diff options
Diffstat (limited to 'gemfeed')
| -rw-r--r-- | gemfeed/2024-04-01-KISS-high-availability-with-OpenBSD.gmi | 12 | ||||
| -rw-r--r-- | gemfeed/atom.xml | 14 |
2 files changed, 13 insertions, 13 deletions
diff --git a/gemfeed/2024-04-01-KISS-high-availability-with-OpenBSD.gmi b/gemfeed/2024-04-01-KISS-high-availability-with-OpenBSD.gmi index a8682a5c..f0d7dfa6 100644 --- a/gemfeed/2024-04-01-KISS-high-availability-with-OpenBSD.gmi +++ b/gemfeed/2024-04-01-KISS-high-availability-with-OpenBSD.gmi @@ -196,8 +196,8 @@ Check out the whole script here: I am renting two small OpenBSD VMs: One at OpenBSD Amsterdam and the other at Hetzner Cloud. So, both VMs are hosted at another provider, in different IP subnets, and in different countries (the Netherlands and Germany). -=> https://openbsd.amsterdam -=> https://www.hetzner.cloud +=> https://OpenBSD.Amsterdam +=> https://www.Hetzner.cloud I only have a little traffic on my sites. I could always upload the static content to AWS S3 if I suddenly had to. But this will never be required. @@ -213,8 +213,8 @@ A split-brain scenario between the old master and the new master might happen. T With the DNS failover, HTTP, HTTPS, and Gemini protocols are failovered. This works because all domain virtual hosts are configured on either VM's `httpd` (OpenBSD's HTTP server) and `relayd` (it's also part of OpenBSD and I use it to TLS offload the Gemini protocol). So, both VMs accept requests for all the hosts. It's just a matter of the DNS entries, which VM receives the requests. -=> https://man.openbsd.org/httpd.8 -=> https://man.openbsd.org/relayd.8 +=> https://man.OpenBSD.org/httpd.8 +=> https://man.OpenBSD.org/relayd.8 For example, the master is responsible for the `https://www.foo.zone` and `https://foo.zone` hosts, whereas the standby can be reached via `https://standby.foo.zone` (port 80 for plain HTTP works as well). The same principle is followed with all the other hosts, e.g. `irregular.ninja`, `paul.buetow.org` and so on. The same applies to my Gemini capsules for `gemini://foo.zone`, `gemini://standby.foo.zone`, `gemini://paul.buetow.org` and `gemini://standby.paul.buetow.org`. @@ -250,7 +250,7 @@ The ACME automation is yet another daily CRON script `/usr/local/bin/acme.sh`. I Let's encrypt certificates usually expire after 3 months, so a weekly failover of my VMs is plenty. => https://codeberg.org/snonux/rexfiles/src/branch/master/frontends/scripts/acme.sh.tpl `acme.sh.tpl` - Rex template for the `acme.sh` script of mine. -=> https://man.openbsd.org/acme-client.1 +=> https://man.OpenBSD.org/acme-client.1 => ./2022-07-30-lets-encrypt-with-openbsd-and-rex.gmi Let's Encrypt with OpenBSD and Rex ### Monitoring @@ -275,7 +275,7 @@ Rex isn't part of the OpenBSD base system, but I didn't need to install any exte Other high-available services running on my OpenBSD VMs are my MTAs for mail forwarding (OpenSMTPD - also part of the OpenBSD base system) and the authoritative DNS servers (`nsd`) for all my domains. No particular HA setup is required, though, as the protocols (SMTP and DNS) already take care of the failover to the next available host! -=> https://www.opensmtpd.org/ +=> https://www.OpenSMTPD.org/ As a password manager, I use `geheim`, a command-line tool I wrote in Ruby with encrypted files in a git repository (I even have it installed in Termux on my Phone). For HA reasons, I simply updated the client code so that it always synchronises the database with both servers when I run the `sync` command there. diff --git a/gemfeed/atom.xml b/gemfeed/atom.xml index 8a206818..44ed725d 100644 --- a/gemfeed/atom.xml +++ b/gemfeed/atom.xml @@ -1,6 +1,6 @@ <?xml version="1.0" encoding="utf-8"?> <feed xmlns="http://www.w3.org/2005/Atom"> - <updated>2024-04-03T00:06:22+03:00</updated> + <updated>2024-04-12T23:43:12+03:00</updated> <title>foo.zone feed</title> <subtitle>To be in the .zone!</subtitle> <link href="gemini://foo.zone/gemfeed/atom.xml" rel="self" /> @@ -229,8 +229,8 @@ echo <font color="#FF0000">"Failover of zone $zone to $MASTER completed"</font> <br /> <span>I am renting two small OpenBSD VMs: One at OpenBSD Amsterdam and the other at Hetzner Cloud. So, both VMs are hosted at another provider, in different IP subnets, and in different countries (the Netherlands and Germany).