Page 1 of 2

OpenMW Infra Maintenance Sunday

Posted: 19 Oct 2018, 12:58
by psi29a
Just a heads up to let everyone know that there might be some 'downtime' as we transition to new infrastructure. This will happen Sunday around 17:00 GMT and hopefully no one will notice a thing. If they do, they will notice something like: https://maintenance.openmw.org

Feel free to join us on IRC or Discord.

Our longtime comrade, developer and infrastructure admin lgromanowski is stepping down due to time constraints and has asked me (psi29a) and pvdk to take over the reigns of keeping the lights on for OpenMW. Please join us in thanking him for all his hard work keeping things humming along, paying the bills for hosting and donating his time to the project. Thanks Lgro! :)

Re: OpenMW Infra Maintenance Saturday

Posted: 19 Oct 2018, 15:13
by Ravenwing
Noooo! We’ll miss you lgro, thanks for all your work! Hope whatever is pulling you away from us is fun!

Re: OpenMW Infra Maintenance Sunday

Posted: 21 Oct 2018, 10:46
by HeadClot
The discord invite has expired.

Re: OpenMW Infra Maintenance Sunday

Posted: 21 Oct 2018, 11:31
by psi29a
Should be fixed, thanks.

Re: OpenMW Infra Maintenance Sunday

Posted: 21 Oct 2018, 20:45
by psi29a
Status update:

Everything has been migrated.

The main hold-up was the SSL cert provided mydevil which was expired (via let's encrypt) but cloudflair was hiding the error for us (ignoring it and re-wrapping before hitting you guys).

Feel free to poke around and check things out. If there are any issues, post them here please. We'll get them sorted.

Re: OpenMW Infra Maintenance Sunday

Posted: 22 Oct 2018, 08:42
by jvoisin
Speaking of cloudflare, is it really needed?

Re: OpenMW Infra Maintenance Sunday

Posted: 22 Oct 2018, 13:40
by psi29a
It isn't necessary and we can turn it off completely or selectively. We're not dependent on it however it does add a few things that we appreciate such as:
CDN and caching to take the load off the server, lowering costs for hosting
Another layer of anti-spam/malware that isn't too intrusive, usually end-users are asked to complete a form before they post to validate they are human
DDoS protection out of the box

So far it has been more help than hindrance. What are your particular concerns?

I've fixed the SSL issue for us, however if we turn off CF then I'll first need to get some GlobalSign SSL certs since this is an FOSS project, it should be free. The Let's Encrypt stuff is great but sadly not broadly available yet.

Re: OpenMW Infra Maintenance Sunday

Posted: 23 Oct 2018, 11:17
by jvoisin
It's only my personal opinion, but:
- As a Tor user, I'm tired of filling captchas to access websites, even static ones, all the time. It's no fun to mark the crosswalk 16 times (yes.) to read a news article, or to post an answer on a forum.
- The captchas used by cloudflare are used to improve US military drones
- About the anti-spam/anti-malware, what are you talking about? Cloudflare is able to prevent spam on the forum?
- It's worrying that the TLS certificate was invalid, but that cloudflare presented a valid one to users; TLS should be end-to-end encryption.

But on the other hand, it looks convenient, so I would understand if you kept it :)

Re: OpenMW Infra Maintenance Sunday

Posted: 23 Oct 2018, 12:10
by lgromanowski
ap0 wrote: 23 Oct 2018, 11:17 It's only my personal opinion, but:
- As a Tor user, I'm tired of filling captchas to access websites, even static ones, all the time. It's no fun to mark the crosswalk 16 times (yes.) to read a news article, or to post an answer on a forum.
- The captchas used by cloudflare are used to improve US military drones
- About the anti-spam/anti-malware, what are you talking about? Cloudflare is able to prevent spam on the forum?
- It's worrying that the TLS certificate was invalid, but that cloudflare presented a valid one to users; TLS should be end-to-end encryption.

But on the other hand, it looks convenient, so I would understand if you kept it :)
If you don't like CF because of Tor, then there is a solution for OpenMW (it was enabled earlier, and perhaps psi29a enabled, or will enable, it too) - in CF firewall / ip firewall / access rules following setting should be added:

country: "T1" (Tor), whitelist, this website, Note: "Whitelist TOR users"

Re: OpenMW Infra Maintenance Sunday

Posted: 23 Oct 2018, 12:14
by AnyOldName3
Then we'd just get extra spam from Tor users if they have any way of knowing we've got that setting set.