From e4595f9b395678ed55a9777b36aa7afae1070f2c Mon Sep 17 00:00:00 2001 From: LUXEY Adrien Date: Mon, 21 Sep 2020 08:33:04 +0200 Subject: [PATCH 1/8] edit Sites Web --- src/Guide/Sites web.md | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/src/Guide/Sites web.md b/src/Guide/Sites web.md index 6ee1f18..dd5469f 100644 --- a/src/Guide/Sites web.md +++ b/src/Guide/Sites web.md @@ -6,15 +6,11 @@ Nous vous prodiguerons conseil, guidance, et hébergement pour que vos plus bell ## Plus en détail -Nous hébergeons gratuitement les sites dont l'adresse web ressemble à `monbeausite.deuxfleurs.fr`. Si vous souhaitez votre propre nom de domaine (par exemple `monbeausite.fr`), la location du nom de domaine sera à votre charge (~15-20€/an). +Nous avons de l'expérience en hébergement de sites fonctionnant avec [Wordpress](https://fr.wordpress.org/). C'est un système de gestion de contenu ([CMS](https://fr.wikipedia.org/wiki/Syst%C3%A8me_de_gestion_de_contenu) en anglais) qui permet de construire et d'administrer un site Internet *facilement et sans connaissances préalables*. Si Wordpress ne vous convient pas, on peut trouver ensemble une autre solution adaptée à vos besoins et envies. -Nous sommes compétents pour installer des sites fonctionnant avec [Wordpress](https://fr.wordpress.org/). C'est un système de gestion de contenu ([CMS](https://fr.wikipedia.org/wiki/Syst%C3%A8me_de_gestion_de_contenu) en anglais) qui permet de construire et d'administrer un site Internet *facilement et sans connaissances préalables*. Si Wordpress ne vous convient pas, on déterminera ensemble une solution adaptée à vos besoins et envies. - -Nous assurons enfin la gestion de **sauvegardes de données** : en hébergeant vos données chez nous, vous avez la certitude de ne pas tout perdre en cas de pépin (tel que le décès prématuré d'un disque dur). +Nous assurons aussi la gestion de **sauvegardes de données** : en hébergeant vos données chez nous, vous avez la certitude de ne pas tout perdre en cas de pépin (tel que le décès prématuré d'un disque dur). ## En conclusion Venez chez nous ! On vous fera un havre numérique aux petits oignons. Aider Internet à retrouver sa diversité d'antan, c'est important pour nous. On veut voir des blogs en pagaille, des réseaux sociaux délaissés, des thèmes loufoques et la mort de l'uniformisation graphique. -À terme, on demandera (sans doute) de s'inscrire à l'association pour être hébergé, mais pour le moment c'est gratuit et ouvert à tou.te.s, profitez-en ! - From 8155860d22015cacd96de93d498111e0e910ba74 Mon Sep 17 00:00:00 2001 From: Maximilien R Date: Sat, 10 Oct 2020 11:44:59 +0200 Subject: [PATCH 2/8] =?UTF-8?q?Mercure=20passe=20de=20Orange=20=C3=A0=20Fr?= =?UTF-8?q?ee?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/Technique/Infra/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Technique/Infra/index.md b/src/Technique/Infra/index.md index c98584a..6d92080 100644 --- a/src/Technique/Infra/index.md +++ b/src/Technique/Infra/index.md @@ -69,7 +69,7 @@ Informations générales : | Administration | Quentin et Maximilien | | Hébergement | 🏡 Maximilien | | Région | Île-de-France | -| FAI | Orange - ❌ IPv4 fixe, ❌ IPv4 publique, ❌ IPv6 fixe, ✅ IPv6 publique, ❌ SMTP, ❌ Reverse DNS | +| FAI | Free - ✅ IPv4 publique, ✅ IPv4 fixe, ✅ IPv6 fixe, ✅ IPv6 publique, ❌ SMTP, ❌ Reverse DNS | Liste du matériel : From a548e46fa4d369b1afc979f35c143748986ee9f5 Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Mon, 12 Oct 2020 21:28:03 +0200 Subject: [PATCH 3/8] Fix lien StopCovid --- src/index.pug | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/index.pug