@@ -186,60 +186,82 @@ The CRM service is built with two distinct servers:
*`test-api.donate.torproject.org`: test site to rename the API
middleware (see [issue 40123](https://gitlab.torproject.org/tpo/tpa/team/-/issues/40123))
#### Access
There is also the <https://donate.torproject.org> static site hosted
in our [static hosting mirror network](howto/static-component). A donation campaign *must*
be setup both inside the static site and CiviCRM.
The CRM doesn't talk to the outside internet and can be accessed only via http authentication.
The monthly newsletter is configured on CiviCRM and also archived on
the <https://newsletter.torproject.org> static site.
Users that need to access the CRM need both to be added on Civi and on the apache on `crm-ext-01.tpo`.
### Authentication
#### Components
The `crm-int-01` server doesn't talk to the outside internet and can
be accessed only via HTTP authentication.
The Civi CRM instance is used for:
- Mass emailing via the Newsletter
- Donation campaigns
Users that need to access the CRM must be added to both CiviCRM and on
the Apache on `crm-int-01.tpo`.
The monthly newsletter is configured on Civi and an archive is created on <https://newsletter.torproject.org>.
The <https://donate.torproject.org> website is built with Lektor like
all the other torproject.org [static websites](https://gitlab.torproject.org/tpo/web/). It doesn't talk to
CiviCRM directly. Instead it talks with with the donation API
middleware through Javascript, through a React component (available in
the [donate-static repository](https://gitlab.torproject.org/tpo/web/donate-static)).
Donation campaigns are setup both on Civi and the donate website ([donate.torproject.org](https://donate.torproject.org)).
In other words, the `donate-api` PHP app is the component that allows
communications between the `donate.torproject.org` site and
CiviCRM. The public has access to the `donate-api` app, but not the
backend CiviCRM server. The middle and the CiviCRM server talk to each
other through a Redis instance, accessible only through an [IPsec](howto/ipsec)
tunnel (as a 172.16/12 private IP address).
<https://donate.torproject.org> is a static website built with Lektor like all the other tpo [websites](https://gitlab.torproject.org/tpo/web/).
<https://donate.torproject.org> doesn't talk to Civi. The `donate-api` php app is the component that allows communications via the `donate.torproject.org` site and Civi.
The donate.tpo site talks with the donation API middleware through Javascript - a react component was written for this and is part of the [donate-static repository](https://gitlab.torproject.org/tpo/web/donate-static).
Civi, the php application and the JS component on donate-static are all maintained by the Civi CRM contractors.
## Issues
The donate.tpo website are maintained by TPO (communication and donations teams), except for the JS component and any major modification that involves also some Civi development, which is done by the Civi contractors.
Since there are many components, here's a table outlining the known
projects and issue trackers for the different sites.
<!-- document who deployed and operates this service, who the users -->
<!-- are, who the upstreams are, if they are still active, -->
<!-- collaborative, how do we keep up to date, -->
CiviCRM, the PHP application and the Javascript component on
`donate-static` are all maintained by the external CiviCRM
contractors.
The `donate.tpo` website is maintained by TPO (communication and
donations teams), except for the Javascript component. Any major
modification that involves also some Civi development is done by the
CiviCRM contractors.
## Monitoring and testing
<!-- describe how this service is monitored and how it can be tested -->
<!-- after major changes like IP address changes or upgrades. describe -->
<!-- CI, test suites, linting, how security issues and upgrades are -->
<!-- tracked -->
As other TPA servers, the CRM servers are monitored by
[Nagios](howto/nagios). The Redis server is particularly monitored by Nagios,
using a special `PING` check, to make sure both ends can talk to each
other.
## Logs and metrics
<!-- where are the logs? how long are they kept? any PII? -->
<!-- what about performance metrics? same questions -->
As other TPA servers, the CRM servers are monitored by [Prometheus](howto/prometheus)
with graphs rendered by [Grafana](howto/grafana). This includes an elaborate
[Postfix dashboard](https://grafana.torproject.org/d/Ds5BxBYGk/postfix-mtail?orgId=1&from=now-24h&to=now&var-node=eugeni.torproject.org&var-node=crm-int-01.torproject.org) watching to two mailservers.
