Language:
switch to room list switch to menu My folders
Go to page: First ... 9 10 11 12 [13]
[#] Mon Dec 30 2024 00:28:16 UTC from darknetuser

Subject: Re: Citadel tip of the day - using the Docker image with Let's Encrypt

[Reply] [ReplyQuoted] [Headers] [Print]

Well, what I do for this sort of setup where I have a web application that I want to treat as a black box is:

1 - Set up a reverse proxy and load the certificates there.
2 - Point the reverse proxy to forward any TLS/port 443 traffic to the application.

3 - Instruct the reverse proxy to forward any non-tls/port 80 traffic to a dummy server that either
--> issues a 302 redirect to the https version of the site
--> accepts let's encrypt traffic for certificate renovation

The moment you operate more than one site from the same domestic LAN this setup just makes more sense than most stuff people is doing elsewhere.

[#] Mon Dec 30 2024 15:15:35 UTC from Nurb432

Subject: Re: Citadel tip of the day - using the Docker image with Let's Encrypt

[Reply] [ReplyQuoted] [Headers] [Print]

I do the same thing with a NGINX proxy server that sits between me and the outside world.

Does all the DNS name to internal IP translations for me, so i can run more than one "service" on a single external IP.  Handles the certs and easy renewals. And for things that dont have their own internal security ( or is a pain to manage ), i can prop up a login on the proxy and still present it to the outside.

I guess in theory it helps to handle random DoS attacks too, it takes the hit instead of the app server.

Mon Dec 30 2024 00:28:16 UTC from darknetuser Subject: Re: Citadel tip of the day - using the Docker image with Let's Encrypt
Well, what I do for this sort of setup where I have a web application that I want to treat as a black box is:

1 - Set up a reverse proxy and load the certificates there.
2 - Point the reverse proxy to forward any TLS/port 443 traffic to the application.


 



[#] Mon Dec 30 2024 17:36:47 UTC from IGnatius T Foobar

Subject: Re: Citadel tip of the day - using the Docker image with Let's Encrypt

[Reply] [ReplyQuoted] [Headers] [Print]

The moment you operate more than one site from the same domestic LAN

this setup just makes more sense than most stuff people is doing
elsewhere.

Yes, I have done similar things and it works quite well.

Remember, however, that a fully deployed Citadel site uses TLS for more than just the web service. For example, if you are using the email service, good luck getting Google or Microsoft to talk to you if you don't offer STARTTLS.

[#] Mon Jan 06 2025 05:41:58 UTC from darknetuser

Subject: Re: Citadel tip of the day - using the Docker image with Let's Encrypt

[Reply] [ReplyQuoted] [Headers] [Print]

Remember, however, that a fully deployed Citadel site uses TLS for

more than just the web service. For example, if you are using the
email service, good luck getting Google or Microsoft to talk to you if

you don't offer STARTTLS.



The solution I use as a reverse proxy can do lots of crazy things beyond being an http(s) proxy. It can also work as a TCP dumb relay. You could add TLS to arbitrary connections using it.

I don't think it is sophisticate enough for doing STARTTLS without addons, though. You could hack some solution for that but at that point it is no longer ellegant.

[#] Tue Jan 07 2025 02:59:12 UTC from IGnatius T Foobar

Subject: Re: Citadel tip of the day - using the Docker image with Let's Encrypt

[Reply] [ReplyQuoted] [Headers] [Print]


There are a lot of ways to skin that particular cat, and a lot of use cases.
In another part of my world I have a system set up that automatically renews a wildcard certificate with Let's Encrypt every 60 days, and automatically contacts every site or server that uses it to do a certificate update. It has to integrate with the DNS server to do that.

Our objective here, however, is to honor our tradition of making things not just easy, but "Citadel Easy (tm)". Everything is self-contained and doesn't require the site operator to set up any external dependencies. Less concise integrations are always available, but the default installation must be as easy-peasy as possible. Our mission is to put excellent software into the hands of site operators who don't want their data being handled by big SaaS operators -- and we want that to be easy.

[#] Fri Feb 07 2025 00:27:52 UTC from IGnatius T Foobar

Subject: Citadel 1009 improves international language support

[Reply] [ReplyQuoted] [Headers] [Print]


Citadel 1009, available at all the usual locations for download and install.

Some users had complained about the international language support being a bit dodgy in WebCit. We've improved this a bit and things should be much better now for those of you running Citadel in communities with non-English speakers.

