198 Lotus blogs updated hourly. Who will post next? Home | Blogs | Search | About 
 
Latest 7 Posts
IBM Connections CCM: Activity Stream entries are delayed
Wed, May 17th 2017 6
IBM Connections CCM – FNRCD0002E – ERROR The database vendor cannot be determined from the JNDI data source
Tue, Feb 28th 2017 3
ICMP redirects no longer working
Sat, Feb 4th 2017 1
Dockingstation für iPhone und Apple Watch
Sat, Jan 21st 2017 6
Zusätzliches Netzteil für den Macbook Pro
Tue, Jan 17th 2017 5
Some issues with Migration of IBM Connections 5.0 to 5.5
Thu, Jan 12th 2017 6
Create tasks in “Remember The Milk” with Siri and the Apple Watch
Tue, Jan 10th 2017 5
Top 10
SSL Certificate Issue with Ephox Textbox.io Editor in IBM Connections 5.5
Tue, Feb 16th 2016 9
IBM HTTP Server: Better logrotate for HTTP server logs in Linux
Wed, Jun 29th 2016 9
IBM Connections 5.5: File Upload via HTTP Server (Documentation error)
Tue, Jan 26th 2016 7
IBM Connections 5.5: Custom Community Themes based on the new Connections 5.5 (Hikary ) design
Thu, May 12th 2016 7
IBM Websphere: Use arrow key with wsadmin in Linux
Wed, Jun 29th 2016 7
DBEAVER – Universal Database Manager
Wed, Jan 4th 2017 7
IBM Connections 5.5: Error using the Rich Content app in a Community
Tue, May 3rd 2016 6
Debian Jessie: Upgrade BIND9 to newer version
Sun, Nov 6th 2016 6
Publishing PGP Keys in DNS
Sun, Nov 6th 2016 6
IBM Connections 5.5 CR2 available
Mon, Nov 14th 2016 6


Technical Changes Behind the Scene …
Twitter Google+ Facebook LinkedIn Addthis Email Gmail Flipboard Reddit Tumblr WhatsApp StumbleUpon Yammer Evernote Delicious
Michael Urspringer    

Long time ago since I posted something here. The reason for that is, that I did some massive technical changes in the background.

First, all my stuff is now running on a plain Linux virtual server (based on Debian Jessie) instead of a Linux server manged via Plesk. It was simply too much overhead and very hard to figure out where to do changes which will not be overwritten by Plesk later again. So adding new stuff or configuring existing things is much easier now.

I also improved my internal mail system. In the past I used already my own mail server but forwarded all mails to Google Mail as I really like the Gmail front end and especially the archive and search functionality. Antispam had also been outsourced to Spamfence. Both worked very well for me but all my mails were sent and stored to third party providers. So changed that and now everything is done on my own server. I reconfigured Postfix so that most of the spamming attempts is now already blocked on the SMTP level and never reaches my system. The very few spammers, who are successful in delivering mails, are filtered out by SpamAssassin which now works very well. Same is true for dangerous mails like viruses, executables etc. I added also support for SPF and DKIM both for incoming and outgoing mails

I installed Dovecot as IMAP server together with Sieve for mail filtering and as front end I am now using Roundcube. I like its user interface and it has built-in support for PGP encryption already. I added all my mails since 2013 from Google to Dovecot so that I can do at least some basic searching.

If I really need some more sophisticated search features I have all mails archived to my local computer via MailStore Home. I tried to implement Solr to search within my IMAP account but that was not yet successful as it always chrashes while searching virtual folders. So there is still something to improve in future 🙂

I am now also hosting my own DNS server, which was in the past something my provider did for me. The main reason for that is, that I wanted to implement DNSSEC (secure DNS) together with DANE for verifiying my SSL certificates and my provider was not yet supporting DNSSEC. So I switched all my domains to INWX and installed my own DNS server which now work as the primary and the INWX servers work as secondary.

In addition, I needed to switch all my SSL certificates from StartSSL to something else because of  a security issue. As I needed something where I can get several certificates with no or very low cost I have choosen LetsEncrypt as my new SSL provider.

