Slash Boxes

SoylentNews is people

Submission Preview

Link to Story

Issues with Secure Access to SoylentNews' IRC Fixed

Accepted submission by martyb at 2018-12-30 13:28:07 from the what we had here was a problem to communicate dept.

It was brought to our attention a couple days ago that there was an issue in gaining access to SoylentNews' IRC securely.

tl;dr: Secure access to IRC should be functional; please reply in comments (with steps to reproduce) if you are still having issues.

TheMightyBuzzard recently updated our Let's Encrypt [] certs across all of SoylentNews as they were set to expire on December 27. (Certs are issued with a 3-month duration.) Everything seemed to be working fine, so he took off on a much-deserved, week-long vacation.

I saw messages on IRC that there were issues in attempting to gain secure access to IRC. I thought that was strange as I was having no difficulty accessing it using HexChat on my PC. I tried the link on the SoylentNews home page: IRC [] and was also able to connect without issue. As the reports I'd seen were of the form "IRC is broken", and it was obviously working for me... now what? Pushed back asking for more details on steps to reproduce.

Some back-and-forth discussion (on IRC) isolated the problem to being involved with the recently-installed certs. They were in the correct location. They had the correct file permissions (read/write/execute). The irc daemon was running.

What could it be?

Kudos to audioguy who dove in and via guidance from Deucalion (our IRC master who was also on vacation) was able to isolate the problem to incorrect Access Control List (ACL) [] settings for irc. AFAIK, nowhere else on the site do we use those — let's just say that IRC is a strange beast and leave it at that.

So, audioguy got the ACLs straightened out but did not have the privileges required on the server to restart ircd. I had the privs, but only as a backup in case things went sideways on the site. A chat (on IRC!) with chromas worked out the command needed to restart the irc daemon (sudo kill -hup $irc_PID) and... voila! Back in service!


NOTE: We still have our alternate irc server, creatively named irc2, to bring forward but that can wait until staff is back from vacations.

P.S. Here's wishing all of you a Happy New Year!!!

P.P.S. As I am writing this, the fortune appearing at the bottom of the page reads: "All is well that ends well. -- John Heywood". =)

Original Submission