Open Registry of Game Information 

  • Oregami-News

  • Here everybody can ask questions about our project or present his ideas.
    No special authorization needed to post here!
Here everybody can ask questions about our project or present his ideas.
No special authorization needed to post here!

Moderators: MZ per X, gene

 #38442  by gene
 10 Nov 2017, 17:28
Hi there. I am still alive! :D

As one step of my technical restructuring of my servers for Kultpower.de and Oregami.org I decided to move from a self hosted Atlassian Confluence to a "Cloud hosted" version of confluence.
That saves me a lot of work and makes it possible to concentrate on more important things.

So, the "old" wiki was available on http://wiki.oregami.org

From now on, the Oregami wiki is available on https://oregami.atlassian.net !
 #38445  by gene
 02 Jan 2018, 09:26
Happy new year for everyone of you! :-)

During the last months my investigations on Docker continued. I need to update my installations for all my hosted web sites (kultpower & oregami), and I decided to do this with the usage of Docker as virtualization software.

After some weeks I got all my sites running with the help of docker. But this was only a first shot and I cannot go to "production" with this one.
The reason: security! Using docker for local development is one thing, using it in production for public web sites is another thing.

So I am now googling "docker security" for quiet some time now :wink: and I would like to list my insights so far. Very helpful for me was this presentation, which give a very good overview on securing docker.
  • Use minimal base image (for example alpine)
  • Use specific versions (e.g. “FROM node:7.7.2-alpine instead of node:latest)
  • processes in docker containers should not run as root user. If there is a vulnerability in a used software package, this could be bad for the host (!) server and not "only" for the one container
  • restrict as many kernel capabilities as possible with the "--cap-drop" option
  • restrict resource usage (e.g. memory) per container
  • open only needed ports - open ports only for needed clients (IP based), e.g. the MySQL database does not need to be open to the web, only to the web server
I will try to implement all these things, it may take some extra time but I think it's worth it.

Stay tuned!
 #38446  by MZ per X
 02 Jan 2018, 21:13
A healthy and productive 2018 to you, too! :)

And I always thought that Docker was invented for security reasons... ;)
 #38447  by gene
 02 Jan 2018, 22:10
MZ per X wrote:And I always thought that Docker was invented for security reasons... ;)
Well, the docker website says:
AGILITY
Accelerate software development and deployment by 13X and respond instantly to customer needs.

PORTABILITY
Eliminate the “works on my machine” once and for all. Gain independence across on-prem and cloud environments.

SECURITY
Deliver applications safer across the entire lifecycle with built in security capabilities and configurations out of the box.

COST SAVINGS
Optimize the use of your infrastructure resources and streamline operations to save 50% in total costs.
They do really mention "security", bit it does not come automatically :D
 #38448  by gene
 26 Jan 2018, 23:19
Oregami.org - our public website - is getting an update.
Up to now we used Redaxo CMS for the website.

During my Docker works I thought that it might be better to use Jekyll - a static site generator based on files within a Git repository - to create our website.
A nice side effect of this change will be that the new website will be responsive, so it will be readable on mobile devices. Finally.

Here are some early screenhots (not finally styled):
(801.84 KiB) Downloaded 35 times
(580.16 KiB) Downloaded 37 times
(270.94 KiB) Downloaded 39 times
 #38449  by MZ per X
 27 Jan 2018, 11:52
Cool stuff! Should I start going over the website texts and refresh them in the wiki?
 #38450  by gene
 27 Jan 2018, 11:54
MZ per X wrote:Cool stuff! Should I start going over the website texts and refresh them in the wiki?
Thanks for the offer, but: no!
You will be able to edit the texts soon directly in a Git repository from which the website is created.
So no more needs to write texts in the wiki and transfer them later to the website.
 #38451  by gene
 27 Jan 2018, 12:04
And another good news is:
The new site will be multi language (english/german) and will include all (past) blog posts and will offer the possibility to write new blogposts as well.
No more need for Google blog sites!
 #38452  by MZ per X
 28 Jan 2018, 23:09
Moving away from something Google is always a good thing! :)

So I will wait for the editing possibilities.
 #38453  by gene
 30 Jan 2018, 22:07
MZ per X wrote:So I will wait for the editing possibilities.
Ok, I am nearly done.
The complete website source is available at https://github.com/oregami/oregami.org-public-website

I worked through all blog posts, German and English ones. They are located in the folders _posts_en and posts_de .

The regular pages are these:
Code: Select all
./_pages_en/links.md
_pages_en/about-us.md
_pages_en/faq.md
_pages_en/developers.md
_pages_en/association.md
_pages_en/index.md
_pages_en/community.md
_pages_de/links.md
_pages_de/verein.md
_pages_de/ueber-uns.md
_pages_de/faq.md
_pages_de/index.md
_pages_de/community.md
_pages_de/entwickler.md
Everybody with access to the Git repository can edit the files - developers will do this with their favorite code editor (I am using Atom). You must be able to have basic knowledge about Git (clone, edit, commit, push).
Another way to edit files is prose.io, which is a web based editor for Git repositories - including a markdown editor for markdown text files.

Choose your weapon! ;-)
 #38454  by MZ per X
 31 Jan 2018, 22:46
Ha, interesting! I will check it out soon. :)
 #38455  by gene
 03 Feb 2018, 21:17
The origami web server will get a major update shortly (the "docker" thing I have been working on for some months). So don’t be surprised if something doesn’t work temporarily the next days.
 #38456  by MZ per X
 04 Feb 2018, 13:25
gene wrote:Another way to edit files is prose.io, which is a web based editor for Git repositories - including a markdown editor for markdown text files.
Does this generate git pull requests for you to approve, or will I be doing live updates to the website?
 #38457  by gene
 04 Feb 2018, 17:15
MZ per X wrote:
gene wrote:Another way to edit files is prose.io, which is a web based editor for Git repositories - including a markdown editor for markdown text files.
Does this generate git pull requests for you to approve, or will I be doing live updates to the website?
I think it will update the git repo immediately, but the Website is not connected directly to the git repo.
Website (re)generation has to be done manually by me.

Perhaps we can create a "live" branch from which I generate the site. I can then cherry pick your changes to this branch and start the website generation.
 #38458  by gene
 05 Feb 2018, 11:26
Server update is nearly finished!

- http://www.oregami.org is working (old redaxo page)
- forum.oregami.org is working (I linked to the HTTPS version, use this one!)

Not so perfect:
I cannot force the forum page to use HTTPS instead of HTTP.
I could force it, but only for all domains, and the redaxo page does not work with HTTPS :-(

So what I would like to do as soon as possible:
Switch from the old redaxo page to the new Jekyll based website (lates preview can be seen here).
Then I can force HTTPS on all Oregami-Domains.

@Mz per X: What do you think? can we switch to the jekyll site this evening? Any big changes you want to make to the website content? :D