Archived
1
1

initial and only intended commit

This commit is contained in:
pifty 2020-07-11 10:11:19 +00:00
commit 7b2d7b24b9
751 changed files with 99882 additions and 0 deletions

7
bin/convert.sh Executable file
View File

@ -0,0 +1,7 @@
#!/bin/sh
mkdir ./dump 2> /dev/null
for f in $(find ./site-tutorials -name *.html); do
echo converting $f ...
perl bin/html2docuwiki.pl < $f > dump/$(basename $f).docuwiki
done

9
bin/html2docuwiki.pl Normal file
View File

@ -0,0 +1,9 @@
use strict;
use warnings;
use HTML::WikiConverter::DokuWiki ();
# slurp mode
$/ = undef;
my $html = <>;
print HTML::WikiConverter::DokuWiki->new( dialect => 'DokuWiki' )->html2wiki($html);

View File

@ -0,0 +1,5 @@
====== Gate One SSH Interface ======
SDF provides a HTTPS based SSH client using Gate One at [[https://ssh.sdf.org|ssh.sdf.org]]. This allows use of SSH behind networks that filter or block SSH traffic. It also maintains a persistent connection over unstable network connections.
$Id: Gate_One.html,v 1.1 2019/03/19 19:05:32 kj8am Exp kj8am $

View File

@ -0,0 +1,32 @@
====== Instant Messaging on SDF ======
On SDF you can use nearly all of the popular instant messaging protocols via fast and efficient text clients. Many users have set up scripts so that they can use various IM clients via their computers or wireless devices such as two way pagers, blackberry, palm pilots and cellphones, and you can too.
Some of the clients listed in this page are able to connect simultaneusly to various IM networks as centerim and finch (which is purple/pidgin based). Links are provided to web pages with detailed steps to connect to the various IM networks using the available clients at SDF
Also, some clients are not very actively maintained, so may not be able to connect to the networks they claim are able to connect to, your best bet are centerim and finch.
===== Available clients =====
(+) In AMD64 hosts. (*) In Alpha hosts.
^ ^ bsflite (+) ^ centericq (+) ^ centerim ^ ekg (+) ^ finch (*) ^ naim (+) ^ mcabber (+) ^
| AIM | YES | YES | YES | | YES | YES | |
| Gadu-Gadu | | YES | YES | YES | YES | | |
| [[http://sdf.org/?tutorials/jabber|Jabber/XMMP]] | | YES | YES | | YES | | YES |
| [[http://sdf.org/?tutorials/msn|MSN]] | | YES | YES | | YES | | |
| YAHOO | | YES | YES | | YES | | |
| ICQ | | YES | YES | | YES | | |
===== Bitlbee =====
Bitlbee is an IRC gateway to MSN, ICQ, Jabber, Yahoo, and AIM. It allows you to connect to these services using an irc client.
- connect with your favorite irc client to im.bitlbee.org.
- say "help" to the root nick, or just type help. everything you need is there.
===== A list of Instant Messaging libraries available =====
* p5-Net-AIM-1.22 - Implementation of the AOL Instant Messenger TOC protocol
* libyahoo-0.18.4 - Yahoo! Messenger client library
* ... $Id: InstantMessaging.html,v 1.2 2013/07/17 03:16:52 tcj Exp $

View File

@ -0,0 +1,32 @@
====== Instant Messaging on SDF ======
On SDF you can use nearly all of the popular instant messaging protocols via fast and efficient text clients. Many users have set up scripts so that they can use various IM clients via their computers or wireless devices such as two way pagers, blackberry, palm pilots and cellphones, and you can too.
Some of the clients listed in this page are able to connect simultaneusly to various IM networks as centerim and finch (which is purple/pidgin based). Links are provided to web pages with detailed steps to connect to the various IM networks using the available clients at SDF
Also, some clients are not very actively maintained, so may not be able to connect to the networks they claim are able to connec to, your best bet are centerim and finch.
===== Available clients =====
(+) In AMD64 hosts. (*) In Alpha hosts.
^ ^ bsflite (+) ^ centericq (+) ^ centerim ^ ekg (+) ^ finch (*) ^ naim (+) ^ mcabber (+) ^
| AIM | YES | YES | YES | | YES | YES | |
| Gadu-Gadu | | YES | YES | YES | YES | | |
| [[http://sdf.org/?tutorials/jabber|Jabber/XMMP]] | | YES | YES | | YES | | YES |
| [[http://sdf.org/?tutorials/msn|MSN]] | | YES | YES | | YES | | |
| YAHOO | | YES | YES | | YES | | |
| ICQ | | YES | YES | | YES | | |
===== Bitlbee =====
Bitlbee is an IRC gateway to MSN, ICQ, Jabber, Yahoo, and AIM. It allows you to connect to these services using an irc client.
- connect with your favorite irc client to im.bitlbee.org.
- say "help" to the root nick, or just type help. everything you need is there.
===== A list of Instant Messaging libraries available =====
* p5-Net-AIM-1.22 - Implementation of the AOL Instant Messenger TOC protocol
* libyahoo-0.18.4 - Yahoo! Messenger client library
* ... $Id: InstantMessenging.html,v 1.11 2011/02/08 21:32:28 clemens Exp $

193
dump/PPTP.html.docuwiki Normal file
View File

@ -0,0 +1,193 @@
====== Connecting to the SDF VPN with PPTP ======
===== Contents =====
* [[#overview|Overview]]
* [[#setup|Setting it up]]
* [[#xp|Connecting in Windows XP]]
* [[#vista|Connecting in Windows Vista]]
* [[#linux|Connecting in Linux]]
* [[#freebsd|Connecting in FreeBSD]]
* [[#osx|Connecting in Mac OS X]]
* [[#wrapup|The Wrap-up]]
===== Overview =====
The Virtual Private Network (VPN) provided by SDF has a number of uses. The most beneficial of that is to allow confidential communication over a public network. Basically, the SDF VPN will allow you (once routing is enabled) to communicate securely over an insecure connection such as a public Wireless Fidelity (Wi-Fi) network.
The major benefit of this over SSH forwarding/tunneling is that it is much easier to configure and automatically tunnels **all** connections leaving your computer, and not just those specifically configured for forwarding. Some may see this as a negative aspect of the VPN, however.
===== Setting it up =====
The SDF VPN is quite easy to set up. You must first choose a VPN plan that is right for you, based on assumed bandwidth usage. Pricing and more package information is available through the shell by typing '**vpn**' without the quotes.
Once you've been added to the VPN membership level (you'll receive an email notification of this), you must set up your VPN access by typing '**setvpn**' in the shell, without quotes. This will allow you to configure your VPN secret (password) for connecting.
You should make note of the VPN's IP address when setting up your secret.
Once you've configured your VPN account, it's time to connect. Continue reading below for step-by-step instructions on connecting to the VPN.
===== Connecting in Windows XP =====
- Open the Windows Control Panel.
- Open the Network Connections item in Control Panel. Generally you would click the "**Network and Internet Connections**" option, then click "**Network Connections**". A list of existing dial-up and LAN connections will be displayed.
- Click on the "**Create a new connection**" option from the left-hand side of the window. The Windows XP New Connection Wizard will come up.
- Click the "**Next**" option to begin the wizard. Then choose the "**Connect to the network at my workplace**" option from the list and click "**Next**".
- On the Network Connection page of the wizard, choose the "**Virtual Private Network connection**" option and click "**Next**".
- Choose a name for this connection on the "**Connection Name**" screen. Windows will use this to reference the VPN connection.
- Choose an option on the "**Public Network**" screen and click "**Next**". The default option, "**Automatically dial this initial connection**" can be used if the VPN connection will always be initiated when the computer is not already connected to the Internet. Otherwise, choose the "**Do not dial the initial connection**" option. This requires that the public Internet connection be established first, before this new VPN connection will be initiated. **Choose this option.**
- Enter the IP address for the VPN on the "**VPN Server Selection**" screen. This is obtained via the '**setvpn**' command (without quotes) in the shell.
- Choose an option on the "**Connection Availability**" screen and click "**Next**". The default option, "**My Use Only**", ensures that Windows will make this VPN connection available only to the user that is currently logged in to the computer. If you don't want this, select the "**Anyone's use**" option.
- Click "**Finish**" to complete the wizard. You may wish to select the option to create a desktop shortcut for easy access. The information for the VPN connection will be saved for current and/or future use.
===== Connecting in Windows Vista =====
Connecting to the VPN is slightly different in Windows Vista. Please use these instructions to connect to SDF's VPN through Vista.
- Click on the "**Start**" button and then choose "**Connect to**".
- Click on the "**Set up a connection or network**" option on the window that follows. It's near the bottom.
- On the window that comes up, scroll down and click on the "**Connect to a workplace**" option. Then click "**Next**".
- A question asking "**Do you want to use a connection you already have?**" may appear. Select "**No, create a new connection.**" if it does and then click "**Next**".
- Next you'll be asked "**How do you want to connect?**" Select "**Use my Internet connection (VPN)**".
- You'll then be asked for the Internet address. Enter the address you remembered when accessing '**setvpn**' (without quotes) in the SDF shell.
- Enter a name for this VPN connection in the "**Destination name:**" field. This is how Windows Vista will reference the VPN.
- If you don't want to connect immediately, check the "**Do not connect now; just set it up so I can connect later.**" option.
- Do not check the "**Use a smart card.**" option.
- When finished, click "**Next**"
- You'll then configure the username and password needed to authenticate to the VPN. The username is your SDF username and the password is the secret you set up via the '**setvpn**' command in the shell.
- Leave the "**Domain**" field blank.
- Click the "**Create**" button once you are done. You should then see a window pop up saying that "**The connection is ready to use.**" Click on "**Close**".
===== Connecting in Linux =====
- Make sure PPP and PPTP are installed. The can be accomplished in Debian or Ubuntu by entering '**sudo apt-get install pptp-linux**' into a terminal.
- Create a file named sdfpptp in /etc/ppp/peers by entering '**sudo gedit /etc/ppp/peers**'. Replace gedit with your choice of text editor. Add the following to the file: (Be sure to replace **//username//** with your username.)\\ \\ Note: Make sure to replace **//IP Address//** with the IP address/hostname provided when running '**setvpn**' in the shell.\\
remotename sdfpptp
linkname sdfpptp
ipparam sdfpptp
pty "pptp --loglevel 0 **//IP Address//** --nolaunchpppd"
name **//username//**
refuse-eap
refuse-pap
refuse-chap
refuse-mschap
require-mppe
nomppe-stateful
require-mppe-128
nomppe-40
noauth
nodetach
lock
bsdcomp 9,15
deflate 9,15
idle 0
- Save the file.
- Edit /etc/ppp/chap-secrets by entering '**sudo gedit /etc/ppp/chap-secrets**'. Add the line **//username// stfpptp //password// *** replacing //username// and //password// with your SDF username and your password set by **'setvpn'**.
- Make sure a specific route to the VPN exists. Run '**sudo route add **//VPN-IP//** gw **//GW-IP//****' replacing **//VPN-IP//** with the IP address/hostname provided when running '**setvpn**', and replace **//GW-IP//** with your gateway IP address. If you do not know the IP address of your gateway, enter '**route**'. It is the gateway IP next to the destination **default**.
- Enter '**sudo pppd call sdfpptp**' into a terminal. Wait for it to show the local and remote IP addresses. You should now be connected. Do not close the terminal until you are ready to disconnect.
- Open another terminal. Enter '**sudo route add -net 192.94.73.0/24 dev ppp0**'. This will route all your connections to SDF through the VPN.
Alternatively to steps 5 and 6, you might use a wrapper script like this:\\
#!/bin/bash
SDFVPNHOST=**//IP Address//**
RT=`ip route get $SDFVPNHOST | head -1`
DEV=`echo $RT | awk '{while ($num != "dev") {num++}{print $(num+1)}}'`
VIA=`echo $RT | awk '{while ($num != "via") {num++}{print $(num+1)}}'`
ip route add $SDFVPNHOST via $VIA dev $DEV
ip route add $SDFVPNHOST via $VIA dev $DEV table sdftun
pppd call sdfpptp
ip route del $SDFVPNHOST via $VIA dev $DEV
ip route del $SDFVPNHOST via $VIA dev $DEV table sdftun
This automatically detects the default gateway and adds appropriate routes, starts the VPN and deletes the routes after VPN has been stopped. If you do not use a custom routing table dedicated to the SDF VPN you should delete the lines ending in "table sdftun".\\
==== GUI Setup With NetworkManager ====
Any of the newer Linux distros that use NetworkManager (Debian, Ubuntu, Fedora, etc.) on their default desktops have a GUI interface to PPTP VPN configuration. You'll need to install a package to get this capability (although this now seems to be included in the latest Ubuntu 10.10 release):
Fedora:
yum install NetworkManager-pptp
Debian/Ubuntu:
apt-get install network-manager-pptp
Once installed, restart the NetworkManager service (///etc/init.d/NetworkManager restart//) and left-click on the network manager icon in your taskbar. Highlight **VPN Connections** and click on **Configure VPN**:
{{tutorials/images/vpn1.png|Network Manager - Overview Settings}}\\ {{tutorials/images/vpn4.png|Network Manager - VPN Settings Overview}}
Click on the **Add** button, and choose **Point-to-Point Tunneling Protocol (PPTP)**, then click **Create**. Fill out the **User name**, **Password** and **Gateway** fields with appropriate values ([[#setup|from when you ran //setvpn//]]):
{{tutorials/images/vpn2.png|Network Manager Settings - VPN Settings Detail}}
Now click on **Advanced**:
{{tutorials/images/vpn3.png|Network Manager Settings - Advanced VPN Details}}
Under **Authentication**, **de-select all the methods except MSCHAPv2**. Then select **Use Point-to-Point Encryption (MPPE)** and choose **128-bit (most secure)** in the **Security** dropdown. Click **OK**, then **Apply** and close all other configuration dialogs. Now when you left-click on the network manager icon, you should have your PPTP VPN listed under **VPN Connections**. Just select it and wait. If it is successful, you'll see a little lock icon appear over the usual network manager icon. If not, check your system log for errors. This will be ///var/log/messages// or ///var/log/syslog//, depending on your distro.
==== A Note on Routing ====
If you use network manager, all traffic will be routed through the PPTP VPN for you once you are connected. If that's not what you want, you can click on **IPV4 Settings** and then **Routes** to have simple static routes added for you automatically when the VPN connects. You can also check **Use this connection only for resources on this network**, which in our case means only connections to SDF hosts will be encrypted.
{{tutorials/images/vpn5.png|Network Manager Settings - Add Routes}}
===== Connecting in FreeBSD =====
* Install mpd4 from ports or packages.
* Add the following section to your /usr/local/etc/mpd4/mpd4.conf: sdfvpn: new -i ng1 sdfvpn sdfvpn set iface disable on-demand set iface idle 0 # disconnect the client after 8 hours set iface session 28800 set iface route 10.0.0.0/24 set iface route default set bundle disable multilink set auth authname "USERNAME" set auth password "PASSWORD" set link yes acfcomp protocomp set link no eap set link no pap set link accept chap set link mtu 1460 set link keep-alive 10 75 set ipcp yes vjcomp set ipcp ranges 0.0.0.0/0 set ipcp yes req-pri-dns req-sec-dns # # The five lines below enable Microsoft Point-to-Point encryption # (MPPE) using the ng_mppc(8) netgraph node type. # set bundle yes compression set ccp yes mppc set ccp yes mpp-compress set ccp yes mpp-e128 #set bundle accept crypt-reqd set ccp yes mpp-stateless open
* You will have to replace three (3) things in this config:
- Your USERNAME
- Your PASSWORD
- The local address of SDF's VPN host. This can be found in /etc/hosts on SDF. The local IP will start with 10.0.0, but have the same last octet as the public IP. '
* Add this in your /usr/local/etc/mpd4/mpd4.links file: sdfvpn: set link type pptp set pptp peer set pptp enable originate outcall set pptp disable incoming
* You will have to replace one (1) thing in this config:
- The public address of SDF's VPN host. You can get this by running setvpn at the shell.
* Now, as root, run mpd4 sdfvpn.
* You should now be connected to SDF over a layer 3 tunnel across the Internet.
* Your new routes are only for SDF's hosts, and use their internal IP addresses. These are the 10.0.0.x ones. I'm working on how to route to the public ones over the VPN without creating a routing loop to the VPN host. I copied SDF's /etc/hosts file to my machine so that I can run 'ssh sdf1' to connect through the tunnel.
===== Connecting in Mac OS X =====
- Open /Applications/Internet Connect.app
- Click on the **VPN** button.
- Click on the Configuration dropdown and go to "**Edit Configurations...**"
- Press the **+** button at the bottom left of the window to add a configuration.
- Under "**Description**" put whatever you want. SDF VPN is a good choice.
- Under the "**Server Address**," Enter the IP address for the VPN on the "**VPN Server Selection**" screen. This is obtained via the '**setvpn**' command (without quotes) in the shell.
- Under Username put your SDF username and the password is the secret you set up via the '**setvpn**' command in the shell.
- Choose "**Automatic**" encryption.
- Click "**OK**".
- Then, whenever you want to connect you can return to this **Internet Connect Application** and go to the VPN, choose the SDF VPN and click connect. Optionally, you can click "**Show VPN status in the menu bar**" and you can connect to the VPN from the menu bar icon.
===== Connecting On An iPad =====
- Log into SDF and run the 'setvpn' command.
- Hit 'p' to set up your password.
- Enter your password twice. The password must be 14 characters or less, and ideally should contain letters, numbers, upper and lower case, and a special symbol, though there are no actual complexity requirements.
- After you have set up your password, the setvpn wizard will tell you what IP address to connect to. It will be 192.94.73.X. Write this whole IP address down. You will need it in a later step.
- Hit 'q' to exit the configuration.
- Turn on your iPad and go to the Settings.
- Go into the Network subsection.
- Go into the VPN subsection. This will bring up the 'Add Configuration' window.
- Select "PPTP" at the top.
- In the Description field, label this connection something useful to identify it, such as 'SDF VPN'.
- In the 'Server' field, put in the IP address that you wrote down earlier.
- In the 'account' field, put your SDF user name.
- In the 'Password' field, put the password that you set up while running the setvpn wizard in the set above. This will cause the iPad to remember your password for you. If you wish to type it in each time you connect, leave this field blank.
- Set the encryption level to 'Maximum'
- Leave the 'Send All Traffic' slider set to 'On', unless you specifically want to (and know how to) set up VPN usage in individual applications.
- Hit the 'Save' button at the top
- To turn on VPN, slide the VPN slider to 'On' for the connection called SDF and open the browser. Connect to http://whatsmyip.org and verify that the IP address it shows as your source.
===== The wrap-up =====
Now that you have your VPN configured to connect, make sure that you don't forget to use it! Using the VPN while connected through a public access network (or even your home network!) will tunnel all connections through SDF and out to the Internet (once routing is enabled). Please make sure to use the VPN responsibly, as all actions and activity will be traced back to SDF.
Enjoy!
----
$Id: PPTP.html,v 1.2 2011/06/15 15:51:32 avoyager Exp $

