I’ve been hacking away at getting DTC set up to use Googles’ Let’s Encrypt.
Here’s my work so far…
There are two files:
- getssl – the getssl script that you get from the getssl site.
This is a wrapper around getssl to do the stuff that DTC needs done to make it work.
To execute you:
- Need to have the files in /home/dtc
- Run ./dtc-getssl -a <ADMIN NAME> -d <DOMAIN NAME> -s <SUB DOMAIN> -cWhere
* ADMIN NAME is the DTC Admin name of the account that the domain is located in.
* DOMAIN NAME is the domain name you want the cert for.
* SUB DOMAIN is the subdomain of the domain you want the cert for.
What we’re doing is just creating the right stuff with the right permissions so it will all work in DTC.
eg: ./dtc-getssl -a deafblindassociation -d deafblindassociation.nz -s www -c
getssl will create you a folder for the sub/domain combination in the .getssl folder.
dtc-getssl wil then display a bunch of information that you need to copy into the getssl.cfg file.
- Then edit the getssl.cfg file for the domaineg: /home/dtc/.getssl/www.deafblindassociation.nz/getssl.cfg
In the case of our example:
#This tells getssl where to find the file it makes so that it can verify we actually own the domain.
#This tells getsll to use the ACL above for all and any verification’s even if we’re getting a cert for more than one subdomain (which I don’t think we should be).
#These lines just tell getssl where to put the files once it’s made them.
You also need to make sure the production ssl server isn’t commented out and that the test one is.
# The staging server is best for testing
# This server issues full certificates, however has rate limits
Finally, comment out the SANS option unless you have reason for it. You’ll see in our example the getssl script seemed to think we want a subdomain included that we don’t.
- Now Run ./dtc-getssl -a <ADMIN NAME> -d <DOMAIN NAME> -s <SUB DOMAIN> without the -c option
You should see getssl generate the keys for you.
We need this wrapper because we’re running the script with the correct user (dtc) so that we get the correct permissions on the file.
- Restart apache2
getssl does have the ability to restart the web server and we will need to do this in future, but this script is way to green to be letting it restart your production system without doing a bit of checking first!
Last year we installed two UPS’s ready for our new DC so we can have A and B side power.
Sadly the batteries are a bit shot in one of them.
Our aim is to have a solar driven DC with grid power being our backup. Doing this is expensive so we’re planning it in stages.
But we’re also looking at the duplication that we already have in the server room from UPS systems. So our B side UPS is off to see our friendly tech for a bit of a make over. Now I’m on the hunt for APC 5000 VA service manuals.
The aim is to get a bigger array of batteries external to the UPS and then just apply charge from the solar and mains as backup.
We figured that we get nothing for power if we export it.
Building a DC we also considered the impact on the grid it we just start pulling lots of power for cooling. We decided that we needed more cooling on hot sunny days, exactly the kind of weather that’s great for solar power generation.
Our other aim is to capture and reuse the heat that our servers generate to heat a glass house on the roof space. We’re currently on the look out for a hot water heat pump that we can pump the heat from our server room into a spa pool (already on site) and then move that heat back in to the green house at night time.
Currently we’re running EoIP on Mikrotik. As EoIP isn’t a standard, I thought we’d get busy and implement MPLS and VPLS.
Well take one was a disaster! Teach me for not prototyping the whole thing in the lab first.
This is a good blog on MPLS/VPLS.
One hint it didn’t give me is that MTU has to be higher than 1500. Our radio network will currently do 1524 so starting today I started setting gear to the higher MTU.
My head fills up with ideas all the time. Communicating them to others becomes a problem. Keeping track of them so they become a reality also becomes a problem. Over the past two decades I’ve played around with lots of different project management tools, some good, some not so much.
This coming year I’m going to start having a crack at Open Project.
I started out trying to install ‘Redmine’ from the Debian repository on one of my vps servers. That was a big fail! My great friend Damien recommended giving OpenProject a crack, so I have.
This week I’m working to write more words for our web site as part of my work to fully implement the DTC billing system.
As you can see, I’ve also been blogging random notes related to the DTC-XEN software.
DTC-XEN is the software that we use to interface users with our own VPS servers and resources we purchase from other DTC-XEN server providers such as GPLHost Global Hosting.
htpasswd /etc/dtc-xen/.htpassword dtc-xen
telnet <hostname> 8089
yes, is it running ?
on the host # netstat -antop | grep 8089
Volume group “node64901-vg” has insufficient free space (0 extents): 96 required.
root@node64901:/var/lib/dtc-xen/mnt# cat 01.setuplvm.stderr
For the past few years we’ve been just sending out manual bills when we get round to it. Not really very effective for running a productive profitable business.
An automated billing system presents a few challenges for us. Our challenge is not just implementing a billing system but also choosing our software.
On one hand, we’ve been using DTC for our site hosting for over a decade. The guys at GPLHost who wrote it have become our friends, but on the other hand, platforms like cPanel, WHM and ISPConfig3 are just want everyone uses.
DTC has spelling mistakes, it’s complex and there’s not a big community using it, should we change? Should we just join a new community? What about our friends of over a decade?
I’ve grown up with people complaining about Microsoft Windows being the only operating system that will work on their computer of choice for decades. The answer was always simple, it’s because it just works and everyone else is doing it. Choosing to support something else is hard, it’s still hard.
It’s not really a debate… we’re committed to DTC because we’re also committed to choice. Being free GPL software means that DTC presents a very low bar to entry for anyone wanting to provide hosting and collect payment. You can run this software on you an old desktop computer off the end of your internet connection at home if you want to, we know, we have!
Our implementation is meaning us making quite a few changes because unlike GPLHost (who wrote DTC originally) most of our customers choose to pay by internet banking and need New Zealand GST invoices.
We’re adding the ability to get a proforma invoice, view your past payments with more details in a list, get an invoice emailed to you when payment is made, get your proforma invoice emailed to you.
We’re also working to integrate with metaname.net domain name registrations and renewals so that when you pay for your hosting your domain name is automatically updated.
We wrote some instructions to help our customers figure out how to pay! You’ll find those here: http://www.yournet.co.nz/paying-your-account/
Our control panel also has a manual, and you can find that here: http://www.yournet.co.nz/dtc-hosting-control-panel-instruction-manual/
As a customer you’ll start to see emails coming from us telling you when your service needs paying for.
Some people have asked for invoices with their reminders. The problem with invoices is that we give you the choice to renew your service for as long as you like, so we don’t know what period to invoice for. So we’ve made the ability to raise proforma invoices and get your invoice once you’ve paid.
Getting a global reach is important
But how to afford it on a budget for a small player like YourNet is a challenge.
For the past decade we’ve worked with the team at www.GPLHost.com on development of the DTC hosting control panel and resource billing system.
At present we’re working to build a wholesale platform that will let small local providers like us get a global reach under our own brand but using GPLHost resources.
‘White Labeling’ is not new, but normally works on the concept that all your services are from the same wholesaler.
YourNet already has servers in our own data center in Christchurch. We want our VPS servers to appear in the same customer interface as our wholesale partners resources.
We also want to lend our resources to our wholesale partners.
Enter DTC and DTC-XEN stage left!
Our aim is to modify the DTC software platform so that we can build a network of providers who have redundant resources that we can present to our customers.
I felt it was time that YourNet had a blog, so welcome!