More consistency

2014-05-13 21:32:16 +01:00 · 2014-05-13 21:32:16 +01:00 · 067e2325a9
parent 64f586e96f
commit 067e2325a9
1 changed files with 90 additions and 182 deletions
--- a/beaglebone.txt
+++ b/beaglebone.txt
@ -974,6 +974,7 @@ First install some prerequisites.
 #+BEGIN_SRC: bash
 apt-get install build-essential automake git pkg-config autoconf libtool libssl-dev
 apt-get remove ntpdate
 #+END_SRC
 Now download and install tlsdate.
@ -1038,8 +1039,8 @@ Set the following properties:
 TCP_PORTS="1,7,9,11,15,79,109,110,111,119,138,139,512,513,514,515,540,635,1080,1524,2000,2001,4000,4001,5742,6000,6001,6667,12345,12346,20034,27665,30303,32771,32772,32773,32774,31337,40421,40425,49724,54320"
 UDP_PORTS="1,7,9,66,67,68,69,111,137,138,161,162,474,513,517,518,635,640,641,666,700,2049,31335,27444,34555,32770,32771,32772,32773,32774,31337,54321"
-ADVANCED_EXCLUDE_TCP="113,139,70,80,443,587,143,6670,993,5060,5061,25,465,22,5222,5223,5269,5280,5281,8432,8433,8444"
+ADVANCED_EXCLUDE_TCP="113,139,70,80,443,587,143,6697,993,5060,5061,25,465,22,5222,5223,5269,5280,5281,8432,8433,8444"
-ADVANCED_EXCLUDE_UDP="520,138,137,67,70,80,443,143,6670,993, 5060,5061,25,465,22,5222,5223,5269,5280,5281,8444"
+ADVANCED_EXCLUDE_UDP="520,138,137,67,70,80,443,143,6697,993, 5060,5061,25,465,22,5222,5223,5269,5280,5281,8444"
 SCAN_TRIGGER="2"
@ -1091,6 +1092,7 @@ iptables -A INPUT -p tcp --destination-port 31337 -j DROP
 iptables -A INPUT -p tcp --destination-port 2000:2001 -j DROP
 iptables -A INPUT -p tcp --destination-port 12345 -j DROP
 iptables -A INPUT -p tcp --destination-port 32771:32774 -j DROP
 iptables -A INPUT -p tcp --destination-port 6665:6669 -j DROP
 iptables -A INPUT -p tcp --destination-port 4000 -j DROP
 iptables -A INPUT -p tcp --destination-port 119 -j DROP
 iptables -A INPUT -p tcp --destination-port 137 -j DROP
@ -1114,6 +1116,7 @@ iptables -A INPUT -p udp --destination-port 31337 -j DROP
 iptables -A INPUT -p udp --destination-port 2000:2001 -j DROP
 iptables -A INPUT -p udp --destination-port 12345 -j DROP
 iptables -A INPUT -p udp --destination-port 32771:32774 -j DROP
 iptables -A INPUT -p udp --destination-port 6665:6669 -j DROP
 iptables -A INPUT -p udp --destination-port 4000 -j DROP
 iptables -A INPUT -p udp --destination-port 119 -j DROP
 iptables -A INPUT -p udp --destination-port 137 -j DROP
@ -1138,7 +1141,7 @@ iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
 iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
 # Drop UDP to used ports
-iptables -A INPUT -p udp --match multiport --dports 70,80,443,143,6670,993,5060,5061,25 -j DROP
+iptables -A INPUT -p udp --match multiport --dports 70,80,443,143,6697,993,5060,5061,25 -j DROP
 iptables -A INPUT -p udp --match multiport --dports 465,587,22,5222,5223,5269,5280,5281,8444 -j DROP
 # Limit ssh logins
@ -1152,7 +1155,7 @@ iptables -A INPUT -p tcp --dport 443 -m limit --limit 10/minute --limit-burst 1
 iptables -A INPUT -p tcp --match multiport --dports 5222:5223,5269,5280:5281 -m limit --limit 3/minute --limit-burst 1 -j ACCEPT
 # Limit IRC connections
-iptables -A INPUT -p tcp --dport 6666:6670 -m limit --limit 3/minute --limit-burst 1 -j ACCEPT
+iptables -A INPUT -p tcp --dport 6697 -m limit --limit 3/minute --limit-burst 1 -j ACCEPT
 # Limit gopher connections
 iptables -A INPUT -p tcp --dport 70 -m limit --limit 3/minute --limit-burst 1 -j ACCEPT
@ -2891,6 +2894,8 @@ Click on the Thunderbird menu, which looks like three horizontal bars on the rig
 Hover over *preferences* and then *Account settings*.
