Namecoin : new hosting planned

khal
Site Admin
Posts: 708
Joined: Mon May 09, 2011 5:09 pm
os: linux

Namecoin : new hosting planned

Post by khal »

For ease of shared use (a separate account on the server provider), security reasons (not mixing my other websites on the same VM/host), flexibility (ability to create several VM), etc, I'm planning to rent a separate dedicated server for namecoin.
In the future, the new account will be managed by the foundation.

If OVH fits our needs and cost requirements (current server is paid by me, this one will need to be paid by the community/donations), I'll prefer to still use them.

Their servers (I excluded kimsufi.com, no raid, limited IPs number) :
http://www.soyoustart.com/offres.xml
http://www.ovh.com/
For ex : http://www.soyoustart.com/offres/sys-e32-1.xml (or the next one with a ssd of 120GB [a bit short ?])
- price : 35€ (VAT not included)
- IP : 1 (2€ per additional IP)
Hint : if the account is created by a non french people, VAT (20% more) is not due

Requirements :
- raid
- virtualization/containers

Possible usages (when will we be able to vote in namecoin to decide this ? :p) :
- a namecoin node (in dns seed)
- a public .bit dns server
- forum
- wiki
- websites
- nameid instance
- jenkins (unit tests, automatic build & release, etc)
- etc

What do you think ?
NamecoinID: id/khal
GPG : 9CC5B92E965D69A9
NMC: N1KHAL5C1CRzy58NdJwp1tbLze3XrkFxx9
BTC: 1KHAL8bUjnkMRMg9yd2dNrYnJgZGH8Nj6T

Register Namecoin domains with BTC
My bitcoin Identity - Send messages to bitcoin users
Charity Ad - Make a good deed without paying a cent

indolering
Posts: 801
Joined: Sun Aug 18, 2013 8:26 pm
os: mac

Re: Namecoin : new hosting planned

Post by indolering »

This is awesome, exactly what I think we need to move forward. I'm willing to pitch in $20/month to get us going. Hopefully we can find other income streams to cover it but for now.... Anyone else? Remember, I'm a poor college student so if I can pitch in, well, you have no excuse!

In my conversation with Khal on IRC, we went over the account types, Khal, Phelix, and maybe one other person can share the admin/owner account while giving "technical" and "billing" accounts to those who need them. And thus Khal would become fully bus-able! This is is also the first step in reducing legal liability, as mixing personal funds indiscriminately is a big no-no if we want to use a legal entity to shield us from liability.

I would also be willing to pitch in another $10/month for Cloudflare pro account. We should use Cloudflare even if it is just on a free account, but the Pro enables SSL and a few other tricks. However, I would recommend we use a secondary, non-cached domain name (like Namecoin.cc) for testing purposes. I've contacted them about getting *.bit working.
DNS is much more than a key->value datastore.

domob
Posts: 1129
Joined: Mon Jun 24, 2013 11:27 am
Contact:

Re: Namecoin : new hosting planned

Post by domob »

indolering wrote:I would also be willing to pitch in another $10/month for Cloudflare pro account. We should use Cloudflare even if it is just on a free account, but the Pro enables SSL and a few other tricks. However, I would recommend we use a secondary, non-cached domain name (like Namecoin.cc) for testing purposes. I've contacted them about getting *.bit working.
Wouldn't Cloudflare mean that they hold our TLS keys instead of us? While I understand that this is what almost every Bitcoin business is doing, I don't think this is a great thing if we can avoid it. Do you think we need their protections?
BTC: 1domobKsPZ5cWk2kXssD8p8ES1qffGUCm | NMC: NCdomobcmcmVdxC5yxMitojQ4tvAtv99pY
BM-GtQnWM3vcdorfqpKXsmfHQ4rVYPG5pKS
Use your Namecoin identity as OpenID: https://nameid.org/

indolering
Posts: 801
Joined: Sun Aug 18, 2013 8:26 pm
os: mac

Re: Namecoin : new hosting planned

Post by indolering »

domob wrote: Wouldn't Cloudflare mean that they hold our TLS keys instead of us? While I understand that this is what almost every Bitcoin business is doing, I don't think this is a great thing if we can avoid it. Do you think we need their protections?
No, they use their own certs, using our keys requires a more expensive subscription. It would mean that we would need to trust them not to MITM us but... well, that's what is required of any name server and considering Wikileaks uses Cloudflare...

Using Cloudflare hides the IP address of the origin server, making it much more difficult to get to our infrastructure directly. It would also enable us to let web admins configure the DNS but prevent them from transferring the domain out of our control.
DNS is much more than a key->value datastore.

khal
Site Admin
Posts: 708
Joined: Mon May 09, 2011 5:09 pm
os: linux

Re: Namecoin : new hosting planned

Post by khal »

OVH has recently added a DDOS protection on all their servers (good enough to cost everybody 1€ more per server)
For the DNS thing, we can host our own dns server and manage everything we want how we want.

So, I don't know if Cloudflare is really needed.

