diff --git a/.gitignore b/.gitignore index bc8be91..5b1eef9 100644 --- a/.gitignore +++ b/.gitignore @@ -1,8 +1,2 @@ -*.gmi -*.html -*.html.gz -*.md -!/src/*.md -!/LICENSE.md -!/README.md -/css/* +/target +/cache diff --git a/.htaccess b/.htaccess new file mode 100644 index 0000000..aa9a9a8 --- /dev/null +++ b/.htaccess @@ -0,0 +1,12 @@ +Options +MultiViews + +DirectoryIndex index + +DefaultLanguage en + +AddLanguage en .en +AddLanguage fr .fr + +LanguagePriority en fr + +ForceLanguagePriority Fallback diff --git a/README.md b/README.md index 7cdc4ba..dfcb876 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ -# Niver documentation +# ServNest documentation -This repository is used to build Niver documentation with [mkht.php](https://code.antopie.org/miraty/mkht.php/). +This repository is used to build ServNest documentation with [mkht.php](https://code.antopie.org/miraty/mkht.php/). ## License -Niver documentation is ethical and libre: you can use, redistribute or modify it under the terms of the CNPL-NAv7+ as found in LICENSE.md or at . +ServNest documentation is ethical and libre: you can use, redistribute or modify it under the terms of the CNPL-NAv7+ as found in LICENSE.md or at . diff --git a/back/architecture.en.md b/back/architecture.en.md new file mode 100644 index 0000000..8a67d42 --- /dev/null +++ b/back/architecture.en.md @@ -0,0 +1,40 @@ +# Software architecture + +## Program flow + +`init.php` +: Initializes common values + +`router.php` +: Receives every external HTTP request from the web server, executes actions required in any case, executes matching code in `pg-act` if appropriate, and calls `view.php` either way. + +`pg-act/` +: Executed when a form is submitted: checks that every parameter is valid and secure, then executes the feature of the page according to the parameters. + +`view.php` +: Displays global HTML and includes matching file from `pg-view`. + +`pg-view/` +: Displays the main page content (notably HTML forms), may sometimes display form output passed through the `$data` array. + +The `output` function is used to return success or error messages and stop processing of the request. + +## Other components + +`fn/` +: Functions, grouped by concerned service + +`jobs/` +: CLI scripts ; should be run as the same user as the rest of the program (e.g. `sudo -u servnest php /srv/servnest/core/jobs/something.php`) + +`sftpgo-auth.php` +: When someone tries to log in over SFTP, SFTPGo sends username and password to this script, which queries the database and replies whether authentication succeeded or not. + +`css/` +: Each `.css` file in this directory is declared in every page. + +`db/` +: SQlite database, the only directory writable by the program + +`locales/` +: Gettext translations, see [translation.md](translation.md) diff --git a/back/backup.en.md b/back/backup.en.md new file mode 100644 index 0000000..2e8b6d5 --- /dev/null +++ b/back/backup.en.md @@ -0,0 +1,31 @@ +# Locations to backup + +## common + +* `/srv/servnest/core/db/servnest.db` + +## dns + +* `/var/lib/knot/` + +## reg + +* `/srv/servnest/reg/` + +## ns + +* `/srv/servnest/ns/` + +## ht + +* `/srv/servnest/ht/` +* `/srv/servnest/tor-config/` +* `/srv/servnest/tor-keys/` +* `/etc/letsencrypt/` +* `/etc/sftpgo/` + +## You may also want to backup + +* logs (usually somewhere in `/var/log/`) +* config file `/srv/servnest/core/config.ini` +* code in `/srv/servnest/core/` diff --git a/back/configuration.en.md b/back/configuration.en.md new file mode 100644 index 0000000..5144f52 --- /dev/null +++ b/back/configuration.en.md @@ -0,0 +1,257 @@ +# Configuration reference + +This document describes the ServNest configuration directives that are part of `config.ini` (distributed as `config.template.ini`). It's an INI file, parsed by [PHP's `parse_ini_file` function](https://www.php.net/manual/function.parse-ini-file.php). Every directive is expected to be present. + +## `[common]` + +### `public_domains[]` + +Allowed server names. Used to make the authentication tokens specific to the service. + +You can specify multiple domains: +``` +public_domains[] = "servnest.example" +public_domains[] = "4example4example4example4example4example4example4example.onion" +``` + +### `prefix` + +Path that is prepended to the HTTP root where the service can be reached. Used for redirections and emitting cookies. + +If the service answers at `https://servnest.example/servnest/`, you need to set `prefix = "/servnest"`. + +### `service_name` + +String defining the displayed identity of the service. + +### `service_emoji` + +Pretty string sometimes prefixed to the service name. Can be empty. + +### `about_url` + +Address of the service presentation page. + +### `services[]` + +Keys `auth`, `reg`, `ns` and `ht` are required. + +Values can be: +* `enabled`: The service is provided as usual. +* `no-registration` (`auth` only): Same as `enabled`, but no new account can be created. +* `error`: For maintenance/debugging purposes, the service is temporarily unavailable. When used on the `auth` service, users can't submit any form, but this doesn't prevent already logged in SFTP users to act on the filesystem. +* `disabled` (`reg`, `ns` and `ht` only): The service is ignored everywhere, this installation never provides it. + +## `[dns]` + +This configuration section is used by both the registry (`reg`) and the public name server (`ns`). + +### `knotc_path` + +Filesystem path to the `knotc` binary. + +### `kdig_path` + +Filesystem path to the `kdig` binary. Used to authenticate resources possession using the DNS. + +## `[reg]` + +### `suffixes[]` + +Lists the suffixes that the registry manages. + +The key is the suffix (ending with a dot) and the value is its registration availability, which can be one of the following: + +* `all`: every account can register +* `approved`: only approved accounts can register +* `none`: nobody can register + +This impacts only new registrations, existing domains can always be managed by users if their suffix appears in the list. + +### `suffixes_path` + +Filesystem path to the registries directory. The full path to the registry zonefile is `suffixes_path` + `/` + suffixes (as defined in suffixes[]) + `zone`. + +### `ttl` + +The TTL of every DNS record created by users (i.e. NS, DS and glue records). + +### `address` + +Host where the Knot DNS server answers the registry values. Should be a secure (local) address, as answers are not authenticated. + +(Used to check the transfer authentication records.) + +## `[ns]` + +### `knot_zones_path` + +Filesystem path to the zones directory. The full path to created zonefiles will be `knot_zones_path/.zone`. + +### `servers[]` + +The first element is set as the primary server in the SOA when creating a zone. + +All elements are used as NS records for newly created zones and listed in the interface so users can know what NS records must be delegated from the registry. + +The script `jobs/ns-update.php` may be run after updating this setting to update NS records for already created zones. + +### `kzonecheck_path` + +Filesystem path to the `kzonecheck` binary. Used to check sent plaintext zonefiles. + +### `public_soa_email` + +Administrator email address published in every SOA record. Ends with a `.`, `@` is replaced by a `.`, an hypothetical `.` in the first part of the address is escaped using a `\` before, thus `contact.admin@servnest.example` becomes `contact\.admin.servnest.example.` + +### `local_only_check` + +Check for records on the local registry name server when adding a zone. + +Development feature, should not be enabled for a public server. + +## `[ht]` + +### `ht_path` + +Apache can be [chroot](https://httpd.apache.org/docs/current/mod/mod_unixd.html#chrootdir)ed to this directory. + +`/fs//` is the users files base directory. + +`/uri/
/` is automatically reachable by Apache (using [mod_vhost_alias](https://httpd.apache.org/docs/current/mod/mod_vhost_alias.html)) and contains relative symlinks to users managed directories. + +### `user_quota_testing`, `user_quota_approved` + +Maximum bytes a user can use on its SFTP space, depending on its account type. + +### `subpath_domain` and `subpath_path` + +For the feature of sites in subpathes of a single domain: + +`subpath_domain` is the said shared domain, displayed in the interface + +`subpath_path` is the filesystem path to the directory whose address is the HTTP root of `subpath_domain` + +`https:///example/` maps to `/example/` + +### `subdomain_domain` and `subdomain_path` + +For the feature of sites in subdomains of a root domain: + +(The root domain must have a wildcard TLS certificate and wildcard AAAA and A records.) + +`subdomain_domain` is the root domain, displayed in the interface + +`subdomain_path` is the filesystem path to the directory whose direct subdirectories are mapped to direct subdomains of `subdomain_domain` + +`https://example./` maps to `/example/` + +### `tor_config_path` + +Filesystem path to the directory containing Tor configuration for onion accesses. The full Tor configuration file path is `tor_config_path//` + +### `tor_keys_path` + +Tor sets up keys inside the directory `tor_keys_path///` + +### `tor_user` + +Linux user as who runs the Tor daemon. Some commands are executed as this user through sudo. + +### `tor_reload_cmd` + +Command to execute through sudo to reload the Tor daemon. + +### `onion_internal_host` + +HTTP Onion services listen on port 80 and forward requests to this host. + +### `sudo_path` + +Filesystem path to the sudo binary. + +### `certbot_path` + +Filesystem path to the certbot binary. It is used through sudo to get a Let's Encrypt certificate. + +### `chgrp_path`, `cat_path`, `rm_path`, `mkdir_path` + +Filesystem paths to the corresponding GNU coreutils binary (other implementations are not tested). (Their PHP counterpart can't be used as they need to act as another user through sudo.) + +### `sftpgo_group` + +Linux group as who runs SFTPGo. (Gets full permissions on users directories.) + +### `sftpgo_user` + +Linux user as who runs SFTPGo. (Used to delete files that users created.) + +### `cname` + +For a site with dedicated domain, the domain that users must point their domain to. + +This domain