New gTLD domain
I have always been sceptical of the new generic top level domains, I saw them as ICANN shamelessly cashing in on something it had the power to control. Because of this I have until now avoided them. However my current domain name is quite long, and I have for a long time wanted something shorter, but the good ones that may be applicable to me have all been taken.
But the time has come to admit that the new generic top level domains are here to stay, so I have swallowed my pride, and found that most of the good names are gone already anyway. But one was available that was suitable, so I have registered stewart.zone. I'm going to use it to set up a website that isn't hosted on my home connection. For this I'm going to use the hosted virtual servers I already have for my mail servers, but that is going to need me to set up a backup process for them, as they will no longer just be mail servers, so rather than trust my ability to reconfigure a new server from scratch I'm going to trust in my ability to back up the configurations in a sensible way, and save myself the trouble of having to manually rebuild their configurations if they go wrong.
Also this will give me an opportunity to build a website that isn't quite so ugly, and also isn't lumbered with some of the "features" of my current site that I haven't had the heart to do away with, but are a bit rubbish. Once this is done successfully I'll look at migrating my current site over to the new hosts, and the new design, and then I won't need to open up firewall rules on my router any more.
House Keeping on My mail server
So I've had my mail servers set up and working for a month now, and there are a few things I haven't done. My old mail server is still set to send from a domain of craig-james-stewart.co.uk by default, and it is no longer in the SPF record as a sender for that domain, so I have had to fix that so that I can continue to receive emails from it seamlessly. I've also had to alter the contact form on my website for the same reason. As well as these minor tweeks I have come to the realisation that I ignored time drift when setting up the mail servers, easily corrected by installing ntpd in it's default configuration on debian, apart from my rather strict iptables rules. So having fixed that, the only thing left to do, is configure certbot to auto-renew my ssl certificates, which is as simple as adding a couple of cron entries. So now I have two mail servers that will continue to work, with little maintenance effort. I still need to look at DKIM and DMARC, but those can wait.
Getting Postfix and Dovecot working
In my last blog post I set up apache and certbot and got the ssl certificates I needed for my new mail server. So this blog was going to be about postfix, but as I found a handy guide online I followed some of it to get what I wanted. That is to say I followed those steps that made sense, skipped the ones that conflicted with my requirements, and altered the ones that didn't apply because of changes I had made. This gave me a reasonable set up, on two servers, that could each act independently, but lacked the mailbox sync to allow me to use them as a single mail infrastructure. To be fair the only things that really needed changing in any great detail where the dovecot userdb settings to allow doveadm to enumerate the users and get the correct settings, most of the remaining settings changes were trivial (SSL cert locations for example). I also skipped all of the optional extras (like roundcube and phpmyadmin). After this I had to configure dovecot mailbox sync as per their guide, and tweak the SSL settings to harden them, and now I have new mail servers. It took longer than I would like, and I have less to say than I have for the previous steps. But all is now working. I have however decided to look into DKIM and DMARC settings, as I have already configured SPF and there is a nice guide to follow linked from the comments on the guide I followed to get postfix installed and working.
Apache Config SSL and certbot
So after my last blog post I decided that this one should be less rushed, and more practised and tested, which turns out to be a good thing. After my last blog post the hosted servers I have didn't work over IPv6, this is due to the hosting firm's use of SLAAC to configure the external IPv6 address and routing, and my use of iptables to block all traffic that wasn't otherwise allowed. Now I allowed icmp echo requests on IPv4 but those commands raised an error run I transposed them to IPv6 so I left them out. This led to SLAAC, which requires ICMP to work over IPv6 to not work. That has been rectified now. So onto apache, and SSL certs. Now one of the requirements I had for these servers was the ability to swap between them via DNS, and as I do not know how to configure postfix to use multiple SSL certs based upon the domain that is being connected too I decided the easiest way to do that would be to get a cert with a cname to that shared domain for each server. Using http authentication with lets encrypt you put a file on disk and they request that file from the domain they are validating. This would be a problem for the server that is not currently being pointed at for the shared domain.