This works pretty well (I am using this script as basis) and has only one disadvantage: All certificates need to be refreshed every 90 days. Although this normally is not really a problem it could lead to problems because all my certificates are now protected by DANE and the certificate’s fingerprint needs to be updated in my DNS as soon as the certificate changes. So this will still be a challenge in the next weeks.

Last but not least, I decided to have a backup server for SMTP and DNS so I needed to built and configure that as well. My main hosting provider is still Host Europe (I have very good experience with them in the last years) but for a backup server (which is not really needed ;-)) it was to expensive. So my backup server is a small virtual machine hosted by IP Interactive, a small provider near by my home.

To be able to monitor all that stuff, I added all servers and services to my Icinga monitoring system on my Raspberry Pi which now monitors over 22 hosts and almost 80 services.

All servers capable of sending SYSLOG messages were consolidated to a central SYSLOG server also hosted on my Raspberry Pi with Loganalyzer as front end.

Doing all that was quite some work but I have again learned very much about Linux, SMTP, DNS and other stuff. So it was worth the effort. But I guess that now explains that I did not have much time to write blog entries but hopefully this will now change again … 🙂

Some links which helped me in configuring some of these things:

https://vpsineu.com/blog/how-to-setup-and-configure-a-master-dns-bind-server-in-debian-wheezyjessie/
http://blog.mansshardt.net/bind9-dns-server-einrichten-unter-debian/
https://www.digitalocean.com/community/tutorials/how-to-configure-bind-as-an-authoritative-only-dns-server-on-ubuntu-14-04

https://www.digitalocean.com/community/tutorials/how-to-setup-dnssec-on-an-authoritative-bind-dns-server–2
https://t37.net/no-more-expired-dnssec-zones-with-bind-9-9-inline-signing.html

https://www.linode.com/docs/email/running-a-mail-server
https://www.linode.com/docs/email/postfix/email-with-postfix-dovecot-and-mysql
https://www.debinux.de/2015/05/mailserver-from-scratch-debian-8/
https://www.skelleton.net/2015/03/21/how-to-eliminate-spam-and-protect-your-name-with-dmarc/

 

The post Technical Changes Behind the Scene … appeared first on Urs-o-Log.



---------------------
https://www.urspringer.de/2016/11/05/technical-changes-behind-scene/
Nov 05, 2016
6 hits