should have the following records: + +AAAA +: `ipv6_address` + +A +: `ipv4_address` + +CAA +: `caa_account_uris[testing]` + +CAA +: `caa_account_uris[approved]` + +### `ipv6_address`, `ipv4_address` + +For a site with dedicated domain, when manually copying records, public IPv6 and IPv4 addresses that users must set in their AAAA and A records. + +Should be the same as the AAAA and A records for `cname`. + +### `caa_account_uris[]` + +For a site with dedicated domain, when manually copying records, the URIs of the accounts (both stable and staging) that request Let's Encrypt certificates. Keys `testing` and `approved` must be set to outputs of respectively `certbot show_account --test-cert` and `certbot show_account` + +Should be the same as the CAA records for `cname`. + +### `sftp_pub` + +Filesystem path to where the public key of the SFTP service is available. + +### `sftp_fp` + +Filesystem path to where the public key fingerprint of the SFTP service is available. + +### `sftp_asciiart` + +Filesystem path to where the ASCII art of the public key of the SFTP service is available. + +### `sftp_domain` + +Domain name that users need to direct their SFTP clients to. May be the same key as in `public_domains[]`. + +### `public_sftp_port` + +Network port that users need to direct their SFTP clients to. The common default port is `22`. + +## `[check]` + +This configuration section is used only when running `check.php`. + +### `https_port` + +Port where the public nginx reverse proxy can be reached. Usually `443` for production. + +### `sftp_path` + +Filesystem path to the sftp binary. + +### `sshpass_path` + +Filesystem path to the sshpass binary. + +### `tor_proxy` + +Curl's [CURLOPT_PROXY](https://curl.se/libcurl/c/CURLOPT_PROXY.html) argument, used to test onion services. diff --git a/back/index.en.md b/back/index.en.md new file mode 100644 index 0000000..58d7621 --- /dev/null +++ b/back/index.en.md @@ -0,0 +1,73 @@ +# ServNest backend documentation + +* [Source code architecture](architecture) +* [`config.ini` configuration reference](configuration) +* [Installation](installation) +* [Translation](translation) + +## Service naming convention + +ServNest identifies its services using the following short names: + +`common` +: not specific to a service + +`auth` +: account management + +`reg` +: domain name registry + +`ns` +: zone hosting + +`dns` +: both `reg` and `ns` + +`ht` +: HTTP hosting + +## Software used by ServNest + +[PHP](https://www.php.net/) +: main language + +[SQLite](https://www.sqlite.org/index.html) (as a PHP extension) +: store relation between an account and the resources it created + +[gettext](https://www.gnu.org/software/gettext/) (as a PHP extension) +: translation + +[libsodium](https://doc.libsodium.org/) (as a PHP extension) +: hash/encrypt usernames + +### For `dns` only + +[Knot DNS](https://www.knot-dns.cz/) +: DNS server for both registry and DNS hosting + +Cronie (or another cron daemon) +: periodically run script to sync registry records with child zones and pseudo-CNAMEs at apex + +### For `ht` only + +[sudo](https://www.sudo.ws/) 1.9.10+ +: execute actions that match a regex as privileged or specific users + +[SFTPGo](https://github.com/drakkan/sftpgo) +: upload sites files using SFTP + +[Apache HTTP Server](https://httpd.apache.org/) +: static HTTP server, with content negotiation and `.htaccess` dynamic configuration + +[nginx](https://nginx.org/) +: HTTP reverse proxy for Apache; terminates TLS and enforces security headers + +Tor +: [Onion services](https://community.torproject.org/onion-services/) + +[Certbot](https://certbot.eff.org/) +: get [Let's Encrypt](https://letsencrypt.org/) certificates for TLS + +[GNU Core Utilities](https://www.gnu.org/software/coreutils/) or [BusyBox](https://www.busybox.net/) +: manipulate the filesystem through sudo diff --git a/back/installation.en.md b/back/installation.en.md new file mode 100644 index 0000000..3731a2b --- /dev/null +++ b/back/installation.en.md @@ -0,0 +1,304 @@ +# ServNest installation + +## Notable prerequisites + +* sudo 1.9.10+ (available in Debian 12+) +* SFTPGo, is usually not available from most distributions (as of january 2023) +* Ports 22, 53 and 443 on public IPv6 and IPv4 addresses (not required for a local development/testing setup) + +## Steps + +[The `servnest-mkosi` repository](https://code.antopie.org/servnest/servnest-mkosi) can automatically build a system image for ServNest using configuration files and scripts provided in it. **Configuration files referred to in this document are in its `install/` subdirectory.** + +### DNS resolution + +A caching, DNSSEC-validating and TLS-forwarding local stub resolver is recommended, e.g. systemd-resolved, Knot Resolver or Unbound. For systemd-resolved, `ResolveUnicastSingleLabel=yes` is required. + +### sudo / sudoers + +For the HTTP hosting service, ServNest requires to execute some commands as other users through sudo. + +The required sudoers configuration is `sudoers` and can be placed at `/etc/sudoers.d/servnest`. + +### Tor + +Install the `torrc` file as your Tor configuration. The `%include` statement inside it includes configuration files that will be placed inside any subdirectory of `/srv/servnest/tor-config/`, and is central to the way ServNest uses Tor. + +```shell +mkdir /srv/servnest/tor-config +chown -R servnest:tor /srv/servnest/tor-config +chmod -R u=rwX,g=rX,o= /srv/servnest/tor-config + +mkdir /srv/servnest/tor-keys +chown -R tor: /srv/servnest/tor-keys +chmod -R u=rwX,g=,o= /srv/servnest/tor-keys +``` + +If you're using systemd, you might need to override your distribution configuration by placing `tor.service.override.conf` inside `/etc/systemd/system/tor.service.d/`. + +### Knot DNS + +A local primary Knot DNS server is used for both the registry and name server services. Knot DNS configuration is inside `knot.conf`. Change `42053` port to `53` and local IPs to `::` and `0.0.0.0` (or specific ones). + +For a public server, at least one secondary server should be set up. As zones can be dynamically added and deleted from the primary server, [catalog zones](https://zones.cat/) should be used. Configuration for a primary and a secondary server can be found respectively at `mkosi.extra/etc/knot/knot-primary.conf` and `mkosi.extra/etc/knot/knot-secondary.conf`. + +Add user `servnest` to group `knot` to allow ServNest to send commands to Knot: +```shell +usermod -aG knot servnest +``` + +#### Database configuration + +Knot configuration must be dynamic, therefore the configuration must stored in database, using: +```shell +sudo -u knot knotc conf-import /etc/knot/knot.conf +``` + +The configuration file won't be used by Knot anymore. + +#### Database configuration edition + +Database configuration can be changed using `knotc conf-*` commands, see [Knot DNS 3.2 documentation > Operation > Dynamic configuration](https://www.knot-dns.cz/docs/3.2/html/operation.html#dynamic-configuration). If you don't want to use that and don't want the best uptime possible, you can do the following steps to edit configuration through a plaintext file: + +1. Set `enabled` to `false` in `[reg]` and `[ns]` sections of `config.ini` +2. `knotc conf-export /etc/knot/knot.conf` +3. Edit `/etc/knot/knot.conf` +4. Stop the Knot DNS daemon +5. `sudo -u knot knotc conf-import /etc/knot/knot.conf` +6. Restart the Knot DNS daemon +7. Check for errors in logs: `cat /var/log/knot/knot.log` +8. Reverse the first step to `true` + +#### Directories + +```shell +mkdir /srv/servnest/reg /srv/servnest/ns +chown -R servnest:knot /srv/servnest/reg /srv/servnest/ns +chmod -R u=rwX,g=rwX,o= /srv/servnest/reg /srv/servnest/ns +``` + +#### Registry files initialisation + +In addition to being described in configuration, registry zone files need to be initialized (i.e. SOA and NS records) inside `/srv/servnest/reg/`. + +### ServNest core + +Set up the source code inside `/srv/servnest/core/`: +```shell +git clone https://code.antopie.org/servnest/servnest/ /srv/servnest/core +``` + +Set permissions (except for `.git/` and `db/`): +```shell +chmod -R u=rX,g=rX,o= $(find /srv/servnest/core -mindepth 1 -maxdepth 1 ! -name .git ! -name db) +chown -R servnest:nginx $(find /srv/servnest/core -mindepth 1 -maxdepth 1 ! -name .git ! -name db) +``` + +Generate new SQLite database: +```shell +sqlite3 /srv/servnest/core/db/servnest.db < /srv/servnest/core/db/schema.sql +``` + +Set permissions for database: +```shell +chmod -R u=rwX,g=,o= /srv/servnest/core/db +chown -R servnest: /srv/servnest/core/db +``` + +Initialize database secret keys: +```shell +echo "UPDATE params SET value = '$(openssl rand -hex 16)' WHERE name = 'username_salt';" | sqlite3 /srv/servnest/core/db/servnest.db +``` + +Generate gettext translations: +```shell +msgfmt /srv/servnest/core/locales/fr/C/LC_MESSAGES/messages.po -o /srv/servnest/core/locales/fr/C/LC_MESSAGES/messages.mo +chmod u=r,g=,o= /srv/servnest/core/locales/fr/C/LC_MESSAGES/messages.mo +chown servnest: /srv/servnest/core/locales/fr/C/LC_MESSAGES/messages.mo +``` + +### PHP + +In addition to PHP itself, the following PHP extensions are required and their packages probably needs to be installed: + +* pdo +* pdo_sqlite +* libsodium +* gettext +* curl (only for the `check.php` script) + +You might also want to enable the OPcache extension to improve performance. + +#### `php.ini` + +Set appropriately your `php.ini` to either `php.ini-production` or `php.ini-development` (distributions usually ship `php.ini-production` as the default `php.ini`). + +Use `php.ini` as additional PHP configuration (e.g. in `/etc/php/conf.d/servnest.ini`). + +#### `php-fpm.conf` + +Use `php-fpm.conf` as the PHP-FPM configuration (e.g. in `/etc/php/php-fpm.d/servnest.conf`). + +##### For systemd + +`php-fpm.service.override.conf` may be required as the PHP-FPM service configuration override. + +### Certbot + +If you are setting up a testing environment, running `certbot` commands in this document without `--test-cert` is probably useless. + +Register an ACME account for Let's Encrypt (production and staging): +```shell +certbot register --no-eff-email +certbot register --no-eff-email --test-cert +``` + +Copy and adapt `certbot.ini` in `/etc/letsencrypt/cli.ini` + +Install the Certbot deploy hook: +```shell +cp certbot-deploy-hook.sh /root/certbot-deploy-hook.sh +chmod +x /root/certbot-deploy-hook.sh +``` + +### nginx + +nginx is used for 2 purposes: +* serving the PHP interface +* acting as a reverse proxy before Apache, terminating TLS and enforcing headers policy + +Create the ACME HTTP challenge directory used by Certbot: +```shell +mkdir /srv/servnest/acme +chown nginx: /srv/servnest/acme +chmod u=rX,g=,o= /srv/servnest/acme +``` + +Generate default self-signed certificates: +```shell +openssl req -subj '/' -new -newkey RSA:3072 -days 3650 -nodes -x509 -keyout /etc/ssl/private/servnest.key -out /etc/ssl/certs/servnest.crt +openssl req -subj '/CN=servnest.test' -new -newkey RSA:3072 -days 3650 -nodes -x509 -keyout /etc/ssl/private/servnest.test.key -out /etc/ssl/certs/servnest.test.crt +openssl req -subj '/CN=ht.servnest.test' -new -newkey RSA:3072 -days 3650 -nodes -x509 -keyout /etc/ssl/private/ht.servnest.test.key -out /etc/ssl/certs/ht.servnest.test.crt +openssl req -subj '/CN=*.ht.servnest.test' -new -newkey RSA:3072 -days 3650 -nodes -x509 -keyout /etc/ssl/private/wildcard.ht.servnest.test.key -out /etc/ssl/certs/wildcard.ht.servnest.test.crt +``` + +A precise configuration is inside the `nginx/` directory. It requires the *headers more* nginx module. + +This configuration listens on `[::1]:42443`, `127.0.0.1:42443`, `[::1]:42080` and `127.0.0.1:42080`. For a public server, these should be replaced respectively by `[::]:443`, `0.0.0.0:443`, `[::]:80` and `0.0.0.0:80`. Other addresses (i.e for Onion services and SFTPGo authentication) are not meant to be publicly exposed. + +Once this configuration is put in place, replace self-signed certificates by Let's Encrypt certificates: +```shell +certbot certonly -d "ht.servnest.example" +certbot certonly -d "servnest.example" +``` + +Getting a Let's Encrypt certificate for a wildcard domain requires an ACME [DNS challenge](https://letsencrypt.org/docs/challenge-types/#dns-01-challenge). The following command asks to setup a DNS record, this can be done by editing `/srv/servnest/reg/servnest.example` then reload configuration using `knotc zone-reload servnest.example`. +```shell +certbot certonly --manual -d "*.ht.servnest.example" +``` +This method also requires manual operations for renewal. + +The nginx configuration provided above uses the self-signed key pair at the locations set in the `openssl` command above. Replace those by the ones Certbot told you and reload nginx configuration. + +Allow nginx to access certificates: +```shell +mkdir -p /etc/letsencrypt/archive/ /etc/letsencrypt/live/ +chmod 710 /etc/letsencrypt/archive/ /etc/letsencrypt/live/ +chown root:nginx /etc/letsencrypt/archive/ /etc/letsencrypt/live/ +/root/certbot-deploy-hook.sh +``` + +### Apache HTTP Server + +Apache in distributions is usually named `httpd`, `apache` or `apache2`. Adapt these instructions as appropriate. + +Apache configuration is inside the `apache/` directory. It runs Apache inside a chroot, though it is not required by the ServNest design. Some paths may need adaptation according to the distribution used (e.g. modules or logs). + +Set up the directory where Apache will be chrooted: +```shell +mkdir /srv/servnest/ht +cp -r /install/http-messages /srv/servnest/ht/http-messages +chown -R root:root /srv/servnest/ht +chmod -R u=rX,g=rX,o=rX /srv/servnest/ht +``` + +Set up the directory managed by SFTPGo users: +```shell +mkdir /srv/servnest/ht/fs +chown -R apache:sftpgo /srv/servnest/ht/fs +chmod -R u=rX,g=rwX,o= /srv/servnest/ht/fs +``` + +Set up the directory accessed by Apache and managed by ServNest that maps Web addresses to users directories using links: +```shell +mkdir /srv/servnest/ht/uri +mkdir /srv/servnest/ht/uri/ht.servnest.test # Subpath access +chown -R servnest:apache /srv/servnest/ht/uri +chmod -R u=rwX,g=rX,o= /srv/servnest/ht/uri +``` + +For Apache to work in a chroot, hardlinking some system dependencies inside the chroot may be needed: +```shell +# Display dependencies paths +ldd $(which httpd) + +# Create hardlink's parent directory +mkdir -p /srv/servnest/ht/usr/lib + +# Hardlink (with a specific example) +ln /usr/lib/libc.so.6 /srv/servnest/ht/usr/lib/libc.so.6 +``` + +### SFTPGo + +#### Install SFTPGo + +The script at `../root/sftpgo.sh` can be used to build SFTPGo from source. You can use other methods to get SFTPGo builds. + +Create a directory for configuration: `mkdir /etc/sftpgo` + +Copy the systemd service: `cp /install/sftpgo.service /etc/systemd/system/sftpgo.service` + +Allow listening on privileged ports: `setcap 'cap_net_bind_service=+ep' /usr/local/bin/sftpgo` + +#### Configure SFTPGo for ServNest + +Generate a key pair using `ssh-keygen -f /etc/sftpgo/ed25519 -t ed25519 -N "" -C ""` + +Compute key pair fingerprints: +```shell +fp=($(ssh-keygen -l -f /etc/sftpgo/ed25519)) +echo ${fp[1]} > /etc/sftpgo/ed25519.fp +ssh-keygen -lv -f /etc/sftpgo/ed25519 | tail -n +2 > /etc/sftpgo/ed25519.asciiart +``` + +Copy the SFTPGo configuration: `cp /install/sftpgo.toml /etc/sftpgo/sftpgo.toml`. For a public setup, change `[[sftpd.bindings]]` sections in it to public IPs and port 22. You can optionally set up in `/etc/sftpgo/banner.txt` a message displayed to users when logging in. + +Add user `servnest` to group `sftpgo`: +```shell +usermod -aG sftpgo servnest +``` + +Permissions for `/etc/sftpgo`: +```shell +chown -R sftpgo: /etc/sftpgo +chmod -R u=rX,g=rX,o= /etc/sftpgo +chmod u=r,g=,o= /etc/sftpgo/ed25519 +``` + +Generate and add SSHFP record for the public SFTP domain: +```shell +echo sftp.servnest.test. 86400 SSHFP 4 2 $(cut -d ' ' -f 2 /etc/sftpgo/ed25519.pub | base64 -d | sha256sum | cut -d ' ' -f 1) >> /srv/servnest/reg/servnest.test.zone +``` + +### ServNest core configuration + +Copy the configuration template to the actual configuration file and adapt it according to [the ServNest configuration reference](configuration.md): +```shell +cp /srv/servnest/core/config.template.ini /srv/servnest/core/config.ini +vim /srv/servnest/core/config.ini +``` + +### Cronie + +Set the `cronie` file as `/etc/cron.d/servnest`. diff --git a/back/translation.en.md b/back/translation.en.md new file mode 100644 index 0000000..de9146d --- /dev/null +++ b/back/translation.en.md @@ -0,0 +1,38 @@ +# Memo to work with gettext + +## As a developer + +Extract messages to be translated from the source files and into a Portable Object Template file: +```shell +xgettext --from-code=UTF-8 --no-wrap -d messages -p locales/ *.php */*.php */*/*.php +mv locales/messages.po locales/messages.pot +``` + +Merge messages into existing Portable Objects: +```shell +msgmerge --no-wrap locales/fr/C/LC_MESSAGES/messages.po locales/messages.pot -o locales/fr/C/LC_MESSAGES/messages.po +``` + +## As a translator + +### To start a new translation + +```shell +mkdir -p locales/fr/C/LC_MESSAGES/ +msginit -i locales/messages.pot -o locales/fr/C/LC_MESSAGES/messages.po +``` + +### To translate + +Edit `locales/fr/C/LC_MESSAGES/messages.po` using either +* any text editor +* dedicated translation software like [Poedit](https://poedit.net/), [KDE's Lokalize](https://apps.kde.org/lokalize/) or [GNOME Translation Editor](https://wiki.gnome.org/Apps/Gtranslator). + +## As an administrator + +To compile Portable Objects into Machine Objects: +```shell +msgfmt locales/fr/C/LC_MESSAGES/messages.po -o locales/fr/C/LC_MESSAGES/messages.mo +``` + +Machine Objects files are kept in cache by the PHP gettext extension, so PHP-FPM needs to be restarted to update translations. diff --git a/config.ini b/config.ini index 73e9801..d335ad3 100644 --- a/config.ini +++ b/config.ini @@ -1,8 +1,8 @@ ; Used in and <header> -siteTitle = "Documentation de Niver" +siteTitle = "ServNest" ; Whether to advertise the CSS file in the HTML document or not -css = false +announce-css = true ; Whether to add a <header> tag to the HTML document or not header = false @@ -10,5 +10,4 @@ header = false ; Whether to center text on indexes or not centerIndex = true -; Which language to add to <html lang="?"> if not found in file extension -defaultLang = "fr" +id = "95f89610b910b4120ab78e7efc3f19cdf2328a7c9f510238abcc79ae148e499e" diff --git a/front/full-howto.en.md b/front/full-howto.en.md new file mode 100644 index 0000000..3be712b --- /dev/null +++ b/front/full-howto.en.md @@ -0,0 +1,78 @@ +# Use ServNest + +## Introduction + +This document describes the steps for the combined use of each service of a ServNest installation. + +In short, it consists of: +1. on the **Authentication** service: creating an account +2. on the **Registry** service: registering a domain name in one of the available suffixes +3. on the **Name servers** service: configuring a DNS zone for this domain +4. on the **Web** service: uploading files using SFTP and making them accessible through the Web with the domain previously registered and configured + +## Prerequisites + +* the address of an existing ServNest installation (see the list on the homepage) +* a way to communicate with the chosen installation administrator, to get the account approved +* a web browser (for example LibreWolf, Tor Browser or Firefox) +* an SFTP client (for example Dolphin on KDE, GNOME Files or FileZilla) +* files to be served on the site (typically in HTML format) + +## Step 1: account creation + +Create an account and get it approved + +1. From the chosen ServNest installation home page, go to the **Authentication** service, then use the page **Create account** +2. Ask your installation administrator an approval key, according to the instructions on the link **About this installation** on the installation home page, and wait for their answer +3. Use the answered key on the **Switch to an approved account** page + +## Step 2: domain registration + +Choose a domain name + +1. Go to the **Registry** service +2. **Register domain** + +## Step 3: the DNS zone + +### Step 3.1: DNS zone creation + +Authenticate the DNS zone creation by creating a specific DNS record in the parent zone (the registry), then actually create the zone + +1. On the **Name servers** > **Add zone** page, copy the required NS record value (Don't submit the form