View File

@ -0,0 +1,94 @@
====== Building a Basic Ruby on Rails Application ======
* **Part I: Getting Started**
* [[#introduction|Introduction]]
* [[#creating_project|Creating a Rails Project]]
* [[#building_model|Building The Data Model]]
* [[#quick_demo|A Quick Demonstration!]]
* **Part II: Layout and Design**
* **Part III: Making it Better**
* **Appendix**
* [[#appendix_sdf_utils|Appendix A: SDF Utility Scripts]]
* [[#appendix_database_conf|Appendix B: Configuring A Database]]
----
===== Introduction =====
[ To Be Written ]
===== Creating a Rails Project =====
All rails applications reside in their own directory tree. This tree is automatically generated by the '"rails"' command ( '"man rails "' for more information ). To create our project's directory structure, execute the following:
" (alterego@sverige)# rails ~/html/bookmarks --database=sqlite3\\ (alterego@sverige)# ln -s bookmarks ~/html/rails\\ (alterego@sverige)# cd ~/html/rails "
The first command creates our project's directory tree under the '"~/html/bookmarks"' directory. Then we create a symlink from this directory, to '"~/html/rails"' so that the SDF utility scripts will be able to find, and work with this project. ( [[#appendix_sdf_utils| More info]] )
The '"--database=sqlite3"' argument to the '"rails"' executable, informs Rails to configure the new project to use an SQLite3 database backend. If you have 'dba' membership then you can use MySQL as your backend by substituting '"sqlite3"' with '"mysql"'. This tutorial will however focus in using SQLite3 as it is available to all MetaARPA members. If you are going to use MySQL as your database backend, then you'll have to read [[#appendix_database_conf|this]] in order to configure your backend properly.
The final command changes your working directory to your new projects' root. The rest of the commands in this tutorial rely on you being at this location in order to execute correctly.
===== Building The Data Model =====
Now we are sitting in our nice new Rails project's root directory, we can start building our application. The most important thing in any database driven application like this one, is the data model. It specifies what data our application interacts with, and //how// we interact with it.
In this application, we only have one data type, that is a 'Link', this link must have a name, some descriptive information and the target URI. Normally at this stage you'd have to roll-up your sleaves and write one of those fugly SQL statements to create your table. Not us, Rails has cunningly abstracted database interaction for us, so no more SQL! In order to create our mode we must run this command:
" (alterego@sverige)# ruby script/generate model link "
This command line executes the Ruby script, '"script/generate"'. The '"generate"' script is extremely useful, it automates the process of creating files to add specific functionality to our applications. You can tell what operations a '"generate"' command has performed by reading it's output. This command created the two files required to create our 'Link' model.
Next we need to edit the '"db/migrate/001_create_links.rb"' file. Files located under the '"db/migrate"' directory are used to perform revision changes on your project's database. This file will allow us to specify our databases table without the need for any SQL, and, if required, roll our database back to before this migration occured.
==== Edit '"db/migrate/001_create_links.rb"' ====
class CreateLinks &lt; ActiveRecord::Migration
def self.up
create_table :links do |t|
t.column :name, :string
t.column :info, :string
t.column :url, :string
end
end
def self.down
drop_table :links
end
end
Now we've specified our '"links"' table's structure. We have to commit the revision in order to create the table. To do this execute the following:
" (alterego@sverige)# rake db:migrate "
Going into the details of this command is way outside the scope of this document, I wouldn't have used it in this tutorial if it wasn't for it being such an easy way to generate a database across different backends.
[[| ]]
===== A Quick Demonstration! =====
Before we move on to defining the application controller, I thought I would try and impress you with Rails magic. The next two commands will allow you to list, view, edit and delete items from your database through your web browser:
" (alterego@sverige)# ruby script/generate scaffold link\\ (alterego@sverige)# ruby script/server -p `id -u` "
Right, those two commands did quite a bit. The first one generated a basic set of HTML templates and application logic. The second command started a web server, written in Ruby, running on a port that was specified from your userid. You'll notice on the second line of output from the '"server "' script, the address that it has bound itself too, along with the port number ( your user id ) it is running on in standard URI format.
So, open up a web browser, and point it to '"http://sverige.freeshell.org:[ YOUR USER ID ]"' substituting your user id. Your browser should open 'Ruby on Rails: Welcome aboard' page. This just indicates that the Rails environment and server are running. Now, go back to your browsers' address bar, and append '"/links"' after your user id. Your browser should now show a rather rubbish looking list view, with no elements.
At this point it will probably be a good idea to play around and add some items as we'll need them for the next sections. Besides, I need to make myself a drink ...
===== To Be Continued ... =====
----
===== Appendix A: SDF Utility Scripts =====
There are two utility scripts written specifically for Rails applications on SDF. The first 'ror' toggles whether the Rails project under '" ~/html/rails"' has it's server started when the syste boots. The second script 'railsctl', is start/stop daemon, which starts or stops the Rails project located in the standard SDF project location.
As you may want to play with multiple Rails projects, it doesn't really matter where you put them, or what you call them. But if you plan on using the SDF utility scripts, which is a good idea if you want to host your project, then it's probably a good idea to symlink your current project directory to '"~/html/rails"'
===== Appendix B: Configuring A Database =====
[ To Be Written ]
$Id: Rails_Basic_Application.html,v 1.2 2006/12/31 14:27:54 alterego Exp $