Recent Blog Posts
6
IBM Connections CCM: Activity Stream entries are delayed
Wed, May 17th 2017 3:43p   Michael Urspringer
I did have the problem that if someone uploaded a file to a CCM library within a Community, the Activity Stream entries for “Recent Updates” and the users homepage did not appear immediately but appeared only the next day at 12:00 am. The reason for that was, that someone had created schedules for the CCM Sweep Subsystem. One schedule for every day, starting at 12:00 am. You can find that setting in the ACCE under “ICDomain -> Sweep Subsystem: Schedule”:
3
IBM Connections CCM – FNRCD0002E – ERROR The database vendor cannot be determined from the JNDI data source
Tue, Feb 28th 2017 1:47p   Michael Urspringer
IBM Connections Content Manager (CCM) was no longer working for a customer although everything was ok a few days ago. While starting the CCMCluster the following error occurded in SystemOut.log: FNRCD0002E - ERROR The database vendor cannot be determined from the JNDI data source or is an unsupported type. Check the data source and verify the database connection. com.filenet.api.exception.EngineRuntimeException: FNRCD0002E: DB_BAD_DATABASE_VENDOR: The database vendor cannot be determined from
1
ICMP redirects no longer working
Sat, Feb 4th 2017 5:01p   Michael Urspringer
I do have a test LAN with its own IP range and I want to reach that test LAN from my productive LAN. For that, I have a software router based on pfSense, which has one virtual network interface in my production LAN and one in the test LAN. On my main router I added a static route for that. About two weeks ago, that setup suddenly did no longer work. At least from all Linux and Mac OS based machines, I was unable to reach IP addresses in the test LAN. From Windows machines this still did work.
6
Dockingstation für iPhone und Apple Watch
Sat, Jan 21st 2017 1:44p   Michael Urspringer
Immer mehr Geräte wollen auf dem Nachttisch Platz finden. Damit das Ganze nicht in einen unordentlichen Kabelsalat ausartet, habe ich nun diese Dockingstation für iPhone und Apple Watch auf dem Nachttisch stehen: Die Dockingstation kommt mit einem 48W-Netzteil und hat zusätzlich noch 2 USB-Anschlüsse um bis zu zwei weitere Geräte zu laden. Bei mir wird z.B. noch der Kindle aufgeladen (auch wenn das nur alle paar Wochen mal nötig ist …). Man kann die Watch zwar auch quer auf die H
5
Zusätzliches Netzteil für den Macbook Pro
Tue, Jan 17th 2017 6:10p   Michael Urspringer
Mein Netzteil für das Macbook Pro ist zuhause am Schreibtisch ein wenig verbaut und es ist ziemlich mühsam, jedesmal umzustecken, wenn ich das Macbook irgendwohin mitnehme. Daher musste ein zusätzliches Netzteil her.  Da ich keine Lust hatte, über 80 EUR für ein Original-Apple-Netzteil auszugeben, habe ich nach günstigeren Alternativen gesucht. Meine Wahl fiel auf das Salcar 60W Magsafe 2 T Form . Das Teil ist 145 gr. leicht und hat zusätzlich noch 2 USB-Ladeports mit 2 A. Damit kan
6
Some issues with Migration of IBM Connections 5.0 to 5.5
Thu, Jan 12th 2017 11:58a   Michael Urspringer
I had some new issues while migrating a customer environment from IBM Connections 5.0 to 5.5 (Oracle) and I would like to document them here: ORA-01722: invalid number during Homepage upgrade While running the script “homepage/oracle/upgrade-50CR4-55.sql” we got the following errors in the log file: Code block DECLARE * ERROR at line 1: ORA-01722: invalid number ORA-06512: at line 17 The reason for that was, that the sequence of the columns in the table “HOMPAGE.NR
5
Create tasks in “Remember The Milk” with Siri and the Apple Watch
Tue, Jan 10th 2017 6:47p   Michael Urspringer
I am a long year user of “Remember The Milk” (RTM) to manage all my tasks. Although they do still not have a native app on the iPhone, you are able to use Siri on the Apple Watch to automatically create a task in RTM without touching your iPhone. This is really something I am using very often throughout the day. Especially as Audi has killed Siri in my A3 if the iPhone is connected via Bluetooth to the car system. Siri on the watch is still working like a charm. Here is described
7
DBEAVER – Universal Database Manager
Wed, Jan 4th 2017 10:35p   Michael Urspringer
I normally used “Squirrel” as a free universal database client to connect to databases like DB2, Oracle etc. I just found a new tool called “DBeaver“, which is also free. It looks very nice and it will replace Squirrel for me now. The post DBEAVER – Universal Database Manager appeared first on Urs-o-Log.
6
IBM Connections 5.5 CR2 available
Mon, Nov 14th 2016 8:39a   Michael Urspringer
Since last week, IBM Connections 5.5 CR2 is available. Here are some important links: Download IBM Connections 5.5 CR2 Download IBM Connections 5.5 CR2 Database Update Scripts IBM Connections 5.5 CR2 Fix List Updating IBM Connections 5.5 Update Strategy for IBM Connections 5.5 IBM Connections 5.5 CR requirements for IBM FileNet for use with Connections Content Manager (CCM) incl.uding Download Links IBM Community Surveys 8.5/8.6: Updating the Sonata services for IBM Connections 5.5 CR2 I
6
Publishing PGP Keys in DNS
Sun, Nov 6th 2016 7:06p   Michael Urspringer
As I now have secured my DNS server with DNSSEC, I was able to publish my public  PGP key also via DNS. There are two different possibilities to do that: PKA (public key association) This puts a pointer where to obtain a key into a TXT record. At the same time that can be used to verify that a key belongs to a mail address. You can find more about that here (only in German). My DNS TXT record looks like that: michael._pka.urspringer.de TXT "v=pka1;fpr=7F3F203B94F85C3B7969BF58C5F5




Created and Maintained by Yancy Lent - About - Planet Lotus Blog - Advertising - Mobile Edition