yet) +2. Paste the value in **Registry** > **NS records** and submit +3. Submit the form on **Name servers** > **Add zone** +4. Paste the value in **Registry** > **NS records** again, but this time select the **Delete** action, then submit + +### Step 3.2: delegation to the DNS zone + +Tell the registry to delegate the domain name resolution to the servers on which we just created the zone + +For each domain name listed in the **Name servers** section on the home page of the **Name servers** service: +1. Copy-paste this domain name in **Registry** > **DNS records** then submit + +### Optional step 3.3: DNSSEC activation + +Tell the registry the public key of the DNS zone in order to enable the DNSSEC trust delegation and thus the DNS zone records authentication + +1. On **Name servers** > **Display zone**, select **DS records** then submit +2. Transmit the display values to **Registry** > **DS records** + +## Step 4: the website + +### Step 4.1: SFTP upload + +1. Transmit the values displayed on the **Web** service home page to the SFTP client +2. If the SFTP asks to confirm the server's public key fingerprint, check that it matches one of the values display on the web page. If none of the values match, cancel the connection, then check the settings, change Internet connection or contact the administrator. (Connecting to an SFTP server without verifying it's authenticity can allow an attacker to takeover your account.) +3. The SFTP space is empty by default. Create a directory named without spaces, accents or special characters (for example `site`) +4. Copy-paste the site files inside this new directory + +### Step 4.2: HTTP access creation + +1. In **Name servers** > **Synchronized records**, add an entry with the domain displayed on **Web** > **Dedicated domain with Let's Encrypt certificate access** as the **Source domain** +2. In **Name servers** > **TXT records**, add for the **Subdomain** `_auth` the value displayed on **Web** > **Dedicated domain with Let's Encrypt certificate access** +3. Submit the form **Dedicated domain with Let's Encrypt certificate access** + +## Conclusion + +Accessing `https://domain.example/file` displays the file `/site/file` from the SFTP space. diff --git a/front/index.en.md b/front/index.en.md new file mode 100644 index 0000000..4c9b44e --- /dev/null +++ b/front/index.en.md @@ -0,0 +1,4 @@ +# ServNest user documentation + +* [Use ServNest](full-howto) +* [How to create a static site](site-creation) diff --git a/front/site-creation.en.md b/front/site-creation.en.md new file mode 100644 index 0000000..26ca34b --- /dev/null +++ b/front/site-creation.en.md @@ -0,0 +1,18 @@ +# How to create a static site + +## Manually + +A site can be created by handwriting HTML files. + +## Using a static sites generator + +Static sites generator are tools that generate static HTML sites from another format, usually from Markdown. + +[Zola](https://www.getzola.org/) +: command line interface + +[Hugo](https://gohugo.io/) +: command line interface + +[Publii](https://getpublii.com/) +: desktop software using Electron diff --git a/index.en.md b/index.en.md new file mode 100644 index 0000000..3865c61 --- /dev/null +++ b/index.en.md @@ -0,0 +1,96 @@ +# ServNest + +ServNest is software providing an HTTP service with HTML interface allowing users to manage 3 independent services: + +* Subdomain registration and delegation, in a public suffix registry +* DNS zone hosting +* Static HTTP site hosting (installed using SFTP) + +## Documentation + +[User documentation](front/) +: use an existing ServNest installation + +[Internals](back/) +: understand, contribute or deploy a new ServNest installation + +## Status + +ServNest is alpha software. Proper versioning, changelog and upgrade and migration instructions are still missing. + +## Installation list + +[Niver](https://about.niv.re/) +: administrated by the main developer + +## Detailed features + +### Public suffix registry (`reg`) + +* Register a subdomain of the registry +* Set domain's nameservers +* Set a DS record to enable DNSSEC +* Set Glue records +* Display records +* Transfer domain to another account +* Partial `CSYNC` and `CDS` support to synchronize from child zone + +### Name server (`ns`) + +* Host a zone on the server +* Plain zone file edition +* Dedicated forms to set/unset `A`, `AAAA`, `NS`, `TXT`, `CAA`, `SRV`, `MX`, `SRV`, `SSHFP`, `TLSA`, `CNAME`, `DNAME` and `LOC` records +* Display records or the full zone file +* Keep records in sync with another domain (`CNAME` alternative for apex domains) + +### Static HTTP site hosting (`ht`) + +Upload site's files to the server using SFTP. The way the site is accessed can then be choosed: + +* Dedicated domain name and Let's Encrypt certificate +* Dedicated onion service (through Tor) +* Subdomain of a shared root domain +* HTTP subpath of a shared domain + +Some Apache configuration directives are available through `.htaccess`. + +## Resources + +[ServNest website](https://servnest.niv.re/) +: information about ServNest + +[Matrix room](matrix:r/servnest:matrix.antopie.org) (`#servnest:matrix.antopie.org`) +: english/french +: discuss, get help and organise contribution + +[Issue tracker](https://code.antopie.org/servnest/servnest/issues/) +: english +: keep track of bugs and wanted features + +[ServNest source code](https://code.antopie.org/servnest/servnest/) +: english +: code + +[ServNest website source](https://code.antopie.org/servnest/docs/) +: code, administration documentation + +## Direct contact details + +Find them on [my site](https://miraty.niv.re/contact). + +## Somehow similar projects + +[DNSManager](https://github.com/KaneRoot/dnsmanager): +: domain registry software powering [netlib.re](https://netlib.re/) + +[EU.org](https://nic.eu.org/) +: domain registry + +[DNS Witch](https://dns-witch.net.eu.org/) +: user-friendly domain hosting based on EU.org + +[Codeberg Pages](https://codeberg.page/) +: static website hosting published through Git + +[Njalla](https://njal.la/) +: anonymous domain registrar diff --git a/legacy/authoritative.fr.md b/legacy/authoritative.fr.md new file mode 100644 index 0000000..3fdb116 --- /dev/null +++ b/legacy/authoritative.fr.md @@ -0,0 +1,5 @@ +# Serveurs de noms ayant autorité + +Un serveur de nom ayant autorité est un serveur DNS qui connaît la bonne information pour une zone DNS et qui est donc capable de répondre un enregistrement DNS sans devoir interroger un autre serveur DNS, contrairement à un serveur de noms récursif (alias résolveur DNS), qui se contente de reporter les requêtes aux serveurs ayant autorité adéquats. + +Une zone DNS est généralement servie simultanément par plusieurs serveurs de noms ayant autorité, afin d'éviter que la panne d'un seul serveur provoque l'indisponibilité du domaine. diff --git a/src/ca.md b/legacy/ca.fr.md similarity index 100% rename from src/ca.md rename to legacy/ca.fr.md diff --git a/src/crypto.md b/legacy/crypto.fr.md similarity index 100% rename from src/crypto.md rename to legacy/crypto.fr.md diff --git a/src/css.md b/legacy/css.fr.md similarity index 100% rename from src/css.md rename to legacy/css.fr.md diff --git a/src/dig.md b/legacy/dig.fr.md similarity index 100% rename from src/dig.md rename to legacy/dig.fr.md diff --git a/src/dns.md b/legacy/dns.fr.md similarity index 100% rename from src/dns.md rename to legacy/dns.fr.md diff --git a/src/dnssec.md b/legacy/dnssec.fr.md similarity index 100% rename from src/dnssec.md rename to legacy/dnssec.fr.md diff --git a/src/gemini.md b/legacy/gemini.fr.md similarity index 100% rename from src/gemini.md rename to legacy/gemini.fr.md diff --git a/src/glue-record.md b/legacy/glue-record.fr.md similarity index 100% rename from src/glue-record.md rename to legacy/glue-record.fr.md diff --git a/src/html.md b/legacy/html.fr.md similarity index 100% rename from src/html.md rename to legacy/html.fr.md diff --git a/src/http.md b/legacy/http.fr.md similarity index 100% rename from src/http.md rename to legacy/http.fr.md diff --git a/src/hypertext.md b/legacy/hypertext.fr.md similarity index 100% rename from src/hypertext.md rename to legacy/hypertext.fr.md diff --git a/src/ip.md b/legacy/ip.fr.md similarity index 100% rename from src/ip.md rename to legacy/ip.fr.md diff --git a/src/markdown.md b/legacy/markdown.fr.md similarity index 98% rename from src/markdown.md rename to legacy/markdown.fr.md index 69cd608..851471f 100644 --- a/src/markdown.md +++ b/legacy/markdown.fr.md @@ -1,6 +1,6 @@ # Le format de fichier Markdown -Markdown est un langage créer pour simplifier la rédaction de texte, dans le but d'être transformer en HTML. +Markdown est un langage créer pour simplifier la rédaction de texte, dans le but d'être transformé en HTML. ## Les titres diff --git a/src/record-caa.md b/legacy/record-caa.fr.md similarity index 100% rename from src/record-caa.md rename to legacy/record-caa.fr.md diff --git a/src/record-cname.md b/legacy/record-cname.fr.md similarity index 100% rename from src/record-cname.md rename to legacy/record-cname.fr.md diff --git a/src/record-dname.md b/legacy/record-dname.fr.md similarity index 100% rename from src/record-dname.md rename to legacy/record-dname.fr.md diff --git a/src/record-ip.md b/legacy/record-ip.fr.md similarity index 100% rename from src/record-ip.md rename to legacy/record-ip.fr.md diff --git a/src/record-loc.md b/legacy/record-loc.fr.md similarity index 100% rename from src/record-loc.md rename to legacy/record-loc.fr.md diff --git a/src/record-mx.md b/legacy/record-mx.fr.md similarity index 100% rename from src/record-mx.md rename to legacy/record-mx.fr.md diff --git a/src/record-ns.md b/legacy/record-ns.fr.md similarity index 100% rename from src/record-ns.md rename to legacy/record-ns.fr.md diff --git a/src/record-srv.md b/legacy/record-srv.fr.md similarity index 100% rename from src/record-srv.md rename to legacy/record-srv.fr.md diff --git a/src/record-sshfp.md b/legacy/record-sshfp.fr.md similarity index 100% rename from src/record-sshfp.md rename to legacy/record-sshfp.fr.md diff --git a/src/record-tlsa.md b/legacy/record-tlsa.fr.md similarity index 100% rename from src/record-tlsa.md rename to legacy/record-tlsa.fr.md diff --git a/src/record-txt.md b/legacy/record-txt.fr.md similarity index 100% rename from src/record-txt.md rename to legacy/record-txt.fr.md diff --git a/src/registry.md b/legacy/registry.fr.md similarity index 99% rename from src/registry.md rename to legacy/registry.fr.md index 2e25a0f..9926314 100644 --- a/src/registry.md +++ b/legacy/registry.fr.md @@ -7,7 +7,3 @@ L'obtention d'un nom de domaine se fait soit en demandant directement auprès du C'est le registre qui doit indiquer notamment les serveurs de noms de la zone délégué ainsi que leur signature DNSSEC si souhaité, afin de permettre le fonctionnement du DNS. Par exemple, si je veux un domaine `carotte.exemple.