View File

@ -0,0 +1,175 @@
====== Ruby on Rails on SDF ======
----
===== Content =====
* [[#whatisrails|What is Rails?]]
* [[#prerequisites|Prerequisites]]
* [[#starting|Getting started]]
* [[#hello|Hello, world!]]
* [[#maintenance|Maintenance and Utility Scripts]]
----
===== [[|What is Rails?]] =====
[[http://www.rubyonrails.org/|Ruby on Rails]] is a WebDev framework written in the [[http://www.ruby-lang.org/|Ruby]] programming language.
===== [[|Prerequisites]] =====
* You must be a MetaARPA member to use Rails (see [[http://sdf.lonestar.org/index.cgi?access|memberships]] page).
* Most Rails applications use a database, so you'll probably want dba membership as well (see [[http://sdf.lonestar.org/index.cgi?access|memberships]] page). However MetaARPA members may use sqlite if they so desire.
===== Getting started =====
**Step 1:** Run "mkhomepg" if you have not already done so (see the [[http://sdf.lonestar.org/index.cgi?tutorials/building_a_website|building_a_website]] tutorial for more information on the "mkhomepg" command).
**Step 2:** Use the rails command to construct the base for your new rails application:
$ cd $HOME/html
$ rails rails
create
create app/controllers
create app/helpers
create app/models
create app/views/layouts
create config/environments
create components
create db
create doc
create lib
create lib/tasks
create log
create public/images
create public/javascripts
create public/stylesheets
create script/performance
create script/process
create test/fixtures
create test/functional
create test/integration
create test/mocks/development
create test/mocks/test
create test/unit
create vendor
create vendor/plugins
create tmp/sessions
create tmp/sockets
create tmp/cache
create Rakefile
create README
create app/controllers/application.rb
create app/helpers/application_helper.rb
create test/test_helper.rb
create config/database.yml
create config/routes.rb
create public/.htaccess
create config/boot.rb
create config/environment.rb
create config/environments/production.rb
create config/environments/development.rb
create config/environments/test.rb
create script/about
create script/breakpointer
create script/console
create script/destroy
create script/generate
create script/performance/benchmarker
create script/performance/profiler
create script/process/reaper
create script/process/spawner
create script/runner
create script/server
create script/plugin
create public/dispatch.rb
create public/dispatch.cgi
create public/dispatch.fcgi
create public/404.html
create public/500.html
create public/index.html
create public/favicon.ico
create public/robots.txt
create public/images/rails.png
create public/javascripts/prototype.js
create public/javascripts/effects.js
create public/javascripts/dragdrop.js
create public/javascripts/controls.js
create public/javascripts/application.js
create doc/README_FOR_APP
create log/server.log
create log/production.log
create log/development.log
create log/test.log
It has become SDF policy to have the project that you want to be served under '$HOME/html/rails' in actuality you can locate the rails project directory anywhere and call it what you like. The 'railsctl' and 'ror' command expect the project that you want to host to be located in the afore-mentioned directory. So, if you want your server to be started when the host starts and 'railsctl' to find your project then you should symlink your current project to that location, or use that location.
**step 3:**
Start the webrick server on the port that is equal to your uid, which you can obtain by executing 'id -u':
$ railsctl start
- or -
$ ruby $HOME/html/rails/my_first_project/script/server -p `id -u`
=&gt; Booting WEBrick...
=&gt; Rails application started on http://0.0.0.0:60844
=&gt; Ctrl-C to shutdown server; call with --help for options
Then point your browser at "http://yourdomain:&lt;YOUR UID&gt;" You should now be looking at the default 'Welcome to Rails page'. Now you can begin to develop your rails app.
===== [[|Hello, world of Rails!]] =====
Rails is a Model-View-Controller framework. Rails accepts incoming requests from a browser, decodes the request to a controller, and calls an action method in that controller. The controller then invokes a particular view to display the results to the user. The good news is that Rails takes care of most of the internal plumbing that links all these actions. To write our simple Hello, World! application, we need code for a controller and a view. We don't need code for a model, because we're not dealing with any data. Let's start with the controller.
In the same way that we used the rails command to create a new Rails application, we can also use a generator script to create a new controller for our project. This command is called generate, and it lives in the script subdirectory of the my_first_project project we created. So, to create a controller called Say, we make sure we're in the my_first_project directory and run the script, passing in the name of the controller we want to create.
$ ruby $HOME/html/rails/my_first_project/script/generate controller Say
exists app/controllers/
exists app/helpers/
create app/views/say
exists test/functional/
create app/controllers/say_controller.rb
create test/functional/say_controller_test.rb
create app/helpers/say_helper.rb
The script logs the files and directories it examines, noting when it adds new Ruby scripts or directories to your application. For now, we're interested in one of these scripts and (in a minute) the new directory. The source file we'll be looking at is the controller. You'll find it in the file app/controllers/say_controller.rb. Let's have a look at it.
class SayController &lt; ApplicationController
end
Pretty minimal, eh? SayController is an empty class that inherits from ApplicationController, so it automatically gets all the default controller behavior. Let's spice it up. We need to add some code to have our controller handle the incoming request. What does this code have to do? For now, it'll do nothing. We simply need an empty action method.
Let's add an action called hello to our say controller. Adding a hello action means creating a method called hello in the class SayController. But what should it do? For now, it doesn't have to do anything. Remember that a controller's job is to set up things so that the view knows what to display. In our first application, there's nothing to set up, so an empty action will work fine. Use your favorite editor to change the file say_controller.rb in the app/controllers directory, adding the hello method as shown.
class SayController &lt; ApplicationController
def hello
end
end
Now let's try calling it. Navigate to the URL "http://yourdomain:60844/say/hello" in a browser window. (Note that in the development environment we don't have any application string at the front of the path - we route directly to the controller.) You'll see something that looks like an error.
It might be annoying, but the error is perfectly reasonable (apart from the weird path). We created the controller class and the action method, but we haven't told Rails what to display. And that's where the views come in. Remember when we ran the script to create the new controller? The command added three files and a new directory to our application. That directory contains the template files for the controller's views. In our case, we created a controller named say, so the views will be in the directory app/views/say. To complete our Hello, World! application, let's create a template. By default, Rails looks for templates in a file with the same name as the action it's handling. In our case, that means we need to create a file called hello.rhtml in the directory app/views/say. (Why .rhtml? We'll explain in a minute.) For now, let's just put some basic HTML in there.
&lt;html&gt;&lt;head&gt;&lt;title&gt;Hello, Rails!&lt;/title&gt;&lt;/head&gt; &lt;body&gt;
&lt;h1&gt;Hello from Rails and SDF!&lt;/h1&gt; &lt;/body&gt; &lt;/html&gt;
Save the file hello.rhtml, and refresh your browser window. You should see it display our friendly greeting. Notice that we didn't have to restart the application to see the update. During development, Rails automatically integrates changes into the running application as you save files.
===== [[|Maintenance and Utility Scripts]] =====
There are currently two main scripts that MetaARPA members can run to manage their RoR instance. The first is //ror// which is used to toggle automatic startup of your RoR instance upon system boot. The second is //railsctl// which allows you to //start//, //stop// and //restart// your RoR instance.
----
==== Footnotes: ====
[[#uid|<sup>1</sup>]]Use the "id" command to find your uid
$ id
uid=60844(phm) gid=500(arpa) groups=500(arpa),600(MetaARPA)
// Note: if you do not see metaARPA here you're not in the metaARPA group and Rails won't work for you. //
----
$Id: Ruby_on_Rails.html,v 1.7 2006/12/29 06:54:24 phm Exp $