 Select *OpenPGP Security* and make sure that *use PGP/MIME by default* is ticked. This will enable you to sign/encrypt attachments, HTML bodies and UTF-8 without any problems.
 Select *Synchronization & Storage*.
 Make sure that *Keep messages for this account on this computer* is unticked, then click *Ok*.
@ -3109,14 +3114,14 @@ First install some dependencies.
 #+BEGIN_SRC: bash
 apt-get update
-apt-get install build-essential openssl libssl-dev debhelper dpatch docbook-to-man flex bison libpcre3-dev
+apt-get install build-essential openssl libssl-dev debhelper dpatch docbook-to-man flex bison libpcre3-dev screen
 #+END_SRC
 Then get the source code for ircd-hybrid.
 #+BEGIN_SRC: bash
 cd /tmp
-wget http://freedombone.uk.to/ircd-hybrid-9.1.17.tgz
+wget http://freedombone.uk.to/ircd-hybrid-8.1.17.tgz
 #+END_SRC
 verify it.
@ -3139,10 +3144,12 @@ make install
 Customise the configuration to your system, giving it a name and description.  In this example 192.168.1.60 is the static IP address on the BBB on the local network, so change that if necessary.
 #+BEGIN_SRC: bash
-editor /usr/local/ircd/etc/reference /etc/ircd-hybrid/ircd.conf
+chown -R irc:irc /usr/local/ircd
 cp /usr/local/ircd/etc/reference.conf /usr/local/ircd/etc/ircd.conf
 editor /usr/local/ircd/etc/ircd.conf
 #+END_SRC
-Set *name* to the name of your server, and set a description.
+Set *name* to the domain name of your server, and set a description.
 Set a *network_name* and *network_desc*.  The network name should not contain any spaces.
@ -3153,188 +3160,97 @@ Within the admin section set your *name* and *email*.
 Within the *listen* section set host to your fixed IP address (in the earlier
 sections it was 192.168.1.60).
-Within the *auth* section set user = "*@192.168.1.60" - or whatever the fixed IP address of the BBB is on your network.
+Within the *auth* section set user = "*@192.168.1.60" - or whatever the fixed IP address of the BBB is on your network - and password to the desired password for the IRC server.  If you don't wish to use a password then remove need_password from the flags.
-Uncomment the first *connect* section and set the *name* to your domain name, the *host* to 192.168.1.60 and the send/accept passwords to a password which you use to log into the IRC server.  Also set the *port* to 6670.
+Within the *connect* section set *host* and *vhost* to your fixed IP address (in the earlier
 sections it was 192.168.1.60) and *name* to your domain name.  Also set the *send/accept passwords* to your IRC login password.
-Save and exit, then restart the IRC server.  Open port 6670 on your internet router and forward it to the BBB.
+Save and exit, then restart the IRC server.  Open port 6697 on your internet router and forward it to the BBB.  Note that although ports 6665 to 6669 are active within the configuration file in practice we will only use the encrypted port.
 Ensure that the configuration is only readable by the root user.
 #+BEGIN_SRC: bash
-chmod 600 /etc/ircd-hybrid/ircd.conf
+chmod 600 /usr/local/ircd/etc/ircd.conf
 #+END_SRC
 Now create an init script.
