Issues with Secure Access to SoylentNews' IRC Fixed and... A Thank You!

posted by martyb on Sunday December 30 2018, @03:00PM

from the what-we-had-here-was-a-problem-to-communicate dept.

First off, it's been a week since we published Meta: The End of the Year is Nigh; End-of-the-Year Summary and Subscription Request and I am pleased to report we have received nearly $1000 in site subscriptions. Please accept my sincere and heartfelt thanks to all who have contributed! We are looking for another $1000 to make our funding goal. If you can help out either by starting a subscription, or extending a current one, that would be greatly appreciated! We have had a few people subscribe for $100; any amount you can provide will mean a lot.

As for IRC: it was brought to our attention a couple days ago that there was an issue in gaining access to SoylentNews' IRC securely.

tl;dr: Secure access to IRC should be functional; please reply in comments (with steps to reproduce) if you are still having issues. Read on for the scoop.

TheMightyBuzzard recently updated our Let's Encrypt certs across all of SoylentNews as they were set to expire on December 27. (Certs are issued with a 3-month duration.) Everything seemed to be working fine, so he took off on a much-deserved, week-long vacation.

I saw messages on IRC that there were issues in attempting to gain secure access to IRC. I thought that was strange as I was having no difficulty accessing it using HexChat on my PC. I tried the link on the SoylentNews home page: IRC and was also able to connect without issue. As the reports I'd seen were of the form "IRC is broken", and it was obviously working for me... now what? Pushed back asking for more details on steps to reproduce.

Some back-and-forth discussion (on IRC) isolated the problem to being involved with the recently-installed certs. They were in the correct location. They had the correct file permissions (read/write/execute). The irc daemon was running.

What could it be?

Kudos to audioguy who dove in and via guidance from Deucalion (our IRC master who was also on vacation and who was answering questions without benefit of being able to see what audioguy was looking at) was able to isolate the problem to incorrect Access Control List (ACL) settings for irc. AFAIK, nowhere else on the site do we use those — let's just say that IRC is a strange beast and leave it at that.

So, audioguy got the ACLs straightened out... yay! But it was unclear how to get ircd to actually use them. (There is a script for that but we didn't know it at the time) I had a chat (on IRC!) with chromas which worked out the command needed to restart the irc daemon (sudo kill -hup $irc_PID) and... voila! Back in service!

teamwork++

Oh! Anybody wondering how some of us were having no trouble securely using IRC through all this? Figured it out? Up until the move to Let's Encrypt, we used self-signed certs. I, as well as several others, still had those loaded on their system and they had not yet expired. Also, many of us were accessing irc using a 'bouncer' which would hold the connection to the daemon open and buffer transmissions between the server and our client. Connections to the bouncer were, thankfully, unaffected.

NOTE: We still have our alternate irc server, creatively named irc2, to bring forward but that can wait until staff is back from vacations.

P.S. Here's wishing all of you a Happy New Year!!!

P.P.S. When I wrote this, the fortune appearing at the bottom of the page read: "All is well that ends well. -- John Heywood".
=)

Original Submission

This discussion has been archived. No new comments can be posted.

Issues with Secure Access to SoylentNews' IRC Fixed and... A Thank You! | Log In/Create an Account | Top | 3 comments | Search Discussion

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

SoylentNews

SoylentNews is people

Navigation

Sections

SoylentNews

Log In