[sword-devel] Downgrading eBible.org ftp repository service; upgrading https service

Fred fred.fredex at gmail.com
Thu Feb 27 17:32:17 EST 2025 

dumb user question: As a Xiphos user, is there anything I can do to update
my Xiphos to use https? It seems to default to ftp.

Thanks!

Fred


On Thu, Feb 27, 2025 at 3:46 PM Michael Johnson <kahunapule at ebible.org>
wrote:

> Hi David,
>
> Yes, under eBible.org, where it says "HTTP access", it should say "HTTPS
> and HTTP access". Also, any repository that also supports HTTPS and/or HTTP
> access should explicitly say so. As Greg mentioned, mobile often blocks
> FTP. FTP may not be dead, yet, but it is in hospice care. HTTP likewise can
> cause problems with mobile platforms, where the major app stores now
> require use of HTTPS instead of insecure HTTP in most cases. I still
> support insecure HTTP connections to eBible.org except for at
> shop.eBible.org and https://eBible.org/cgi-bin/contact.cgi but there may
> come a day when HTTP goes away, too.
> On 2/26/25 22:03, David Haslam wrote:
>
> Hi Michael,
>
> *Does anything need to be changed here?*
> Official and Affiliated Module Repositories - CrossWire Bible Society
> <https://wiki.crosswire.org/Official_and_Affiliated_Module_Repositories#eBible.org>
>
> *Everyone*: Except for the note under *AndBibleExtra*, there's no mention
> of *https* !
> *Do we need to make any wider changes to be future proof?*
>
> Best regards,
>
> David
>
> Sent with Proton Mail <https://proton.me/mail/home> secure email.
>
> On Thursday, February 27th, 2025 at 7:13 AM, Michael Johnson
> <kahunapule at eBible.org> <kahunapule at eBible.org> wrote:
>
>
> On 2/26/25 17:12, Greg Hellings wrote:
>
>
>
> On Wed, Feb 26, 2025, 7:33 PM Kahunapule Michael Johnson <
> kahunapule at ebible.org> wrote:
>
>> Greetings from Maui!
>>
>> tldr: upgrade your Sword apps to always use https instead of http or ftp
>> to access repositories ASAP.
>>
>
> While technically any network acess other than anonymous FTP support is
> optionally supported only with a build dep, in reality there is no need to
> support anything other than HTTPS. Every Linux distribution, and Windows
> build of note has libcurl, the Brew version is also built against it, and
> the HTTP(S) support was added because mobile often blocks FTP.
>
> So you're basically completely safe.
>
> Awesome!
>
>
>
>
>> As many of you are probably aware, the last week was not a model of
>> reliability for the eBible.org repository, or for the rest of the
>> eBible.org site. On the 19th of February, the eBible.org server hardware
>> failed. Exactly what failure, I don't know, because it was in a data center
>> over 4,000 miles from my house. I just knew that it wouldn't talk to me in
>> any of the 3 ways I can normally access the leased dedicated server. No
>> worries, because I have a fast backup, right? I allocated a new dedicated
>> server
>> from the same company (Ionos) and attempted to restore from a backup.
>> That failed with about 80 error messages. Next plan: restore from a mirror
>> image of the server in my home office. That actually worked, but it took
>> more than 3 days to get all of the data there (about 300 GBytes), plus time
>> to get all of the configuration right. In the mean time, my other leased
>> server (the one that didn't crash, hosting 24 other sites) gave early
>> warning signs that it was not going to be in service much longer. Then
>> everything worked except that I forgot a couple of tweaks I had to do to
>> make the ftp server compatible with Sword. I fixed that, and things were
>> still not OK. EBible.org availability kept going up and down like a yo-yo,
>> mostly because the remote control software I was using was not designed to
>> handle multiple IP addresses per server and anonymous ftp sites. Also, the
>> cost of allocating multiple IP v4 addresses has gone up. Anonymous ftp is
>> pretty much obsolete. I will be dropping it, but slowly.
>>
>
> A Herculean effort, but I'm glad for you that your recovery was
> successful! I'm curious why you need 4 separate addresses? What is the
> need, there?
>
> So far, I have been using Plesk to set up virtual hosts. I have 25 sites
> (and some aliases for those), some of which are much more important than
> others. Plesk lets me share one IP address with all sites except any site
> that has an anonymous ftp service associated with it. The only site I have