 #+BEGIN_SRC: bash
-emacs /etc/init.d/ircd-hybrid
+adduser --disabled-login irc
 editor /etc/init.d/ircd-hybrid
 #+END_SRC
 Add the following:
 #+BEGIN_SRC: bash
-#! /bin/sh
+#!/bin/bash
-
+# /etc/init.d/ircd-hybrid
 # ircd-hybrid Start/stop the Hybrid 8 IRC server.
 ### BEGIN INIT INFO
-# Provides: ircd-hybrid
+# Provides:          ircd-hybrid
-# Required-Start: $syslog
+# Required-Start:    $remote_fs $syslog
-# Required-Stop: $syslog
+# Required-Stop:     $remote_fs $syslog
-# Should-Start: $local_fs $network $named
+# Default-Start:     2 3 4 5
-# Should-Stop: $local_fs $network $named
+# Default-Stop:      0 1 6
-# Default-Start: 2 3 4 5
+# Short-Description: starts irc server
-# Default-Stop: 0 1 6
+# Description:       starts irc server
 # Short-Description: IRCd-Hybrid daemon init.d script
 # Description: Use to manage the IRCd-Hybrid daemon.
 ### END INIT INFO
-PATH=/sbin:/bin:/usr/sbin:/usr/bin
+# Author: Bob Mottram <bob@robotics.uk.to>
 DAEMON=/usr/local/ircd/bin/ircd
 DEFAULT=/etc/default/ircd-hybrid
 NAME=ircd
 PID_DIR=/usr/local/ircd/etc
 PID=$PID_DIR/$NAME.pid
 DESC="Hybrid 8 IRC Server"
-test -f $DAEMON || exit 0
+#Settings
-
+SERVICE='ircd-hybrid'
-if [ -f $DEFAULT ]
+COMMAND="ircd"
-then
+USERNAME='irc'
-. $DEFAULT
+NICELEVEL=19 # from 0-19 the bigger the number, the less the impact on system resources
-fi
+HISTORY=1024
-
+INVOCATION="nice -n ${NICELEVEL} ${COMMAND}"
-set -e
+PATH='/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/bin/core_perl:/sbin:/usr/sbin:/bin'
 irc_start() {
 echo "Starting $SERVICE..."
 cd /usr/local/ircd
 su --command "screen -h ${HISTORY} -dmS ${SERVICE} ${INVOCATION}" $USERNAME
 }
 irc_stop() {
 echo "Stopping $SERVICE"
 su --command "screen -p 0 -S ${SERVICE} -X stuff "'^C'"" $USERNAME
 }
 #Start-Stop here
 case "$1" in
-start)
+  start)
-if [ "$START" = "yes" ]
+    irc_start
-then
+    ;;
-echo -n "Starting $DESC: $NAME"
+  stop)
-mkdir -p -m 755 $PID_DIR
+    irc_stop
-chown irc:irc $PID_DIR
+    ;;
-start-stop-daemon --start --quiet \
+  restart)
-u irc -c irc --exec $DAEMON -- -pidfile $PID \
+    irc_stop
-> /dev/null
+    sleep 10s
-echo "."
+    irc_start
-fi
+    ;;
-;;
+    *)
-stop)
+  echo "Usage: $0 {start|stop|restart}"
-if [ "$START" = "yes" ]
+  exit 1
-then
+  ;;
 echo -n "Stopping $DESC: $NAME"
 start-stop-daemon --oknodo --stop --quiet \
 --pidfile $PID \
 --signal 15 --exec $DAEMON -- -pidfile $PID
 echo "."
 fi
 ;;
 reload)
 if [ "$START" = "yes" ]
 then
 if [ -f "$PID" ]; then
 echo -n "Reloading configuration files for $NAME..."
 kill -HUP `cat $PID`
 echo "done."
 else
 echo "Not reloading configuration files for $NAME - not running!"
