Changes in ee86cff: Updated Distributed Wiki (markdown)

services/Distributed-Wiki.md

...	...	@@ -1,5 +1,5 @@
1		-The idea is to deploy mirrors across dn42 using [anycast](https://en.wikipedia.org/wiki/Anycast) addressing (BGP), thus providing redundancy, load-balancing and improved access times to the site.
2		-The local webserver is monitored with a simple [[shell script\|Distributed-Wiki#exabgp_watchdog-script]] working [[in conjunction\|Distributed-Wiki#exabgp]] with [ExaBGP](https://github.com/Exa-Networks/exabgp), announcing/withdrawing the assigned route if the service is up/down.
	1	+The idea is to deploy mirrors across dn42 using [anycast](https://en.wikipedia.org/wiki/Anycast) addressing (BGP), thus providing redundancy, load-balancing and improved access times to the site. Sites are powered by [gollum](https://github.com/gollum/gollum) which has no native SSL support, so Nginx acts as a reverse proxy and handles the encryption.
	2	+The local webserver is monitored with a simple [[shell script\|Distributed-Wiki#exabgp_watchdog-script]] working [[in conjunction\|Distributed-Wiki#exabgp]] with [ExaBGP](https://github.com/Exa-Networks/exabgp), announcing/withdrawing the assigned route if the service is up/down.
3	3
4	4	## Network
5	5
...	...	@@ -7,16 +7,45 @@ The local webserver is monitored with a simple [[shell script\|Distributed-Wiki#e
7	7	- Assign a unicast address to be used by Nginx
8	8	- Setup tunnel(s) to the dn42 network (routing daemon not required)
9	9
10		-## Setup gollum
	10	+## Data replication
	11	+
	12	+Site files are stored in a local [DVCS](https://en.wikipedia.org/wiki/Distributed_revision_control) repository ([Git](https://en.wikipedia.org/wiki/Git_(software))) on each node and replicated through a central server hosted by [XUU-DN42](https://io.nixnodes.net?t=person&l=XUU-DN42).
	13	+Since gollum is built on top of Git, it is not overly complicated to keep the local site in sync with others, each site only triggers periodic pulls/pushes from/to the Git server.
	14	+
	15	+### Setup the repo
11	16
12		- - Install [gollum](https://github.com/gollum/gollum)
13	17	- Clone the dn42 wiki repo:
14	18
15	19	`git clone ssh://[email protected]/dn42/wiki <path>`
16	20
17	21	- Contact [XUU-DN42](https://io.nixnodes.net?t=person&l=XUU-DN42) and ask for write access to the repo
18		- - Setup cron for periodic pull/push jobs for the repo
19		- - Generate a [CSR](/services/Certificate-Authority) and send to [xuu](mailto:[email protected]). Wait for a reply containing internal.dn42/wiki.dn42 certificates.
	22	+ - Setup cron for periodic pull/push jobs for the repo (simple example):
	23	+
	24	+ + wiki-sync.sh:
	25	+
	26	+ ```sh
	27	+#!/bin/bash
	28	+
	29	+WIKI_PATH=<repo path>
	30	+GIT=/usr/bin/git
	31	+
	32	+cd "${WIKI_PATH}"
	33	+${GIT} push
	34	+sleep 1
	35	+${GIT} pull
	36	+
	37	+exit 0
	38	+ ```
	39	+
	40	+ + Cron entry:
	41	+
	42	+ `/10 * * * <path>/wiki-sync.sh &> /dev/null`
	43	+
	44	+ Running in 10 minute intervals is reasonable, if you choose to change this, please keep it in the range from 5-15 minutes.
	45	+
	46	+## Setup gollum
	47	+
	48	+ - Install [gollum](https://github.com/gollum/gollum)
20	49	- Start two gollum instances, read-only and read/write on `127.0.0.1`:
21	50
22	51	Read/write (SSL only):
...	...	@@ -30,6 +59,18 @@ gollum --css <path>/custom.css --gollum-path <path> --host 127.0.0.1 --port 456
30	59
31	60	## Nginx proxy
32	61
	62	+#### SSL
	63	+
	64	+ - Generate a private key:
	65	+
	66	+ `openssl genrsa -out wiki.key 4096`
	67	+
	68	+ - Generate a [CSR](/services/Certificate-Authority) and send `wiki.csr` to [[email protected]](mailto:[email protected]):
	69	+
	70	+ `openssl req -new -sha256 -key wiki.key -out wiki.csr`
	71	+
	72	+ Wait for a reply containing internal.dn42/wiki.dn42 certificate.
	73	+
33	74	#### Header
34	75
35	76	##### Site identification