IPTables config
So in my last blog post I promised that I would talk about iptables, and basically I have been a little lax in getting started with configuring the IPTables rules on the new servers I have set up. Now I mentioned that IPTables is quite powerful, and it can be if configured to be so, but I am using it as a basic firewall, so that should I accidental configure a service to listen on an external port it shan't be able too. On top of this I am going to set the rules up such that the three default chains drop packets that don't match any rules, meaning I am using them as first match allows the flow firewall, with a default drop.
A new project, emails
So, when I started this blog I wanted to make it a record of my learning of new skills, particularly around electronics. That hasn't happened, and now that I have a new project to start it isn't about to start, this project is very much within my skill set (or at least it should be). A little background, I have been running my website, and email server, on my home connection for years, I got an internet connection with a company that was a good ISP for those who were a little more knowledgeable of networking and computers when I moved into my house. Back then I was a novice, but with an ISP a little more forgiving of allowing more advanced use of an internet connection I could host a website, and emails, without paying any extra money for a proper hosting solution. This has lead to me being the only person on my street that has a wireless internet connection during a power outage, but that is not really the point. Since then there has been a great deal of consolidation in the UK ISP market, and my ISP, PlusNet, was bought, some time ago, by BT. Until recently this wasn't really an issue, nothing much changed, BT kept PlusNet at arms length, but for some reason, now, PlusNet have chosen to add the block of IP addresses that the static IP for my connection is in to Spamhaus' Policy Block List. This marks my internet connection as not suitable for email hosting. So my new project is to move my emails into a proper hosting solution.
Electronics, first steps.
So following on from my previous entry, where I decided I was going to build a cycle computer as an electronics project, to learn something new, I have purchased a RaspberryPi and some sensors to play with. (I purchased the stuff I thought I'd need from Pimoroni, a sheffield based company who give a proportion of their profits to the RaspberryPi foundation)
So, I have started to have a look at what I can do.
First things first, the RaspberryPi was bought with an SD card with Noobs pre-installed. I used this to install Rasbian (a port of my favourite Linux distribution optimised for the RaspberryPi). This was embarrassingly easy, or at least would have been if the small USB keyboard I was using wasn't faulty1. Easy solution I'll get a new one this weekend (probably).
Next the sensors, these came with little header pins that needed soldering to the boards (if not soldering wires directly to them, which I am not doing as I am using a breadboard to try things out before fixing things in stone) and I have learnt, I either need a hotter soldering iron and a considerable amount of practise, or a seriously massive amount more practise at soldering.
So in conclusion I need to spend more time on thinking about this stuff, and I need to spend more money.
1 This was not bought from pimoroni, but an old keyboard I had lying around.
Cycle Computer Concept
So, the thing that finally got me to start this blog is an idea that has been rattling around my head for a while
The idea started when I read this post on hackaday. What could I do with a distance sensor?
I started thinking about mounting it on my bike, so I could use it to know when cars get too close. This lead on to the idea for a cycle mounted computer as a sort of black box.
I used to have a simple cycle computer, but when the battery went flat I had a smart phone, which allowed me to download an app to turn the phone into a cycle computer. This actually does most of what I could possibly want from a cycle computer, and yet I find myself not using it. So from there I started seriously thinking about this idea. What would I need? What would I want it to do?
Lots of ideas for it rattled around my head, and the distance
sensor idea actually got abandoned fairly quickly (I can normally tell
when a car is too close without the aid of technology). The next problem is although I work with computers I haven't actually learned anything much about electronics, I'm a complete novice, so building a cycle computer, a portable power supply for it, and all the gubbins needed to get it working would be a challenge. But that's ok as I would have to learn some practical information about electronics, and learning can be fun.
So the stage I'm at now I still don't have a fully formed idea of what I want, or what I would need. I know I would need some form of speed sensor, and GPS would be nice, the GPS would be able to act as a speed sensor (as it does in my phone, when I actually use it). It needs some method of recording trips, and it needs to be simple to set up, turn on, and get running. A display of some sort would be good. Obviously some sort of power supply. A central way to control the lights would be a nice to have.
I think I'm going to cheat somewhat and base this project on a RasberryPi if I ever start it. But beyond that I'm actually not very far through deciding what I am going to build.
So going forward, the first task I need to set myself is to acquire a RasberryPi, and some toy electronics kits, and start playing, to see what I can do I suppose.