`, je dois communiquer au registre, ici `exemple.`, l'adresse des serveurs de noms sur lesquels je vais administrer ce domaine. (Si l'adresse de ce serveur de noms se termine elle-même par `.carotte.exemple.`, je dois utiliser un [glue record](glue-record.html)). - - - - diff --git a/src/sftp.md b/legacy/sftp.fr.md similarity index 96% rename from src/sftp.md rename to legacy/sftp.fr.md index 949edc8..699aadb 100644 --- a/src/sftp.md +++ b/legacy/sftp.fr.md @@ -1,6 +1,6 @@ # Le protocole SFTP -SFTP est un protocole basé sur la cryptographie utilisée dans SSH, qui permet de transferrer des fichiers sur le modèle client-serveur. +SFTP est un protocole basé sur la cryptographie utilisée dans SSH, qui permet de transférer des fichiers sur le modèle client-serveur. ## Clients SFTP diff --git a/src/tls.md b/legacy/tls.fr.md similarity index 100% rename from src/tls.md rename to legacy/tls.fr.md diff --git a/src/tor.md b/legacy/tor.fr.md similarity index 100% rename from src/tor.md rename to legacy/tor.fr.md diff --git a/src/ttl.md b/legacy/ttl.fr.md similarity index 100% rename from src/ttl.md rename to legacy/ttl.fr.md diff --git a/src/units.md b/legacy/units.fr.md similarity index 100% rename from src/units.md rename to legacy/units.fr.md diff --git a/src/zone.md b/legacy/zone.fr.md similarity index 100% rename from src/zone.md rename to legacy/zone.fr.md diff --git a/po/docs.pot b/po/docs.pot new file mode 100644 index 0000000..22d8fc4 --- /dev/null +++ b/po/docs.pot @@ -0,0 +1,440 @@ +# SOME DESCRIPTIVE TITLE +# Copyright (C) YEAR Free Software Foundation, Inc. +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "Project-Id-Version: PACKAGE VERSION\nPOT-Creation-Date: 2024-01-15 19:39+0100\nPO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\nLast-Translator: FULL NAME <EMAIL@ADDRESS>\nLanguage-Team: LANGUAGE <LL@li.org>\nLanguage: \nMIME-Version: 1.0\nContent-Type: text/plain; charset=UTF-8\nContent-Transfer-Encoding: 8bit\n" + +#. type: Title # +#: index.en.md:1 +#, markdown-text, no-wrap +msgid "ServNest" +msgstr "" + +#. type: Plain text +#: index.en.md:4 +#, markdown-text, no-wrap +msgid "ServNest is software providing an HTTP service with HTML interface allowing users to manage 3 independent services:\n" +msgstr "" + +#. type: Plain text +#: index.en.md:8 +#, markdown-text, no-wrap +msgid "* Subdomain registration and delegation, in a public suffix registry\n* DNS zone hosting\n* Static HTTP site hosting (installed using SFTP)\n" +msgstr "" + +#. type: Title ## +#: index.en.md:9 +#, markdown-text, no-wrap +msgid "Documentation" +msgstr "" + +#. type: Plain text +#: index.en.md:13 +#, markdown-text, no-wrap +msgid "[User documentation](front/)\n: use an existing ServNest installation\n" +msgstr "" + +#. type: Plain text +#: index.en.md:16 +#, markdown-text, no-wrap +msgid "[Internals](back/)\n: understand, contribute or deploy a new ServNest installation\n" +msgstr "" + +#. type: Title ## +#: index.en.md:17 +#, markdown-text, no-wrap +msgid "Status" +msgstr "" + +#. type: Plain text +#: index.en.md:20 +#, markdown-text, no-wrap +msgid "ServNest is alpha software. Proper versioning, changelog and upgrade and migration instructions are still missing.\n" +msgstr "" + +#. type: Title ## +#: index.en.md:21 +#, markdown-text, no-wrap +msgid "Installation list" +msgstr "" + +#. type: Plain text +#: index.en.md:25 +#, markdown-text, no-wrap +msgid "[Niver](https://about.niv.re/)\n: administrated by the main developer\n" +msgstr "" + +#. type: Title ## +#: index.en.md:26 +#, markdown-text, no-wrap +msgid "Detailed features" +msgstr "" + +#. type: Title ### +#: index.en.md:28 +#, markdown-text, no-wrap +msgid "Public suffix registry (`reg`)" +msgstr "" + +#. type: Plain text +#: index.en.md:37 +#, markdown-text, no-wrap +msgid "* Register a subdomain of the registry\n* Set domain's nameservers\n* Set a DS record to enable DNSSEC\n* Set Glue records\n* Display records\n* Transfer domain to another account\n* Partial `CSYNC` and `CDS` support to synchronize from child zone\n" +msgstr "" + +#. type: Title ### +#: index.en.md:38 +#, markdown-text, no-wrap +msgid "Name server (`ns`)" +msgstr "" + +#. type: Plain text +#: index.en.md:45 +#, markdown-text, no-wrap +msgid "* Host a zone on the server\n* Plain zone file edition\n* Dedicated forms to set/unset `A`, `AAAA`, `NS`, `TXT`, `CAA`, `SRV`, `MX`, `SRV`, `SSHFP`, `TLSA`, `CNAME`, `DNAME` and `LOC` records\n* Display records or the full zone file\n* Keep records in sync with another domain (`CNAME` alternative for apex domains)\n" +msgstr "" + +#. type: Title ### +#: index.en.md:46 +#, markdown-text, no-wrap +msgid "Static HTTP site hosting (`ht`)" +msgstr "" + +#. type: Plain text +#: index.en.md:49 +#, markdown-text, no-wrap +msgid "Upload site's files to the server using SFTP. The way the site is accessed can then be choosed:\n" +msgstr "" + +#. type: Plain text +#: index.en.md:54 +#, markdown-text, no-wrap +msgid "* Dedicated domain name and Let's Encrypt certificate\n* Dedicated onion service (through Tor)\n* Subdomain of a shared root domain\n* HTTP subpath of a shared domain\n" +msgstr "" + +#. type: Plain text +#: index.en.md:56 +#, markdown-text, no-wrap +msgid "Some Apache configuration directives are available through `.htaccess`.\n" +msgstr "" + +#. type: Title ## +#: index.en.md:57 +#, markdown-text, no-wrap +msgid "Resources" +msgstr "" + +#. type: Plain text +#: index.en.md:61 +#, markdown-text, no-wrap +msgid "[ServNest website](https://servnest.niv.re/)\n: information about ServNest\n" +msgstr "" + +#. type: Plain text +#: index.en.md:65 +#, markdown-text, no-wrap +msgid "[Matrix room](matrix:r/servnest:matrix.antopie.org) (`#servnest:matrix.antopie.org`)\n: english/french\n: discuss, get help and organise contribution\n" +msgstr "" + +#. type: Plain text +#: index.en.md:69 +#, markdown-text, no-wrap +msgid "[Issue tracker](https://code.antopie.org/servnest/servnest/issues/)\n: english\n: keep track of bugs and wanted features\n" +msgstr "" + +#. type: Plain text +#: index.en.md:73 +#, markdown-text, no-wrap +msgid "[ServNest source code](https://code.antopie.org/servnest/servnest/)\n: english\n: code\n" +msgstr "" + +#. type: Plain text +#: index.en.md:76 +#, markdown-text, no-wrap +msgid "[ServNest website source](https://code.antopie.org/servnest/docs/)\n: code, administration documentation\n" +msgstr "" + +#. type: Title ## +#: index.en.md:77 +#, markdown-text, no-wrap +msgid "Direct contact details" +msgstr "" + +#. type: Plain text +#: index.en.md:80 +#, markdown-text, no-wrap +msgid "Find them on [my site](https://miraty.niv.re/contact).\n" +msgstr "" + +#. type: Title ## +#: index.en.md:81 +#, markdown-text, no-wrap +msgid "Somehow similar projects" +msgstr "" + +#. type: Plain text +#: index.en.md:85 +#, markdown-text, no-wrap +msgid "[DNSManager](https://github.com/KaneRoot/dnsmanager):\n: domain registry software powering [netlib.re](https://netlib.re/)\n" +msgstr "" + +#. type: Plain text +#: index.en.md:88 +#, markdown-text, no-wrap +msgid "[EU.org](https://nic.eu.org/)\n: domain registry\n" +msgstr "" + +#. type: Plain text +#: index.en.md:91 +#, markdown-text, no-wrap +msgid "[DNS Witch](https://dns-witch.net.eu.org/)\n: user-friendly domain hosting based on EU.org\n" +msgstr "" + +#. type: Plain text +#: index.en.md:94 +#, markdown-text, no-wrap +msgid "[Codeberg Pages](https://codeberg.page/)\n: static website hosting published through Git\n" +msgstr "" + +#. type: Plain text +#: index.en.md:96 +#, markdown-text, no-wrap +msgid "[Njalla](https://njal.la/)\n: anonymous domain registrar\n" +msgstr "" + +#. type: Title # +#: front/index.en.md:1 +#, markdown-text, no-wrap +msgid "ServNest user documentation" +msgstr "" + +#. type: Plain text +#: front/index.en.md:4 +#, markdown-text, no-wrap +msgid "* [Use ServNest](full-howto)\n* [How to create a static site](site-creation)\n" +msgstr "" + +#. type: Title # +#: front/full-howto.en.md:1 +#, markdown-text, no-wrap +msgid "Use ServNest" +msgstr "" + +#. type: Title ## +#: front/full-howto.en.md:3 +#, markdown-text, no-wrap +msgid "Introduction" +msgstr "" + +#. type: Plain text +#: front/full-howto.en.md:6 +#, markdown-text, no-wrap +msgid "This document describes the steps for the combined use of each service of a ServNest installation.