</span><br /> <br /> -<a class='textlink' href='https://openbsd.amsterdam'>https://openbsd.amsterdam</a><br /> -<a class='textlink' href='https://www.hetzner.cloud'>https://www.hetzner.cloud</a><br /> +<a class='textlink' href='https://OpenBSD.Amsterdam'>https://OpenBSD.Amsterdam</a><br /> +<a class='textlink' href='https://www.Hetzner.cloud'>https://www.Hetzner.cloud</a><br /> <br /> <span>I only have a little traffic on my sites. I could always upload the static content to AWS S3 if I suddenly had to. But this will never be required.</span><br /> <br /> @@ -246,8 +246,8 @@ echo <font color="#FF0000">"Failover of zone $zone to $MASTER completed"</font> <br /> <span>With the DNS failover, HTTP, HTTPS, and Gemini protocols are failovered. This works because all domain virtual hosts are configured on either VM's <span class='inlinecode'>httpd</span> (OpenBSD's HTTP server) and <span class='inlinecode'>relayd</span> (it's also part of OpenBSD and I use it to TLS offload the Gemini protocol). So, both VMs accept requests for all the hosts. It's just a matter of the DNS entries, which VM receives the requests.</span><br /> <br /> -<a class='textlink' href='https://man.openbsd.org/httpd.8'>https://man.openbsd.org/httpd.8</a><br /> -<a class='textlink' href='https://man.openbsd.org/relayd.8'>https://man.openbsd.org/relayd.8</a><br /> +<a class='textlink' href='https://man.OpenBSD.org/httpd.8'>https://man.OpenBSD.org/httpd.8</a><br /> +<a class='textlink' href='https://man.OpenBSD.org/relayd.8'>https://man.OpenBSD.org/relayd.8</a><br /> <br /> <span>For example, the master is responsible for the <span class='inlinecode'>https://www.foo.zone</span> and <span class='inlinecode'>https://foo.zone</span> hosts, whereas the standby can be reached via <span class='inlinecode'>https://standby.foo.zone</span> (port 80 for plain HTTP works as well). The same principle is followed with all the other hosts, e.g. <span class='inlinecode'>irregular.ninja</span>, <span class='inlinecode'>paul.buetow.org</span> and so on. The same applies to my Gemini capsules for <span class='inlinecode'>gemini://foo.zone</span>, <span class='inlinecode'>gemini://standby.foo.zone</span>, <span class='inlinecode'>gemini://paul.buetow.org</span> and <span class='inlinecode'>gemini://standby.paul.buetow.org</span>.</span><br /> <br /> @@ -287,7 +287,7 @@ http://www.gnu.org/software/src-highlite --> <span>Let's encrypt certificates usually expire after 3 months, so a weekly failover of my VMs is plenty.</span><br /> <br /> <a class='textlink' href='https://codeberg.org/snonux/rexfiles/src/branch/master/frontends/scripts/acme.sh.tpl'><span class='inlinecode'>acme.sh.tpl</span> - Rex template for the <span class='inlinecode'>acme.sh</span> script of mine.</a><br /> -<a class='textlink' href='https://man.openbsd.org/acme-client.1'>https://man.openbsd.org/acme-client.1</a><br /> +<a class='textlink' href='https://man.OpenBSD.org/acme-client.1'>https://man.OpenBSD.org/acme-client.1</a><br /> <a class='textlink' href='./2022-07-30-lets-encrypt-with-openbsd-and-rex.html'>Let's Encrypt with OpenBSD and Rex</a><br /> <br /> <h3 style='display: inline'>Monitoring</h3><br /> @@ -312,7 +312,7 @@ http://www.gnu.org/software/src-highlite --> <br /> <span>Other high-available services running on my OpenBSD VMs are my MTAs for mail forwarding (OpenSMTPD - also part of the OpenBSD base system) and the authoritative DNS servers (<span class='inlinecode'>nsd</span>) for all my domains. No particular HA setup is required, though, as the protocols (SMTP and DNS) already take care of the failover to the next available host! </span><br /> <br /> -<a class='textlink' href='https://www.opensmtpd.org/'>https://www.opensmtpd.org/</a><br /> +<a class='textlink' href='https://www.OpenSMTPD.org/'>https://www.OpenSMTPD.org/</a><br /> <br /> <span>As a password manager, I use <span class='inlinecode'>geheim</span>, a command-line tool I wrote in Ruby with encrypted files in a git repository (I even have it installed in Termux on my Phone). For HA reasons, I simply updated the client code so that it always synchronises the database with both servers when I run the <span class='inlinecode'>sync</span> command there. </span><br /> <br /> |