As a reminder ... you MUST have the language packs for your operating system installed in order for Citadel to support any of its translations.

Share and Enjoy!

[#] Sat Mar 08 2025 17:05:06 UTC from IGnatius T Foobar

Subject: Citadel 1010 released

[Reply] [ReplyQuoted] [Headers] [Print]

Citadel 1010 has been released, and if you're not using the Docker version yet, why not take the time to migrate -- after that, upgrades are ridiculously easy and can be completed in seconds.

A few sites have been reporting that WebCit has been freezing randomly, and it seems to be a result of a new wave of brute force attacks on the HTTPS ports.  We've hardened the code even more and made it more difficult for the Bad People to lock up your WebCit port.

There are no feature upgrades in this version.   Share and Enjoy!



[#] Wed Mar 12 2025 22:35:16 UTC from IGnatius T Foobar

Subject: Citadel on Docker now supports all languages

[Reply] [ReplyQuoted] [Headers] [Print]


Good news! We've updated the containerized version of Citadel to pre-install all available language packs.

So if you're running Citadel for non English speaking users, and your language is supported, running Citadel in a container on Docker (or Kubernetes or Openshift or whatever) is now the easiest way to get running fast! No installation of language packs, no locale configuration, just run and go.

And remember: if your favorite language isn't supported, we always welcome translators. We are happy to accept new translations, and we are happy to accept improvements to existing translations.

[#] Thu Apr 24 2025 01:06:58 UTC from IGnatius T Foobar

Subject: 32-bit support is ending for Citadel

[Reply] [ReplyQuoted] [Headers] [Print]


Hello, everyone out there in Citadel land! This is an announcement to let you know that we are ending official support for running the Citadel system on 32-bit architectures. No specific end date has been set at this time, but if you're running Citadel on 32-bit x86 or on 32-bit ARM, now's the time to begin thinking about an upgrade.

If you've been hanging on to an old 32-bit VM because you were afraid to convert your database, you're not alone. We just converted the database here on Uncensored (the flagship site) late last year. The dump and load utilities have FULL fidelity and they worked great to convert our somewhat large database.

Why are we doing this?

* Support for 32-bit operating systems in general is coming to an end.
* There is 32-bit x86 support in the containerized distribution of Citadel, and as far as I can tell, nobody anywhere is using it. There are a few stragglers on 32-bit ARM, though.
* 2038-jan-19 will be here before we know it. All 32-bit Citadel installations will die horribly of the Y2038 bug.
* In the next few years, we will be gradually rolling out a transition from Berkeley DB to LMDB. Although Oracle hasn't announced end-of-life for Berkeley DB, they also haven't updated it in years. LMDB is super fast and well supported, and the open source community seems to have a consensus that it's The One.
But you have to run it on 64-bit, otherwise your database is limited to 4 GB.

If you are still running 32-bit Citadel, let us know ... especially if you need help converting.

[#] Thu Apr 24 2025 13:34:41 UTC from SamuraiCrow

Subject: Re: 32-bit support is ending for Citadel

[Reply] [ReplyQuoted] [Headers] [Print]

I may have to retire my Cubox i4pro. It's ARM7. I was able to install Debian but not Arch on it. Citadel ran flawlessly on it under Debian. SolidRun has a newer model but I may just skip it and get a real server. That's the hazards of using first-world workmanship from Israel instead of some cheap Chinese SBC: that it keeps working years later.

Oddly the Cubox model has gone up in value since I bought it and it may yet fetch a decent price! It's probably not enough to match inflation but still...



[#] Sun Apr 27 2025 20:38:09 UTC from IGnatius T Foobar

Subject: Re: 32-bit support is ending for Citadel

[Reply] [ReplyQuoted] [Headers] [Print]

Yeah ... we have been keeping 32-bit support alive for longer than most projects, but at some point when you have a limited amount of volunteer effort to run support, you have to let old stuff go sometimes.

The era of 32-bit computing was FAR longer than the era of 16-bit computing, and we are hoping the era of 64-bit computing will be even longer than that.
(At some point you've got all the address space you could possibly need, right?O Even the current 64-bit architectures are only wired for 56 bits for now.)

As for Citadel, we try to make everything in-place upgradeable without having to upgrade to intermediate versions, as long as the version you're running is less than 10 years old. We're *really* fastidious about that.

Go to page: First ... 9 10 11 12 [13]