b/src/index.pug index d82ea86..c809bd8 100644 --- a/src/index.pug +++ b/src/index.pug @@ -50,13 +50,13 @@ block content article.frame p.right - em Par Quentin, le 20 avril 2020 + em Par Tom, le 20 avril 2020 h4 - a(href="https://quentin.dufour.io/blog/2020-04-20/stopcovid/") StopCovid : anonymat et autorités + a(href="https://plume.deuxfleurs.fr/~/PiedDeVent/stop-covid-anonymat-et-autorit%C3%A9s") StopCovid : anonymat et autorités p | "StopCovid sera totalement anonyme. L'État ne pourra rien savoir sur vous." Non, c'est FAUX, l'État connaitra votre identité et pourrait vous assigner à résidence sans recours possible. Nous vous expliquons pourquoi en nous basant sur le document technique de l'application. | - a(href="https://quentin.dufour.io/blog/2020-04-20/stopcovid/") Lire la suite. + a(href="https://plume.deuxfleurs.fr/~/PiedDeVent/stop-covid-anonymat-et-autorit%C3%A9s") Lire la suite. section h2 # faisons connaissance From c21124b02ed124057708de4ce0a9ed3bfb284c11 Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Tue, 13 Oct 2020 12:16:02 +0200 Subject: [PATCH 4/8] Fix Garage page --- src/Technique/Développement/Garage.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/Technique/Développement/Garage.md b/src/Technique/Développement/Garage.md index 6297ad3..49bd4c6 100644 --- a/src/Technique/Développement/Garage.md +++ b/src/Technique/Développement/Garage.md @@ -39,6 +39,11 @@ Swift and Pithos are probably the most similar to AWS S3 with their consistent h There was many attempts in research too. I am only thinking to [LBFS](https://pdos.csail.mit.edu/papers/lbfs:sosp01/lbfs.pdf) that was used as a basis for Seafile. +---- + +## Random notes + + - Cassandra (ScyllaDB) for metadata - Own system using consistent hashing for data chunks @@ -59,7 +64,7 @@ _Remark 1_ I really like the Rabin fingerprinting approach however deduplication _Remark 2_ Seafile idea has been stolen from this article: https://pdos.csail.mit.edu/papers/lbfs:sosp01/lbfs.pdf -#### Random notes + --> we should not talk about block. It is the abstraction that manipulate your FS to interact with your hard drive. "Chunk" is probably more appropriate. Block storage are a class of distributed storage where you expose the abstraction of your hard drive over the network, mainly SATA over ethernet, thinking to SCSI, FiberChannel, and so on From d516fe5a3822e5114ae1ca4d45cbc6eb9fad4eec Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Wed, 21 Oct 2020 14:02:05 +0200 Subject: [PATCH 5/8] WIP Garage --- src/Technique/Développement/Garage.md | 75 +++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) diff --git a/src/Technique/Développement/Garage.md b/src/Technique/Développement/Garage.md index 49bd4c6..e352758 100644 --- a/src/Technique/Développement/Garage.md +++ b/src/Technique/Développement/Garage.md @@ -2,6 +2,81 @@ Store pile of bytes in your garage. +## Quickstart on an existing deployment + +First, chances are that your garage deployment is secured by TLS. +All your commands must be prefixed with their certificates. +I will define an alias once and for all to ease future commands. +Please adapt the path of the binary and certificates to your installation! + +``` +alias grg="/garage/garage --ca-cert /secrets/garage-ca.crt --client-cert /secrets/garage.crt --client-key /secrets/garage.key" +``` + +Now we can check that everything is going well by checking our cluster status: + +``` +grg status +``` + +Don't forget that `help` command and `--help` subcommands can help you anywhere, the CLI tool is self-documented! Two examples: + +``` +grg help +grg bucket allow --help +``` + +Fine, now let's create a bucket (we imagine that you want to deploy nextcloud): + +``` +grg bucket create nextcloud-bucket +``` + +Check that everything went well: + +``` +grg bucket list +grg bucket info nextcloud-bucket +``` + +Now we will generate an API key to access this bucket. +Note that API keys are independent of buckets: one key can access multiple buckets, multiple keys can access one bucket. + +Now, let's start by creating a key only for our PHP application: + +``` +grg key new --name nextcloud-app-key +``` + +You will have the following output (this one is fake, `key_id` and `secret_key` were generated with openssl CLI tool): + +``` +Key { key_id: "GK3515373e4c851ebaad366558", secret_key: "7d37d093435a41f2aab8f13c19ba067d9776c90215f56614adad6ece597dbb34", name: "nextcloud-app-key", name_timestamp: 1603280506694, deleted: false, authorized_buckets: [] } +``` + +Check that everything works as intended (be careful, info works only with your key identifier and not with its friendly name!): + +``` +grg key list +grg key info GK3515373e4c851ebaad366558 +``` + +Now that we have a bucket and a key, we need to give permissions to the key on the bucket! + +``` +grg bucket allow --read --write nextcloud-bucket --key GK3515373e4c851ebaad366558 +``` + +You can check at any times allowed keys on your bucket with: + +``` +grg bucket info nextcloud-bucket +``` + +Now, let's move to the S3 API! + + + ## Context Data storage is critical: it can lead to data loss if done badly and/or on hardware failure. From ef6304ca05c081eee763b629dd314758bb6014a8 Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Wed, 21 Oct 2020 14:18:21 +0200 Subject: [PATCH 6/8] Garage doc is now improved --- src/Technique/Développement/Garage.md | 66 ++++++++++++++++++++++++++- 1 file changed, 65 insertions(+), 1 deletion(-) diff --git a/src/Technique/Développement/Garage.md b/src/Technique/Développement/Garage.md index e352758..ae5471c 100644 --- a/src/Technique/Développement/Garage.md +++ b/src/Technique/Développement/Garage.md @@ -48,7 +48,7 @@ Now, let's start by creating a key only for our PHP application: grg key new --name nextcloud-app-key ``` -You will have the following output (this one is fake, `key_id` and `secret_key` were generated with openssl CLI tool): +You will have the following output (this one is fake, `key_id` and `secret_key` were generated with the openssl CLI tool): ``` Key { key_id: "GK3515373e4c851ebaad366558", secret_key: "7d37d093435a41f2aab8f13c19ba067d9776c90215f56614adad6ece597dbb34", name: "nextcloud-app-key", name_timestamp: 1603280506694, deleted: false, authorized_buckets: [] } @@ -74,8 +74,72 @@ grg bucket info nextcloud-bucket ``` Now, let's move to the S3 API! +We will `s3cmd`. +You can install it via your favorite package manager. +Otherwise, check [their website](https://s3tools.org/s3cmd) +We will configure `s3cmd` with its interactive configuration tool, be careful not all endpoints are implemented! +``` +$ s3cmd --configure + +Enter new values or accept defaults in brackets with Enter. +Refer to user manual for detailed description of all options. + +Access key and Secret key are your identifiers for Amazon S3. Leave them empty for using the env variables. +Access Key: GK100653a3e4878215661ac15d +Secret Key: 8434e334eeb668d4f18c118a3f289d8a902e623b39b76c06bd03a068c057519d +Default Region [US]: garage + +Use "s3.amazonaws.com" for S3 Endpoint and not modify it to the target Amazon S3. +S3 Endpoint [s3.amazonaws.com]: garage.deuxfleurs.fr + +Use "%(bucket)s.s3.amazonaws.com" to