\n" +msgstr "" + +#. type: Plain text +#: front/full-howto.en.md:12 +#, markdown-text, no-wrap +msgid "In short, it consists of:\n1. on the **Authentication** service: creating an account\n2. on the **Registry** service: registering a domain name in one of the available suffixes\n3. on the **Name servers** service: configuring a DNS zone for this domain\n4. on the **Web** service: uploading files using SFTP and making them accessible through the Web with the domain previously registered and configured\n" +msgstr "" + +#. type: Title ## +#: front/full-howto.en.md:13 +#, markdown-text, no-wrap +msgid "Prerequisites" +msgstr "" + +#. type: Plain text +#: front/full-howto.en.md:20 +#, markdown-text, no-wrap +msgid "* the address of an existing ServNest installation (see the list on the homepage)\n* a way to communicate with the chosen installation administrator, to get the account approved\n* a web browser (for example LibreWolf, Tor Browser or Firefox)\n* an SFTP client (for example Dolphin on KDE, GNOME Files or FileZilla)\n* files to be served on the site (typically in HTML format)\n" +msgstr "" + +#. type: Title ## +#: front/full-howto.en.md:21 +#, markdown-text, no-wrap +msgid "Step 1: account creation" +msgstr "" + +#. type: Plain text +#: front/full-howto.en.md:24 +#, markdown-text, no-wrap +msgid "Create an account and get it approved\n" +msgstr "" + +#. type: Plain text +#: front/full-howto.en.md:28 +#, markdown-text, no-wrap +msgid "1. From the chosen ServNest installation home page, go to the **Authentication** service, then use the page **Create account**\n2. Ask your installation administrator an approval key, according to the instructions on the link **About this installation** on the installation home page, and wait for their answer\n3. Use the answered key on the **Switch to an approved account** page\n" +msgstr "" + +#. type: Title ## +#: front/full-howto.en.md:29 +#, markdown-text, no-wrap +msgid "Step 2: domain registration" +msgstr "" + +#. type: Plain text +#: front/full-howto.en.md:32 +#, markdown-text, no-wrap +msgid "Choose a domain name\n" +msgstr "" + +#. type: Plain text +#: front/full-howto.en.md:35 +#, markdown-text, no-wrap +msgid "1. Go to the **Registry** service\n2. **Register domain**\n" +msgstr "" + +#. type: Title ## +#: front/full-howto.en.md:36 +#, markdown-text, no-wrap +msgid "Step 3: the DNS zone" +msgstr "" + +#. type: Title ### +#: front/full-howto.en.md:38 +#, markdown-text, no-wrap +msgid "Step 3.1: DNS zone creation" +msgstr "" + +#. type: Plain text +#: front/full-howto.en.md:41 +#, markdown-text, no-wrap +msgid "Authenticate the DNS zone creation by creating a specific DNS record in the parent zone (the registry), then actually create the zone\n" +msgstr "" + +#. type: Plain text +#: front/full-howto.en.md:46 +#, markdown-text, no-wrap +msgid "1. On the **Name servers** > **Add zone** page, copy the required NS record value (Don't submit the form yet)\n2. Paste the value in **Registry** > **NS records** and submit\n3. Submit the form on **Name servers** > **Add zone**\n4. Paste the value in **Registry** > **NS records** again, but this time select the **Delete** action, then submit\n" +msgstr "" + +#. type: Title ### +#: front/full-howto.en.md:47 +#, markdown-text, no-wrap +msgid "Step 3.2: delegation to the DNS zone" +msgstr "" + +#. type: Plain text +#: front/full-howto.en.md:50 +#, markdown-text, no-wrap +msgid "Tell the registry to delegate the domain name resolution to the servers on which we just created the zone\n" +msgstr "" + +#. type: Plain text +#: front/full-howto.en.md:53 +#, markdown-text, no-wrap +msgid "For each domain name listed in the **Name servers** section on the home page of the **Name servers** service:\n1. Copy-paste this domain name in **Registry** > **DNS records** then submit\n" +msgstr "" + +#. type: Title ### +#: front/full-howto.en.md:54 +#, markdown-text, no-wrap +msgid "Optional step 3.3: DNSSEC activation" +msgstr "" + +#. type: Plain text +#: front/full-howto.en.md:57 +#, markdown-text, no-wrap +msgid "Tell the registry the public key of the DNS zone in order to enable the DNSSEC trust delegation and thus the DNS zone records authentication\n" +msgstr "" + +#. type: Plain text +#: front/full-howto.en.md:60 +#, markdown-text, no-wrap +msgid "1. On **Name servers** > **Display zone**, select **DS records** then submit\n2. Transmit the display values to **Registry** > **DS records**\n" +msgstr "" + +#. type: Title ## +#: front/full-howto.en.md:61 +#, markdown-text, no-wrap +msgid "Step 4: the website" +msgstr "" + +#. type: Title ### +#: front/full-howto.en.md:63 +#, markdown-text, no-wrap +msgid "Step 4.1: SFTP upload" +msgstr "" + +#. type: Plain text +#: front/full-howto.en.md:69 +#, markdown-text, no-wrap +msgid "1. Transmit the values displayed on the **Web** service home page to the SFTP client\n2. If the SFTP asks to confirm the server's public key fingerprint, check that it matches one of the values display on the web page. If none of the values match, cancel the connection, then check the settings, change Internet connection or contact the administrator. (Connecting to an SFTP server without verifying it's authenticity can allow an attacker to takeover your account.)\n3. The SFTP space is empty by default. Create a directory named without spaces, accents or special characters (for example `site`)\n4. Copy-paste the site files inside this new directory\n" +msgstr "" + +#. type: Title ### +#: front/full-howto.en.md:70 +#, markdown-text, no-wrap +msgid "Step 4.2: HTTP access creation" +msgstr "" + +#. type: Plain text +#: front/full-howto.en.md:75 +#, markdown-text, no-wrap +msgid "1. In **Name servers** > **Synchronized records**, add an entry with the domain displayed on **Web** > **Dedicated domain with Let's Encrypt certificate access** as the **Source domain**\n2. In **Name servers** > **TXT records**, add for the **Subdomain** `_auth` the value displayed on **Web** > **Dedicated domain with Let's Encrypt certificate access**\n3. Submit the form **Dedicated domain with Let's Encrypt certificate access**\n" +msgstr "" + +#. type: Title ## +#: front/full-howto.en.md:76 +#, markdown-text, no-wrap +msgid "Conclusion" +msgstr "" + +#. type: Plain text +#: front/full-howto.en.md:78 +#, markdown-text, no-wrap +msgid "Accessing `https://domain.example/file` displays the file `/site/file` from the SFTP space.\n" +msgstr "" + +#. type: Title # +#: front/site-creation.en.md:1 +#, markdown-text, no-wrap +msgid "How to create a static site" +msgstr "" + +#. type: Title ## +#: front/site-creation.en.md:3 +#, markdown-text, no-wrap +msgid "Manually" +msgstr "" + +#. type: Plain text +#: front/site-creation.en.md:6 +#, markdown-text, no-wrap +msgid "A site can be created by handwriting HTML files.\n" +msgstr "" + +#. type: Title ## +#: front/site-creation.en.md:7 +#, markdown-text, no-wrap +msgid "Using a static sites generator" +msgstr "" + +#. type: Plain text +#: front/site-creation.en.md:10 +#, markdown-text, no-wrap +msgid "Static sites generator are tools that generate static HTML sites from another format, usually from Markdown.\n" +msgstr "" + +#. type: Plain text +#: front/site-creation.en.md:13 +#, markdown-text, no-wrap +msgid "[Zola](https://www.getzola.org/)\n: command line interface\n" +msgstr "" + +#. type: Plain text +#: front/site-creation.en.md:16 +#, markdown-text, no-wrap +msgid "[Hugo](https://gohugo.io/)\n: command line interface\n" +msgstr "" + +#. type: Plain text +#: front/site-creation.en.md:18 +#, markdown-text, no-wrap +msgid "[Publii](https://getpublii.com/)\n: desktop software using Electron\n" +msgstr "" diff --git a/po/fr.po b/po/fr.po new file mode 100644 index 0000000..fe5aea6 --- /dev/null +++ b/po/fr.po @@ -0,0 +1,608 @@ +msgid "" +msgstr "" +"POT-Creation-Date: 2024-01-15 19:39+0100\n" +"Content-Type: text/plain; charset=UTF-8\n" + +#. type: Title # +#: index.en.md:1 +#, no-wrap +msgid "ServNest" +msgstr "ServNest" + +#. type: Plain text +#: index.en.md:4 +#, no-wrap +msgid "ServNest is software providing an HTTP service with HTML interface allowing users to manage 3 independent services:\n" +msgstr "ServNest est un logiciel fournissant un service HTTP avec une interface HTML permettant à ses utilisataires de gérer 3 services indépendants :\n" + +#. type: Plain text +#: index.en.md:8 +#, no-wrap +msgid "" +"* Subdomain registration and delegation, in a public suffix registry\n" +"* DNS zone hosting\n" +"* Static HTTP site hosting (installed using SFTP)\n" +msgstr "" +"* Enregistrement et délégation de sous-domaine, dans un registre de suffixe public\n" +"* Hébergement de zone DNS\n" +"* Hébergement de site HTTP statique (installé par SFTP)\n" + +#. type: Title ## +#: index.en.md:9 +#, no-wrap +msgid "Documentation" +msgstr "Documentation" + +#. type: Plain text +#: index.en.md:13 +#, no-wrap +msgid "" +"[User documentation](front/)\n" +": use an existing ServNest installation\n" +msgstr "" +"[Documentation utilisatrice](front/)\n" +": utiliser une installation de ServNest existante\n" + +#. type: Plain text +#: index.en.md:16 +#, no-wrap +msgid "" +"[Internals](back/)\n" +": understand, contribute or deploy a new ServNest installation\n" +msgstr "" +"[Fonctionnement interne](back/)\n" +": comprendre, contribuer ou déployer une nouvelle installation de ServNest\n" + +#. type: Title ## +#: index.en.md:17 +#, no-wrap +msgid "Status" +msgstr "État" + +#. type: Plain text +#: index.en.md:20 +#, no-wrap +msgid "ServNest is alpha software. Proper versioning, changelog and upgrade and migration instructions are still missing.\n" +msgstr "ServNest est un logiciel en alpha. Il lui manque encore du versionnage, des notes de version et des instruction de mise à jour et migration correctes.\n" + +#. type: Title ## +#: index.en.md:21 +#, no-wrap +msgid "Installation list" +msgstr "Liste des installations" + +#. type: Plain text +#: index.en.md:25 +#, no-wrap +msgid "" +"[Niver](https://about.niv.re/)\n" +": administrated by the main developer\n" +msgstr "" +"[Niver](https://about.niv.re/)\n" +": administrée par lo principale développaire\n" + +#. type: Title ## +#: index.en.md:26 +#, no-wrap +msgid "Detailed features" +msgstr "Fonctionnalités détaillées" + +#. type: Title ### +#: index.en.md:28 +#, no-wrap +msgid "Public suffix registry (`reg`)" +msgstr "Registre de suffixe publique (`reg`)" + +#. type: Plain text +#: index.en.md:37 +#, no-wrap +msgid "" +"* Register a subdomain of the registry\n" +"* Set domain's nameservers\n" +"* Set a DS record to enable DNSSEC\n" +"* Set Glue records\n" +"* Display records\n" +"* Transfer domain to another account\n" +"* Partial `CSYNC` and `CDS` support to synchronize from child zone\n" +msgstr "" +"* Enregistrer un sous-domaine du registre\n" +"* Définir les serveurs de noms d'un domaine\n" +"* Définir un enregistrement DS pour activer DNSSEC\n" +"* Définir des Glue records\n" +"* Afficher les enregistrements\n" +"* Transférer un domaine vers un autre compte\n" +"* Support partiel des enregistrements `CSYNC` et `CDS` pour synchroniser depuis une zone enfant\n" + +#. type: Title ### +#: index.en.md:38 +#, no-wrap +msgid "Name server (`ns`)" +msgstr "Serveur de noms (`ns`)" + +#. type: Plain text +#: index.en.md:45 +#, no-wrap +msgid "" +"* Host a zone on the server\n" +"* Plain zone file edition\n" +"* Dedicated forms to set/unset `A`, `AAAA`, `NS`, `TXT`, `CAA`, `SRV`, `MX`, `SRV`, `SSHFP`, `TLSA`, `CNAME`, `DNAME` and `LOC` records\n" +"* Display records or the full zone file\n" +"* Keep records in sync with another domain (`CNAME` alternative for apex domains)\n" +msgstr "" +"* Héberger une zone DNS sur le server\n" +"* Édition du fichier de zone brut\n" +"* Formulaires dédiés pour ajouter/retirer les enregistrements `A`, `AAAA`, `NS`, `TXT`, `CAA`, `SRV`, `MX`, `SRV`, `SSHFP`, `TLSA`, `CNAME`, `DNAME` et `LOC`\n" +"* Afficher les enregistrements ou le fichier de zone complet\n" +"* Garder les enregistrements synchronisés avec un autre domaine (alternative au `CNAME` pour les domaines à l'apex)\n" + +#. type: Title ### +#: index.en.md:46 +#, no-wrap +msgid "Static HTTP site hosting (`ht`)" +msgstr "Hébergement de sites HTTP statiques (`ht`)" + +#. type: Plain text +#: index.en.md:49 +#, no-wrap +msgid "Upload site's files to the server using SFTP. The way the site is accessed can then be choosed:\n" +msgstr "Téléverser les fichier du site sur le serveur avec SFTP. La façon dont le site est accédé peut être choisie :\n" + +#. type: Plain text +#: index.en.md:54 +#, no-wrap +msgid "" +"* Dedicated domain name and Let's Encrypt certificate\n" +"* Dedicated onion service (through Tor)\n" +"* Subdomain of a shared root domain\n" +"* HTTP subpath of a shared domain\n" +msgstr "" +"* Certificat Let's Encrypt et nom de domaine dédié\n" +"* Service Onion dédié (par Tor)\n" +"* Sous-domaine d'un domaine racine partagé\n" +"* Sous-chemin HTTP d'un domaine partagé\n" + +#. type: Plain text +#: index.en.md:56 +#, no-wrap +msgid "Some Apache configuration directives are available through `.htaccess`.\n" +msgstr "Certaines directives de configuration d'Apache sont dispnibles par le `.htaccess`.\n" + +#. type: Title ## +#: index.en.md:57 +#, no-wrap +msgid "Resources" +msgstr "Ressources" + +#. type: Plain text +#: index.en.md:61 +#, no-wrap +msgid "" +"[ServNest website](https://servnest.niv.re/)\n" +": information about ServNest\n" +msgstr "" +"[Site web de ServNest](https://servnest.niv.re/)\n" +": informations sur ServNest\n" + +#. type: Plain text +#: index.en.md:65 +#, no-wrap +msgid "" +"[Matrix room](matrix:r/servnest:matrix.antopie.org) (`#servnest:matrix.antopie.org`)\n" +": english/french\n" +": discuss, get help and organise contribution\n" +msgstr "" +"[Salon Matrix](matrix:r/servnest:matrix.antopie.org) (`#servnest:matrix.antopie.org`)\n" +": anglais/français\n" +": discuter, s'entraider et organiser la contribution\n" + +#. type: Plain text +#: index.en.md:69 +#, no-wrap +msgid "" +"[Issue tracker](https://code.antopie.org/servnest/servnest/issues/)\n" +": english\n" +": keep track of bugs and wanted features\n" +msgstr "" +"[Gestionnaire de tickets](https://code.antopie.org/servnest/servnest/issues/)\n" +": anglais\n" +": garder une trace des bugs et des fonctionnalités demandées\n" + +#. type: Plain text +#: index.en.md:73 +#, no-wrap +msgid "" +"[ServNest source code](https://code.antopie.org/servnest/servnest/)\n" +": english\n" +": code\n" +msgstr "" +"[Code source de ServNest](https://code.antopie.org/servnest/servnest/)\n" +": anglais\n" +": le code\n" + +#. type: Plain text +#: index.en.md:76 +#, no-wrap +msgid "" +"[ServNest website source](https://code.antopie.org/servnest/docs/)\n" +": code, administration documentation\n" +msgstr "" +"[Source du site web de ServNest](https://code.antopie.org/servnest/docs/)\n" +": code, documentation d'administration\n" + +#. type: Title ## +#: index.en.md:77 +#, no-wrap +msgid "Direct contact details" +msgstr "Informations de contact direct" + +#. type: Plain text +#: index.en.md:80 +#, no-wrap +msgid "Find them on [my site](https://miraty.niv.re/contact).\n" +msgstr "À trouver sur [my site](https://miraty.niv.re/contact).\n" + +#. type: Title ## +#: index.en.md:81 +#, no-wrap +msgid "Somehow similar projects" +msgstr "Projets plus ou moins similaires" + +#. type: Plain text +#: index.en.md:85 +#, no-wrap +msgid "" +"[DNSManager](https://github.com/KaneRoot/dnsmanager):\n" +": domain registry software powering [netlib.re](https://netlib.re/)\n" +msgstr "" +"[DNSManager](https://github.com/KaneRoot/dnsmanager):\n" +": logiciel de registre de noms de domaines derrière [netlib.re](https://netlib.re/)\n" + +#. type: Plain text +#: index.en.md:88 +#, no-wrap +msgid "" +"[EU.org](https://nic.eu.org/)\n" +": domain registry\n" +msgstr "" +"[EU.org](https://nic.eu.org/)\n" +": registre de noms de domaines\n" + +#. type: Plain text +#: index.en.md:91 +#, no-wrap +msgid "" +"[DNS Witch](https://dns-witch.net.eu.org/)\n" +": user-friendly domain hosting based on EU.org\n" +msgstr "" +"[DNS Witch](https://dns-witch.net.eu.org/)\n" +": hébergement de domaine facile d'utilisation basé sur EU.org\n" + +#. type: Plain text +#: index.en.md:94 +#, no-wrap +msgid "" +"[Codeberg Pages](https://codeberg.page/)\n" +": static website hosting published through Git\n" +msgstr "" +"[Codeberg Pages](https://codeberg.page/)\n" +": hébergement de site web statique publié par Git\n" + +#. type: Plain text +#: index.en.md:96 +#, no-wrap +msgid "" +"[Njalla](https://njal.la/)\n" +": anonymous domain registrar\n" +msgstr "" +"[Njalla](https://njal.la/)\n" +": registraire de domaines anonyme\n" + +#. type: Title # +#: front/index.en.md:1 +#, no-wrap +msgid "ServNest user documentation" +msgstr "Documentation utilisatrice de ServNest" + +#. type: Plain text +#: front/index.en.md:4 +#, no-wrap +msgid "" +"* [Use ServNest](full-howto)\n" +"* [How to create a static site](site-creation)\n" +msgstr "" +"* [Utiliser ServNest](full-howto)\n" +"* [Comment créer un site statique](site-creation)\n" + +#. type: Title # +#: front/full-howto.en.md:1 +#, no-wrap +msgid "Use ServNest" +msgstr "Utiliser ServNest" + +#. type: Title ## +#: front/full-howto.en.md:3 +#, no-wrap +msgid "Introduction" +msgstr "Introduction" + +#. type: Plain text +#: front/full-howto.en.md:6 +#, no-wrap +msgid "This document describes the steps for the combined use of each service of a ServNest installation.\n" +msgstr "Ce document décrit les étapes nécessaires à l'utilisation combinée de chacun des services d'une installation ServNest.\n" + +#. type: Plain text +#: front/full-howto.en.md:12 +#, no-wrap +msgid "" +"In short, it consists of:\n" +"1. on the **Authentication** service: creating an account\n" +"2. on the **Registry** service: registering a domain name in one of the available suffixes\n" +"3. on the **Name servers** service: configuring a DNS zone for this domain\n" +"4. on the **Web** service: uploading files using SFTP and making them accessible through the Web with the domain previously registered and configured\n" +msgstr "" +"En résumé, il s'agit de :\n" +"1. sur le service **Authentification** : créer un compte\n" +"2. sur le service **Registre** : enregistrer un nom de domaine parmi les suffixes disponibles\n" +"3. sur le service **Serveurs de nom** : configurer une zone DNS pour son domaine\n" +"4. sur le service **Web** : téléverser des fichiers par SFTP et les rendre accessibles par le Web avec le domaine précédemment enregistré et configuré\n" + +#. type: Title ## +#: front/full-howto.en.md:13 +#, no-wrap +msgid "Prerequisites" +msgstr "Prérequis" + +#. type: Plain text +#: front/full-howto.en.md:20 +#, no-wrap +msgid "" +"* the address of an existing ServNest installation (see the list on the homepage)\n" +"* a way to communicate with the chosen installation administrator, to get the account approved\n" +"* a web browser (for example LibreWolf, Tor Browser or Firefox)\n" +"* an SFTP client (for example Dolphin on KDE, GNOME Files or FileZilla)\n" +"* files to be served on the site (typically in HTML format)\n" +msgstr "" +"* l'adresse d'une installation ServNest (voir la liste sur la page d'accueil)\n" +"* un moyen de communiquer avec l'admin de l'installation de son choix, pour faire approuver son compte\n" +"* un navigateur Web (par exemple LibreWolf, Tor Browser ou Firefox)\n" +"* un client SFTP (par exemple Dolphin sur KDE, GNOME Fichiers ou FileZilla)\n" +"* des fichiers à servir sur le site (typiquement au format HTML)\n" + +#. type: Title ## +#: front/full-howto.en.md:21 +#, no-wrap +msgid "Step 1: account creation" +msgstr "Étape 1 : création du compte" + +#. type: Plain text +#: front/full-howto.en.md:24 +#, no-wrap +msgid "Create an account and get it approved\n" +msgstr "Créer un compte et lui faire passer l'anti-spam\n" + +#. type: Plain text +#: front/full-howto.en.md:28 +#, no-wrap +msgid "" +"1. From the chosen ServNest installation home page, go to the **Authentication** service, then use the page **Create account**\n" +"2. Ask your installation administrator an approval key, according to the instructions on the link **About this installation** on the installation home page, and wait for their answer\n" +"3. Use the answered key on the **Switch to an approved account** page\n" +msgstr "" +"1. Depuis la page d'accueil de l'installation ServNest choisie, se rendre dans le service **Authentification** puis utiliser la page **Créer un compte**\n" +"2. Demander une clé d'approbation à l'admin, selon les modalités indiquées par le lien **À propos de cette installation** sur la page d'accueil de l'installation, et attendre sa réponse\n" +"3. Utiliser la clé répondue sur la page **Passer à un compte approuvé**\n" + +#. type: Title ## +#: front/full-howto.en.md:29 +#, no-wrap +msgid "Step 2: domain registration" +msgstr "Étape 2 : enregistrement du domaine" + +#. type: Plain text +#: front/full-howto.en.md:32 +#, no-wrap +msgid "Choose a domain name\n" +msgstr "Choisir un nom de domaine\n" + +#. type: Plain text +#: front/full-howto.en.md:35 +#, no-wrap +msgid "" +"1. Go to the **Registry** service\n" +"2. **Register domain**\n" +msgstr "" +"1. Se rendre dans le service **Registre**\n" +"2. **Enregistrer un domaine**\n" + +#. type: Title ## +#: front/full-howto.en.md:36 +#, no-wrap +msgid "Step 3: the DNS zone" +msgstr "Étape 3 : la zone DNS" + +#. type: Title ### +#: front/full-howto.en.md:38 +#, no-wrap +msgid "Step 3.1: DNS zone creation" +msgstr "Étape 3.1 : création de la zone DNS" + +#. type: Plain text +#: front/full-howto.en.md:41 +#, no-wrap +msgid "Authenticate the DNS zone creation by creating a specific DNS record in the parent zone (the registry), then