Language:
switch to room list switch to menu My folders
Go to page: 1 3 4 5 6 [7] 8 9 10 11 ... Last
[#] Sat Dec 05 2015 08:19:04 EST from dothebart @ Uncensored

Subject: Re: something i need to know

[Reply] [ReplyQuoted] [Headers] [Print]

 

Fri Dec 04 2015 18:35:29 EST from sureshot @ Uncensored Subject: something i need to know

Hello

I just need to know if and how citadel can be used to connect to a vax system

sureshot

well, depends on the vax ;-)

If it can to TCP, telnet or ssh to the citadel client shell, or getty with serial line.

*bsd portability isn't enshured, since nobody wants to maintain a port on a durable basis.



[#] Mon Dec 07 2015 14:13:34 EST from jgoerzen @ Uncensored

Subject: Several Citadel Bug Reports

[Reply] [ReplyQuoted] [Headers] [Print]

Hello,

In experimenting with Citadel, I've encountered a few bugs.  These are all with 9.01:

  • Security: In a system configured to require permission to send Internet mail, a user that is not granted that permission can configure a Sieve filter to send out mail to the Internet, regardless of whether the admin has granted Internet permission.
  • Security: In the textclient, pushing O to open an attachment will invoke the opencmd even if allow_attachments=0 in citadel.rc
  • Security: Passwords are validated case-insensitive with built-in auth
  • Webcit: Saving the system configuration always resets the Citadel port (504) to 0, and the Citadel UID to 0.  On next restart, the Citadel server will be running as root and webcit will not be able to connect to it due to the port changing.  Textclient does not have this issue.
  • Setup: Does not honor CITADEL_UID, winds up running the server as root in more situations than should.
  • Citadel: Replying to an email from someone using their display name will not work (invalid recipient)
  • Wiki: Does not save history, even if the room is not set to expire.

Hope this helps,

John

 



[#] Tue Dec 08 2015 18:37:56 EST from Zycorax @ Uncensored

Subject: Help setting up SSL for webcit and on IMAP/SMTP

[Reply] [ReplyQuoted] [Headers] [Print]

Hello all,

I'd like to have instructions on how to apply CA-signed certificates to both webcit and citadel's mail server. I currently have a working but unsecured setup. I am not particularly familiar with the software and may have overlooked one of the options. I have also attempted in getting both to work by placing the certificates under /etc/ssl/webcit and /etc/ssl/citadel but that alone doesn't seem enough.

 

Looking forward to a solution,

   Zycorax Tokoroa



[#] Tue Dec 08 2015 23:07:43 EST from "John Goerzen" <jgoerzen@complete.org> to citadel_support@citadel.org

Subject: Re: [Citadel Support] Help setting up SSL for webcit and on IMAP/SMTP

[Reply] [ReplyQuoted] [Headers] [Print]

Hi,

The instructions under "godaddy certificates" (even if you don't use
GoDaddy) on this page may help:

http://www.citadel.org/doku.php/faq:systemadmin:how_to_install_a_certificate_signed_by_a_recognized_certificate_authority?s[]=godaddy#godaddycertificates

On 12/08/2015 04:37 PM, Zycorax wrote:

Hello all,

I'd like to have instructions on how to apply CA-signed certificates
to both webcit and citadel's mail server. I currently have a working
but unsecured setup. I am not particularly familiar with the software
and may have overlooked one of the options. I have also attempted in
getting both to work by placing the certificates under /etc/ssl/webcit
and /etc/ssl/citadel but that alone doesn't seem enough.



Looking forward to a solution,

Zycorax Tokoroa

[#] Wed Dec 09 2015 08:31:18 EST from Zycorax @ Uncensored

Subject: Re: [Citadel Support] Help setting up SSL for webcit and on IMAP/SMTP

[Reply] [ReplyQuoted] [Headers] [Print]

As per the paths specified in my original question I do have already tried that method and am aware of the existence of that page, which unfortunately doesn't lead to the expected result.



[#] Thu Dec 10 2015 11:10:16 EST from bangfoo @ Uncensored

Subject: Good day. I have a question...