 fi
 fi
 ;;
 restart|force-reload)
 if [ "$START" = "yes" ]
 then
 echo -n "Restarting $DESC: $NAME"
 if [ -f "$PID" ]; then
 start-stop-daemon --stop --quiet --pidfile \
 $PID --signal 15 \
 --exec $DAEMON -- -pidfile $PID
 sleep 1
 fi
 mkdir -p -m 755 $PID_DIR
 chown irc:irc $PID_DIR
 start-stop-daemon --start --quiet \
 -u irc -c irc --exec $DAEMON -- -pidfile $PID \
 > /dev/null
 echo "."
 fi
 ;;
 *)
 echo "Usage: $0 {start|stop|restart|reload|force-reload}" >&2
 exit 1
 ;;
 esac
 exit 0
 #+END_SRC
-etc_logrotate_ircd-hybrid
+Save and exit, then start the daemon.
-# ircd-hybrid log rotation
+#+BEGIN_SRC: bash
-
+chmod +x /etc/init.d/ircd-hybrid
-/var/log/ircd/ircd-hybrid.log {
+update-rc.d ircd-hybrid defaults
-rotate 3
+service ircd-hybrid start
 weekly
 compress
 delaycompress
 postrotate
 invoke-rc.d ircd-hybrid reload > /dev/null
 endscript
 missingok
 }
 postinst
 Shell
 #!/bin/sh
 set -e
 . /usr/share/debconf/confmodule
 # Automatically added by dh_installinit, edited for use with debconf
 # Not added anymore due to dh_installinit -n, so we manage it manually.
 if [ -x "/etc/init.d/ircd-hybrid" ]; then
 update-rc.d ircd-hybrid defaults >/dev/null
 if [ "$1" = "configure" ]; then
 if dpkg --compare-versions "$2" le "1:7.2.2-1"; then
 RET="true"
 else
 if [ -e /usr/share/debconf/confmodule ]; then
 . /usr/share/debconf/confmodule
 db_get ircd-hybrid/restart_on_upgrade
 db_stop
 else
 RET="true"
 fi
 fi
 fi
 fi
 # End automatically added section
 if [ "$1" = configure ]; then
 # These directories may have been created before, but we need to make them
 # owned by irc. Or the initscript will get owned. If it's already this
 # way, this operation makes no difference.
 chown irc:irc /var/log/ircd /etc/ircd-hybrid
 chmod 770 /etc/ircd-hybrid
 if [ "$RET" = "true" ]; then
 invoke-rc.d ircd-hybrid start || exit $?
 else
 echo "I have not stopped or restarted the ircd-hybrid daemon."
 echo "You should do this yourself whenever you're ready."
 echo "Type \`\`invoke-rc.d ircd-hybrid restart''."
 fi
 fi
 #+END_SRC
 *** Channel management
@ -3389,7 +3305,7 @@ Change #MD5 PASSWORD HERE# to the md5 operator password created earlier, mydomai
 A:mynickname <myemailaddress>
 N:irc.mydomainname.com:Hybrid services
 O:*@*:#MD5 PASSWORD HERE#:root:segj (comment out other Q: lines)
-S:mysendacceptpassword:192.168.1.60:6670 (remove the other two services)
+S:mysendacceptpassword:192.168.1.60:6697 (remove the other two services)
 #+END_SRC
 Also remove the line *#NOT-EDITED#*, then save and exit.
@ -3417,7 +3333,7 @@ Connect to the IRC and identify yourself as an operator.  Here /mynetwork/ shoul
 /channel add -auto #mychannel mynetwork channelpassword
-/server add -auto -network mynetwork -ssl mydonainname.com 6670 mysendacceptpassword
+/server add -auto -network mynetwork -ssl mydonainname.com 6697 mysendacceptpassword
 /connect mydomainname.com
@ -3442,7 +3358,7 @@ It should look something like this:
  {
    address = "mydomainname.com";
    chatnet = "mynetwork";
-    port = "6670";
+    port = "6697";
    password = "mysendacceptpassword";
    use_ssl = "yes";
    ssl_verify = "no";
@ -3529,7 +3445,7 @@ And to trust or distrust someone else's fingerprint.