However, glad to know there is some poor student ready to help :)
NamecoinID: id/khal
GPG : 9CC5B92E965D69A9
NMC: N1KHAL5C1CRzy58NdJwp1tbLze3XrkFxx9
BTC: 1KHAL8bUjnkMRMg9yd2dNrYnJgZGH8Nj6T

Register Namecoin domains with BTC
My bitcoin Identity - Send messages to bitcoin users
Charity Ad - Make a good deed without paying a cent

indolering
Posts: 801
Joined: Sun Aug 18, 2013 8:26 pm
os: mac

Re: Namecoin : new hosting planned

Post by indolering »

khal wrote: OVH has recently added a DDOS protection on all their servers (good enough to cost everybody 1€ more per server)
For the DNS thing, we can host our own dns server and manage everything we want how we want.

So, I don't know if Cloudflare is really needed.
Yeah, their spambot protection would probably been of minimal help given our users and we can wait to turn the DDOS on.
khal wrote: However, glad to know there is some poor student ready to help :)
Hopefully we will get more funding soon : )
Last edited by indolering on Thu Jan 16, 2014 8:30 pm, edited 1 time in total.
DNS is much more than a key->value datastore.

sudoquai
Posts: 166
Joined: Fri Dec 20, 2013 2:48 am
os: linux
Contact:

Re: Namecoin : new hosting planned

Post by sudoquai »

Hey nice, really good work in the right direction Khal !

One question: Is this for dot-bit.org and namecoin.org as well? And is it planned to integrate a good CMS. I've looked around a little bit the last days, and imho i like Joomla a lot as well as TYPO3. I Think the usage of a good CMS is very important because it supports a efficient flow in the team as well.
NameID: id/sudo.wonder >>> Namecoin @ Facebook: https://www.facebook.com/namecoin.org

khal
Site Admin
Posts: 708
Joined: Mon May 09, 2011 5:09 pm
os: linux

Re: Namecoin : new hosting planned

Post by khal »

soyoustart.com offers are limited to a total of 6 public IPv4 (35€ + 5x2€ = 45€ = 60$) + 1 IPv6 (a /64 network)
It is cheaper to take a second one than to take this one : http://www.ovh.com/fr/serveurs_dedies/h ... OST-32.xml, so we would not need to move everything to a new bigger server.
Do you agree it still fit our needs ?

sudoquai wrote:One question: Is this for dot-bit.org and namecoin.org as well? And is it planned to integrate a good CMS. I've looked around a little bit the last days, and imho i like Joomla a lot as well as TYPO3. I Think the usage of a good CMS is very important because it supports a efficient flow in the team as well.
As replied on irc, it'll be for namecoin.info and namecoin.org (pitbull agree to move the site on the future server). dot-bit.org domain/services may or may not move on it, we'll decide that later.
NamecoinID: id/khal
GPG : 9CC5B92E965D69A9
NMC: N1KHAL5C1CRzy58NdJwp1tbLze3XrkFxx9
BTC: 1KHAL8bUjnkMRMg9yd2dNrYnJgZGH8Nj6T

Register Namecoin domains with BTC
My bitcoin Identity - Send messages to bitcoin users
Charity Ad - Make a good deed without paying a cent

indolering
Posts: 801
Joined: Sun Aug 18, 2013 8:26 pm
os: mac

Re: Namecoin : new hosting planned

Post by indolering »

khal wrote:soyoustart.com offers are limited to a total of 6 public IPv4 (35€ + 5x2€ = 45€ = 60$) + 1 IPv6 (a /64 network)
It is cheaper to take a second one than to take this one : http://www.ovh.com/fr/serveurs_dedies/h ... OST-32.xml, so we would not need to move everything to a new bigger server.
Do you agree it still fit our needs ?
I think 2 public IP's should be plenty. We will probably be throwing everything behind an NGINX proxy anyway, right?
DNS is much more than a key->value datastore.

indolering
Posts: 801
Joined: Sun Aug 18, 2013 8:26 pm
os: mac

Re: Namecoin : new hosting planned

Post by indolering »

Okay, I hate to post this but, are we sure we want to use UK based hosting? I mean, I would feel queasy about using US hosting, but the GCHQ "produces larger amounts of metadata than NSA." They are trying to setup a 3-day cache of all internet traffic, every ping, every packet. Outside of Russia or China, I can't think of a more adversarial environment.

That being said, the only reasonably priced host I can think of GreenQloud, which, while novel, doesn't have multi-user accounts nor 2-factor authorization. Gandi does, but, well, I don't know how much better France would be in terms of legal safe-guards. Maybe PRQ ... Firehost has international locations but they are /very/ extensive.

That being said, I was planning on assuming that the server has already been compromised... which I won't say much more about other than that being the reason I wanted to get rid of of handling passwords and lots of auditing.

Sigh, maybe it's better to get this done now and consider moving from OVH once we are more established technologically. We aren't anywhere near where we need to be security wise, IMHO. Let's just make sure our setup is agile enough to make that kind of a move.
DNS is much more than a key->value datastore.

Post Reply