[Reply] [ReplyQuoted] [Headers] [Print]

Hi all,

I have been tasked with setting up a mail server for a company that is severely firewalled/blue-coated.

They are only allowing access to a mirrored centos repo structure, which does not allow access to the repo that has Citadel packages.

Is there any way to get around this limitation?

Do you have a tar ball or zip file of all the necessary packages for Citadel that I could download and transfer to my centos host?

 

Thanks!!

Mark

 



[#] Fri Dec 11 2015 05:43:35 EST from dothebart @ Uncensored

Subject: Re: Good day. I have a question...

[Reply] [ReplyQuoted] [Headers] [Print]

the centos rpms are availabe via suse OBS. You can download them via http and install them manually.

or you demand access to the obs repositories.



[#] Sat Dec 12 2015 11:55:20 EST from nnnn20430 @ Uncensored

Subject: https

[Reply] [ReplyQuoted] [Headers] [Print]

to admins of uncensored.citadel.org

you have some weird expired cert on https://uncensored.citadel.org which expires on 04/11/1906 for some reason

why not get a trusted cert that doesn't give a warning to everyone that visits the page using https://letsencrypt.org/

it's free!, you just install their python program on the server and just run the command including all domains you want and get a cert, and to renew just run it again.

example: $ letsencrypt certonly -d citadel.org,uncensored.citadel.org

and make link in your server to use certs at /etc/letsencrypt/live/citadel.org



[#] Sat Dec 12 2015 14:50:01 EST from "Robert J. Clay" <rjclay@gmail.com> to citadel_support@citadel.org

Subject: Errors: "pthread_create() : Cannot allocate memory" ?

[Reply] [ReplyQuoted] [Headers] [Print]

All,

  Anyone have a idea what might be causing periodic errors like following on a Debian v8 Linux Container system:

-----<cut>---------------------------------
Broadcast message from systemd-journald@mailus (Sat 2015-12-12 09:02:11 EST):

citserver[9951]: pthread_create() : Cannot allocate memory


Message from syslogd@mailus at Dec 12 09:02:11 ...
 citserver[9951]: pthread_create() : Cannot allocate memory
-----<cut>---------------------------------

  This is with Debian package version  08.24-1-b3 on an amd64 system (which was apparently rebuilt with  libical >= 1.0-1.2).




--
Robert J. Clay
rjclay@gmail.com


[#] Sun Dec 13 2015 16:32:41 EST from platonov @ Uncensored

Subject: Webcit SSL access with Apache HTTP server running

[Reply] [ReplyQuoted] [Headers] [Print]

I just read a post about trusted cert that doesn't give a warning to everyone that visits the page using https://letsencrypt.org/ here.

The question I have is after I configured the letsencrypt for Apache server and I can access the site via https address, and, since I also want to use the https to webcit, then what do I do to make sure the https access to that domain is served by the webcit and not by Apache?

One alternative seems to be to change the webcit port for https access to something other than 443.

How do I do that?

Another one is to disable the Apache serving the https requests, so that when domain is accessed as secure site, it is automatically served by the webcit, and not apache. In that case, how do I configure the letsencrypt certificates that work for that domain to work with webcit instead?

Thanx in advance.



[#] Sun Dec 13 2015 16:50:15 EST from "nnnn20430" <nnnn20430@mindcraft.si.eu.org> to citadel_support@citadel.org

Subject: Re: [Citadel Support] Webcit SSL access with Apache HTTP server running

[Reply] [ReplyQuoted] [Headers] [Print]

i my self use nginx and have a special subdomain for webcit to be
citadel.domain and then i simply reverse proxy that subdomain to local
webcit
you can run that webcit on plain http doesn't matter cause it's local, i
have it running with ssl on port 2443... but you can use any other port
and don't need ssl...

i don't use letsencrypts auto configuration option, just use the
certonly option it places all certs in standard location, the main
domain will be the first domain specified in the cli and certs will be
placed in /etc/letsencrypt/live/domain/

then just create link in your servers config to
/etc/letsencrypt/live/domain/ and use that

so just do $ letsencrypt certonly -d mydomain,citadel.mydomain
or something like that and configure your server to reverse proxy it to
webcit when $host is ^citadel.*

On 12/13/2015 10:32 PM, platonov wrote:

I just read a post about trusted cert that doesn't give a warning to
everyone that visits the page using https://letsencrypt.org/ here.