181
dump/SSH-SDF.html.docuwiki Normal file
View File

@ -0,0 +1,181 @@
====== Using SSH for connections/transfer to/from SDF ======
===== Contents =====
* Overview
* [[#sdf|SDF issues]]
* ssh and [[#port_tunneling|port tunneling]]
* [[#public_key|public key]] authentication
* [[#socks|socks tunneling]] from a school/uni network
===== Overview =====
This tutorial discusses some important points concerning use of SSH for encrypted traffic to and from SDF. Your first source for information are the manpages: "man ssh" - read them, if you want to make good use of "ssh" and company!
//Note: this text has been assembled from articles written by several users; therefore, layout and wording may vary, and topics can be referred at several places.//
SSH stands for Secure SHell, and is a replacement for telnet, to permit secure terminal connections. The system mainly consists of the following programs:
"ssh"This is the main program, used for direct terminal connections to a remote computer. In principle it is used like "ssh remoteuser@some.remote.host"."scp"This is a replacement for ftp or rcp, and permits secure copying of files to and from a remote computer. Its basic syntax is "scp localfile remoteuser@some.remote.host:remotefile" to copy a file //to// the remote computer, and "scp remoteuser@some.remote.host:remotefile localfile" to copy a file //from// the remote computer. Note that you can also use wildcards in the remote and local file description (which may need quotes around the remote file name, depending on your shell). "sftp"This is a replacement for ftp, permitting listing of a remote file system and copying to and from it. It has more capabilities than scp, but needs a remote service running under ssh. In principle it is used like "sftp remoteuser@some.remote.host".
On the client side, a lot of programs are available; you may be best off by using a search engine with the keywords "ssh client" and your local operating system.
===== SDF issues =====
Here we discuss some peculiarities concerning SDF and SSH.
==== file and directory permissions ====
[[#public_key|Public key authentication]] will not work, if the home directory ("$HOME") or the user's ssh directory "$HOME/.ssh" are world writable. Your home directory should never be world writable, anyway!
To make sure you have the right permissions, execute the following command in the shell while logged into your account:\\ "chmod go-w $HOME $HOME/.ssh"
You should look up "chmod" in the manpages, if you don't understand this command.
===== special topics =====
==== How to enable Port Tunneling and Why ====
=== What is port tunneling good for ===
Port tunneling is the ability to tunnel from your internet point for presence back to SDF servers and use the SDF servers like a [[http://en.wikipedia.org/wiki/SOCKS|Socks 4 Proxy]]. This allows your connection to be encrypted via SSL between your internet access point and SDF. This allows your traffic to be more secure if you are on a public internet access point
=== What tools are needed ===
* A good SSH Client that allows tunneling ([[http://www.putty.nl/|PuTTY]] in my examples)
* Any software package that understands SOCKS 4 ([[http://www.ceruleanstudios.com/|Trillian]] in my example)
* [[http://sdf.lonestar.org/index.cgi?faq?MEMBERS?01|MetaARPA]] membership
=== How to set up PuTTY ===
First you need to connect to a SSL enabled SDF server: otaku.freeshell.org on port 443. {{tutorials/images/PuTTY1.gif?456x435|putty screenshot 1}}\\ Then you need to configure the port to tunnel on your local machine. Generally Socks proxies use port 1080 so that is a good port. Click on the Tunnels category and configure the tunnel as shown below. {{tutorials/images/PuTTY2.gif?456x435|putty screenshot 2}}\\ Click on the "Add" button and you should see the screen as listed below. {{tutorials/images/PuTTY3.gif?456x435|putty screenshot 3}}\\ Then go back to session and name and save the session. Click connect and the tunnel should become active.
=== How to use the Tunnel you just enabled ===
I am now going to configure Trillian (A great multi IM chat program) to use the Tunnel. It should be obvious how to configure other applications from these screenshots. \\ First click on the "Trillian Prefernces" and select "Advanced Preferences". Select "Proxy" If you want all your chat services to use the proxy select use one setting for all services checkbox. Otherwise configure this on each service you want to encrypt over the tunnel. {{tutorials/images/Trillian.gif?730x530|Trillian screenshot 1}}\\ Click on "Close". Now your service should be able to connect through the tunnel. Again this will encrypt all traffic from your Internet Access Point to SDF. Once it leaves SDF it will no longer be encrypted (Unless you are hitting a HTTPS page or something already encrypted). \\ \\ Technically any program that supports a Socks 4 proxy can be used with the tunnel.
==== SSH Public Key Authentication ====
These instructions attempt to explain the basic concepts of SSH Public Key Authentication, what it is, and the steps required to use it.
//Note: Please make sure to have set the [[#sdf_permissions|correct permissions]] in your SDF account, before attempting to set up public key authentication!// Also note that there is another way of doing this, explained further down by another user. Your mileage may vary!
Logging in with SSH key authentication means that you do not have to use your SDF account password. Instead, you generate a 'key' -- which is two long strings of characters stored in a pair of files -- and these files are used to verify that you are who you say you are. Since your key can reliably identify you, you can authorize the user of this key (you, hopefully) to log in to your SDF account. You can authorize any key you wish, and adding someone's key would allow them to log in to your SDF account, without even using or knowing your password.
This may sound insecure or easily exploitable. In fact though, due to much research and theory, it can be very secure. Notice "can be" in that last sentence. The key files are taking the place of a password in proving to the server that you're really you. Just like you have to keep passwords secret, the strength of this method relies on you following certain guidelines. You will generate a pair of mathematically related keys: one public and the other private. **You should never give out your private key, nor should you make the file that contains it readable by any other user. This would be like storing your password in a world-readable file.** Only your *public* key will be listed on the server. Ensuring that your private key remains private is the most important of the guidelines that I mentioned. On to the instructions:
=== Windows instructions: ===
You will need an SSH client and a key generator for Windows. These instructions are written for the popular programs PuTTY and PuTTYgen. Both are available at www.chiark.greenend.org.uk/~sgtatham/putty/download.html.
Run PuTTYgen. At the bottom of the window, you can select which type of key you want to generate. You will need to pick between RSA and DSA encryption: go with RSA -- the relevant website is here: the.earth.li/~sgtatham/putty/0.53b/htmldoc/Chapter8.html#8.2.2 . Your choice will have no effect on the rest of the steps here. For current applications, 1024 bits is plenty for a key to have. If youre feeling paranoid, 2048 bits should (barring any revolutions in prime factoring) keep your key secure for a decade or two.
Now press Generate and wave your mouse around to seed some randomness in the key generator. Viola, you have a key.
You can then add a passphrase to your key, and use just that one passphrase whenever you log in to an ssh server using your key. Alternately you can use no passphrase. Be aware though that if //you// don't have to use a password to login from your computer, then //neither would anyone else that sits down at your computer// or otherwise accesses your local account.
The key comment is for your personal convenience, I reccomend youruser@yourlocalmachine and maybe the date, but of course it's up to you. Now save both the private and public key file somewhere (My Documents is a good choice, but pick somewhere that only *you* will have read access to.)
Next, you need to configure PuTTY to use this key. Fire up PuTTY and load your session or create a new one. Then in the Category list on the left, selecct Connection &gt; SSH &gt; Auth. Browse for your key and load it up. Also, you'll want to allow changes of username if your SDF account name is different from your local one.
You're almost done! Now you need to let the server know about your new key. After you do this, the ssh, scp and sftp programs will use the key files automatically. So (optionally, but it is recommended) save your session, and then connect. Now do the following to authorize your key:
0. Copy the contents in the Key Generator window ("Public key for pasting into OpenSSH authorized_keys file")
1. Log in as normal and run the following commands.
2. "$ mkdir ~/.ssh"
3. "$ cd ~/.ssh/"
4. "$ touch authorized_keys"
5. Open the authorized_keys file you just created in a text editor.
6. Paste the contents of that box in to the authorized_keys file. In PuTTY, right click copies and pastes.
7. Save the authorized_keys file.
You should now be able to log in using SSH Key Authentication.
----
I succeeded somewhat differently. In my trial, public key should be rather copied not from the saved public key, but from **Public key for pasting into OpenSSh authorized_keys file:** textbox in the PuTTYgen window. Note that we can also extract from existing PuTTYgen-type private keys (just load into it, and the public key should be there.).
=== OpenSSH instructions: ===
You can get OpenSSH at www.openssh.com or through package installers like rpm or apt-get. There are versions for most major non-Windows operating systems (and even one for Cygwin.) Once you have the OpenSSH suite set up, the program you will need to run is "ssh-keygen -t". The -t option is required, and specifies the type of encryption algorithm used in generating a key. You should use RSA encryption to generate your key -- the relevant website is here: the.earth.li/~sgtatham/putty/0.53b/htmldoc/Chapter8.html#8.2.2 .
you@yourcomputer:~ $ ssh-keygen -t rsa
You can then add a passphrase to your key, and use this passphrase whenever you log in to an SSH-enabled server. Alternately you can use no passphrase. Be aware though that if //you// don't have to use a password to login from your user account, then //neither would anyone else that sits down at your computer// or otherwise accesses your local account.
You now have two new files in the ~/.ssh/ directory. These files are your public and private key and will be named id_rsa.pub and id_rsa respectively. The ssh, scp and sftp programs use these files automatically. To enable the server to recognize your key, follow these steps:
1. Log in as normal and run the following commands.
2. "$ mkdir ~/.ssh"
3. "$ cd ~/.ssh/"
4. "$ touch authorized_keys"
5. Open the authorized_keys file you just created in a text editor.
6. Paste the contents of your id_dsa.pub file in to the authorized_keys file.
7. Save the authorized_keys file.
You should now be able to log in using SSH Key Authentication.
==== connecting to SDF from a network ====
//... or configuring SSH clients to use a SOCKS proxy server//
Assuming that you are having trouble connecting to SDF from your college network you will probably have to configure a connection through a SOCKS proxy. This tutorial gives help on configuring various clients to use a SOCKS proxy.
You will need to know the following information from your system administrator...
* Proxy hostname i.e. "socks-proxy.example.com"
* SOCKS version (4 or 5)
* Port number to connect to (default is 1080)
* Your username and password
=== SSH(C) SSH Communications Security Corp ===
This client is often supplied by universities to their students.
- Access the settings dialogue under "Edit → Settings"
- Under the "Connection" section, make sure that the tickbox marked "Connect through firewall" is checked {{tutorials/images/ssh-connection-setting.png}}
- Under the "Firewall" section (near the bottom of the list) enter your SOCKS proxy settings in the form of "socks://[host]:[port]" Illustrated are the settings for TCD. {{tutorials/images/ssh-firewall-setting.png}}
- Connect as normal!
=== PuTTY ===
A popular free SSH client.
- Select in the left window "Proxy" (located under the "Connection" branch)
- Enter in your details. Illustrated are those for TCD. {{tutorials/images/ssh-putty-config.png}}
- Connect as normal! (You may want to save these details for future use)
=== Commandline ssh client ===
Those using MacOSX, Linux, SunOS or some BSD or other will be used to using the commandline ssh client to connect to SDF. Connecting via SOCKS is slightly more difficult and relies on an external program known as 'connect'.
All the details for using this program are documented on its webpage at http://zippo.taiyo.co.jp/~gotoh/ssh/connect.html
Good luck!
Alternatively, issue a command from your workstation similar to this one (MetaARPA membership required):
> ssh -D 9999 -p 443 username@sverige.freeshell.org
Then, configure your browser to use the SOCKS proxy on "localhost" using port 9999 as shown here using Firefox:
{{tutorials/images/firefox-socks-proxy.png}}
For additional security and privacy, configure Firefox to do remote DNS lookups rather than the default local DNS lookups. In //about:config// search for //network.proxy.socks_remote_dns// and toggle its value to //true//.
----
$Id: SSH-SDF.html,v 1.8 2008/07/12 05:38:37 cowl Exp cowl $

View File

@ -0,0 +1,73 @@
=== SSH Public Key Authentication ===
These instructions attempt to explain the basic concepts of SSH Public Key Authentication, what it is, and the steps required to use it.
Logging in with SSH key authentication means that you do not have to use your SDF account password. Instead, you generate a 'key' -- which is two long strings of characters stored in a pair of files -- and these files are used to verify that you are who you say you are. Since your key can reliably identify you, you can authorize the user of this key (you, hopefully) to log in to your SDF account. You can authorize any key you wish, and adding someone's key would allow them to log in to your SDF account, without even using or knowing your password.
This may sound insecure or easily exploitable. In fact though, due to much research and theory, it can be very secure. Notice "can be" in that last sentence. The key files are taking the place of a password in proving to the server that you're really you. Just like you have to keep passwords secret, the strength of this method relies on you following certain guidelines. You will generate a pair of mathematically related keys: one public and the other private. **You should never give out your private key, nor should you make the file that contains it readable by any other user. This would be like storing your password in a world-readable file.** Only your *public* key will be listed on the server. Ensuring that your private key remains private is the most important of the guidelines that I mentioned. On to the instructions:
=== Windows instructions: ===
You will need an SSH client and a key generator for Windows. These instructions are written for the popular programs PuTTY and PuTTYgen. Both are available at www.chiark.greenend.org.uk/~sgtatham/putty/download.html.
Run PuTTYgen. At the bottom of the window, you can select which type of key you want to generate. You will need to pick between RSA and DSA encryption: go with RSA -- the relevant website is here: the.earth.li/~sgtatham/putty/0.53b/htmldoc/Chapter8.html#8.2.2 . Your choice will have no effect on the rest of the steps here. For current applications, 1024 bits is plenty for a key to have. If youre feeling paranoid, 2048 bits should (barring any revolutions in prime factoring) keep your key secure for a decade or two.
Now press Generate and wave your mouse around to seed some randomness in the key generator. Viola, you have a key.
You can then add a passphrase to your key, and use just that one passphrase whenever you log in to an ssh server using your key. Alternately you can use no passphrase. Be aware though that if //you// don't have to use a password to login from your computer, then //neither would anyone else that sits down at your computer// or otherwise accesses your local account.
The key comment is for your personal convenience, I reccomend youruser@yourlocalmachine and maybe the date, but of course it's up to you. Now save both the private and public key file somewhere (My Documents is a good choice, but pick somewhere that only *you* will have read access to.)
Next, you need to configure PuTTY to use this key. Fire up PuTTY and load your session or create a new one. Then in the Category list on the left, selecct Connection &gt; SSH &gt; Auth. Browse for your key and load it up. Also, you'll want to allow changes of username if your SDF account name is different from your local one.
You're almost done! Now you need to let the server know about your new key. After you do this, the ssh, scp and sftp programs will use the key files automatically. So (optionally, but it is recommended) save your session, and then connect. Now do the following to authorize your key:
0. Copy the contents in the Key Generator window ("Public key for pasting into OpenSSH authorized_keys file")
1. Log in as normal and run the following commands.
2. "$ mkdir ~/.ssh"
3. "$ cd ~/.ssh/"
4. "$ touch authorized_keys"
5. Open the authorized_keys file you just created in a text editor.
6. Paste the contents of that box in to the authorized_keys file. In PuTTY, right click copies and pastes.
7. Save the authorized_keys file.
You should now be able to log in using SSH Key Authentication.
----
I succeeded somewhat differently. In my trial, public key should be rather copied not from the saved public key, but from **Public key for pasting into OpenSSh authorized_keys file:** textbox in the PuTTYgen window. Note that we can also extract from existing PuTTYgen-type private keys (just load into it, and the public key should be there.).
=== OpenSSH instructions: ===
You can get OpenSSH at www.openssh.com or through package installers like rpm or apt-get. There are versions for most major non-Windows operating systems (and even one for Cygwin.) Once you have the OpenSSH suite set up, the program you will need to run is "ssh-keygen -t". The -t option is required, and specifies the type of encryption algorithm used in generating a key. You should use RSA encryption to generate your key -- the relevant website is here: the.earth.li/~sgtatham/putty/0.53b/htmldoc/Chapter8.html#8.2.2 .
you@yourcomputer:~ $ ssh-keygen -t rsa
You can then add a passphrase to your key, and use this passphrase whenever you log in to an SSH-enabled server. Alternately you can use no passphrase. Be aware though that if //you// don't have to use a password to login from your user account, then //neither would anyone else that sits down at your computer// or otherwise accesses your local account.
You now have two new files in the ~/.ssh/ directory. These files are your public and private key and will be named id_rsa.pub and id_rsa respectively. The ssh, scp and sftp programs use these files automatically. To enable the server to recognize your key, follow these steps:
1. Log in as normal and run the following commands.
2. "$ mkdir ~/.ssh"
3. "$ cd ~/.ssh/"
4. "$ touch authorized_keys"
5. Open the authorized_keys file you just created in a text editor.
6. Paste the contents of your id_dsa.pub file in to the authorized_keys file.
7. Save the authorized_keys file.
You should now be able to log in using SSH Key Authentication.
$Id: SSH_Key_Authentication.html,v 1.5 2006/08/17 16:35:08 samble Exp $

