[sf-lug] non-canonicals http[s]://[www.]{sf-lug.com, sflug.{org, com, net}}/ HTTP 301 redirect to canonical Re: SFLUG.org
Ken Shaffer
kenshaffer80 at gmail.com
Wed May 15 16:33:28 PDT 2019
If we re making a list, how about m.sf-lug.org, etc. For those on the
mobile phone platform. ;^)
Ken
On Tue, May 14, 2019, 9:27 PM Michael Paoli <Michael.Paoli at cal.berkeley.edu>
wrote:
> Cert(s) obtained & installed, web server reconfigured ...
> SF-LUG non-canonicals
> http[s]://{[www.]{sf-lug.com,sflug.{org,com,net}},sf-lug.org}/
> HTTP 301 redirect to canonical,
> paths are preserved as is REQUEST_SCHEME.
> $ (for d in sf-lug.com sflug.org sflug.com sflug.net; do for s in ''
> s; do for w in '' 'www.'; do u=http"$s://$w$d"/; echo "$u" $(curl -s
> -I "$u" | sed -ne 's/\r//g;s/^\([Hh][Tt][Tt][Pp][^ ]*
> [0-9][0-9]*\).*/\1/p;/^[Ll]ocation: /p'); done; done; done) | sort
> http://sf-lug.com/ HTTP/1.1 301 Location: http://www.sf-lug.org/
> http://sflug.com/ HTTP/1.1 301 Location: http://www.sf-lug.org/
> http://sflug.net/ HTTP/1.1 301 Location: http://www.sf-lug.org/
> http://sflug.org/ HTTP/1.1 301 Location: http://www.sf-lug.org/
> http://www.sf-lug.com/ HTTP/1.1 301 Location: http://www.sf-lug.org/
> http://www.sflug.com/ HTTP/1.1 301 Location: http://www.sf-lug.org/
> http://www.sflug.net/ HTTP/1.1 301 Location: http://www.sf-lug.org/
> http://www.sflug.org/ HTTP/1.1 301 Location: http://www.sf-lug.org/
> https://sf-lug.com/ HTTP/1.1 301 Location: https://www.sf-lug.org/
> https://sflug.com/ HTTP/1.1 301 Location: https://www.sf-lug.org/
> https://sflug.net/ HTTP/1.1 301 Location: https://www.sf-lug.org/
> https://sflug.org/ HTTP/1.1 301 Location: https://www.sf-lug.org/
> https://www.sf-lug.com/ HTTP/1.1 301 Location: https://www.sf-lug.org/
> https://www.sflug.com/ HTTP/1.1 301 Location: https://www.sf-lug.org/
> https://www.sflug.net/ HTTP/1.1 301 Location: https://www.sf-lug.org/
> https://www.sflug.org/ HTTP/1.1 301 Location: https://www.sf-lug.org/
> $ (for d in sf-lug.com sflug.org sflug.com sflug.net; do for s in ''
> s; do for w in '' 'www.'; do u=http"$s://$w$d"/X; echo "$u" $(curl -s
> -I "$u" | sed -ne 's/\r//g;s/^\([Hh][Tt][Tt][Pp][^ ]*
> [0-9][0-9]*\).*/\1/p;/^[Ll]ocation: /p'); done; done; done) | sort
> http://sf-lug.com/X HTTP/1.1 301 Location: http://www.sf-lug.org/X
> http://sflug.com/X HTTP/1.1 301 Location: http://www.sf-lug.org/X
> http://sflug.net/X HTTP/1.1 301 Location: http://www.sf-lug.org/X
> http://sflug.org/X HTTP/1.1 301 Location: http://www.sf-lug.org/X
> http://www.sf-lug.com/X HTTP/1.1 301 Location: http://www.sf-lug.org/X
> http://www.sflug.com/X HTTP/1.1 301 Location: http://www.sf-lug.org/X
> http://www.sflug.net/X HTTP/1.1 301 Location: http://www.sf-lug.org/X
> http://www.sflug.org/X HTTP/1.1 301 Location: http://www.sf-lug.org/X
> https://sf-lug.com/X HTTP/1.1 301 Location: https://www.sf-lug.org/X
> https://sflug.com/X HTTP/1.1 301 Location: https://www.sf-lug.org/X
> https://sflug.net/X HTTP/1.1 301 Location: https://www.sf-lug.org/X
> https://sflug.org/X HTTP/1.1 301 Location: https://www.sf-lug.org/X
> https://www.sf-lug.com/X HTTP/1.1 301 Location: https://www.sf-lug.org/X
> https://www.sflug.com/X HTTP/1.1 301 Location: https://www.sf-lug.org/X
> https://www.sflug.net/X HTTP/1.1 301 Location: https://www.sf-lug.org/X
> https://www.sflug.org/X HTTP/1.1 301 Location: https://www.sf-lug.org/X
> $ (for d in sf-lug.org; do for s in '' s; do for w in ''; do
> u=http"$s://$w$d"/; echo "$u" $(curl -s -I "$u" | sed -ne
> 's/\r//g;s/^\([Hh][Tt][Tt][Pp][^ ]*
> [0-9][0-9]*\).*/\1/p;/^[Ll]ocation: /p'); done; done; done) | sort
> http://sf-lug.org/ HTTP/1.1 301 Location: http://www.sf-lug.org/
> https://sf-lug.org/ HTTP/1.1 301 Location: https://www.sf-lug.org/
> $ (for d in sf-lug.org; do for s in '' s; do for w in ''; do
> u=http"$s://$w$d"/X; echo "$u" $(curl -s -I "$u" | sed -ne
> 's/\r//g;s/^\([Hh][Tt][Tt][Pp][^ ]*
> [0-9][0-9]*\).*/\1/p;/^[Ll]ocation: /p'); done; done; done) | sort
> http://sf-lug.org/X HTTP/1.1 301 Location: http://www.sf-lug.org/X
> https://sf-lug.org/X HTTP/1.1 301 Location: https://www.sf-lug.org/X
> $
>
> https://www.wiki.balug.org/wiki/doku.php?id=sf-lug:resources_etc
>
> Hmmm, I should get around to writing some regression tests and add to
> monitoring, so I can quickly detect if any of these "break" due to any
> other
> configuration changes or other changes. My Apache configuration
> has gotten a wee bit complex (many domains and virtual (ServerName)
> hosts and multiple certs and wiki and Mailman and
> (soonish) WordPress ...
> # find /etc/apache2 \( -name RCS -o -name '.old*' \) -type d -prune -o
> -type f -print | wc -l
> 295
> # find /etc/apache2 \( -name RCS -o -name '.old*' \) -type d -prune -o
> -type d -print | sort
> /etc/apache2
> /etc/apache2/conf-available
> /etc/apache2/conf-enabled
> /etc/apache2/conf.d
> /etc/apache2/mods-available
> /etc/apache2/mods-enabled
> /etc/apache2/sites-available
> /etc/apache2/sites-available/Include
> /etc/apache2/sites-available/rewrites
> /etc/apache2/sites-enabled
> #
>
> > From: "Michael Paoli" <Michael.Paoli at cal.berkeley.edu>
> > Subject: Re: SFLUG.org
> > Date: Wed, 10 Apr 2019 23:10:58 -0700
>
> > I've still not yet heard a consensus or approximation thereof ... yet,
> > that [www.]sflug.org should be the canonical (or not ... or when).
> > In any case, now with some config changes in place on
> > web server, and awaiting delegation of DNS ... once delegated,
> > http[s]://[www.]sflug.org/
> > will at least have somewhere to go:
> >
> > $ curl -s -I --resolve sflug.org:80:198.144.194.238
> > http://sflug.org/ | egrep -i '^(HTTP/|Location: )'
> > HTTP/1.1 301 Moved Permanently
> > Location: http://www.sf-lug.org/
> > $ curl -s -I --resolve sflug.org:80:2001:470:1f05:19e::3
> > http://sflug.org/ | egrep -i '^(HTTP/|Location: )'
> > HTTP/1.1 301 Moved Permanently
> > Location: http://www.sf-lug.org/
> > $ curl -k -s -I --resolve sflug.org:443:198.144.194.238
> > https://sflug.org/ | egrep -i '^(HTTP/|Location: )'
> > HTTP/1.1 301 Moved Permanently
> > Location: https://www.sf-lug.org/
> > $ curl -k -s -I --resolve sflug.org:443:2001:470:1f05:19e::3
> > https://sflug.org/ | egrep -i '^(HTTP/|Location: )'
> > HTTP/1.1 301 Moved Permanently
> > Location: https://www.sf-lug.org/
> > $ dig @ns1.sf-lug.org. +norecurse +short sflug.org. NS
> > ns1.svlug.org.
> > ns.primate.net.
> > ns1.linuxmafia.com.
> > ns1.sf-lug.org.
> > $ dig @ns1.sf-lug.org. +norecurse +noall +answer +nottl sflug.org. A
> > sflug.org. AAAA www.sflug.org. A www.sflug.org. AAAA
> > sflug.org. IN A 198.144.194.238
> > sflug.org. IN AAAA 2001:470:1f05:19e::3
> > www.sflug.org. IN A 198.144.194.238
> > www.sflug.org. IN AAAA 2001:470:1f05:19e::3
> > $ dig +norecurse +noall +comments +answer +nottl sflug.org. A
> > sflug.org. AAAA www.sflug.org. A www.sflug.org. AAAA | sed -ne
> > '/^;.*NX/p;/^;.*FAIL/p;/^;.*ANSWER:/p;/^;/d;/^$/d;p' | sort -u
> > ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 13
> > $
> >
> > There are also some other domains in DNS, e.g.:
> > [www.][ipv[46].]sflug.org
> > AXFR is open to all for sflug.org. from ns1.sf-lug.org.
> >
> > Still don't have proper certs there ... that would be after someone
> > provides key(s) (securely) and cert(s), etc. ... or after DNS is
> delegated.
> >
> >> From: "Michael Paoli" <Michael.Paoli at cal.berkeley.edu>
> >> Subject: SFLUG.org Re: [sf-lug] Domain administration (broken WHOIS)
> >> Date: Sun, 07 Apr 2019 21:02:19 -0700
> >
> >>> From: Al <awsflug at sunnyside.com>
> >>> Subject: Re: [sf-lug] Domain administration (broken WHOIS)
> >>> Date: Sat, 6 Apr 2019 15:43:43 -0700
> >>
> >>> sflug.org - Rick mentioned that it was available so I grabbed it.
> >>> I've learned not to wait on those things - it often doesn't end
> >>> well.
> >>> Now I'll just sit back and listen to the conversation and wait and
> >>> see if anyone actually wants to use it. I don't need to own it.
> >>> I can
> >>> also "point" it somewhere. Doesn't seem yet that there's a definite
> >>
> >> SFLUG.org ... "Of course" ...
> >> $ dig +noall +answer +nottl sf-lug.org. A www.sf-lug.org. A
> >> sf-lug.org. AAAA www.sf-lug.org. AAAA sf-lug.com. A www.sf-lug.com.
> >> A sf-lug.com. AAAA www.sf-lug.com. AAAA | sort -k 3b -k 1,1
> >> sf-lug.com. IN A 198.144.194.238
> >> sf-lug.org. IN A 198.144.194.238
> >> www.sf-lug.com. IN A 198.144.194.238
> >> www.sf-lug.org. IN A 198.144.194.238
> >> sf-lug.com. IN AAAA 2001:470:1f05:19e::3
> >> sf-lug.org. IN AAAA 2001:470:1f05:19e::3
> >> www.sf-lug.com. IN AAAA 2001:470:1f05:19e::3
> >> www.sf-lug.org. IN AAAA 2001:470:1f05:19e::3
> >> $
> >>
> >> It's not merely as simple as "just point DNS at ..."
> >> $ curl -s -I --resolve sflug.org:80:198.144.194.238
> >> http://sflug.org/ | egrep -i '^(HTTP/|Location: )'
> >> HTTP/1.1 302 Found
> >> Location: http://www.balug.org/
> >> $ curl -6 -s -I --resolve sflug.org:80:2001:470:1f05:19e::3
> >> http://sflug.org/ | egrep -i '^(HTTP/|Location: )'
> >> HTTP/1.1 302 Found
> >> Location: http://www.balug.org/
> >> $
> >>
> >> $ dig +noall +answer +nottl balug.org. A www.balug.org. A
> >> balug.org. IN A 198.144.194.238
> >> www.balug.org. IN A 198.144.194.238
> >> $
> >> Note that many domains go to that same IPv4 IP - even multiple go to the
> >> same IPv6 IP.
> >>
> >> "Of course" sometimes folks forget that with email too. 8-O
> >>
> >> Not to mention certs.
> >> $ curl -I --resolve sflug.org:443:198.144.194.238 https://sflug.org/
> >> curl: (51) SSL: no alternative certificate subject name matches
> >> target host name 'sflug.org'
> >> $ curl -I --resolve sflug.org:443:2001:470:1f05:19e::3
> https://sflug.org/
> >> curl: (51) SSL: no alternative certificate subject name matches
> >> target host name 'sflug.org'
> >> $
> >>
> >> $ nmap -Pn -r -sT -p 443 --script=ssl-cert www.sf-lug.org | egrep
> >> '^\| (Subject Alternative Name|Not valid after):'
> >> | Subject Alternative Name: DNS:*.ipv4.sf-lug.org,
> >> DNS:*.ipv6.sf-lug.org, DNS:*.sf-lug.com, DNS:*.sf-lug.org,
> >> DNS:sf-lug.com, DNS:sf-lug.org
> >> | Not valid after: 2019-05-22T10:05:40
> >> $
> >>
> >> I generally do letsencrypt.org issued certs. For wildcard certs on
> >> that, effectively need control of DNS (need to put specific records in
> >> at challenge time).
> >>
> >> "Of course" y'all could always set up your own site with redirection and
> >> certs 'n all. ;-)
> >>
> >> Jim Stockford - and a handful of others (myself, Grant Bowman,
> >> Kim Davalos, Todd Hawley) have access to edit the www.sf-lug.org site.
> >> So, "of course", there are, at least potentially, question(s) of who's
> >> got access/control of domain(s), avoiding single points of failure (at
> >> least as feasible), who's got access to edit site, how is it backed
> >> up, etc. Some folks (myself, Jim Stockford, Grant Bowman) also all have
> >> access to edit the sf-lug.org (& sf-lug.com) master DNS data (and
> >> Jim and myself have access to update registrant
> >> DNS (authority/delegation, glue, DNSSEC, ...) with the registrar).
> >>
> >> Anyway, ... maybe I'll wait a bit 'till the dust settles. :-)
>
>
> _______________________________________________
> sf-lug mailing list
> sf-lug at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/sf-lug
> SF-LUG <http://linuxmafia.com/mailman/listinfo/sf-lugSF-LUG> is at
> http://www.sf-lug.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linuxmafia.com/pipermail/sf-lug/attachments/20190515/a370a6ff/attachment-0001.html>
More information about the sf-lug
mailing list