The question I have is after I configured the letsencrypt for Apache
server and I can access the site via https address, and, since I also
want to use the https to webcit, then what do I do to make sure the
https access to that domain is served by the webcit and not by Apache?

One alternative seems to be to change the webcit port for https access
to something other than 443.

How do I do that?

Another one is to disable the Apache serving the https requests, so
that when domain is accessed as secure site, it is automatically
served by the webcit, and not apache. In that case, how do I configure
the letsencrypt certificates that work for that domain to work with
webcit instead?

Thanx in advance.

[#] Sun Dec 13 2015 17:34:53 EST from platonov @ Uncensored

Subject: Re: [Citadel Support] Webcit SSL access with Apache HTTP server running

[Reply] [ReplyQuoted] [Headers] [Print]

Thanx a lot for quick followup.
Just one question:
Since I am not exactly a sysadmin type of a guy, what exactly do I need to do on Ubuntu 14.10 server to reverse proxy citadel subdomain?
It looks like some Apache configuration to me. Is it done in /etc/apache2/sites-enabled/domain_name?
If so, do I need to add a rule for port 443 to it?
And, what would I specify for the ProxyPass and ProxyPassReverse, I guess, to make sure it passes it to webcit instead?

Thanx in advance.

Sun Dec 13 2015 16:50:15 EST from "nnnn20430" <nnnn20430@mindcraft.si.eu.org> Subject: Re: [Citadel Support] Webcit SSL access with Apache HTTP server running
i my self use nginx and have a special subdomain for webcit to be
citadel.domain and then i simply reverse proxy that subdomain to local
webcit
you can run that webcit on plain http doesn't matter cause it's local, i
have it running with ssl on port 2443... but you can use any other port
and don't need ssl...

i don't use letsencrypts auto configuration option, just use the
certonly option it places all certs in standard location, the main
domain will be the first domain specified in the cli and certs will be
placed in /etc/letsencrypt/live/domain/

then just create link in your servers config to
/etc/letsencrypt/live/domain/ and use that

so just do $ letsencrypt certonly -d mydomain,citadel.mydomain
or something like that and configure your server to reverse proxy it to
webcit when $host is ^citadel.*

On 12/13/2015 10:32 PM, platonov wrote:

I just read a post about trusted cert that doesn't give a warning to
everyone that visits the page using https://letsencrypt.org/ here.

The question I have is after I configured the letsencrypt for Apache
server and I can access the site via https address, and, since I also
want to use the https to webcit, then what do I do to make sure the
https access to that domain is served by the webcit and not by Apache?

One alternative seems to be to change the webcit port for https access
to something other than 443.

How do I do that?

Another one is to disable the Apache serving the https requests, so
that when domain is accessed as secure site, it is automatically
served by the webcit, and not apache. In that case, how do I configure
the letsencrypt certificates that work for that domain to work with
webcit instead?

Thanx in advance.

 



[#] Mon Dec 14 2015 01:35:12 EST from dothebart @ Uncensored

Subject: Re: Webcit SSL access with Apache HTTP server running

[Reply] [ReplyQuoted] [Headers] [Print]

configuring proxies is also described here:

http://citadel.org/doku.php/faq:installation:apacheproxy



[#] Tue Dec 15 2015 16:35:01 EST from warbaby @ Uncensored

Subject: How to: Let's Encrypt Free SSL Cert Citadel 9.01 Debian 8.2 Jessie 64

[Reply] [ReplyQuoted] [Headers] [Print]

Let's Encrypt

As you may have heard, Let's Encrypt (letsencrypt.org) a non-profit, free Certificate Authority supported by the EFF and a host of players.  They just entered public beta with their client, which means you can download it and install a real and free certificate on your citadel server (or whatever you like).   This is not an advertisement.  It's a big initiative to get everyone to encrypt their traffic.  I just did two of my citadel installs and though it was pretty easy so thought I'd share. 

