#32532: Install ZNC on Chives, make pastly admin it -------------------------------------------------+------------------------- Reporter: pastly | Owner: pastly Type: defect | Status: | assigned Priority: Medium | Milestone: Component: Internal Services/Tor Sysadmin Team | Version: Severity: Normal | Resolution: Keywords: | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: -------------------------------------------------+------------------------- Changes (by anarcat):
* owner: anarcat => pastly * status: accepted => assigned Comment: i have created the ircbouncer role (user) and group on chives. the user has the rights to keep persistent user-level services running through systemd, also known as "lingering". the documentation on how to use that to run services is detailed here: https://help.torproject.org/tsa/doc/services/ it is your responsibility to start the service and keep it running, our systemd things will just run whatever the service file says. :) so `sudo -u ircbouncer` to get to the privileged account. i've made you part of the group which should give you that privilege, let me know if that doesn't work. i've also added the `ircbouncer` user to the `ssl-cert` group so it can access the X509 certificates. those certs are the following files: {{{ root@chives:~# ls -al /etc/ssl/private/ircbouncer.torproject.org.* /etc/ssl/torproject/certs/ircbouncer.torproject.org.crt* -r--r----- 1 root ssl-cert 7178 nov 18 20:42 /etc/ssl/private/ircbouncer.torproject.org.combined -r--r----- 1 root ssl-cert 3244 nov 18 20:42 /etc/ssl/private/ircbouncer.torproject.org.key -r--r--r-- 1 root root 2286 nov 18 20:42 /etc/ssl/torproject/certs/ircbouncer.torproject.org.crt -r--r--r-- 1 root root 1649 nov 18 20:42 /etc/ssl/torproject/certs/ircbouncer.torproject.org.crt-chain -r--r--r-- 1 root root 3934 nov 18 20:42 /etc/ssl/torproject/certs/ircbouncer.torproject.org.crt-chained }}} Those are basically: * `.key`: the private key * `.crt`: the public key * `.crt-chain`: the "chain" bits that might be required in some browsers * `.crt-chained`: the above two together * `.combined`: all of the above Usually, the `.key` and `.crt` are enough, but sometimes you need the `.crt-chained` instead of the `.crt`. The onion service is also up and running, under (i believe) `eibwzyiqgk6vgugg.onion`. It currently points at ircbouncer.torproject.org:80 which of course is not listening. That's the next step: we need to figure our how to give you access to port 80 here. My suggestion would be that you start by setting up the bouncer and its web interface on whatever (stable) port you can, and access it over an SSH tunnel for now. Once you're happy with this (or if you can't use SSH tunnels for some reason), let me know what the port number is, and I'll setup an Nginx forward, reusing those nice little X509 certs as well. TL;DR: checklist status: * [x] znc install (anarcat) * [x] ircbouncer role account and group (anarcat) * [x] sudo access (anarcat) * [x] enable-linger (anarcat) * [x] x509 certs (anarcat) * [x] hidden service (anarcat) * [ ] systemd.service configuration (pastly) * [ ] znc configuration (pastly) * [ ] web interface configuration (pastly) * [ ] nginx proxy (anarcat) let me know if you have any questions! -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32532#comment:5> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs