[sf-lug] m.sf-lug.org ... non-canonicals http[s]://[www.]{sf-lug.com, sflug.{org, com, net}}/ HTTP 301 redirect to canonical Re: SFLUG.org
Michael Paoli
Michael.Paoli at cal.berkeley.edu
Thu May 16 20:05:50 PDT 2019
I believe m. is the "old school" way of doing separate sites for
Mobile devices.
I think current best practice is don't do that,
and do code up one's site(s) so they're "mobile friendly" - but work fine
for desktop too.
Also, once upon a time, there were "desktop" - for mostly "large"(er)
screens, and m(obile) for small screen devices like cellular phones,
and little between. Nowadays there's relatively continuous variation
between them ... e.g. the higher resolution of current mobiles has already
well exceeded that of older desktops that used to commonly surf The Web,
and are also still around.
Anyway, there's 'bout 5 folks that have the requisite access to
change/update SF-LUG's web page(s) ... so ... they could always
rewrite/recode those to be "mobile friendly" - while also still
continuing to work well with "desktop" type displays.
Many of the better designed sites work smooth and seemlessly, regardless of
display resolution - and even if it changes or flips between portrait vs.
landscape orientations, etc.
Anyway, ... just my thoughts ... could always add m. if folks want that
... I could provide a dump of the Apache configuration data - on the
host it's all (or nearly all) world-readable - excepting private keys,
and anyone can dump the DNS data. So ... anyone's free to specify
exactly what they want changed on Apache (those with access to change
the SF-LUG web pages, or any of the {SF-LUG.{org,com},SFLUG.{org,com,net}}
master zone files - all those folks have access to read the Apache config
files (notwithstanding the tiny traces they can't - most notably
private keys).
No special access needed to read most all 'o that:
$ hostname && cd /etc/apache2 && find * \( -name RCS -o -name
.old.conf \) -type d -prune -o -type f -print | wc -l
balug-sf-lug-v2.balug.org
290
$ hostname && cd /etc/apache2 && find * \( -name RCS -o -name
.old.conf \) -type d -prune -o -type f -exec cat \{\} \; | wc
balug-sf-lug-v2.balug.org
3775 13946 132289
$
Yes, ... a lot 'o config ... one (virtual) machine/"host",
numerous (virtual) web hosting sites/"hosts", e.g.
all of BALUG, most of SF[-]LUG, some/much of BerkeleyLUG, ...
> From: "Ken Shaffer" <kenshaffer80 at gmail.com>
> Subject: Re: [sf-lug] non-canonicals http[s]://[www.]{sf-lug.com,
> sflug.{org, com, net}}/ HTTP 301 redirect to canonical Re: SFLUG.org
> Date: Wed, 15 May 2019 16:33:28 -0700
> If we re making a list, how about m.sf-lug.org, etc. For those on the
> mobile phone platform. ;^)
> Ken
>
> On Tue, May 14, 2019, 9:27 PM Michael Paoli <Michael.Paoli at cal.berkeley.edu>
> wrote:
>
>> Cert(s) obtained & installed, web server reconfigured ...
>> SF-LUG non-canonicals
>> http[s]://{[www.]{sf-lug.com,sflug.{org,com,net}},sf-lug.org}/
>> HTTP 301 redirect to canonical,
>> paths are preserved as is REQUEST_SCHEME.
>> $ (for d in sf-lug.com sflug.org sflug.com sflug.net; do for s in ''
>> s; do for w in '' 'www.'; do u=http"$s://$w$d"/; echo "$u" $(curl -s
>> -I "$u" | sed -ne 's/\r//g;s/^\([Hh][Tt][Tt][Pp][^ ]*
>> [0-9][0-9]*\).*/\1/p;/^[Ll]ocation: /p'); done; done; done) | sort
>> http://sf-lug.com/ HTTP/1.1 301 Location: http://www.sf-lug.org/
>> http://sflug.com/ HTTP/1.1 301 Location: http://www.sf-lug.org/
>> http://sflug.net/ HTTP/1.1 301 Location: http://www.sf-lug.org/
>> http://sflug.org/ HTTP/1.1 301 Location: http://www.sf-lug.org/
>> http://www.sf-lug.com/ HTTP/1.1 301 Location: http://www.sf-lug.org/
>> http://www.sflug.com/ HTTP/1.1 301 Location: http://www.sf-lug.org/
>> http://www.sflug.net/ HTTP/1.1 301 Location: http://www.sf-lug.org/
>> http://www.sflug.org/ HTTP/1.1 301 Location: http://www.sf-lug.org/
>> https://sf-lug.com/ HTTP/1.1 301 Location: https://www.sf-lug.org/
>> https://sflug.com/ HTTP/1.1 301 Location: https://www.sf-lug.org/
>> https://sflug.net/ HTTP/1.1 301 Location: https://www.sf-lug.org/
>> https://sflug.org/ HTTP/1.1 301 Location: https://www.sf-lug.org/
>> https://www.sf-lug.com/ HTTP/1.1 301 Location: https://www.sf-lug.org/
>> https://www.sflug.com/ HTTP/1.1 301 Location: https://www.sf-lug.org/
>> https://www.sflug.net/ HTTP/1.1 301 Location: https://www.sf-lug.org/
>> https://www.sflug.org/ HTTP/1.1 301 Location: https://www.sf-lug.org/
>> $ (for d in sf-lug.com sflug.org sflug.com sflug.net; do for s in ''
>> s; do for w in '' 'www.'; do u=http"$s://$w$d"/X; echo "$u" $(curl -s
>> -I "$u" | sed -ne 's/\r//g;s/^\([Hh][Tt][Tt][Pp][^ ]*
>> [0-9][0-9]*\).*/\1/p;/^[Ll]ocation: /p'); done; done; done) | sort
>> http://sf-lug.com/X HTTP/1.1 301 Location: http://www.sf-lug.org/X
>> http://sflug.com/X HTTP/1.1 301 Location: http://www.sf-lug.org/X
>> http://sflug.net/X HTTP/1.1 301 Location: http://www.sf-lug.org/X
>> http://sflug.org/X HTTP/1.1 301 Location: http://www.sf-lug.org/X
>> http://www.sf-lug.com/X HTTP/1.1 301 Location: http://www.sf-lug.org/X
>> http://www.sflug.com/X HTTP/1.1 301 Location: http://www.sf-lug.org/X
>> http://www.sflug.net/X HTTP/1.1 301 Location: http://www.sf-lug.org/X
>> http://www.sflug.org/X HTTP/1.1 301 Location: http://www.sf-lug.org/X
>> https://sf-lug.com/X HTTP/1.1 301 Location: https://www.sf-lug.org/X
>> https://sflug.com/X HTTP/1.1 301 Location: https://www.sf-lug.org/X
>> https://sflug.net/X HTTP/1.1 301 Location: https://www.sf-lug.org/X
>> https://sflug.org/X HTTP/1.1 301 Location: https://www.sf-lug.org/X
>> https://www.sf-lug.com/X HTTP/1.1 301 Location: https://www.sf-lug.org/X
>> https://www.sflug.com/X HTTP/1.1 301 Location: https://www.sf-lug.org/X
>> https://www.sflug.net/X HTTP/1.1 301 Location: https://www.sf-lug.org/X
>> https://www.sflug.org/X HTTP/1.1 301 Location: https://www.sf-lug.org/X
>> $ (for d in sf-lug.org; do for s in '' s; do for w in ''; do
>> u=http"$s://$w$d"/; echo "$u" $(curl -s -I "$u" | sed -ne
>> 's/\r//g;s/^\([Hh][Tt][Tt][Pp][^ ]*
>> [0-9][0-9]*\).*/\1/p;/^[Ll]ocation: /p'); done; done; done) | sort
>> http://sf-lug.org/ HTTP/1.1 301 Location: http://www.sf-lug.org/
>> https://sf-lug.org/ HTTP/1.1 301 Location: https://www.sf-lug.org/
>> $ (for d in sf-lug.org; do for s in '' s; do for w in ''; do
>> u=http"$s://$w$d"/X; echo "$u" $(curl -s -I "$u" | sed -ne
>> 's/\r//g;s/^\([Hh][Tt][Tt][Pp][^ ]*
>> [0-9][0-9]*\).*/\1/p;/^[Ll]ocation: /p'); done; done; done) | sort
>> http://sf-lug.org/X HTTP/1.1 301 Location: http://www.sf-lug.org/X
>> https://sf-lug.org/X HTTP/1.1 301 Location: https://www.sf-lug.org/X
>> $
>>
>> https://www.wiki.balug.org/wiki/doku.php?id=sf-lug:resources_etc
>>
>> Hmmm, I should get around to writing some regression tests and add to
>> monitoring, so I can quickly detect if any of these "break" due to any
>> other
>> configuration changes or other changes. My Apache configuration
>> has gotten a wee bit complex (many domains and virtual (ServerName)
>> hosts and multiple certs and wiki and Mailman and
>> (soonish) WordPress ...
>> # find /etc/apache2 \( -name RCS -o -name '.old*' \) -type d -prune -o
>> -type f -print | wc -l
>> 295
>> # find /etc/apache2 \( -name RCS -o -name '.old*' \) -type d -prune -o
>> -type d -print | sort
>> /etc/apache2
>> /etc/apache2/conf-available
>> /etc/apache2/conf-enabled
>> /etc/apache2/conf.d
>> /etc/apache2/mods-available
>> /etc/apache2/mods-enabled
>> /etc/apache2/sites-available
>> /etc/apache2/sites-available/Include
>> /etc/apache2/sites-available/rewrites
>> /etc/apache2/sites-enabled
>> #
>>
>> > From: "Michael Paoli" <Michael.Paoli at cal.berkeley.edu>
>> > Subject: Re: SFLUG.org
>> > Date: Wed, 10 Apr 2019 23:10:58 -0700
>>
>> > I've still not yet heard a consensus or approximation thereof ... yet,
>> > that [www.]sflug.org should be the canonical (or not ... or when).
>> > In any case, now with some config changes in place on
>> > web server, and awaiting delegation of DNS ... once delegated,
>> > http[s]://[www.]sflug.org/
>> > will at least have somewhere to go:
>> >
>> > $ curl -s -I --resolve sflug.org:80:198.144.194.238
>> > http://sflug.org/ | egrep -i '^(HTTP/|Location: )'
>> > HTTP/1.1 301 Moved Permanently
>> > Location: http://www.sf-lug.org/
>> > $ curl -s -I --resolve sflug.org:80:2001:470:1f05:19e::3
>> > http://sflug.org/ | egrep -i '^(HTTP/|Location: )'
>> > HTTP/1.1 301 Moved Permanently
>> > Location: http://www.sf-lug.org/
>> > $ curl -k -s -I --resolve sflug.org:443:198.144.194.238
>> > https://sflug.org/ | egrep -i '^(HTTP/|Location: )'
>> > HTTP/1.1 301 Moved Permanently
>> > Location: https://www.sf-lug.org/
>> > $ curl -k -s -I --resolve sflug.org:443:2001:470:1f05:19e::3
>> > https://sflug.org/ | egrep -i '^(HTTP/|Location: )'
>> > HTTP/1.1 301 Moved Permanently
>> > Location: https://www.sf-lug.org/
>> > $ dig @ns1.sf-lug.org. +norecurse +short sflug.org. NS
>> > ns1.svlug.org.
>> > ns.primate.net.
>> > ns1.linuxmafia.com.
>> > ns1.sf-lug.org.
>> > $ dig @ns1.sf-lug.org. +norecurse +noall +answer +nottl sflug.org. A
>> > sflug.org. AAAA www.sflug.org. A www.sflug.org. AAAA
>> > sflug.org. IN A 198.144.194.238
>> > sflug.org. IN AAAA 2001:470:1f05:19e::3
>> > www.sflug.org. IN A 198.144.194.238
>> > www.sflug.org. IN AAAA 2001:470:1f05:19e::3
>> > $ dig +norecurse +noall +comments +answer +nottl sflug.org. A
>> > sflug.org. AAAA www.sflug.org. A www.sflug.org. AAAA | sed -ne
>> > '/^;.*NX/p;/^;.*FAIL/p;/^;.*ANSWER:/p;/^;/d;/^$/d;p' | sort -u
>> > ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 13
>> > $
>> >
>> > There are also some other domains in DNS, e.g.:
>> > [www.][ipv[46].]sflug.org
>> > AXFR is open to all for sflug.org. from ns1.sf-lug.org.
>> >
>> > Still don't have proper certs there ... that would be after someone
>> > provides key(s) (securely) and cert(s), etc. ... or after DNS is
>> delegated.
>> >
>> >> From: "Michael Paoli" <Michael.Paoli at cal.berkeley.edu>
>> >> Subject: SFLUG.org Re: [sf-lug] Domain administration (broken WHOIS)
>> >> Date: Sun, 07 Apr 2019 21:02:19 -0700
>> >
>> >>> From: Al <awsflug at sunnyside.com>
>> >>> Subject: Re: [sf-lug] Domain administration (broken WHOIS)
>> >>> Date: Sat, 6 Apr 2019 15:43:43 -0700
>> >>
>> >>> sflug.org - Rick mentioned that it was available so I grabbed it.
