Round Robin: Difference between revisions

From pisswiki
Visual
(→‎Current Rotation: pee.wants.to.be.free.openpiss.net now has a valid cert)
Tag: Reverted
m (SSL is depreciated and insecure)
 
(22 intermediate revisions by 6 users not shown)
Line 1: Line 1:
This is the list of all the servers in the round robin. If you want your server added, add yourself at the bottom of the list in the following format:
If you wish to have your server added to the round-robin, please contact a [https://wiki.letspiss.net/wiki/Special:ListUsers?username=&group=sysop&wpsubmit=&wpFormIdentifier=mw-listusers-form&limit=50 wiki sysop] so they can add you into [https://shitposting.space/dns the new round-robin system.] You will have to provide the following information:


<pre>
# Server name
your.server.domain.name    A 123.222.111.22
# IPv4 and/or IPv6
your.server.domain.name AAAA f00b::1
# Region (must be one of: AMER, EURO or ASIA)
</pre>Please add your domain/ip at the bottom of this page AND THEN ping HenryPissinger/Polsaker on pissnet to update the records
 
Your node must:
 
* Have a valid TLS certificate for the round-robin
* Be reachable over the Internet on ports 6667 and 6697
* Be linked to the network
* and have a relatively up to date version of UnrealIRCd
 
After your node gets added to the rotation it will be periodically scanned. You can check the status of your node in the rotation through [https://shitposting.space/dns this page]


== SSL certificate ==  
== TLS certificate ==  


Soon, to be part of the round-robin you will need a valid SSL certificate for both <code>irc.letspiss.net</code> and your own server domain. To do this you can use <code>[https://github.com/acmesh-official/acme.sh acme.sh]</code>. Here is an example of how to generate a certificate for both in one go (assuming you use cloudflare for your domain, for other providers [https://github.com/acmesh-official/acme.sh/wiki/dnsapi check here]):
Soon, to be part of the round-robin you will need a valid TLS certificate for both <code>irc.letspiss.net</code> and your own server domain. To do this you can use <code>[https://github.com/acmesh-official/acme.sh acme.sh]</code> (run the installer!). Here is an example of how to generate a certificate for both in one go (assuming you use cloudflare for your domain, for other providers [https://github.com/acmesh-official/acme.sh/wiki/dnsapi check here]):


<pre>
<pre>
# These are the credentials required to get the irc.letspiss.net certificate
# These are the credentials required to get the irc.letspiss.net certificate
export ACMEDNS_UPDATE_URL="https://auth.autie.net/update"
export ACMEDNS_BASE_URL="https://auth.autie.net"
export ACMEDNS_USERNAME="7a72b116-70de-4a49-83a5-dcfeb2dfabb2"
export ACMEDNS_USERNAME="7a72b116-70de-4a49-83a5-dcfeb2dfabb2"
export ACMEDNS_PASSWORD="R6uA0z8-bwfU8xZxqbTIkoNUBE91Yrn7LN-34qRx"
export ACMEDNS_PASSWORD="R6uA0z8-bwfU8xZxqbTIkoNUBE91Yrn7LN-34qRx"
Line 25: Line 33:
</pre>
</pre>


You can also use standalone (requires you to run the command with root access (or sudo) ( --cert-home is recommended since else the certs will be placed in your /root directory)
<pre> /home/irc-user/.acme.sh/acme.sh  --server letsencrypt --auto-upgrade --issue  -d irc.letspiss.net --dns dns_acmedns -d my.fancy.server.blah.com --standalone --cert-home /home/irc-user/.acme.sh </pre>
If you use custom DNS or want to do this manually, run the above environment variable commands for <code>ACMEDNS_*</code> and use the <code>--yes-I-know-dns-manual-mode-enough-go-ahead-please</code> option (note this does not support automatic cert renewal, and it will have to be done manually) as shown below:
If you use custom DNS or want to do this manually, run the above environment variable commands for <code>ACMEDNS_*</code> and use the <code>--yes-I-know-dns-manual-mode-enough-go-ahead-please</code> option (note this does not support automatic cert renewal, and it will have to be done manually) as shown below:


<pre>
<pre>
~/.acme.sh/acme.sh --issue  -d irc.letspiss.net --dns dns_acmedns  -d my.fancy.server.blah.com --yes-I-know-dns-manual-mode-enough-go-ahead-please
~/.acme.sh/acme.sh --server letsencrypt --auto-upgrade --issue  -d irc.letspiss.net --dns dns_acmedns  -d my.fancy.server.blah.com --yes-I-know-dns-manual-mode-enough-go-ahead-please
</pre>
</pre>


Line 50: Line 60:


=== Alternatively, using two certificates ===
=== Alternatively, using two certificates ===
'''The instructions below are broken, because we ran out of Let's Encrypt quota for 'duplicate certificates' for irc.letspiss.net. No more certificates for just irc.letspiss.net can be issued until June 15th.'''
If you just want to use <code>acme.sh</code> for the round-robin certificate and use your existing infrastructure for your other certificate(s), call <code>acme.sh</code> as <code>~/.acme.sh/acme.sh --issue  -d irc.letspiss.net --dns dns_acmedns</code> and add a [https://www.unrealircd.org/docs/Sni_block SNI block] instead of changing the config above:
If you just want to use <code>acme.sh</code> for the round-robin certificate and use your existing infrastructure for your other certificate(s), call <code>acme.sh</code> as <code>~/.acme.sh/acme.sh --issue  -d irc.letspiss.net --dns dns_acmedns</code> and add a [https://www.unrealircd.org/docs/Sni_block SNI block] instead of changing the config above:


Line 67: Line 75:
If we run out of the LetsEncrypt quota, we can use zerossl, by adding the <code>--server zerossl</code> parameter to <code>acme.sh</code>.
If we run out of the LetsEncrypt quota, we can use zerossl, by adding the <code>--server zerossl</code> parameter to <code>acme.sh</code>.


== Current Rotation ==
== Current Rotation. NO LONGER IN USE ==


<pre>
<div class="mw-collapsible mw-collapsed">
irc.shitposting.space                      A        45.32.168.85
''This section is collapsed by default. Click '''Expand''' on the right hand side to view.
<pre class="mw-collapsible-content">
irc.shitposting.space                      A        144.202.61.61
urine.trouble.pissnet.net                  A        54.191.10.244                              ; Warning: Self-signed certificate
urine.trouble.pissnet.net                  A        54.191.10.244                              ; Warning: Self-signed certificate
urine.trouble.pissnet.net                  AAAA    2600:1f13:de8:b302:625d:224b:cb22:fca6    ; Warning: Self-signed certificate
urine.trouble.pissnet.net                  AAAA    2600:1f13:de8:b302:625d:224b:cb22:fca6    ; Warning: Self-signed certificate
Line 94: Line 104:
pissnet.zeromeaning.com                    AAAA    2607:5300:60:60ec::1
pissnet.zeromeaning.com                    AAAA    2607:5300:60:60ec::1
conga.at.the.shitposting.space            A        168.138.130.156
conga.at.the.shitposting.space            A        168.138.130.156
irc.sigint.pw                              A        176.31.26.128
irc.sigint.pw                              A        176.31.26.128                            
irc.sigint.pw                              AAAA    2001:41d0:1:b254:1::1
irc.sigint.pw                              AAAA    2001:41d0:1:b254:1::1                    
pissnet.b621.net                          AAAA    2a0c:2f07:4663:beeb:216:3eff:fe39:c409    ; Removed, does not connect
pissnet.b621.net                          AAAA    2a0c:2f07:4663:beeb:216:3eff:fe39:c409    ; Removed, does not connect
piss.in.my.coldwet.net                    A        23.95.173.171
piss.in.my.coldwet.net                    A        23.95.173.171
Line 132: Line 142:
israelis.watch.mepee.live                  A        146.185.219.74
israelis.watch.mepee.live                  A        146.185.219.74
israelis.watch.mepee.live                  AAAA    2a03:90c0:1e5::9
israelis.watch.mepee.live                  AAAA    2a03:90c0:1e5::9
piss.test.net.in                          A        193.93.24.20                              ; [2021-06-25] Removed, does not respond on port 6667. Self-signed certificate
fsb.watch.mepee.live                      A        81.28.13.25
fsb.watch.mepee.live                      A        81.28.13.25
fsb.watch.mepee.live                      AAAA    2a03:90c0:334::18
fsb.watch.mepee.live                      AAAA    2a03:90c0:334::18
Line 151: Line 160:
piss.in.my.wet-dreams.space                A        45.77.217.23
piss.in.my.wet-dreams.space                A        45.77.217.23
piss.in.my.wet-dreams.space                AAAA    2001:19f0:5:3ab9:5400:3ff:fe6a:83b8
piss.in.my.wet-dreams.space                AAAA    2001:19f0:5:3ab9:5400:3ff:fe6a:83b8
 
andropee.likes.watersports.xxx            A        89.11.227.185
</pre>
donny.likes.watersports.xxx                A        45.79.249.135
kazakhs.watch.mepee.live                  A        213.156.137.141
</pre>(No longer in use, no need to add yourself here anymore)
</div>


== Previous list from the Pad Preserved Here, THIS IS NOT A ROTATION LIST. ==
== Previous list from the Pad Preserved Here, THIS IS NOT A ROTATION LIST. ==

Latest revision as of 09:38, 2 April 2023

If you wish to have your server added to the round-robin, please contact a wiki sysop so they can add you into the new round-robin system. You will have to provide the following information:

  1. Server name
  2. IPv4 and/or IPv6
  3. Region (must be one of: AMER, EURO or ASIA)

Your node must:

  • Have a valid TLS certificate for the round-robin
  • Be reachable over the Internet on ports 6667 and 6697
  • Be linked to the network
  • and have a relatively up to date version of UnrealIRCd

After your node gets added to the rotation it will be periodically scanned. You can check the status of your node in the rotation through this page

TLS certificate

Soon, to be part of the round-robin you will need a valid TLS certificate for both irc.letspiss.net and your own server domain. To do this you can use acme.sh (run the installer!). Here is an example of how to generate a certificate for both in one go (assuming you use cloudflare for your domain, for other providers check here): 

# These are the credentials required to get the irc.letspiss.net certificate
export ACMEDNS_BASE_URL="https://auth.autie.net"
export ACMEDNS_USERNAME="7a72b116-70de-4a49-83a5-dcfeb2dfabb2"
export ACMEDNS_PASSWORD="R6uA0z8-bwfU8xZxqbTIkoNUBE91Yrn7LN-34qRx"
export ACMEDNS_SUBDOMAIN="cdd942bb-0b02-4e50-9bf0-639d61c60741"

# You will have to change this!
export CF_Token="aaaaabbbbbcccc"
export CF_Account_ID="ddddeeeeeffff"
export CF_Zone_ID="ggggghhhhiiii"

~/.acme.sh/acme.sh --issue  -d irc.letspiss.net --dns dns_acmedns  -d my.fancy.server.blah.com --dns dns_cf

You can also use standalone (requires you to run the command with root access (or sudo) ( --cert-home is recommended since else the certs will be placed in your /root directory) 

 /home/irc-user/.acme.sh/acme.sh  --server letsencrypt --auto-upgrade --issue  -d irc.letspiss.net --dns dns_acmedns -d my.fancy.server.blah.com --standalone --cert-home /home/irc-user/.acme.sh

If you use custom DNS or want to do this manually, run the above environment variable commands for ACMEDNS_* and use the --yes-I-know-dns-manual-mode-enough-go-ahead-please option (note this does not support automatic cert renewal, and it will have to be done manually) as shown below: 

~/.acme.sh/acme.sh  --server letsencrypt --auto-upgrade --issue  -d irc.letspiss.net --dns dns_acmedns  -d my.fancy.server.blah.com --yes-I-know-dns-manual-mode-enough-go-ahead-please

You will then need to manually add the new TXT record to your DNS zone while acme.sh is running.

After this you will have to edit your configs to look like this: 

listen {
        ip *;
        port 6697;
        options { tls; }
        tls-options {
                certificate "/home/ircd/.acme.sh/irc.letspiss.net/fullchain.cer";
                key "/home/ircd/.acme.sh/irc.letspiss.net/irc.letspiss.net.key";
        };
}

Note: Do not change the certificate key for the serversonly listen block or your spkifp will change and you won't be able to link to the network.

Alternatively, using two certificates

If you just want to use acme.sh for the round-robin certificate and use your existing infrastructure for your other certificate(s), call acme.sh as ~/.acme.sh/acme.sh --issue -d irc.letspiss.net --dns dns_acmedns and add a SNI block instead of changing the config above: 

sni irc.letspiss.net {
    tls-options {
        certificate "/home/ircd/.acme.sh/irc.letspiss.net/fullchain.cer";
        key "/home/ircd/.acme.sh/irc.letspiss.net/irc.letspiss.net.key";
    };
};

Alternatively to the alternative, use ZeroSSL

If we run out of the LetsEncrypt quota, we can use zerossl, by adding the --server zerossl parameter to acme.sh.

Current Rotation. NO LONGER IN USE

This section is collapsed by default. Click Expand on the right hand side to view.

(No longer in use, no need to add yourself here anymore)

Previous list from the Pad Preserved Here, THIS IS NOT A ROTATION LIST.

This section is collapsed by default. Click Expand on the right hand side to view.

Retrieved from ‘https://wiki.letspiss.net/index.php?title=Round_Robin&oldid=3327
Last modified
This page was last modified on 2 April 2023, at 09:38.