Menu Close

Category: LoneStar Network

Removal of Facebook Login

LoneStar 0 Comments
views

Starting today the option to use the Facebook login to authenticate on this blog has been removed.

From what I have learned, during 2023 Facebook changed its terms of service making the business verification of developer accounts a requirement for being given access to the data necessary to use the Login function. Initially it was however possible to register as a Business simply by providing your identity card.

After a few months they changed their terms again and it became necessary to provide proof of a real business activity (registration with the chamber of commerce, etc.).

Consequently, it is no longer possible to use the Facebook Login for purely amateur purposes by individual users. I’m sorry, but it’s not my fault.

For now, logins via Google and Twitter remain active.

Reverse proxy and SSO

LoneStar 0 Comments
views

Nginx logoIn recent times I have made some technological changes to the LoneStar Network services, which are not directly visible but which have improved and made them safer. In particular, I proceeded to place all websites behind nginx reverse proxy. In this way, therefore, the various web servers that present the services are not directly exposed to the network but are located behind the barrier constituted by the reverse proxy.

This also added some flexibility in being able to add subservices presented as subfolders of the main sites.

I have also added a Single Sign On service, to allow access with a centralized account. Not all the services I use support it yet, but over time it should become the only login system.

Restyling the website

LoneStar 0 Comments
views

As you can notice I’m working on the restyling of the website, a thing that I should have done many years ago.

The wordpress theme Revolution Code Blue that I’ve been using until now hasn’t been updated anymore since the early 2000s. It has been working nicely until the release of WordPress 5.1, but with the symultaneous upgrade to PHP 7.3 and WordPress 5.3 some issues have begun to appear in the visualization of some items in the pages.

After some research I’ve reached to the Customify theme, which allows me to build various parts of the site in the way I want instead of giving a mandatory structure. In addition, it matches well with my logo, which I had no intention to change.

The restyling of the website is not finished in full yet, but I should soon achieve the final look.

New SSL certificates by Let’s Encrypt

LoneStar 0 Comments
views

httpsBetween yesterday and today I changed the SSL certificate used on the websites of lonestar.it and unixportal.net, and for the SMTP / IMAP mail services of mail.lonestar.it.

Up to now I used a wildcard certificate, regularly purchased on StartSSL . It was a cost-effective service to get a 2-year wildcard certificate. The convenience is that the certificate was valid for * .lonestar.it, and therefore in any network service.

But the StartSSL Certification Authority has been deprecated by major browsers because of some irregularities committed after acquisition by a Chinese company.

As a result, as of recent versions of Firefox and Chrome, certificates issued by this authority are no longer accepted as valid (green color next to the url bar), but are shown as unrecognized (red color next to the url bar).

So I’ve decided to start using the free service of Let’s Encrypt , which has been very successful lately thanks to the new philosophy of free release of certificates to anyone, for a short time (90 days maximum), so as to encourage adoption of https and tls protocols by everyone.

The short duration of certificates implies the transition to an automatic renewal and replacement mechanism, compared to the previous habit of obtaining a valid certificate for a few years and then install it manually on the various servers involved.

Let’s Encrypt offers an official python-based client to perform these automated tasks on the most popular distributions and common services. But since I use Slackware as distribution and s/qmail as a mail service, I preferred to use the Dehydrated script, which is based on bash and curl.

So I’ve set up some scripts that request certificates, no longer wildcard but individual for each service, and install them where necessary.

All seems to be working 🙂

SMTP-VRFY enabled

LoneStar 0 Comments
views

These days I have enabled SMTP-VRFY functionality in the LoneStar Network MTA service, so that I can create/remove mailboxes through Vmail and have them automatically recognized by the ASSP antispam filter
that is put to upfront protection to the service itself.

Up to now, manual intervention was required by means of editing a text file containing the list of acceptable mailbox addresses.

With this change, any box created through the management web interface will be dynamically recognized as enabled.

CC BY-NC-SA 4.0 .