> that has an anonymous ftp service associated with it, of course, is the
> ftp.eBible.org Sword repository. So I had to assign 2 IP version 4
> addresses to the server. For a long time, I was running 2 servers with
> every site on them for redundancy. I had stopped doing that because the
> sites grew too large for one of the servers I was renting, and I thought I
> had a workable fast backup/restore plan, unlike when I had extremely slow
> and expensive Internet in Papua New Guinea. (I have some serious space in
> audio and video Bibles.) So that is 2 servers x 2 IP addresses = 4 IP
> addresses. But that configuration was unstable, so I went to just one IP
> address per server by fighting my old ally, Plesk, using manual ProFTP
> configuration (and a cron job to slap my configuration back whenever Plesk
> rewrites it). That is not a really good long-term solution, though.
>
> ...
> Would you like a hand building up some DR or deployment automation so you
> can avoid needing to remember settings? IT automation is one of my primary
> skillsets, so if you'd like any sort of help setting it up, let me know.
> For instance, it's not too hard to put together automation scripts to run
> on a provisioned box to stand up the web server, ftp server, etc so that
> you don't need to manually edit files and the like.
>
> That would be useful. That could be a way to escape my dependence on and
> fight with Plesk.
>
>
> Alternatively, have you considered an alternative way to host the data?
> You could probably build a Container image with all the files in it and
> host that on something like Amazon Container Service or any of the many
> cloud Kubernetes hosts around. A container image would also make it easy
> for someone to grab the whole collection and make it available in an
> offline context the way they can with the old CD images Troy used to
> distribute.
>
> I have looked at alternatives in the past, but it may be worth looking
> again. When I last looked, AWS was more expensive at my traffic levels and
> site counts than using a rented dedicated server. Another alternative might
> be hosting at my house when (if?) Hawaiian Telephone makes good on its
> promise to bring fiber Internet to my neighborhood. (It is actually
> available about a half mile away, right now, but I haven't seen them
> working on it around here.)
>
>
> Or even put the files into an object storage container if you're dedicated
> to eliminating FTP access eventually. With just a small shell script you
> can push the needed files and their indexes into an S3, Ceph, etc object
> storage service and then you wouldn't need to run a dedicated server with
> them to manage uptime. All of those services offer ways to expose the files
> over HTTPS.
>
> As I said on Facebook, I'm happy to lend a hand if there's anything I can
> do to help smooth your infrastructure! I can even host an emergency mirror
> if need be, as I have pretty reliable Internet and electric when my
> neighbors don't drive into the electric poles. This year I'm dedicating
> some of my time to working on home electric backups!
>
> Thank you, Greg. I may take you up on that...
> --
>
> Peace,
> *Michael Johnson*
> * 26 HIWALANI LOOP • MAKAWAO HI 96768-8747* • USA
> mljohnson.org • eBible.org • WorldEnglish.Bible • PNG.Bible
> Signal/Telegram/WhatsApp/Telephone: +1 808-333-6921
> Skype: kahunapule • Telegram: @kahunapule • Facebook: fb.me/kahunapule
> <https://www.facebook.com/kahunapule>
>
>
>
> _______________________________________________
> sword-devel mailing list: sword-devel at crosswire.orghttp://crosswire.org/mailman/listinfo/sword-devel
> Instructions to unsubscribe/change your settings at above page
>
> --
>
> Peace,
> *Michael Johnson*
> * 26 HIWALANI LOOP • MAKAWAO HI 96768-8747* • USA
> mljohnson.org • eBible.org • WorldEnglish.Bible • PNG.Bible
> Signal/Telegram/WhatsApp/Telephone: +1 808-333-6921
> Skype: kahunapule • Telegram: @kahunapule • Facebook: fb.me/kahunapule
> <https://www.facebook.com/kahunapule>
> _______________________________________________
> sword-devel mailing list: sword-devel at crosswire.org
> http://crosswire.org/mailman/listinfo/sword-devel
> Instructions to unsubscribe/change your settings at above page
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://crosswire.org/pipermail/sword-devel/attachments/20250227/8e603ea9/attachment-0001.htm>

More information about the sword-devel mailing list