Skip to main content

- Defending Internet Freedom

- IndieHosters

- Give Docker Trainings

- libre.sh, yet another Docker PaaS

- Meteor Freelancer

- ToS;DR

- IndieWeb

- I have something to Hide and you?

- Framasoft

indiehosters.net

github.com/IndiePaaS/IndiePaaS

twitter.com/pierreozoux

github.com/pierreozoux

tosdr.org/

pierre-o.fr

www.humancoders.com/formations/docker

www.meetup.com/Internet-Freedom-Lisbon/

ihavesomethingtohi.de/

framadrive.org

pierre@ozoux.net

Pierre Ozoux

Pierre Ozoux

These little things that give you smile for the rest of the day!

Enable encryption between mail servers by easybe · Pull Request #2 · indiehosters/docker-postfix https://github.com/indiehosters/docker-postfix/pull/2

Pierre Ozoux

ServerLess collection of links

1 min read

We are probably entering the post PaaS era. I think we can agree that Heroku failed at making it simple and painless to deploy code. Nowadays there are better solutions.

Back in the time, I was (and still am) fascinated by Unhosted Philosophy! Let's say unhosted is the open source way of server less. But this philosophy has migrated to be absorbed and digested by capitalism and proprietary software.

So here is a list of ressoures to dive into the server less world!

Articles

http://thenewstack.io/amazon-web-services-isnt-winning-problems-poses/

http://www.thecloudcast.net/2016/03/the-cloudcast-242-understanding.html

Awesome curated list

https://github.com/anaibol/awesome-serverless

In the next article, I'll detail how we plan to build our IndieHosters landing page, unhosted way :)

Pierre Ozoux

Pierre Ozoux

Our Freedom Bundles are powered by ownCloud

https://blog.indie.host/2016/we-proudly-present-the-indiehosters-freedom-bundles-1

Pierre Ozoux

Pierre Ozoux

We proudly present: The IndieHosters Freedom Bundles https://blog.indie.host/2016/we-proudly-present-the-indiehosters-freedom-bundles

Pierre Ozoux

Testing socket activation with docker-compose

1 min read

A simple test following this setup: https://developer.atlassian.com/blog/2015/03/docker-systemd-socket-activation/

cd /etc/systemd/system
ls test*
 # we need 3 unit-files
test-proxy.service  test-proxy.socket  test@.service

cat test-proxy.socket
[Socket]
ListenStream=8080

[Install]
WantedBy=sockets.target

cat test-proxy.service
[Unit]
Requires=test@test.indie.host.service
After=test@test.indie.host.service

[Service]
ExecStart=/lib/systemd/systemd-socket-proxyd 127.0.0.1:8081

cat test@.service
[Unit]

# Requirements
Requires=docker.service

# Dependency ordering
After=docker.service

[Service]
Restart=always
RestartSec=10
TimeoutStartSec=60
TimeoutStopSec=15
EnvironmentFile=/data/domains/%i/.env
WorkingDirectory=/data/domains/%i/
ExecStartPre=-/opt/bin/docker-compose rm -f
ExecStart=/opt/bin/docker-compose up
ExecStartPost=/opt/bin/waitport 127.0.0.1 8081
ExecStop=/opt/bin/docker-compose stop

cat /opt/bin/waitport
#!/bin/bash

host=$1
port=$2
tries=600

for i in `seq $tries`; do
    if ncat $host $port > /dev/null ; then
      # Ready
      sleep 1
      exit 0
    fi

    /bin/sleep 0.1
done

# FAIL
exit -1

 the docker-compose based from: https://github.com/indiehosters/static:
cat /data/domains/test.indie.host/docker-compose.yml
web:
  image: nginx
  volumes:
    - ./nginx.conf:/etc/nginx/nginx.conf:ro
    - ./data:/var/www/html
  ports:
    - "8081:80"

And here is the result! gif

Pierre Ozoux

@suqdiq @framasoft @indiehosters @ecobytes @openintegrity

My main objective to learn is to provide an easy way to test security for small infrastructure that host people's data (like project https://git.framasoft.org/framasoft/CHATONS/tree/master).
The long term goal would be to have a set of indicators like for instance:
- QualysSSL rating
- vulnerable to CVEs
- port opens
- you name it
Tested in automated manner and reporting in real time.
Luckily, https://openintegrity.org/ is working on that!
If you know any people interested let me know :)
Tell me for lunch, I'm quiet available, we could also have a beer in the place we met last time?

Pierre Ozoux

Auto configure ownCloud caldav/carddav on iOS with a profile

2 min read

Edit: the solution was found (at the bottom of the article).

For IndieHosters we plan to offer a really nice bundle with cloud(5Go) + webmail + contacts + calendar + smtp + imap for 2€/month ( stay tuned if interested ;) ). (And 4€/month with your domain and 15Go)

For that, we try to make the onboarding process of new users as painless as possible. On Android, it is a pain to configure everything right. You need to download 2 apps: DAVdroid and ownCloud and configure 3 end points (webdav/cardav/caldav). It means your user needs to be really motivated!

On iOS/OSX, the process is a lot easier, you can provide a profile file that will install everything with one click \o/. Here is the specification if interested. Like always, your best bet for a working example is to head to mailinabox.

So I did like they did, here is the file.

I checked my nginx conf against the official one and the one from mailinabox.

I keep getting on my iOS device:

An error occurred while contacting the server.
The operation couldn't be completed. (CoreDAVErrorDomain error 3.)

On the server, I get:

web_1 | 172.17.51.4 - - [08/Feb/2016:17:24:05 +0000] "PROPFIND /.well-known/caldav HTTP/1.1" 301 184 "-" "iOS/7.1.2 (11D257) accountsd/1.0"
web_1 | 172.17.51.4 - - [08/Feb/2016:17:24:05 +0000] "PROPFIND / HTTP/1.1" 405 172 "-" "iOS/7.1.2 (11D257) accountsd/1.0"
web_1 | 172.17.51.4 - - [08/Feb/2016:17:24:06 +0000] "PROPFIND /principals/ HTTP/1.1" 404 6287 "-" "iOS/7.1.2 (11D257) accountsd/1.0"
web_1 | 172.17.51.4 - - [08/Feb/2016:17:24:06 +0000] "PROPFIND /calendar/dav/test/user/ HTTP/1.1" 404 6287 "-" "iOS/7.1.2 (11D257) accountsd/1.0"

What bother me is that I tried every combinations of end points, and I suspect that the problem come from iOS because it is always trying these end points. My iOS version: 7.1.2

Ah, if I enter manually, it does work :)

If you want to try, the credentials: test/qwer

If you find the reason, I give you one of this account for one year \o/.

Edit: The solution was to modify the following key to remove the https:

      CalDAVPrincipalURL
      http://cloud.pierre-o.fr/string>;