the target Amazon S3. "%(bucket)s" and "%(location)s" vars can be used +if the target S3 system supports dns based buckets. +DNS-style bucket+hostname:port template for accessing a bucket [%(bucket)s.s3.amazonaws.com]: garage.deuxfleurs.fr + +Encryption password is used to protect your files from reading +by unauthorized persons while in transfer to S3 +Encryption password: +Path to GPG program [/usr/bin/gpg]: + +When using secure HTTPS protocol all communication with Amazon S3 +servers is protected from 3rd party eavesdropping. This method is +slower than plain HTTP, and can only be proxied with Python 2.7 or newer +Use HTTPS protocol [Yes]: + +On some networks all internet access must go through a HTTP proxy. +Try setting it here if you can't connect to S3 directly +HTTP Proxy server name: + +New settings: + Access Key: GK3515373e4c851ebaad366558 + Secret Key: 7d37d093435a41f2aab8f13c19ba067d9776c90215f56614adad6ece597dbb34 + Default Region: garage + S3 Endpoint: garage.deuxfleurs.fr + DNS-style bucket+hostname:port template for accessing a bucket: garage.deuxfleurs.fr + Encryption password: + Path to GPG program: /usr/bin/gpg + Use HTTPS protocol: True + HTTP Proxy server name: + HTTP Proxy server port: 0 + +Test access with supplied credentials? [Y/n] n + +Save settings? [y/N] y +Configuration saved to '/home/quentin/.s3cfg' +``` + +Now, if everything works, the following commands should work: + +``` +echo hello world > hello.txt +s3cmd put hello.txt s3://nextcloud-bucket +s3cmd ls s3://nextcloud-bucket +s3cmd rm s3://nextcloud-bucket/hello.txt +``` + +That's all for now! ## Context From 522177c6ce06817339c88395d4d74005673129be Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Wed, 21 Oct 2020 14:21:13 +0200 Subject: [PATCH 7/8] Rotated leaked key, replace it with example one --- src/Technique/Développement/Garage.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Technique/Développement/Garage.md b/src/Technique/Développement/Garage.md index ae5471c..4de5bd4 100644 --- a/src/Technique/Développement/Garage.md +++ b/src/Technique/Développement/Garage.md @@ -87,8 +87,8 @@ Enter new values or accept defaults in brackets with Enter. Refer to user manual for detailed description of all options. Access key and Secret key are your identifiers for Amazon S3. Leave them empty for using the env variables. -Access Key: GK100653a3e4878215661ac15d -Secret Key: 8434e334eeb668d4f18c118a3f289d8a902e623b39b76c06bd03a068c057519d +Access Key: GK3515373e4c851ebaad366558 +Secret Key: 7d37d093435a41f2aab8f13c19ba067d9776c90215f56614adad6ece597dbb34 Default Region [US]: garage Use "s3.amazonaws.com" for S3 Endpoint and not modify it to the target Amazon S3. From 57bdda2c1297183b745fc4e367707e05f017caec Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Wed, 21 Oct 2020 14:28:08 +0200 Subject: [PATCH 8/8] Fix typo --- src/Technique/Développement/Garage.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/Technique/Développement/Garage.md b/src/Technique/Développement/Garage.md index 4de5bd4..de30943 100644 --- a/src/Technique/Développement/Garage.md +++ b/src/Technique/Développement/Garage.md @@ -74,11 +74,12 @@ grg bucket info nextcloud-bucket ``` Now, let's move to the S3 API! -We will `s3cmd`. +We will use the `s3cmd` CLI tool. You can install it via your favorite package manager. Otherwise, check [their website](https://s3tools.org/s3cmd) We will configure `s3cmd` with its interactive configuration tool, be careful not all endpoints are implemented! +Especially, the test run at the end does not work (yet). ``` $ s3cmd --configure