(partially) Deprecate FTP services
FTP is running on Elwing and Toushirou.
On Elwing, according to the logs the few allowed users are no more using it (including me). StuffCloud clearly make storing private files more practical. I could move the possible user content onto their home on Toushirou. This would also participate in separating DC from DL a bit more.
On Toushirou, I see mostly attack attempts in the log, so not sure about its usage. It was used to:
- bouncer_old: old IRC bouncer logs. We could move data in user's home on Toushirou.
- private: same
- public: some obsolete things I think, and some still useful. I think switching to HTTPS access would be fine but some project pages would need to be updated (bip, ufwi…). seems doable.
- repository: used to upload in the Debian repository without SSH access. I guess we could replace it with scp-only accounts. Currently only arnau and me are allowed to upload, so it's only to not block future usage but nothing to implement to go further
- sendfile: proposal to deprecate exist, see #535
- sites: access to websites files. I would favour allowing people to push via some git method instead. anyway we don't have many people managing their site I think, and the only one I think of has SSH access anyway. further inventory needed
Please discuss this proposal, and either close if rejected or reassign to me for implementation.
#3 Updated by Pierre-Louis Bonicoli almost 2 years ago
- Assignee changed from Pierre-Louis Bonicoli to Marc Dequènes
For Bip project, tarballs need to be available without using our own CA and currently
ftp://ftp.duckcorp.org/bip is the only way. We may want to switch to let's encrypt for
projects.duckcorp.org before removing it.
#4 Updated by Marc Dequènes almost 2 years ago
We may use more letsencrypt certs for public-facing services. We should probably discuss the matter in another ticket. Just to say your proposal is an acceptable solution.
As for sendfile: « Sendfile (Unix), a push-based asynchronous file transfer, regardless of whether local or remote, using the Simple Asynchronous File Transfer (SAFT), an Internet protocol bound to TCP port 487 » (see http://fex.belwue.de/saft/index.html)
#7 Updated by Marc Dequènes over 1 year ago
So, as for Toushirou, I think we have still use for a public FTP, as Pilou said. I saw other uses which may be able to move to HTTP but that's not always easy as crawlers would not find the files anymore and links/refs may be broken.
So I would change my proposal for Toushirou as: deprecate private user storage using FTP. StuffCloud clearly are some success and is much more practical to give access to external people, and you can even create private groups without admin intervention. Also port may be filtered, PASSV stuff… makes things complicated. So I think web is the modern way of exchanging files nowadays and FTP can retire slowly. This would mean removing
/srv/ftp/ftp.duckcorp.org/private. I'm already asking users about their needs while cleaning up other things for #564.
- the public area, with users access as usual
- DC Debian repository upload area, useful
- websites access: still useful but may disappear as the web hosting time is clearly over, and we admins do not need FTP
- bouncer_old: should be moved elsewhere