 *** Usage with XChat
 Within the network list click, *Add* and enter your domain name then click *Edit*.
-Select the entry within the servers box, then enter *mydomainname.com/6670* and press *Enter*.
+Select the entry within the servers box, then enter *mydomainname.com/6697* and press *Enter*.
 Uncheck *use global user information*.
@ -3766,14 +3682,6 @@ irc
 Generate a SSL certificate.
 #+BEGIN_SRC: bash
 openssl ecparam -out /etc/ssl/private/xmpp.pem -name prime256v1
 openssl genpkey -paramfile /etc/ssl/private/xmpp.pem -out /etc/ssl/private/xmpp.key
 openssl req -new -x509 -key /etc/ssl/private/xmpp.key -out /etc/ssl/certs/xmpp.crt -days 3650
 #+END_SRC
 The above uses a Diffie-Hellman elliptic curve (ECDH P-256) algorithm. It is apparent that amongst crypographers there are differences of opinion about the security of elliptic curves, so if you prefer there is also a more traditional RSA way to generate an SSL certificate:
 #+BEGIN_SRC: bash
 openssl genrsa -out /etc/ssl/private/xmpp.key 4096
 openssl req -new -x509 -key /etc/ssl/private/xmpp.key -out /etc/ssl/certs/xmpp.crt -days 3650
@ -3784,14 +3692,14 @@ Change permissions.
 #+BEGIN_SRC: bash
 chmod 600 /etc/ssl/private/xmpp.key
 chmod 600 /etc/ssl/certs/xmpp.crt
 chown prosody:prosody /etc/ssl/private/xmpp.key
 chown prosody:prosody /etc/ssl/certs/xmpp.crt
 #+END_SRC
 Install Prosody.
 #+BEGIN_SRC: bash
 apt-get install prosody
 chown prosody:prosody /etc/ssl/private/xmpp.key
 chown prosody:prosody /etc/ssl/certs/xmpp.crt
 cp -a /etc/prosody/conf.avail/example.com.cfg.lua /etc/prosody/conf.avail/xmpp.cfg.lua
 editor /etc/prosody/conf.avail/xmpp.cfg.lua
 #+END_SRC
@ -3964,7 +3872,7 @@ service apache2 restart
 Now install some dependencies.
 #+BEGIN_SRC: bash
-apt-get install mysql-server php5-common php5-cli php5-curl php5-gd php5-mysql php5-mcrypt
+apt-get install mysql-server php5-common php5-cli php5-curl php5-gd php5-mysql php5-mcrypt php5-fpm php5-cgi php-apc
 #+END_SRC
 Enter an admin password for MySQL.
@ -3997,12 +3905,12 @@ editor .gitconfig
 The .gitconfig file should look something like this:
 #+BEGIN_SRC: bash
 [user]
        name = yourname
        email = myusername@mydomainname.com
 [http]
        sslVerify = true
        sslCAinfo = /etc/ssl/certs/ca-certificates.crt
 [user]
        email = myusername@mydomainname.com
        name = yourname
 #+END_SRC
 Get the source code.
@ -4010,7 +3918,7 @@ Get the source code.
 #+BEGIN_SRC: bash
 export HOSTNAME=myfriendicadomainname.com
 cd /var/www/$HOSTNAME
-mv htdocs htdocs_old
+rm -rf htdocs
 git clone https://github.com/friendica/friendica.git htdocs
 chmod -R 755 htdocs
 chown -R www-data:www-data htdocs
@ -6561,7 +6469,7 @@ The following ports on your internet router/firewall should be forwarded to the
 | HTTP          |         80 |
 | HTTPS         |        443 |
 | IMAP          |        143 |
-| IRC SSL       |       6670 |
+| IRC SSL       |       6697 |
 | SIP           | 5060..5061 |
 | SMTP          |     25,587 |
 | SMTPS         |        465 |