env variables.
|
||||||
|
Access Key: GK3515373e4c851ebaad366558
|
||||||
|
Secret Key: 7d37d093435a41f2aab8f13c19ba067d9776c90215f56614adad6ece597dbb34
|
||||||
|
Default Region [US]: garage
|
||||||
|
|
||||||
|
Use "s3.amazonaws.com" for S3 Endpoint and not modify it to the target Amazon S3.
|
||||||
|
S3 Endpoint [s3.amazonaws.com]: garage.deuxfleurs.fr
|
||||||
|
|
||||||
|
Use "%(bucket)s.s3.amazonaws.com" to the target Amazon S3. "%(bucket)s" and "%(location)s" vars can be used
|
||||||
|
if the target S3 system supports dns based buckets.
|
||||||
|
DNS-style bucket+hostname:port template for accessing a bucket [%(bucket)s.s3.amazonaws.com]: garage.deuxfleurs.fr
|
||||||
|
|
||||||
|
Encryption password is used to protect your files from reading
|
||||||
|
by unauthorized persons while in transfer to S3
|
||||||
|
Encryption password:
|
||||||
|
Path to GPG program [/usr/bin/gpg]:
|
||||||
|
|
||||||
|
When using secure HTTPS protocol all communication with Amazon S3
|
||||||
|
servers is protected from 3rd party eavesdropping. This method is
|
||||||
|
slower than plain HTTP, and can only be proxied with Python 2.7 or newer
|
||||||
|
Use HTTPS protocol [Yes]:
|
||||||
|
|
||||||
|
On some networks all internet access must go through a HTTP proxy.
|
||||||
|
Try setting it here if you can't connect to S3 directly
|
||||||
|
HTTP Proxy server name:
|
||||||
|
|
||||||
|
New settings:
|
||||||
|
Access Key: GK3515373e4c851ebaad366558
|
||||||
|
Secret Key: 7d37d093435a41f2aab8f13c19ba067d9776c90215f56614adad6ece597dbb34
|
||||||
|
Default Region: garage
|
||||||
|
S3 Endpoint: garage.deuxfleurs.fr
|
||||||
|
DNS-style bucket+hostname:port template for accessing a bucket: garage.deuxfleurs.fr
|
||||||
|
Encryption password:
|
||||||
|
Path to GPG program: /usr/bin/gpg
|
||||||
|
Use HTTPS protocol: True
|
||||||
|
HTTP Proxy server name:
|
||||||
|
HTTP Proxy server port: 0
|
||||||
|
|
||||||
|
Test access with supplied credentials? [Y/n] n
|
||||||
|
|
||||||
|
Save settings? [y/N] y
|
||||||
|
Configuration saved to '/home/quentin/.s3cfg'
|
||||||
|
```
|
||||||
|
|
||||||
|
Now, if everything works, the following commands should work:
|
||||||
|
|
||||||
|
```
|
||||||
|
echo hello world > hello.txt
|
||||||
|
s3cmd put hello.txt s3://nextcloud-bucket
|
||||||
|
s3cmd ls s3://nextcloud-bucket
|
||||||
|
s3cmd rm s3://nextcloud-bucket/hello.txt
|
||||||
|
```
|
||||||
|
|
||||||
|
That's all for now!
|
||||||
|
|
||||||
## Context
|
## Context
|
||||||
|
|
||||||
Data storage is critical: it can lead to data loss if done badly and/or on hardware failure.
|
Data storage is critical: it can lead to data loss if done badly and/or on hardware failure.
|
||||||
|
@ -39,6 +179,11 @@ Swift and Pithos are probably the most similar to AWS S3 with their consistent h
|
||||||
|
|
||||||
There was many attempts in research too. I am only thinking to [LBFS](https://pdos.csail.mit.edu/papers/lbfs:sosp01/lbfs.pdf) that was used as a basis for Seafile.
|
There was many attempts in research too. I am only thinking to [LBFS](https://pdos.csail.mit.edu/papers/lbfs:sosp01/lbfs.pdf) that was used as a basis for Seafile.
