[sword-devel] Downgrading eBible.org ftp repository service; upgrading https service

Michael Johnson kahunapule at eBible.org
Thu Feb 27 02:13:54 EST 2025 

On 2/26/25 17:12, Greg Hellings wrote:
>
>
> On Wed, Feb 26, 2025, 7:33 PM Kahunapule Michael Johnson 
> <kahunapule at ebible.org> wrote:
>
>     Greetings from Maui!
>
>     tldr: upgrade your Sword apps to always use https instead of http
>     or ftp to access repositories ASAP.
>
>
> While technically any network acess other than anonymous FTP support 
> is optionally supported only with a build dep, in reality there is no 
> need to support anything other than HTTPS. Every Linux distribution, 
> and Windows build of note has libcurl, the Brew version is also built 
> against it, and the HTTP(S) support was added because mobile often 
> blocks FTP.
>
> So you're basically completely safe.

Awesome!


>
>
>     As many of you are probably aware, the last week was not a model
>     of reliability for the eBible.org repository, or for the rest of
>     the eBible.org site. On the 19th of February, the eBible.org
>     server hardware failed. Exactly what failure, I don't know,
>     because it was in a data center over 4,000 miles from my house. I
>     just knew that it wouldn't talk to me in any of the 3 ways I can
>     normally access the leased dedicated server. No worries, because I
>     have a fast backup, right? I allocated a new dedicated server
>     from the same company (Ionos) and attempted to restore from a
>     backup. That failed with about 80 error messages. Next plan:
>     restore from a mirror image of the server in my home office. That
>     actually worked, but it took more than 3 days to get all of the
>     data there (about 300 GBytes), plus time to get all of the
>     configuration right. In the mean time, my other leased server (the
>     one that didn't crash, hosting 24 other sites) gave early warning
>     signs that it was not going to be in service much longer. Then
>     everything worked except that I forgot a couple of tweaks I had to
>     do to make the ftp server compatible with Sword. I fixed that, and
>     things were still not OK. EBible.org availability kept going up
>     and down like a yo-yo, mostly because the remote control software
>     I was using was not designed to handle multiple IP addresses per
>     server and anonymous ftp sites. Also, the cost of allocating
>     multiple IP v4 addresses has gone up. Anonymous ftp is pretty much
>     obsolete. I will be dropping it, but slowly.
>
>
> A Herculean effort, but I'm glad for you that your recovery was 
> successful! I'm curious why you need 4 separate addresses? What is the 
> need, there?

So far, I have been using Plesk to set up virtual hosts. I have 25 sites 
(and some aliases for those), some of which are much more important than 
others. Plesk lets me share one IP address with all sites except any 
site that has an anonymous ftp service associated with it. The only site 
I have that has an anonymous ftp service associated with it, of course, 
is the ftp.eBible.org Sword repository. So I had to assign 2 IP version 
4 addresses to the server. For a long time, I was running 2 servers with 
every site on them for redundancy. I had stopped doing that because the 
sites grew too large for one of the servers I was renting, and I thought 
I had a workable fast backup/restore plan, unlike when I had extremely 
slow and expensive Internet in Papua New Guinea. (I have some serious 
space in audio and video Bibles.) So that is 2 servers x 2 IP addresses 
= 4 IP addresses. But that configuration was unstable, so I went to just 
one IP address per server by fighting my old ally, Plesk, using manual 
ProFTP configuration (and a cron job to slap my configuration back 
whenever Plesk rewrites it). That is not a really good long-term 
solution, though.

> ...
> Would you like a hand building up some DR or deployment automation so 
> you can avoid needing to remember settings? IT automation is one of my 
> primary skillsets, so if you'd like any sort of help setting it up, 
> let me know. For instance, it's not too hard to put together 
> automation scripts to run on a provisioned box to stand up the web 
> server, ftp server, etc so that you don't need to manually edit files 
> and the like.
That would be useful. That could be a way to escape my dependence on and 
fight with Plesk.
>
> Alternatively, have you considered an alternative way to host the 
> data? You could probably build a Container image with all the files in 
> it and host that on something like Amazon Container Service or any of 
> the many cloud Kubernetes hosts around. A container image would also 
> make it easy for someone to grab the whole collection and make it 
> available in an offline context the way they can with the old CD 
> images Troy used to distribute.
I have looked at alternatives in the past, but it may be worth looking 
again. When I last looked, AWS was more expensive at my traffic levels 
and site counts than using a rented dedicated server. Another 
alternative might be hosting at my house when (if?) Hawaiian Telephone 
makes good on its promise to bring fiber Internet to my neighborhood. 
(It is actually available about a half mile away, right now, but I 
haven't seen them working on it around here.)
>
> Or even put the files into an object storage container if you're 
> dedicated to eliminating FTP access eventually. With just a small 
> shell script you can push the needed files and their indexes into an 
> S3, Ceph, etc object storage service and then you wouldn't need to run 
> a dedicated server with them to manage uptime. All of those services 
> offer ways to expose the files over HTTPS.
>
> As I said on Facebook, I'm happy to lend a hand if there's anything I 
> can do to help smooth your infrastructure! I can even host an 
> emergency mirror if need be, as I have pretty reliable Internet and 
> electric when my neighbors don't drive into the electric poles. This 
> year I'm dedicating some of my time to working on home electric backups!

Thank you, Greg. I may take you up on that...

-- 
signature

Peace,
*/Michael Johnson/**
26 HIWALANI LOOP • MAKAWAO HI 96768-8747*• USA
mljohnson.org <https://mljohnson.org/> • eBible.org <https://eBible.org> 
• WorldEnglish.Bible <https://WorldEnglish.Bible> • PNG.Bible 
<https://PNG.Bible>
Signal/Telegram/WhatsApp/Telephone: +1 808-333-6921
Skype: kahunapule • Telegram: @kahunapule • Facebook: fb.me/kahunapule 
<https://www.facebook.com/kahunapule>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://crosswire.org/pipermail/sword-devel/attachments/20250226/86f74753/attachment-0001.htm>

More information about the sword-devel mailing list