>> >>> I've learned not to wait on those things - it often doesn't end
>> >>> well.
>> >>> Now I'll just sit back and listen to the conversation and wait and
>> >>> see if anyone actually wants to use it. I don't need to own it.
>> >>> I can
>> >>> also "point" it somewhere. Doesn't seem yet that there's a definite
>> >>
>> >> SFLUG.org ... "Of course" ...
>> >> $ dig +noall +answer +nottl sf-lug.org. A www.sf-lug.org. A
>> >> sf-lug.org. AAAA www.sf-lug.org. AAAA sf-lug.com. A www.sf-lug.com.
>> >> A sf-lug.com. AAAA www.sf-lug.com. AAAA | sort -k 3b -k 1,1
>> >> sf-lug.com. IN A 198.144.194.238
>> >> sf-lug.org. IN A 198.144.194.238
>> >> www.sf-lug.com. IN A 198.144.194.238
>> >> www.sf-lug.org. IN A 198.144.194.238
>> >> sf-lug.com. IN AAAA 2001:470:1f05:19e::3
>> >> sf-lug.org. IN AAAA 2001:470:1f05:19e::3
>> >> www.sf-lug.com. IN AAAA 2001:470:1f05:19e::3
>> >> www.sf-lug.org. IN AAAA 2001:470:1f05:19e::3
>> >> $
>> >>
>> >> It's not merely as simple as "just point DNS at ..."
>> >> $ curl -s -I --resolve sflug.org:80:198.144.194.238
>> >> http://sflug.org/ | egrep -i '^(HTTP/|Location: )'
>> >> HTTP/1.1 302 Found
>> >> Location: http://www.balug.org/
>> >> $ curl -6 -s -I --resolve sflug.org:80:2001:470:1f05:19e::3
>> >> http://sflug.org/ | egrep -i '^(HTTP/|Location: )'
>> >> HTTP/1.1 302 Found
>> >> Location: http://www.balug.org/
>> >> $
>> >>
>> >> $ dig +noall +answer +nottl balug.org. A www.balug.org. A
>> >> balug.org. IN A 198.144.194.238
>> >> www.balug.org. IN A 198.144.194.238
>> >> $
>> >> Note that many domains go to that same IPv4 IP - even multiple go to the
>> >> same IPv6 IP.
>> >>
>> >> "Of course" sometimes folks forget that with email too. 8-O
>> >>
>> >> Not to mention certs.
>> >> $ curl -I --resolve sflug.org:443:198.144.194.238 https://sflug.org/
>> >> curl: (51) SSL: no alternative certificate subject name matches
>> >> target host name 'sflug.org'
>> >> $ curl -I --resolve sflug.org:443:2001:470:1f05:19e::3
>> https://sflug.org/
>> >> curl: (51) SSL: no alternative certificate subject name matches
>> >> target host name 'sflug.org'
>> >> $
>> >>
>> >> $ nmap -Pn -r -sT -p 443 --script=ssl-cert www.sf-lug.org | egrep
>> >> '^\| (Subject Alternative Name|Not valid after):'
>> >> | Subject Alternative Name: DNS:*.ipv4.sf-lug.org,
>> >> DNS:*.ipv6.sf-lug.org, DNS:*.sf-lug.com, DNS:*.sf-lug.org,
>> >> DNS:sf-lug.com, DNS:sf-lug.org
>> >> | Not valid after: 2019-05-22T10:05:40
>> >> $
>> >>
>> >> I generally do letsencrypt.org issued certs. For wildcard certs on
>> >> that, effectively need control of DNS (need to put specific records in
>> >> at challenge time).
>> >>
>> >> "Of course" y'all could always set up your own site with redirection and
>> >> certs 'n all. ;-)
>> >>
>> >> Jim Stockford - and a handful of others (myself, Grant Bowman,
>> >> Kim Davalos, Todd Hawley) have access to edit the www.sf-lug.org site.
>> >> So, "of course", there are, at least potentially, question(s) of who's
>> >> got access/control of domain(s), avoiding single points of failure (at
>> >> least as feasible), who's got access to edit site, how is it backed
>> >> up, etc. Some folks (myself, Jim Stockford, Grant Bowman) also all have
>> >> access to edit the sf-lug.org (& sf-lug.com) master DNS data (and
>> >> Jim and myself have access to update registrant
>> >> DNS (authority/delegation, glue, DNSSEC, ...) with the registrar).
>> >>
>> >> Anyway, ... maybe I'll wait a bit 'till the dust settles. :-)
More information about the sf-lug
mailing list