56
dump/UTF-8.html.docuwiki Normal file
View File

@ -0,0 +1,56 @@
====== Localization and You: UTF8 on NetBSD ======
NetBSD is a great little operating system, but its a much smaller project than Linux. This means there isnt as much call for better internationalization support, as most of the users and developers are perfectly comfortable with ASCII or the ISO88591 western European locale. This can cause some problems when using software that expects Unicode, also known as UTF8, also known as the one true text encoding for the future. Heres how to fix it. These instructions assume youre using a bourne-compatible shell like ksh, bash, or zsh. If youre using (t)csh youre on your own.
===== Environment Variables =====
Most of the time, you can “fake” proper UTF8 support by exporting three environment variables and leaving it up to your local terminal emulator to handle the rest. Add the following three lines to your ~/.profile :
"export LANG="en_US.UTF-8"
export LC_CTYPE="en_US.UTF-8"
export LC_ALL="en_US.UTF-8"
"
Save, kill any screen or tmux sessions or other background processes, and log out. When you log in again, you should have a proper UTF8 terminal as far as most programs are concerned.
Perl will throw the following error when invoked:
"perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LC_ALL = "en_US.UTF-8",
LC_CTYPE = "en_US.UTF-8",
LANG = "en_US.UTF-8"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
"
Feel free to ignore this error. As long as youve got those environment variables set, you should be fine.
Python 3 expects all source files to be UTF8 text, so please make sure to change these things before working on python3 code.
===== Rxvt-Unicode =====
Rxvt-Unicode, urxvt, rxvt-unicode256color. By whatever name you call it, its a very popular terminal among Linux and *BSD “power users.” Unfortunately, using urxvt adds an extra degree of difficulty to connecting to SDF - theres no "$TERM" setting that corresponds with it! Im sure some of you have tried logging in to SDF from urxvt, only to have scary warnings printed to stderr and have everything treated like a dumb paper teletype. Dont worry, theres a very simple fix for that as well. Open up ~/.profile again and add these lines:
"if [ $TERM == "rxvt-unicode" ] || [ $TERM == "rxvt-unicode-256color" ]; then
export TERM="rxvt"
fi
"
In simple terms, this tricks NetBSD into thinking your terminal is rxvt, the original program urxvt is based on. If you have a MetaArpa account, dont worry - the MetaArray is running CentOS, which understands urxvt just fine.
===== Escape Characters =====
NetBSDs terminal has what are called “escape characters.” These are characters in the “high ASCII” (decimal 129255) range that manipulate the shell session when read from stdin or written to stdout. As you might imagine, this screws with programs that write large amounts of arbitrary characters to standard output, like the “kermit -s” or “sz” file transfer programs. For sx/sy/sz (X/Y/ZMODEM protocols) your best bet is to just not use them with SDF for now. If youre on a TCP/IP connection (which most of you are) its easier to stick with scp/sftp for secure transfers, and http or ftp for insecure. If you really need “in-line” file transfer, there is a way to make “kermit -s” work around NetBSDs escape characters. This is adding the "-8" and "-0" flags. If I wanted to transfer the SQLite database “winning-lottery-numbers.sqlite” from SDF to my home machine, I would do it like this:
"tidux@sdf:~$ kermit -s -8 -0 winning-lottery-numbers.sqlite
"
Then my local kermit program would receive the transfer and I could continue working on SDF as usual. If you do this often, it may be wise to add an alias in your shell configuration files, like so:
"alias send='kermit -s -8 -0'
"
----
I hope this guide has been helpful to you. Happy UTF8 hacking!

View File

@ -0,0 +1,21 @@
====== How to enable Port Tunneling and Why ======
===== What is port tunneling good for =====
Port tunneling is the ability to tunnel from your internet point for presence back to SDF servers and use the SDF servers like a [[http://en.wikipedia.org/wiki/SOCKS|Socks 4 Proxy]]. This allows your connection to be encrypted via SSL between your internet access point and SDF. This allows your traffic to be more secure if you are on a public internet access point
===== What tools are needed =====
* A good SSH Client that allows tunneling ([[http://www.putty.nl/|PuTTY]] in my examples)
* Any software package that understands SOCKS 4 ([[http://www.ceruleanstudios.com/|Trillian]] in my example)
* [[http://sdf.lonestar.org/index.cgi?faq?MEMBERS?01|MetaArpa]] membership
===== How to set up PuTTY =====
First you need to connect to a SSL enabled SDF server: otaku.freeshell.org on port 443. {{tutorials/images/PuTTY1.gif?456x435|putty screenshot 1}}\\ Then you need to configure the port to tunnel on your local machine. Generally Socks proxies use port 1080 so that is a good port. Click on the Tunnels category and configure the tunnel as shown below. {{tutorials/images/PuTTY2.gif?456x435|putty screenshot 2}}\\ Click on the "Save" button and you should see the screen as listed below. {{tutorials/images/PuTTY3.gif?456x435|putty screenshot 3}}\\ Then go back to session and name and save the session. Click connect and the tunnel should become active.
===== How to use the Tunnel you just enabled =====
I am now going to configure Trillian (A great multi IM chat program) to use the Tunnel. It should be obvious how to configure other applications from these screenshots. \\ First click on the "Trillian Prefernces" and select "Advanced Preferences". Select "Proxy" If you want all your chat services to use the proxy select use one setting for all services checkbox. Otherwise configure this on each service you want to encrypt over the tunnel. {{tutorials/images/Trillian.gif?730x530|Trillian screenshot 1}}\\ Click on "Close". Now your service should be able to connect through the tunnel. Again this will encryte all traffic from your Internet Access Point to SDF. Once it leaves SDF it will no longer be encrypted (Unless you are hitting a HTTPS page or something already encrytped). \\ \\ Technically any program that supports a Socks 4 proxy can be used with the tunnel.
$ID: $