|
||||||
|
|
||||||
|
----
|
||||||
|
|
||||||
|
## Random notes
|
||||||
|
|
||||||
|
|
||||||
- Cassandra (ScyllaDB) for metadata
|
- Cassandra (ScyllaDB) for metadata
|
||||||
- Own system using consistent hashing for data chunks
|
- Own system using consistent hashing for data chunks
|
||||||
|
|
||||||
|
@ -59,7 +204,7 @@ _Remark 1_ I really like the Rabin fingerprinting approach however deduplication
|
||||||
|
|
||||||
_Remark 2_ Seafile idea has been stolen from this article: https://pdos.csail.mit.edu/papers/lbfs:sosp01/lbfs.pdf
|
_Remark 2_ Seafile idea has been stolen from this article: https://pdos.csail.mit.edu/papers/lbfs:sosp01/lbfs.pdf
|
||||||
|
|
||||||
#### Random notes
|
|
||||||
|
|
||||||
--> we should not talk about block. It is the abstraction that manipulate your FS to interact with your hard drive. "Chunk" is probably more appropriate. Block storage are a class of distributed storage where you expose the abstraction of your hard drive over the network, mainly SATA over ethernet, thinking to SCSI, FiberChannel, and so on
|
--> we should not talk about block. It is the abstraction that manipulate your FS to interact with your hard drive. "Chunk" is probably more appropriate. Block storage are a class of distributed storage where you expose the abstraction of your hard drive over the network, mainly SATA over ethernet, thinking to SCSI, FiberChannel, and so on
|
||||||
|
|
||||||
|
|
|
@ -69,7 +69,7 @@ Informations générales :
|
||||||
| Administration | Quentin et Maximilien |
|
| Administration | Quentin et Maximilien |
|
||||||
| Hébergement | 🏡 Maximilien |
|
| Hébergement | 🏡 Maximilien |
|
||||||
| Région | Île-de-France |
|
| Région | Île-de-France |
|
||||||
| FAI | Orange - ❌ IPv4 fixe, ❌ IPv4 publique, ❌ IPv6 fixe, ✅ IPv6 publique, ❌ SMTP, ❌ Reverse DNS |
|
| FAI | Free - ✅ IPv4 publique, ✅ IPv4 fixe, ✅ IPv6 fixe, ✅ IPv6 publique, ❌ SMTP, ❌ Reverse DNS |
|
||||||
|
|
||||||
Liste du matériel :
|
Liste du matériel :
|
||||||
|
|
||||||
|
|
|
@ -50,13 +50,13 @@ block content
|
||||||
|
|
||||||
article.frame
|
article.frame
|
||||||
p.right
|
p.right
|
||||||
em Par Quentin, le 20 avril 2020
|
em Par Tom, le 20 avril 2020
|
||||||
h4
|
h4
|
||||||
a(href="https://quentin.dufour.io/blog/2020-04-20/stopcovid/") StopCovid : anonymat et autorités
|
a(href="https://plume.deuxfleurs.fr/~/PiedDeVent/stop-covid-anonymat-et-autorit%C3%A9s") StopCovid : anonymat et autorités
|
||||||
p
|
p
|
||||||
| "StopCovid sera totalement anonyme. L'État ne pourra rien savoir sur vous." Non, c'est FAUX, l'État connaitra votre identité et pourrait vous assigner à résidence sans recours possible. Nous vous expliquons pourquoi en nous basant sur le document technique de l'application.
|
| "StopCovid sera totalement anonyme. L'État ne pourra rien savoir sur vous." Non, c'est FAUX, l'État connaitra votre identité et pourrait vous assigner à résidence sans recours possible. Nous vous expliquons pourquoi en nous basant sur le document technique de l'application.
|
||||||
|
|
|
|
||||||
a(href="https://quentin.dufour.io/blog/2020-04-20/stopcovid/") Lire la suite.
|
a(href="https://plume.deuxfleurs.fr/~/PiedDeVent/stop-covid-anonymat-et-autorit%C3%A9s") Lire la suite.
|
||||||
|
|
||||||
section
|
section
|
||||||
h2 # faisons connaissance
|
h2 # faisons connaissance
|
||||||
|
|
Loading…
Reference in a new issue