actually create the zone\n" +msgstr "Authentifier la création de la zone DNS en créant un enregistrement DNS spécifique dans la zone parente (le registre), puis effectivement créer la zone\n" + +#. type: Plain text +#: front/full-howto.en.md:46 +#, no-wrap +msgid "" +"1. On the **Name servers** > **Add zone** page, copy the required NS record value (Don't submit the form yet)\n" +"2. Paste the value in **Registry** > **NS records** and submit\n" +"3. Submit the form on **Name servers** > **Add zone**\n" +"4. Paste the value in **Registry** > **NS records** again, but this time select the **Delete** action, then submit\n" +msgstr "" +"1. Sur la page **Serveurs de nom** > **Ajouter une zone**, copier la valeur de l'enregistrement NS demandé (Ne pas valider le formulaire à ce stade)\n" +"2. Coller la valeur dans **Registre** > **Enregistrements NS** et valider\n" +"3. Valider le formulaire sur **Serveurs de nom** > **Ajouter une zone**\n" +"4. Coller la valeur dans **Registre** > **Enregistrements NS** à nouveau, mais cette fois sélectionner l'action **Retirer**, puis valider\n" + +#. type: Title ### +#: front/full-howto.en.md:47 +#, no-wrap +msgid "Step 3.2: delegation to the DNS zone" +msgstr "Étape 3.2 : délégation à la zone DNS" + +#. type: Plain text +#: front/full-howto.en.md:50 +#, no-wrap +msgid "Tell the registry to delegate the domain name resolution to the servers on which we just created the zone\n" +msgstr "Indiquer au registre de déléguer la résolution du nom de domaine aux serveurs sur lesquels on vient de créer la zone\n" + +#. type: Plain text +#: front/full-howto.en.md:53 +#, no-wrap +msgid "" +"For each domain name listed in the **Name servers** section on the home page of the **Name servers** service:\n" +"1. Copy-paste this domain name in **Registry** > **DNS records** then submit\n" +msgstr "" +"Pour chacun des noms de domaine listés dans la section **Serveurs de nom** de la page d'accueil du service **Serveurs de nom** :\n" +"1. Copier-coller ce nom de domaine dans **Registre** > **Enregistrements NS** et valider\n" + +#. type: Title ### +#: front/full-howto.en.md:54 +#, no-wrap +msgid "Optional step 3.3: DNSSEC activation" +msgstr "Étape 3.3 optionnelle : activation de DNSSEC" + +#. type: Plain text +#: front/full-howto.en.md:57 +#, no-wrap +msgid "Tell the registry the public key of the DNS zone in order to enable the DNSSEC trust delegation and thus the DNS zone records authentication\n" +msgstr "Indiquer au registre la clé publique de la zone DNS afin de permettre la délégation de la confiance DNSSEC et donc l'authentification des enregistrements servis dans la zone DNS\n" + +#. type: Plain text +#: front/full-howto.en.md:60 +#, no-wrap +msgid "" +"1. On **Name servers** > **Display zone**, select **DS records** then submit\n" +"2. Transmit the display values to **Registry** > **DS records**\n" +msgstr "" +"1. Sur **Serveurs de nom** > **Afficher une zone**, sélectionner **Enregistrement DS** puis valider\n" +"2. Transmettre à **Registre** > **Enregistrements DS** les valeurs affichées\n" + +#. type: Title ## +#: front/full-howto.en.md:61 +#, no-wrap +msgid "Step 4: the website" +msgstr "Étape 4 : le site Web" + +#. type: Title ### +#: front/full-howto.en.md:63 +#, no-wrap +msgid "Step 4.1: SFTP upload" +msgstr "Étape 4.1 : téléversement par SFTP" + +#. type: Plain text +#: front/full-howto.en.md:69 +#, no-wrap +msgid "" +"1. Transmit the values displayed on the **Web** service home page to the SFTP client\n" +"2. If the SFTP asks to confirm the server's public key fingerprint, check that it matches one of the values display on the web page. If none of the values match, cancel the connection, then check the settings, change Internet connection or contact the administrator. (Connecting to an SFTP server without verifying it's authenticity can allow an attacker to takeover your account.)\n" +"3. The SFTP space is empty by default. Create a directory named without spaces, accents or special characters (for example `site`)\n" +"4. Copy-paste the site files inside this new directory\n" +msgstr "" +"1. Transmettre les valeurs indiquées sur la page d'accueil du service **Web** à son client SFTP\n" +"2. Si le client SFTP demande de confirmer l'empreinte de clé publique du serveur, vérifier qu'elle correspond à l'une des valeurs indiquées sur la page Web. Si aucune valeur ne correspond exactement et entièrement, refuser la connexion, puis vérifier ses paramètres, changer de connexion Internet ou contacter l'administrataire. (Se connecter à un serveur SFTP sans vérification de son authenticité peut permettre la prise de contrôle de son compte par ane attaquante.)\n" +"3. L'espace SFTP est vide par défaut. Créer un dossier nommé sans espaces, accents ou caractères spéciaux (par exemple `site`)\n" +"4. Copier-coller les fichiers de son site à l'intérieur de ce nouveau dossier\n" + +#. type: Title ### +#: front/full-howto.en.md:70 +#, no-wrap +msgid "Step 4.2: HTTP access creation" +msgstr "Étape 4.2 : création de l'accès HTTP" + +#. type: Plain text +#: front/full-howto.en.md:75 +#, no-wrap +msgid "" +"1. In **Name servers** > **Synchronized records**, add an entry with the domain displayed on **Web** > **Dedicated domain with Let's Encrypt certificate access** as the **Source domain**\n" +"2. In **Name servers** > **TXT records**, add for the **Subdomain** `_auth` the value displayed on **Web** > **Dedicated domain with Let's Encrypt certificate access**\n" +"3. Submit the form **Dedicated domain with Let's Encrypt certificate access**\n" +msgstr "" +"1. Dans **Serveurs de nom** > **Enregistrements synchronisés**, ajouter une entrée avec pour **Domaine source** le domaine indiqué sur **Web** > **Accès par domaine dédié avec certificat Let's Encrypt**\n" +"2. Dans **Serveurs de nom** > **Enregistrements TXT**, ajouter sur le **Sous-domaine** `_auth` la valeur indiquée sur **Web** > **Accès par domaine dédié avec certificat Let's Encrypt**\n" +"3. Valider le formulaire **Accès par domaine dédié avec certificat Let's Encrypt**\n" + +#. type: Title ## +#: front/full-howto.en.md:76 +#, no-wrap +msgid "Conclusion" +msgstr "Conclusion" + +#. type: Plain text +#: front/full-howto.en.md:78 +#, no-wrap +msgid "Accessing `https://domain.example/file` displays the file `/site/file` from the SFTP space.\n" +msgstr "Accéder à `https://domaine.example/fichier` affiche le fichier `/site/fichier` de l'espace SFTP.\n" + +#. type: Title # +#: front/site-creation.en.md:1 +#, no-wrap +msgid "How to create a static site" +msgstr "Comment créer un site statique" + +#. type: Title ## +#: front/site-creation.en.md:3 +#, no-wrap +msgid "Manually" +msgstr "Manuellement" + +#. type: Plain text +#: front/site-creation.en.md:6 +#, no-wrap +msgid "A site can be created by handwriting HTML files.\n" +msgstr "Un site peut être créé en écrivant des fichiers HTML à la main.\n" + +#. type: Title ## +#: front/site-creation.en.md:7 +#, no-wrap +msgid "Using a static sites generator" +msgstr "En utilisant un générateur de sites statiques" + +#. type: Plain text +#: front/site-creation.en.md:10 +#, no-wrap +msgid "Static sites generator are tools that generate static HTML sites from another format, usually from Markdown.\n" +msgstr "Un générateur de sites statiques est un outils qui génère des sites HTML statiques depuis d'autres formats, le plus souvent depuis du Markdown.\n" + +#. type: Plain text +#: front/site-creation.en.md:13 +#, no-wrap +msgid "" +"[Zola](https://www.getzola.org/)\n" +": command line interface\n" +msgstr "" +"[Zola](https://www.getzola.org/)\n" +": interface en ligne de commande\n" + +#. type: Plain text +#: front/site-creation.en.md:16 +#, no-wrap +msgid "" +"[Hugo](https://gohugo.io/)\n" +": command line interface\n" +msgstr "" +"[Hugo](https://gohugo.io/)\n" +": interface en ligne de commande\n" + +#. type: Plain text +#: front/site-creation.en.md:18 +#, no-wrap +msgid "" +"[Publii](https://getpublii.com/)\n" +": desktop software using Electron\n" +msgstr "" +"[Publii](https://getpublii.com/)\n" +": logiciel de bureau utilisant Electron\n" diff --git a/po4a.cfg b/po4a.cfg new file mode 100644 index 0000000..88e4bb9 --- /dev/null +++ b/po4a.cfg @@ -0,0 +1,10 @@ +[po_directory] po/ + +[options] --master-charset UTF-8 --wrap-po no --msgmerge-opt '--no-wrap' + +[po4a_alias:md-en] text opt:"--master-language en --option markdown --keep 0.7 --option neverwrap --option nobullets" + +[type: md-en] index.en.md $lang:cache/index.$lang.md +[type: md-en] front/index.en.md $lang:cache/front/index.$lang.md +[type: md-en] front/full-howto.en.md $lang:cache/front/full-howto.$lang.md +[type: md-en] front/site-creation.en.md $lang:cache/front/site-creation.$lang.md diff --git a/src/authoritative.md b/src/authoritative.md deleted file mode 100644 index fc6faf2..0000000 --- a/src/authoritative.md +++ /dev/null @@ -1,5 +0,0 @@ -# Serveurs de noms ayant autorité - -Un serveur de nom ayant autorité est un serveur DNS qui connait la bonne information pour une zone DNS et qui est donc capable de répondre un enregistrement DNS sans devoir interroger un autre serveur DNS, contrairement à un serveur de noms récursif (alias résolveur DNS), qui se contente de reporter les requêtes aux serveurs ayant autorité adéquats. - -Une zone DNS est généralement servie simultanément par plusieurs serveurs de noms ayant autorité, afin d'éviter que la panne d'un seul serveur provoque l'indisponibilité du domaine. diff --git a/src/index.md b/src/index.md deleted file mode 100644 index 6813e95..0000000 --- a/src/index.md +++ /dev/null @@ -1,40 +0,0 @@ -# Documentation de Niver - -## Les bases - -[Les unités binaires](units.md) - -[Le protocole Internet](ip.md) - -[La cryptographie](crypto.md) - -## DNS - -[Le DNS](dns.md) -[Les zones DNS](zone.md) -[Les registres](registry.md) -[DNSSEC](dnssec.md) -[Les glue records](glue-record.md) -[Le logiciel Dig](dig.md) - -## Hypertexte - -### Chiffrement - -[Le protocole TLS](tls.md) -[Les autorités de certification](ca.md) - -[Le réseau Tor](tor.md) - -### Transport - -[Le protocole HTTP](http.md) -[Le protocole SFTP](sftp.md) - -### Languages - -[Le language Markdown](md.md) -[Le language HTML](html.md) -[Le language CSS](css.md) - -