185
dump/VPN.html.docuwiki Normal file
View File

@ -0,0 +1,185 @@
====== SDF's VPN servers ======
* [[#pptp|Accessing the PPTP Server (USA)]]
* [[#openvpn|Accessing the OpenVPN Server (USA/EU)]]
====== Connecting to the SDF VPN with OpenVPN (USA/EU) ======
===== Contents =====
==== Generic Instructions ====
* [[#overview-openvpn-generic|Overview]]
* [[#software-openvpn-generic|OpenVPN software]]
* [[#setup-openvpn-generic|Setting it up]]
* [[#overview-openvpn-extractcerts|Obtaining your certificates]]
* [[#overview-openvpn-verifycerts|Verifying your certificates]]
==== Targeted Instructions ====
* [[#openvpn-openwrt|Connecting in OpenWRT]]
* [[#viscosity|Connecting with Viscosity]]
===== Overview =====
OpenVPN is the prefered VPN method to connect with SDF. OpenVPN uses Transport Layer Security (TLS) to authenticate users and encrypt communications. When SDF users register for VPN service they are issued a certificate and private key. Connecting via OpenVPN also results in users being issued a static public facing IP address for their VPN session.
The Virtual Private Network (VPN) provided by SDF has a number of uses. The most beneficial of that is to allow confidential communication over a public network. Basically, the SDF VPN will allow you (once routing is enabled) to communicate securely over an insecure connection such as a public Wireless Fidelity (Wi-Fi) network.
The major benefit of this over SSH forwarding/tunneling is that it is much easier to configure and automatically tunnels **all** connections leaving your computer, and not just those specifically configured for forwarding. Some may see this as a negative aspect of the VPN, however.
Registration instructions and VPN dues are found by running the **vpn** command from an SDF login session.
Before proceeding please mind the following note.
__NEVER__ send your private key to anyone in an email message.\\ __NEVER__ post your private key in a bboard posting, online forum, or chat session.\\
===== Getting the OpenVPN software =====
* [[http://openvpn.net/index.php/open-source/downloads.html|Download OpenVPN for Windows or UNIX/Linux]]
* [[https://tunnelblick.net/downloads.html|Download the TunnelBlick OpenVPN client for MacOS X]]===== Setting it up =====You will receive your OpenVPN certificate via SDF internal email for both the USA and EU server. If you lose this email, you must make post on the internal bboard:REQUESTS to have them reissued. You may use either server when it suits you. The server addresses are:
* openvpn.sdf.org (Tukwila, Washington USA)
* openvpn.sdfeu.org (Falkenstein, Germany EU) ==== Obtaining your certificates ====The email message from the SDF administrator will contain:
* A certificate for the SDF Certificate Authority (CA).
* A certificate for your VPN user certificate.
* A private key which is associated with your user certificate.
* The port and port of the SDF and SDF Europe OpenVPN servers.
* Settings to use for your OpenVPN configuration file.You must extract each of the certificates and the private key from the email message. You must also create an OpenVPN configuration file.One thing to note about the OpenVPN configuration file that you may receive with your email: If the line that begins with remote follows with 192.94.73.x (where x will be the number you're assigned to) you'll need to change that to 205.166.94.x. This is because the sdf IP block had to change near the end of 2016. This may have been corrected on emails sent since the change.==== Verifying your certificates ====Let us assume that the SDF CA has been saved into a file called sdf.ca. Let us also assume that your user certificate has been saved into a file called yourCert.crt. You can use openssl to verify the extraction steps have been performed correctly.\\ $**openssl verify -CAfile sdf.ca yourCert.crt**\\ yourCert.crt:OK\\ \\ $**openssl x509 -noout -serial -fingerprint -subject -in sdf.ca**\\ serial=88FF6DD2D8A905FE\\ SHA1 Fingerprint=BA:26:E0:3C:25:10:80:CF:FA:51:2B:05:A1:81:AD:C7:48:94:07:74\\ subject= /C=US/ST=WA/L=SEATTLE/O=sdf.org/CN=sdf.org CA/emailAddress=smj@sdf.org\\ \\ $**openssl x509 -noout -serial -fingerprint -subject -in yourCert.crt**\\ serial=YOUR_SERIAL_NUMBER\\ SHA1 Fingerprint=YOUR_CERT_FINGERPRINT\\ subject= /C=US/ST=WA/L=SEATTLE/O=sdf.org/CN=YOUR_USER_NAME@sdf.lonestar.org/emailAddress=smj@sdf.org===== Connecting in OpenWRT =====These instructions were created using OpenWRT Bleeding Edge, r33132.==== Installing OpenVPN ====Run the following command to install openvpn with opkg:root@OpenWrt:~# opkg install openvpn\\
----
====== Connecting to the SDF VPN server (PPTP) (USA) =========== Contents =====
* [[#overview|Overview]]
* [[#setup|Setting it up]]
* [[#xp|Connecting in Windows XP]]
* [[#vista|Connecting in Windows Vista]]
* [[#linux|Connecting in Linux]]
* [[#openwrt|Connecting in OpenWRT]]
* [[#freebsd|Connecting in FreeBSD]]
* [[#osx|Connecting in Mac OS X]]
* [[#wrapup|The Wrap-up]]===== Overview =====PPTP is a legacy method to connect to the SDF VPN. Dynamic IP addresses are assigned if you use this method.The Virtual Private Network (VPN) provided by SDF has a number of uses. The most beneficial of that is to allow confidential communication over a public network. Basically, the SDF VPN will allow you (once routing is enabled) to communicate securely over an insecure connection such as a public Wireless Fidelity (Wi-Fi) network.The major benefit of this over SSH forwarding/tunneling is that it is much easier to configure and automatically tunnels **all** connections leaving your computer, and not just those specifically configured for forwarding. Some may see this as a negative aspect of the VPN, however.===== Setting it up =====The SDF VPN is quite easy to set up. You must first choose a VPN plan that is right for you, based on assumed bandwidth usage. Pricing and more package information is available through the shell by typing '**vpn**' without the quotes.Once you've been added to the VPN membership level (you'll receive an email notification of this), you must set up your VPN access by typing '**setvpn**' in the shell, without quotes. This will allow you to configure your VPN secret (password) for connecting.You should make note of the VPN's IP address when setting up your secret.Once you've configured your VPN account, it's time to connect. Continue reading below for step-by-step instructions on connecting to the VPN.===== Connecting in Windows XP =====
- Open the Windows Control Panel.
- Open the Network Connections item in Control Panel. Generally you would click the "**Network and Internet Connections**" option, then click "**Network Connections**". A list of existing dial-up and LAN connections will be displayed.
- Click on the "**Create a new connection**" option from the left-hand side of the window. The Windows XP New Connection Wizard will come up.
- Click the "**Next**" option to begin the wizard. Then choose the "**Connect to the network at my workplace**" option from the list and click "**Next**".
- On the Network Connection page of the wizard, choose the "**Virtual Private Network connection**" option and click "**Next**".
- Choose a name for this connection on the "**Connection Name**" screen. Windows will use this to reference the VPN connection.
- Choose an option on the "**Public Network**" screen and click "**Next**". The default option, "**Automatically dial this initial connection**" can be used if the VPN connection will always be initiated when the computer is not already connected to the Internet. Otherwise, choose the "**Do not dial the initial connection**" option. This requires that the public Internet connection be established first, before this new VPN connection will be initiated. **Choose this option.**
- Enter the IP address for the VPN on the "**VPN Server Selection**" screen. This is obtained via the '**setvpn**' command (without quotes) in the shell.
- Choose an option on the "**Connection Availability**" screen and click "**Next**". The default option, "**My Use Only**", ensures that Windows will make this VPN connection available only to the user that is currently logged in to the computer. If you don't want this, select the "**Anyone's use**" option.
- Click "**Finish**" to complete the wizard. You may wish to select the option to create a desktop shortcut for easy access. The information for the VPN connection will be saved for current and/or future use.===== Connecting in Windows Vista =====Connecting to the VPN is slightly different in Windows Vista. Please use these instructions to connect to SDF's VPN through Vista.
- Click on the "**Start**" button and then choose "**Connect to**".
- Click on the "**Set up a connection or network**" option on the window that follows. It's near the bottom.
- On the window that comes up, scroll down and click on the "**Connect to a workplace**" option. Then click "**Next**".
- A question asking "**Do you want to use a connection you already have?**" may appear. Select "**No, create a new connection.**" if it does and then click "**Next**".
- Next you'll be asked "**How do you want to connect?**" Select "**Use my Internet connection (VPN)**".
- You'll then be asked for the Internet address. Enter the address you remembered when accessing '**setvpn**' (without quotes) in the SDF shell.
- Enter a name for this VPN connection in the "**Destination name:**" field. This is how Windows Vista will reference the VPN.
- If you don't want to connect immediately, check the "**Do not connect now; just set it up so I can connect later.**" option.
- Do not check the "**Use a smart card.**" option.
- When finished, click "**Next**"
- You'll then configure the username and password needed to authenticate to the VPN. The username is your SDF username and the password is the secret you set up via the '**setvpn**' command in the shell.
- Leave the "**Domain**" field blank.
- Click the "**Create**" button once you are done. You should then see a window pop up saying that "**The connection is ready to use.**" Click on "**Close**".===== Connecting in Linux =====
- Make sure PPP and PPTP are installed. The can be accomplished in Debian or Ubuntu by entering '**sudo apt-get install pptp-linux**' into a terminal.
- Create a file named sdfpptp in /etc/ppp/peers by entering '**sudo gedit /etc/ppp/peers**'. Replace gedit with your choice of text editor. Add the following to the file: (Be sure to replace **//username//** with your username.)\\ \\ Note: Make sure to replace **//IP Address//** with the IP address/hostname provided when running '**setvpn**' in the shell.\\
remotename sdfpptp
linkname sdfpptp
ipparam sdfpptp
pty "pptp --loglevel 0 **//IP Address//** --nolaunchpppd"
name **//username//**
refuse-eap
refuse-pap
refuse-chap
refuse-mschap
require-mppe
nomppe-stateful
require-mppe-128
nomppe-40
noauth
nodetach
lock
bsdcomp 9,15
deflate 9,15
idle 0
- Save the file.
- Edit /etc/ppp/chap-secrets by entering '**sudo gedit /etc/ppp/chap-secrets**'. Add the line **//username// stfpptp //password// *** replacing //username// and //password// with your SDF username and your password set by **'setvpn'**.
- Make sure a specific route to the VPN exists. Run '**sudo route add **//VPN-IP//** gw **//GW-IP//****' replacing **//VPN-IP//** with the IP address/hostname provided when running '**setvpn**', and replace **//GW-IP//** with your gateway IP address. If you do not know the IP address of your gateway, enter '**route**'. It is the gateway IP next to the destination **default**.
- Enter '**sudo pppd call sdfpptp**' into a terminal. Wait for it to show the local and remote IP addresses. You should now be connected. Do not close the terminal until you are ready to disconnect.
- Open another terminal. Enter '**sudo route add -net 192.94.73.0/24 dev ppp0**'. This will route all your connections to SDF through the VPN.Alternatively to steps 5 and 6, you might use a wrapper script like this:\\
#!/bin/bash
SDFVPNHOST=**//IP Address//**
RT=`ip route get $SDFVPNHOST | head -1`
DEV=`echo $RT | awk '{while ($num != "dev") {num++}{print $(num+1)}}'`
VIA=`echo $RT | awk '{while ($num != "via") {num++}{print $(num+1)}}'`
ip route add $SDFVPNHOST via $VIA dev $DEV
ip route add $SDFVPNHOST via $VIA dev $DEV table sdftun
pppd call sdfpptp
ip route del $SDFVPNHOST via $VIA dev $DEV
ip route del $SDFVPNHOST via $VIA dev $DEV table sdftun
This automatically detects the default gateway and adds appropriate routes, starts the VPN and deletes the routes after VPN has been stopped. If you do not use a custom routing table dedicated to the SDF VPN you should delete the lines ending in "table sdftun".\\ ==== GUI Setup With NetworkManager ====Any of the newer Linux distros that use NetworkManager (Debian, Ubuntu, Fedora, etc.) on their default desktops have a GUI interface to PPTP VPN configuration. You'll need to install a package to get this capability (although this now seems to be included in the latest Ubuntu 10.10 release):Fedora:
yum install NetworkManager-pptp
Debian/Ubuntu:
apt-get install network-manager-pptp
Once installed, restart the NetworkManager service (///etc/init.d/NetworkManager restart//) and left-click on the network manager icon in your taskbar. Highlight **VPN Connections** and click on **Configure VPN**:{{tutorials/images/vpn1.png|Network Manager - Overview Settings}}\\ {{tutorials/images/vpn4.png|Network Manager - VPN Settings Overview}}Click on the **Add** button, and choose **Point-to-Point Tunneling Protocol (PPTP)**, then click **Create**. Fill out the **User name**, **Password** and **Gateway** fields with appropriate values ([[#setup|from when you ran //setvpn//]]):{{tutorials/images/vpn2.png|Network Manager Settings - VPN Settings Detail}}Now click on **Advanced**:{{tutorials/images/vpn3.png|Network Manager Settings - Advanced VPN Details}}Under **Authentication**, **de-select all the methods except MSCHAPv2**. Then select **Use Point-to-Point Encryption (MPPE)** and choose **128-bit (most secure)** in the **Security** dropdown. Click **OK**, then **Apply** and close all other configuration dialogs. Now when you left-click on the network manager icon, you should have your PPTP VPN listed under **VPN Connections**. Just select it and wait. If it is successful, you'll see a little lock icon appear over the usual network manager icon. If not, check your system log for errors. This will be ///var/log/messages// or ///var/log/syslog//, depending on your distro.==== A Note on Routing ====If you use network manager, all traffic will be routed through the PPTP VPN for you once you are connected. If that's not what you want, you can click on **IPV4 Settings** and then **Routes** to have simple static routes added for you automatically when the VPN connects. You can also check **Use this connection only for resources on this network**, which in our case means only connections to SDF hosts will be encrypted.{{tutorials/images/vpn5.png|Network Manager Settings - Add Routes}}===== Connecting in OpenWRT ========= Overview ====OpenWRT provides both a kernelspace and userspace method for connecting to PPTP networks as a client. The userspace and kernelspace methods are both outlined below, you only need to use one of them to start a connection. This documentation was created using OpenWRT Bleeding Edge (r33006), so older versions may have trouble. The full OpenWRT PPTP Client documentation can be found on the OpenWRT wiki here: http://wiki.openwrt.org/doc/howto/vpn.client.pptp==== PPTP Kernel Module ====For this setup you'll need to install the following kernel module packages: //kmod-pptp//, //kmod-mppe//.
- Login to your OpenWRT device via SSH.
- Install the required kernel modules and plugins: //opkg install kmod-pptp kmod-mppe ppp-mod-pptp//
- Open ///etc/config/network// with the editor of your choice. Example: //vi /etc/config/network//. Add the following lines to the end of the file: (change USERNAME to your SDF Username, and the values PASSWORD and SDF.VPN.IP.ADDRESS to thoes set in the //setvpn// command. #### VPN configuration config 'interface' 'vpn' option 'ifname' 'pptp-vpn' option 'proto' 'pptp' option 'username' 'USERNAME' option 'password' 'PASSWORD' option 'server' 'SDF.VPN.IP.ADDRESS' option 'buffering' '1' option 'defaultroute' '0'
- Open ///etc/ppp/options.pptp// with the editor of your choice. Example: //vi /etc/ppp/options.pptp//. Add the following lines to the end of the file (the //plugin// may need to be changed to match your system): noipdefault nodefaultroute maxfail 0 debug plugin "/usr/lib/pppd/2.4.5/pptp.so" refuse-eap refuse-pap refuse-chap refuse-mschap mppe required,stateless noauth nodetach bsdcomp 9,15 deflate 9,15 idle 0
- Restart networking to connect to the VPN: ///etc/init.d/networking restart//.
- If everything worked correctly, the //ifconfig// command should display a new interface named //pptp-vpn// looking something like this: pptp-vpn Link encap:Point-to-Point Protocol inet addr:192.94.73.44 P-t-P:192.94.73.25 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1460 Metric:1 RX packets:21 errors:0 dropped:0 overruns:0 frame:0 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:1159 (1.1 KiB) TX bytes:128 (128.0 B)
- Routing can be set up like any Linux OS, so follow the routing instructions found above: [[#linux|Linux]].==== PPTP Userspace Utility ====
- Login to your OpenWRT device via SSH.
- Install the required userspace tools and module for MPPE: //opkg install pptp kmod-mppe//
- Follow the [[#linux|Linux]] directions above like normal.
- If you are still having trouble, look over the official OpenWRT documentation found here: http://wiki.openwrt.org/doc/howto/vpn.client.pptp==== ========= Connecting in FreeBSD =====
* Install mpd4 from ports or packages.
* Add the following section to your /usr/local/etc/mpd4/mpd4.conf: sdfvpn: new -i ng1 sdfvpn sdfvpn set iface disable on-demand set iface idle 0 # disconnect the client after 8 hours set iface session 28800 set iface route 10.0.0.0/24 set iface route default set bundle disable multilink set auth authname "USERNAME" set auth password "PASSWORD" set link yes acfcomp protocomp set link no eap set link no pap set link accept chap set link mtu 1460 set link keep-alive 10 75 set ipcp yes vjcomp set ipcp ranges 0.0.0.0/0 set ipcp yes req-pri-dns req-sec-dns # # The five lines below enable Microsoft Point-to-Point encryption # (MPPE) using the ng_mppc(8) netgraph node type. # set bundle yes compression set ccp yes mppc set ccp yes mpp-compress set ccp yes mpp-e128 #set bundle accept crypt-reqd set ccp yes mpp-stateless open
* You will have to replace three (3) things in this config:
- Your USERNAME
- Your PASSWORD
- The local address of SDF's VPN host. This can be found in /etc/hosts on SDF. The local IP will start with 10.0.0, but have the same last octet as the public IP. '
* Add this in your /usr/local/etc/mpd4/mpd4.links file: sdfvpn: set link type pptp set pptp peer set pptp enable originate outcall set pptp disable incoming
* You will have to replace one (1) thing in this config:
- The public address of SDF's VPN host. You can get this by running setvpn at the shell.
* Now, as root, run mpd4 sdfvpn.
* You should now be connected to SDF over a layer 3 tunnel across the Internet.
* Your new routes are only for SDF's hosts, and use their internal IP addresses. These are the 10.0.0.x ones. I'm working on how to route to the public ones over the VPN without creating a routing loop to the VPN host. I copied SDF's /etc/hosts file to my machine so that I can run 'ssh sdf1' to connect through the tunnel. ===== Connecting in Mac OS X =====
- Open /Applications/Internet Connect.app
- Click on the **VPN** button.
- Click on the Configuration dropdown and go to "**Edit Configurations...**"
- Press the **+** button at the bottom left of the window to add a configuration.
- Under "**Description**" put whatever you want. SDF VPN is a good choice.
- Under the "**Server Address**," Enter the IP address for the VPN on the "**VPN Server Selection**" screen. This is obtained via the '**setvpn**' command (without quotes) in the shell.
- Under Username put your SDF username and the password is the secret you set up via the '**setvpn**' command in the shell.
- Choose "**Automatic**" encryption.
- Click "**OK**".
- Then, whenever you want to connect you can return to this **Internet Connect Application** and go to the VPN, choose the SDF VPN and click connect. Optionally, you can click "**Show VPN status in the menu bar**" and you can connect to the VPN from the menu bar icon.===== Connecting On An iPad =====
- Log into SDF and run the 'setvpn' command.
- Hit 'p' to set up your password.
- Enter your password twice. The password must be 14 characters or less, and ideally should contain letters, numbers, upper and lower case, and a special symbol, though there are no actual complexity requireme nts.
- After you have set up your password, the setvpn wizard will tell you what IP address to connect to. It will be 192.94.73.X. Write this whole IP address down. You will need it in a later step.
- Hit 'q' to exit the configuration.
- Turn on your iPad and go to the Settings.
- Go into the Network subsection.
- Go into the VPN subsection. This will bring up the 'Add Configuration' window.
- Select "PPTP" at the top.
- In the Description field, label this connection something useful to identify it, such as 'SDF VPN'.
- In the 'Server' field, put in the IP address that you wrote down earlier.
- In the 'account' field, put your SDF user name.
- In the 'Password' field, put the password that you set up while running the setvpn wizard in the set above. This will cause the iPad to remember your password for you. If you wish to type it in each time you connect, leave this field blank.
- Set the encryption level to 'Maximum'
- Leave the 'Send All Traffic' slider set to 'On', unless you specifically want to (and know how to) set up VPN usage in individual applications.
- Hit the 'Save' button at the top
- To turn on VPN, slide the VPN slider to 'On' for the connection called SDF and open the browser. Connect to http://sdf.org/ip and verify that the IP address it shows as your source. ==== Connecting with Viscosity ====[[http://www.sparklabs.com/viscosity/|Viscosity]] is an OpenVPN client for Mac and Windows
- Open Viscosity's preferences window.
- Create a new connection{{tutorials/images/viscosity1.png?450|Viscosity screenshot #1}}
- In the New Connection window,
* Give your connection a name
* Enter the server IP you received via e-mail under **Remote Server**
* Make sure protocol is set to **tap** not **tun**
* Uncheck **Enable DHCP**.{{tutorials/images/viscosity2.png?450|Viscosity screenshot #2}}
- Move on to the Authentication tab
* You will need to copy the certificates and keys you received in e-mail to a //SECURE// location on your //local// disk.
* Select the appropriate certificate or key for each of the three SLL file locations{{tutorials/images/viscosity4.png?450|Viscosity screenshot #3}}
- Now move to the Options tab
- Set LZO Compression to **On** or **On (Adaptive)**{{tutorials/images/viscosity5.png?450|Viscosity screenshot #4}} That's it! Hit Save, and you're ready to roll securely through the SDF VPN.===== Wrap-up =====Now that you have your VPN configured to connect, make sure that you don't forget to use it! Using the VPN while connected through a public access network (or even your home network!) will tunnel all connections through SDF and out to the Internet (once routing is enabled). Please make sure to use the VPN responsibly, as all actions and activity will be traced back to SDF.Enjoy!
----

