[AlternC-dev] Let's encrypt & proper logging / messages & API for 3.5 ?

Retour à l'archive de la liste
Le site d'AlternC
Google Custom Search

Benjamin Sonntag benjamin at sonntag.fr
Jeu 18 Juin 16:17:42 CEST 2015


Hi all,

with Alban Crommer from Octopuce, we recently merged the master and the stable-3.1 version, that will produce the next one, called at least 3.5 (because I messed up with some upgrade script name at some point...)

This version will have minor improvements from the latest 3.1.X, so I guess it's a good time to discuss other (minor) improvements we could do then.

(I hope we will be able to release it this summer, before mid-September.)

I have the 3 proposal below : 

1. ERROR / NOTICE / WARNING & LOGGING : 

- replacing the err->log() and err->raise() logger by something more useful since: 
  /var/log/alternc/bureau.log is as useless as it can be
  and notice/success message are shown with a red background and a red hand !

I propose we use syslog for main action-logging (like 'this ip, logged on this user account, did this action (not read call, only write/delete ones), with these parameters)
This would allow to know better what's going on in the panel, not every single function call :/
And this would also allow an easy integration of fail2ban as [aCe] asked for in the IRC channel.

for user-centric messages, I propose we insert 3 class of messages: 
- notice (success) (blue or green + ok icon)
- warning  (orange + warning icon)
- error (red + error icon)
  The icon in the display is important: I have 2 users who can't see much colors... ;)

This is not a huge job, and would be great for 


2. API FOR ALL CALLS

finish the implementation of the AlternC API for all the functions we have, so that we could build alternative version of the control panel, either just for UX purpose or design or features asked by some customer ...
This would allow us to create a mobile client too, or anything you could think about
(the API is currently used by Octopuce to do 2 things : Dynamic DNS for Failover infrastructure, and SSL Certificate Install / automatic deployment)


3. LETS ENCRYPT !

the SSL Module is quite nice and working as far as we tested it, but the Let's Encrypt project is coming mid-September 2015 : https://letsencrypt.org/

>From this day on, we will be able to obtain proper browser-recognized ssl certifcates for free through the LetsEncrypt API.
I propose we build a PHP client for this API (no client developped yet) 
and we entirely integrate SSL everywhere:
- in the panel
- for hosted domains
- for all other services (ftp/imap/pop/...)
  (they are here already, but not everytime with a proper CA-signed certificate)

Thanks to that, we would remove almost every reference to HTTPS in the panel, because ALL OUR VHOSTS would be HTTP + HTTPS
(we would keep SSL certificates interfaces though, somewhere as an advanced form, in case people would still want to buy and install specific certificates like EV or corporate-ones)




Your opinion questions and proposals are welcome,

regards,

Benjamin Sonntag






Plus d'informations sur la liste de diffusion Dev