How to: Let's Encrypt Free SSL Cert Citadel 9.01 Debian 8.2 Jessie 64

[This tutorial is Debian specific, but should be close for any distro.  Just make sure you have git installed]

Run these commands as any user which is in /etc/sudoers - you'll be prompted for sudo password when necessary. 

sudo apt-get update
 sudo apt-get install git
 git clone https://github.com/letsencrypt/letsencrypt
 cd letsencrypt
 ./letsencrypt-auto certonly -a standalone -d mail.example.org -d other.example.org

Enter your account email, Accept the TOS. You can add multiple domains if you leave off the -d arg (or use multiple -d args) . DNS must be already configured or this will fail with 'client unauthorized'.

cd /usr/local/citadel/keys ln -s /etc/letsencrypt/live/mail.example.org/privkey.pem citadel.key ln -s /etc/letsencrypt/live/mail.adventyouthmedia.org/fullchain.pem citadel.cer

restart citadel & webcit

/etc/init.d/citadel restart
/etc/init.d/webcit restart

[or, however you restart. service citadel restart, etc..]

This should work okay for webcit, I did not test because I run webcit without ssl via nginx proxy. 

REMEMBER, these are 90 days certs, but completely valid and nicely FREE. 

To renew the cert see the docs at https://letsencrypt.readthedocs.org/en/latest/using.html

Based on https://blog.rudeotter.com/lets-encrypt-ssl-certificate-nginx-ubuntu/  which also has a config for nginx. 

Have fun!

 

-Warbaby

 


[#] Tue Dec 15 2015 17:05:53 EST from warbaby @ Uncensored

Subject: Webcit proxy issue for static/ dir, name collision with other web crap

[Reply] [ReplyQuoted] [Headers] [Print]

I've been running webcit through a proxy w/ both nginx and apache for years now per [ http://citadel.org/doku.php/faq:installation:apacheproxy]

All is good, except I had to add an nginx block for the static/ dir for the images and some of the chat js to work.  

That also works, however I now have a web client app which also uses a dir called 'static', so proxying that folder isn't a good option anymore. It breaks the app.  

It seems there are three options. 

1) Move, copy or link some files.

2) Change the name of the webcit 'static' folder

3) Change the name of the mailclient 'static' folder. 

I'm leaning toward 1), but just thought I'd ask you smart guys what you think.  A handful of symbolic links would probably cover it.  It seems like the least janky approach. 

2) /static/ is hardcoded into all the styles.  I don't have the source at the moment.  If it needs to be changed there and recompiled, that's out since I just don't want to take it that far.  Lots of stuff to administer, my life consist of defaults. 

3) Other webclient has metric ton of minimized javascript I don't want to touch either. 

I guess I could just live with it the way it is.. this could just be considered an nginx specific question, but I'm not aware of any way to 'blend' two folders via an alias.  There may even be some name collision with files.  

Thoughts anyone?  Or, just tell me to go do some real work.  :)

 

 

 



[#] Tue Dec 15 2015 17:28:15 EST from warbaby @ Uncensored

Subject: Re: [Citadel Support] Webcit SSL access with Apache HTTP server running

[Reply] [ReplyQuoted] [Headers] [Print]

You don't need to run webcit ssl if you already have a web server with a valid cert running on 443.  That's kind of the whole point behind proxying the requests. Just run it on port 2000 (or whatever, I personally use 127.0.0.1:12 - yes, that's port 12)

So just add  the proxy config as shown on the wiki, and run webcit locally.  The SSL cert for your web server will take care of it.   If you try to use the stock script in /etc/init.d/webcit, you're going to get an error because it is going to try and grab port 443 and you already have apache/nginx on that port.  

My webcit-local.sh script is attached.  It should be get you in the ball park.  Just copy it to /etc/init.d/webcit-local (or wherever your init scripts are) and chmod u+ x as root. 

I use the low port # and only bind to localhost so webcit is not exposed publicly without ssl.   It also saves the overhead not having webcit ssl running. 