View File

@ -0,0 +1,176 @@
====== CentOS on SDF VPS ======
//Updated for CentOS 7//
===== Contents =====
* [[#basics|Basics]]
* [[#networking|Networking]]
* [[#ssh|Setting up SSH]]
* [[#security|Security]]
* [[#software|Software Management]]
* [[#updating|Updating the System]]
* [[#reference|References]]
===== Basics =====
Logging into your VPS for the first time you will need to use the default username and password listed below.\\ Default Username: root\\ Default Password: rootroot
One of the first things you will want to do is change the default root password by typing //passwd// at the prompt. Don't forget this password as there is currently no way to recover it.
It is a good habit to create a regular user account for working, using su to obtain root privileges as needed. To create a regular user account:
useradd -Gwheel &lt;username&gt;
This user will be able to perform administrative tasks by runing //su// to obtain superuser privileges using the root password. CentOS ships with sudo installed, so adding the new user to wheel group and editing /etc/sudoers with //visudo// to uncoment the following line:
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
===== Networking =====
You will need to ssh into the vps control panel server that you were given in your welcome email which should have the format of //vps&lt;number&gt;.sdf.org//.
Once logged into your control panel you will see a line at the top of the screen that details your chosen Operating System and IP Address.\\ //VPS Maintenance Shell for &lt;os&gt; (205.166.94.xxx)//\\ This information will be important for setting up your server to have network access.
Start your server, and log in via the console. (default= root:rootroot)
Open /etc/sysconfig/network-scripts/ifcfg-eth0 in an editor and add the following, replacing the 'xxx' with the last octet of your assigned IP address, add:
DEVICE=eth0
BOOTPROTO=none
IPADDR=205.166.94.xxx
NETMASK=255.255.255.0
GATEWAY=205.166.94.1
DNS1=205.166.94.20
ONBOOT=yes
Your MAC address could be in the eth0 script, but if you only have one network interface with only one IP assigned to it, this should be enough.
Change the next line in /etc/sysconfig/network:
HOSTNAME=my.host.name
Change hostname (FQDN and alias) in /etc/hosts so it reads like this:
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
205.166.94.xxx my.host.name my
You should also run the following commands (or reboot your server) in order for the changes to take effect:
/bin/hostname
/bin/systemctl restart rsyslog
/bin/systemctl restart network
===== Setting up SSH =====
You may wish to add ssh access to your VPS. It is highly recommended that you disable root login via ssh and use a normal user account to login. In CentOS the OpenSSH service is installed and enabled by default.
==== Disable root Login ====
Edit /etc/ssh/sshd_config and uncomment the line:
#PermitRootLogin yes
To:
PermitRootLogin no
Also you can raise the security level in OpenSSH a little bit by allowing only to certain users ssh access to your vps (eg. the user you have created before)
Add one line at the end of /etc/ssh/sshd_config like this:
AllowUsers username anotheruser
Now restart sshd by running/typing:
/bin/systemctl restart sshd
You can now test ssh by running ssh user@localhost.
===== Security =====
In CentOS SELinux is enabled by default, SDF's CentOS VPS has SELinux configured to run in permissive mode, so it will log any security problem but won't enforce any policy. If you are not familiar with SELinux I suggest you to leave it this way, you can learn more about SLinux in CentOS in the [[#reference|Deployment Guide]]
CentOS 7 uses firewalld, you can learn more about configuring firewalld [[https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-firewalld-on-centos-7|here]].
===== Software Management =====
Yellow Dog Updater Modified (yum) is the default package manager used in CentOS ( all versions ). It is used to install and update packages from CentOS (and 3rd party) Repositories.
You can configure this repositoires in /etc/yum.repos.d, by default CentOS Base and CentOS Updates are enabled by default, SDF seems to be running [citation needed] default CentOS kernel, but to play safe I advise you to add the following line in /etc/yum.repos.d/CentOS-Base.repo once under sections //[base]// and //[updates]//:
exclude=kernel-PAE* kernel-debug* kernel-devel* kernel-doc* kernel-xen*
CentOS is aimed to be 100% binary compatible with RHEL, so it is very enterprise oriented and the best advise is to stick with pre-built packages.
==== Searching software ====
If you wanted to look for GNU Screen, you can search yum database by running:
yum search screen
yum will return a list of package names and descriptions matching the word used as parameter for //search//. CentOS has groups of packages available you can know what software groups are available for install as the software groups installed already.
yum grouplist
This command will return installed and available for install software groups.
Installed Groups in SDF VPS CentOS image:
* DNS Name Server
* Dialup Networking Support
* Editors
* FTP Server
* Legacy Network Server
* Mail Server
* MySQL Database
* Network Servers
* News Server
* Server Configuration Tools
* System Tools
* Text-based Internet
* Web Server
* Windows File Server
* Yum Utilities
==== Installing software ====
If you want to install GNU screen as in the example above, you must run the following:
yum install screen
If you wish to install the development toolchain you can do it by running this command:
yum groupinstall "Development Tools"
Be aware that this can be a lot of stuff and you may run out of space in hard drive, so start by removing unused software groups (e.g., yum groupremove "Windows File Server") and then move to install desired/needed software groups or standalone packages.
==== 3rd party repos ====
Most needs could do it well with repositoires shiped by default CentOS, but there are other options like the CentOS Plus repository, shiped but disabled by default, since this repo contains items that actually upgrade certain base CentOS components. This repo will change CentOS so that it is not exactly like the upstream provider's content. Popular packages from this repository include: postfix with database support, a rebuilt kernel with additional drivers &amp; filesystem support, php5 and mysql5.
contrib is also a disabled default in CentOS. This repository contains packages contributed by CentOS users which do not overlap with any of the core distribution packages. These packages have not been tested by the CentOS developers and may not track the upstream version releases very closely.
To enable repositories temporarily, append --enablerepo=reponame before the command for yum, such as:
yum --enablerepo=centosplus --enablerepo=contrib search postfix
Other popular repos are RPMForge, this repository provides over 4000 packages for CentOS. Read the instructions on [[http://wiki.centos.org/AdditionalResources/Repositories/RPMForge|Installing RPMForge]]. This repository is considered by many in the community to be stable and safe.
EPEL, this repository (See http://fedoraproject.org/wiki/EPEL) provides rebuilds of Fedora packages for RedHat Enterprise Linux.
===== Updating the System =====
To update your system, run the following command:
* yum update
===== References =====
* [[http://www.centos.org/docs/5/html/5.2/Deployment_Guide/| Deployment Guide]]
* [[http://wiki.centos.org/|CentOS Wiki]]
----
$Id: VPS_Centos.html,v 1.10 2017/01/04 17:30:19 kickback Exp $

