= THIS PAGE IS A DRAFT, NOT A REAL COURSE PAGE = ''' The current schedule for OPS345 is here: [[OPS335_Weekly_Schedule]] * set up a new vm named 'ns1' in vpc-ops345, 10.3.45.12, ops345sgprivate* iptables -t nat -A PREROUTING -p tcp --dport 2212 -j DNAT --to 10.3.45.12:22* allow access to port 2212 in ops3455sg* install bind * what is DNS* how dns works* typical registrar process** propagation time* running a private DNS server* requirements to run a public DNS server* you should have received an email about a Bindistrar account that's been created for you* set up an A record for yourmysenecaid.ops345.ca to point to your elastic IP (the one assigned to router)* set up a CNAME record for www* test the two records above using dig, and using firefox* fix nextcloud "Access through untrusted domain" * certificates, CAs, relationship with DNS* CA-signed certs cost money. we have to use let's encrypt which is lame because it expires quickly unless you run their software on your server. but it's free* httpshttp://helpwiki.datica.com/hc/en-us/articles/360044373551-Creating-and-Deploying-a-LetsEncrypt-Certificate-Manually* install certbot in your workstation using apt or the software manager<source>$ sudo suroot@p51:/home/andrew# certbot certonly --manual --preferred-challenges dnsSaving debug log to /var/log/letsencrypt/letsencrypt.logPlugins selected: Authenticator manual, Installer NoneEnter email address (used for urgent renewal and security notices) (Enter 'c' tocancel): asmith15@mysenecalittlesvr.ca - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Please read the Terms of Service athttps:/wiki/letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You mustagree in order to register with the ACME server athttps://acme-v02.api.letsencrypt.org/directory- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -(A)gree/(C)ancel: a - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Would you be willing to share your email address with the Electronic FrontierFoundation, a founding partner of the Let's Encrypt project and the non-profitorganization that develops Certbot? We'd like to send you email about our workencrypting the web, EFF news, campaigns, and ways to support digital freedom.- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -(Y)es/(N)o: nPlease enter in your domain name(s) (comma and/or space separated) (Enter 'c'to cancel): asmith15.ops345.caObtaining a new certificatePerforming the following challenges:dns-01 challenge for asmith15.ops345.ca - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -NOTE: The IP of this machine will be publicly logged as having requested thiscertificate. If you're running certbot in manual mode on a machine that is notyour server, please ensure you're okay with that. Are you OK with your IP being logged?- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -(Y)es/(N)o: y - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Please deploy a DNS TXT record under the name_acme-challenge.asmith15.ops345.ca with the following value: SUobA6iJARuujmCDhb-4I0m61Zdtqe_uBgyX1ExrCPg Before continuing, verify the record is deployed.- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Press Enter to ContinueWaiting for verification...Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/asmith15.ops345.ca/fullchain.pem Your key file OPS345_Lab_5 This page has been saved at: /etc/letsencrypt/live/asmith15moved.ops345.ca/privkey.pem Your cert will expire on 2022-02-16. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le You have new mail in /var/mail/root</source>]