 

Sun Dec 13 2015 05:34:53 PM EST from platonov @ Uncensored Subject: Re: [Citadel Support] Webcit SSL access with Apache HTTP server running

Thanx a lot for quick followup.
Just one question:
Since I am not exactly a sysadmin type of a guy, what exactly do I need to do on Ubuntu 14.10 server to reverse proxy citadel subdomain?
It looks like some Apache configuration to me. Is it done in /etc/apache2/sites-enabled/domain_name?
If so, do I need to add a rule for port 443 to it?
And, what would I specify for the ProxyPass and ProxyPassReverse, I guess, to make sure it passes it to webcit instead?

Thanx in advance.

Sun Dec 13 2015 16:50:15 EST from "nnnn20430" <nnnn20430@mindcraft.si.eu.org> Subject: Re: [Citadel Support] Webcit SSL access with Apache HTTP server running
i my self use nginx and have a special subdomain for webcit to be
citadel.domain and then i simply reverse proxy that subdomain to local
webcit
you can run that webcit on plain http doesn't matter cause it's local, i
have it running with ssl on port 2443... but you can use any other port
and don't need ssl...

i don't use letsencrypts auto configuration option, just use the
certonly option it places all certs in standard location, the main
domain will be the first domain specified in the cli and certs will be
placed in /etc/letsencrypt/live/domain/

then just create link in your servers config to
/etc/letsencrypt/live/domain/ and use that

so just do $ letsencrypt certonly -d mydomain,citadel.mydomain
or something like that and configure your server to reverse proxy it to
webcit when $host is ^citadel.*

On 12/13/2015 10:32 PM, platonov wrote:

I just read a post about trusted cert that doesn't give a warning to
everyone that visits the page using https://letsencrypt.org/ here.

The question I have is after I configured the letsencrypt for Apache
server and I can access the site via https address, and, since I also
want to use the https to webcit, then what do I do to make sure the
https access to that domain is served by the webcit and not by Apache?

One alternative seems to be to change the webcit port for https access
to something other than 443.

How do I do that?

Another one is to disable the Apache serving the https requests, so
that when domain is accessed as secure site, it is automatically
served by the webcit, and not apache. In that case, how do I configure
the letsencrypt certificates that work for that domain to work with
webcit instead?

Thanx in advance.

 



 



webcit-local.sh (application/x-shellscript, 1217 bytes) [ View | Download ]
[#] Tue Dec 15 2015 21:43:54 EST from "John Goerzen" <jgoerzen@complete.org> to citadel_support@citadel.org

Subject: Re: [Citadel Support] How to: Let's Encrypt Free SSL Cert Citadel9.01 Debian 8.2 Jessie 64

[Reply] [ReplyQuoted] [Headers] [Print]

I have been curious for awhile what all the excitement about Let's
Encrypt is. startssl.com already hands out free SSL certs recognized by
major browsers, and they're valid for a year.

[#] Wed Dec 16 2015 06:47:17 EST from dothebart @ Uncensored

Subject: Re: Webcit proxy issue for static/ dir, name collision with other web crap

[Reply] [ReplyQuoted] [Headers] [Print]

I think ln -s'ing the files from the other static folder or vice versa is the cheapest option next to having one run on another vhost.



[#] Wed Dec 16 2015 13:46:33 EST from warbaby @ Uncensored

Subject: Re: Webcit proxy issue for static/ dir, name collision with other web crap

[Reply] [ReplyQuoted] [Headers] [Print]

Nevermind, I just made links. :)



[#] Wed Dec 16 2015 13:47:45 EST from warbaby @ Uncensored

Subject: Re: [Citadel Support] How to: Let's Encrypt Free SSL Cert Citadel9.01 Debian 8.2 Jessie 64

[Reply] [ReplyQuoted] [Headers] [Print]

The certs are only valid for 90 days, but still very worth-while. 

Tue Dec 15 2015 09:43:54 PM EST from "John Goerzen" <jgoerzen@complete.org> Subject: Re: [Citadel Support] How to: Let's Encrypt Free SSL Cert Citadel9.01 Debian 8.2 Jessie 64
I have been curious for awhile what all the excitement about Let's
Encrypt is. startssl.com already hands out free SSL certs recognized by
major browsers, and they're valid for a year.

 



Go to page: 1 3 4 5 6 [7] 8 9 10 11 ... Last