View File

@ -0,0 +1,201 @@
{{http://sdf.org/tutorials/images/Debian.png}}
====== Debian on SDF VPS ======
===== Contents =====
* [[#basics|Basics]]
* [[#timezone|Timezone]]
* [[#networking|Networking]]
* [[#ssh|Setting up SSH]]
* [[#pkg-mgt|Package Management]]
* [[#firewall|Firewall Setup]]
* [[#upgrading|Software and Distribution Updating]]
* [[#memreduce|Reducing Memory Usage]]
===== Basics =====
The root user on a fresh Debian VPS has the default password "rootroot".
After logging in to your VPS for the first time, please change this password to something more secure. Type "passwd" at the prompt and follow the instructions. Don't forget this password as there is currently no way to recover it.
It is a good habit to create a regular user account for working, using "su" to obtain root privileges as needed. To create a regular user account:
useradd -m &lt;username&gt;
This user will be able to perform administrative tasks by runing "su" to obtain superuser privileges using the root password.
===== Set Your Timezone =====
dpkg-reconfigure tzdata
===== Networking =====
In your control panel at vps.sdf.org, note YOUR_IP (e.g. 205.166.94.255) on the top line, and YOUR_HOSTNAME (e.g. debian99).
Start your server, and log in via the console. (default= root:rootroot)
Open /etc/network/interfaces in an editor and add the following, replacing the text YOUR_IP with your own actual IP number, add:
auto eth0
iface eth0 inet static
address YOUR_IP
netmask 255.255.255.0
network 205.166.94.0
broadcast 205.166.94.255
gateway 205.166.94.1
dns-nameservers 205.166.94.20
//Note: For VPS installations of Debian 8.4 (jesse) on VPS3, please omit the above dns-nameservers line from the interfaces file, and instead add this line to //**/etc/resolv.conf**:
nameserver 205.166.94.20
Add this to /etc/hosts:
YOUR_IP YOUR_HOSTNAME.sdf.org YOUR_HOSTNAME
Change /etc/hostname to:
YOUR_HOSTNAME
Run/Type:
/etc/init.d/networking restart
===== Setting up SSH =====
You may wish to add ssh access to your VPS. It is **//highly//** recommended that you disable root login via ssh and use a normal user account to login.
==== Install SSH ====
Run/Type:
apt-get install openssh-server
==== Disable root Login ====
Edit ///etc/ssh/sshd_config// and change the line:
PermitRootLogin yes
To:
PermitRootLogin no
Now restart sshd by running/typing:
/etc/init.d/ssh restart
You can now test ssh by running "ssh user@localhost".
===== Package Management =====
Refer to the following article to see how to clean up (remove packages) from your VPS:
* [[http://www.debian-administration.org/articles/462|Cleaning up a Debian GNU/Linux system]]
===== Firewall Setup =====
Disable IPv6:
# echo "blacklist ipv6" &gt;&gt; /etc/modprobe.d/blacklist
Edit rules:
# vi /etc/firewall
*filter
-A INPUT -i lo -j ACCEPT
-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT
-A OUTPUT -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
-A INPUT -j REJECT
-A FORWARD -j REJECT
COMMIT
Load rules (now):
# iptables -F
# iptables-restore &lt; /etc/firewall
Load rules (boot):
# vi /etc/network/if-pre-up.d/firewall
#!/bin/sh
/sbin/iptables-restore &lt; /etc/firewall
# chmod 755 /etc/network/if-pre-up.d/firewall
===== Software and Distribution Updating =====
To update your system, run the following commands:
* apt-get update
* apt-get dist-upgrade -y ===== Reducing Memory Usage =====If you are using a 128MB slice, it's a good idea to reduce the memory usage of some processes or even disable them.==== cron and at ==== You might not need one or both of those, so you can deactivate them with
# update-rc.d -f atd remove
# update-rc.d -f cron remove
This frees up ca. 7MB (if both are deactivated). ==== getty / virtual terminals ==== This being a virtual system, you won't need getty on tty1-6. In order to eliminate them, edit /etc/inittab and modify the corresponding lines like this:
co:2345:respawn:/sbin/getty hvc0 9600 linux
#1:2345:respawn:/sbin/getty 38400 tty1
#2:23:respawn:/sbin/getty 38400 tty2
#3:23:respawn:/sbin/getty 38400 tty3
#4:23:respawn:/sbin/getty 38400 tty4
#5:23:respawn:/sbin/getty 38400 tty5
#6:23:respawn:/sbin/getty 38400 tty6
You need to keep the line with hvc0 so you can attach a serial console from vps.sdf.org to your vps. This frees up ca. 10MB. ==== rsyslogd ==== rsyslogd eats a lot of memory by default (26MB on my vps) which can be reduced by the usage of ulimit. Edit /etc/init.d/rsyslog and include the following line just before the command where rsyslogd will be started:
ulimit -s 256
Example:
case "$1" in
start)
ulimit -s 256
log_daemon_msg "Starting $DESC" "$RSYSLOGD"
create_xconsole
do_start
case "$?" in
0) sendsigs_omit
log_end_msg 0 ;;
1) log_progress_msg "already started"
log_end_msg 0 ;;
*) log_end_msg 1 ;;
esac
;;
This frees up about 23MB. ==== portmap ==== I don't need portmap, so i removed it completely:
apt-get remove --purge portmap
==== openssh vs. dropbear ==== If you dont need all the extra features openssh has compared to dropbear, you can reduce memory consumption from 23MB to 5MB while being connected with 1 non-root user to the system by replacing openssh with dropbear.
apt-get install dropbear
Edit /etc/defaults/dropbear and set NO_START to 0 and add the extra args "-w -s -g" to disallow root and password logins (You'll be only able to login with a non root user and ssh keys):
# disabled because OpenSSH is installed
# change to NO_START=0 to enable Dropbear
NO_START=0
# the TCP port that Dropbear listens on
DROPBEAR_PORT=22
# any additional arguments for Dropbear
DROPBEAR_EXTRA_ARGS="-w -s -g"
# specify an optional banner file containing a message to be
# sent to clients before they connect, such as "/etc/issue.net"
DROPBEAR_BANNER=""
# RSA hostkey file (default: /etc/dropbear/dropbear_rsa_host_key)
#DROPBEAR_RSAKEY="/etc/dropbear/dropbear_rsa_host_key"
# DSS hostkey file (default: /etc/dropbear/dropbear_dss_host_key)
#DROPBEAR_DSSKEY="/etc/dropbear/dropbear_dss_host_key"
# Receive window size - this is a tradeoff between memory and
# network performance
DROPBEAR_RECEIVE_WINDOW=65536
Afterwards, you can deactivate openssh with
update-rc.d ssh remove
or uninstall it:
apt-get remove openssh-server
----
$Id: VPS_Debian.html,v 1.19 2018/02/22 02:06:34 slugmax Exp $

View File

@ -0,0 +1,123 @@
{{http://sdf.org/tutorials/images/NetBSD.png}}
====== NetBSD on SDF VPS ======
===== Contents =====
* [[#first_steps|First Steps]]
* [[#user_accounts|User Accounts]]
* [[#system_clock|System Clock]]
* [[#networking|Networking]]
* [[#pkgsrc|pkgsrc]]
* [[#tips|Miscellaneous Tips]]
* [[#references|References]]
===== First Steps =====
==== User Accounts ====
After you have installed and started your NetBSD VPS, go to the console and log-in as user root with the default password, "root".
One of the first things you will want to do is change the default root password by typing "passwd" at the prompt. Don't forget this password as there is currently no way to recover it.
It is also a good habit to create a regular user account for working, using "su" to obtain root privileges as needed. To create a regular user account which is part of the administrative "wheel" group:
useradd -m -G wheel &lt;username&gt;
Then immediately set its password with:
passwd &lt;username&gt;
This user will be in the "wheel" group and will be able to perform administrative tasks by runing "su" to obtain superuser privileges using the root password.
==== System Clock ====
It is customary on UNIX systems for the system clock to be set to UTC. To set the local time zone, find your zone file in "/usr/share/zoneinfo/" and link to it at "/etc/localtime" as follows:
ln -fs /usr/share/zoneinfo/Europe/Helsinki /etc/localtime
==== Networking ====
Look at the first line of your control panel at vps.sdf.org and note YOUR_HOSTNAME (e.g. netbsd99), EXTERNAL_IP (e.g. 205.166.94.nnn), and INTERNAL_IP (e.g. 10.1.0.nnn):
VPS Maintenance Shell for netbsd99 (205.166.94.nnn / 10.1.0.nnn)
-------- ------------- ----------
| | |
| EXTERNAL_IP INTERNAL_IP
|
YOUR_HOSTNAME
Open /etc/rc.conf in an editor and, replacing the text YOUR_HOSTNAME, EXTERNAL_IP, and INTERNAL_IP with your own actual host name and IP numbers, add:
hostname=YOUR_HOSTNAME.sdf.org
defaultroute=205.166.94.1
auto_ifconfig=yes
ifconfig_xennet0="inet EXTERNAL_IP netmask 0xffffff00"
ifconfig_xennet1="inet INTERNAL_IP netmask 0xffffff00"
Then put this in /etc/resolv.conf:
nameserver 205.166.94.20
Add this to /etc/hosts:
EXTERNAL_IP YOUR_HOSTNAME.sdf.org YOUR_HOSTNAME
Run/Type:
/etc/rc.d/network restart
===== pkgsrc =====
On NetBSD you can mount a pre-built (and still in progress) pkgsrc DESTDIR. Following the procedures below will effectively install the 2000+ included packages on your virtual NetBSD system.
Note that at the moment the pre-built pkgsrc assumes that its path is /pkgshare. Some programs won't work under a different prefix since they won't be able to find their shared libraries.
mkdir -p /pkgshare
rmdir /usr/pkg
ln -s /pkgshare /usr/pkg
rm -rf /var/db/pkg
ln -s /pkgshare/db/pkg /var/db/pkg
mount -t nfs 10.1.0.1:/pkgshare /pkgshare
export PATH=$PATH:/usr/pkg/bin:/usr/pkg/sbin
It is read only.
To set this up on boot, execute the steps above and then:
echo "nfs_client=YES" &gt;&gt; /etc/rc.conf
echo "rpcbind=YES" &gt;&gt; /etc/rc.conf
echo "10.1.0.1 vps" &gt;&gt; /etc/hosts
echo "vps:/pkgshare /pkgshare nfs ro" &gt;&gt; /etc/fstab
echo "export PATH=$PATH:/usr/pkg/bin:/usr/pkg/sbin" &gt;&gt; /etc/profile
Note that you cannot use both this pre-built pkgsrc and pre-built packages from netbsd.org. It may be possible to set the system up so you can, however this is best left to the experienced NetBSD administrator.
===== Miscellaneous Tips =====
==== Free up disk space by removing unwanted sets ====
The default image comes with all distribution sets installed. You can free up some disk space by removing the ones you don't need.
First, check which distribution sets are installed:
ls /etc/mtree
Decide which sets you want to remove and examine their contents. For example, to remove games and all X11 sets:
for set in games xbase xcomp xetc xfont xserver ; do \
tar tzf /usr/INSTALL/$set.tgz | sed -e 's/^\.//' &gt;&gt; /tmp/purgelist ; \
done
After examining "/tmp/purgelist" and removing any files you want to keep, do:
cat /tmp/purgelist | xargs rm
===== References =====
* [[http://www.netbsd.org/docs/guide/en/|The NetBSD Guide]]
* [[http://wiki-static.aydogan.net/The_NetBSD_System_Manager%27s_Manual|The NetBSD System Manager's Manual]]
----
$Id: VPS_NetBSD.html,v 1.23 2018/02/22 15:12:01 slugmax Exp $

View File

@ -0,0 +1,240 @@
====== Installing an OpenLDAP Server on a NetBSD VPS ======
**Note: This tutorial assumes youve already followed the [[http://sdf.org/?tutorials/VPS_NetBSD|NetBSD on SDF VPS]] tutorial to set up networking, the time zone and pkgsrc using the SDF VPS pkgsrc.**
An LDAP server can be used for an endless number of things. Essentially, LDAP is just an object-oriented hierarchical database. Common uses include authentication and authorisation, host management, a backend for Kerberos, a backend for a DHCP server, a shared address book and forming a part of some public key infrastructures.
In this tutorial, I will be setting up the LDAP server to provide authorisation and authentication for a nix client, but the first few stages are the same for almost any application of LDAP.
The OpenLDAP server is available in the SDF VPS pkgsrc and so the software is already installed, but does require some configuration.
===== Jargon and Tools =====
OpenLDAPThe LDAP server that will be usedSuffixThe suffix appended to all LDAP objects, which normally related to a domain nameRoot DNThe administrative user of the server, with read and write access to all data objects. The password for this user should be kept secure"slapd"The name of the executable of the OpenLDAP server"slappasswd"The name of the executable tool used for creating password hashes"pwd_mkdb"The name of the executable tool that generates the password databases
===== Initial Setup =====
To begin with, well create the chroot environment. Whilst the OpenLDAP server is running, this is the only part of the file system it will be able to see.
The first step is to create the directories and copy the initial configuration that comes from pkgsrc.
"# mkdir /var/chroot/openldap
# mkdir /var/chroot/openldap/etc /var/chroot/openldap/var
# cp -r /usr/pkg/etc_example/openldap /var/chroot/openldap/etc/
# cp -r /usr/pkg/var/openldap /var/chroot/openldap/var/"
The next step is to create the user and group that the server will run as, and allow for this information to be available in the chroot.
"# groupadd -g 17 slapd
# useradd -u 17 -g 17 -d /var/chroot/openldap slapd
# grep slapd /etc/master.passwd &gt; /var/chroot/openldap/etc/master.passwd
# pwd_mkdb -d /var/chroot/openldap /var/chroot/openldap/etc/master.passwd
# grep slapd /etc/group &gt; /var/chroot/openldap/etc/group"
No password needs to be set for the slapd user as no one will ever log in using its username. This disallows logins from that user.
Finally, well need to set the correct permissions necessary for OpenLDAP to access its data while keeping it secure.
"# chown -R slapd:slapd /var/chroot/openldap
# chmod -R 700 /var/chroot/openldap/var/openldap/openldap-data"
===== Initial Configuration =====
The next stage involves editing some configuration files so that paths are correct within the chroot and the chroot is enabled with the correct user and group.
This step also includes setting the password for the root DN (Distinguished Name), the LDAP administrative user.
Begin by creating a hash of the password you wish to use for the root DN. This should be a secure password, as the root DN can read and write to the database, regardless of any access restrictions that we set up later on. The slappasswd tool is used to do this.
"# slappasswd -s 'reallysecurepassword'
{SSHA}1LuiLGmSO+EoPA0uk80v4TC5xwacBOWg"
**Note: The "-s" flag passed here tells "slappasswd" that we want to pass the secret on the command line. If you execute "slappasswd" without any arguments, it will prompt for the password on the terminal allowing you to avoid having the password show up in any logs or in the running process list.**
You should copy the whole line to your clipboard as we will need it shortly. Then open up "/var/chroot/openldap/etc/openldap/slapd.conf" in your favourite editor.
The first three lines that need changing are near the top of the file. They start with include, pidfile and argsfile and have a path to a file following them. These paths point to the read-only filesystem of the SDF VPS pkgsrc and not our chroot, so they should be changed like so:
"include /etc/openldap/schema/core.schema
[...SNIPPED...]