Ticket #561 (closed maintenance: fixed)
Move Transition Research patterns Wagn website onto Penguin
| Reported by: | ed | Owned by: | chris |
|---|---|---|---|
| Priority: | major | Milestone: | Production |
| Component: | Wagn | Keywords: | |
| Cc: | Estimated Number of Hours: | 0.0 | |
| Add Hours to Ticket: | 0 | Billable?: | yes |
| Total Hours: | 4.95 |
Description
The Transition Research group currently host their pattern language in the cloud here:
http://patterns.transitionresearchnetwork.org/
(Chris has done a re-direct for this already)
They are keen to move the whole site and WAGN system onto TN servers.
Please investigate and let me know what it will take to sort hosting this out.
Attachments
Change History
comment:1 follow-up: ↓ 2 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 0.0 to 0.25
Changed 3 years ago by chris
- Attachment penguin-2013-09-19_memory-week.png added
Penguin RAM by Week 2013-09-19
comment:2 in reply to: ↑ 1 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 0.25 to 0.5
Replying to chris:
we could start by simply using Ngnix as a reverse proxy to the Rails' built-in webserver, Webrick -- this would be quicker to set up and as long as the site doesn't get a huge amount of traffic would probably be fine -- we could always switch to Phusion Passenger at a later date.
Agreed with Ed at a meeting earlier this week that the above approach makes sense, Penguin also now has an extra 1GB of RAM so it should be fine running a Webrick server, see:
It might be worth upgrading Penguin to Wheezy before doing the install.
will no longer strongly support Ruby 1.8.7 after Wagn 2.0
Squeeze comes with Ruby 1.8.7 http://packages.debian.org/squeeze/ruby1.8 or 1.9.1 http://packages.debian.org/squeeze/ruby1.9.1 and so does Wheezy so upgrading to Wheezy isn't a requirement at this stage.
There is a list of required Debian packages here:
I estimate that setting up Wagen via Webbrick and a nginx reverse proxy should take less than an hour and if I have access to the existing server then copying the current site across should take less than an hour and then an hour documenting everything on the wiki -- 3 hours should be a safe maximum estimate.
comment:3 Changed 3 years ago by chris
- Summary changed from Investigate hosting Transition Research patterns website to Investigate hosting Transition Research patterns Wagn website
comment:5 Changed 3 years ago by ed
Tom has approved the move, and 3-4 hours of time, so Chris I suggest you do this in September when things are back to operational again?
comment:6 Changed 3 years ago by ed
- Summary changed from Investigate hosting Transition Research patterns Wagn website to Move Transition Research patterns Wagn website onto Penguin
Tom's re-approved it - Chris please crack on
comment:7 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 1.0
- Total Hours changed from 0.5 to 1.5
Installing the packages needed from the list here http://wagn.org/Installation+Ubuntu_Lucid?view=open
aptitude install ruby1.9.1 ruby1.9.1-dev rubygems git-core imagemagick libmagick9-dev
Note: selecting "libmagickwand-dev" instead of the
virtual package "libmagick9-dev"
The following NEW packages will be installed:
autopoint{a} autotools-dev{a} binutils{a} build-essential{a} cpp{a} cpp-4.4{a} debhelper{a} dpkg-dev{a} exiv2{a} fakeroot{a} g++{a} g++-4.4{a} gcc{a}
gcc-4.4{a} gettext{a} gettext-base{a} ghostscript{a} git-core gsfonts{a} hicolor-icon-theme{a} html2text{a} imagemagick intltool-debian{a}
libalgorithm-diff-perl{a} libalgorithm-diff-xs-perl{a} libalgorithm-merge-perl{a} libatk1.0-0{a} libatk1.0-data{a} libatk1.0-dev{a}
libavahi-client3{a} libavahi-common-data{a} libavahi-common3{a} libbz2-dev{a} libc-dev-bin{a} libc6-dev{a} libcairo2-dev{ab} libcdt4{a} libcgraph5{a}
libcroco3{a} libcups2{a} libcupsimage2{a} libdjvulibre-dev{a} libdjvulibre-text{a} libdjvulibre21{a} libdpkg-perl{a} libexif-dev{a} libexif12{a}
libexiv2-9{a} libexpat1-dev{a} libffi5{a} libfontconfig1-dev{a} libfreetype6-dev{a} libglib2.0-dev{a} libgmp3c2{a} libgomp1{a} libgraph4{a}
libgraphviz-dev{a} libgs8{a} libgsf-1-114{a} libgsf-1-common{a} libgtk2.0-0{a} libgtk2.0-bin{a} libgtk2.0-common{a} libgtk2.0-dev{a} libgvc5{a}
libgvpr1{a} libice-dev{a} libice6{a} libilmbase-dev{a} libilmbase6{a} libjasper-dev{a} libjasper1{a} libjbig2dec0{a} libjpeg62-dev{a} liblcms1-dev{a}
liblqr-1-0{a} liblqr-1-0-dev{a} libltdl-dev{a} libltdl7{a} libmagickcore-dev{a} libmagickcore3{a} libmagickcore3-extra{a} libmagickwand-dev
libmagickwand3{a} libmail-sendmail-perl{a} libmpfr4{a} libnetpbm10{a} libopenexr-dev{a} libopenexr6{a} libpango1.0-dev{a} libpathplan4{a}
libpixman-1-dev{ab} libpng12-dev{a} libpthread-stubs0{a} libpthread-stubs0-dev{a} libreadline5{a} librsvg2-2{a} librsvg2-dev{a} libruby1.8{a}
libruby1.9.1{a} libsm-dev{a} libsm6{a} libstdc++6-4.4-dev{a} libsys-hostname-long-perl{a} libtiff4{a} libtiff4-dev{a} libtiffxx0c2{a} libtool{a}
libunistring0{a} libwmf-dev{a} libwmf0.2-7{a} libx11-dev{a} libxau-dev{a} libxcb-render-util0{a} libxcb-render-util0-dev{a} libxcb-render0-dev{a}
libxcb1-dev{a} libxcomposite-dev{a} libxcomposite1{a} libxcursor-dev{a} libxcursor1{a} libxdamage-dev{a} libxdamage1{a} libxdmcp-dev{a} libxdot4{a}
libxext-dev{a} libxfixes-dev{a} libxfixes3{a} libxft-dev{a} libxi-dev{a} libxi6{a} libxinerama-dev{a} libxinerama1{a} libxml2-dev{a} libxrandr-dev{a}
libxrandr2{a} libxrender-dev{a} libxt-dev{a} libxt6{a} libyaml-0-2{a} linux-libc-dev{a} make{a} manpages-dev{a} netpbm{a} ocaml-base-nox{a}
pkg-config{a} po-debconf{a} ruby1.8{a} ruby1.8-dev{a} ruby1.9.1 ruby1.9.1-dev rubygems rubygems1.8{a} ufraw-batch{a} x11proto-composite-dev{a}
x11proto-core-dev{a} x11proto-damage-dev{a} x11proto-fixes-dev{a} x11proto-input-dev{a} x11proto-kb-dev{a} x11proto-randr-dev{a}
x11proto-render-dev{a} x11proto-xext-dev{a} x11proto-xinerama-dev{a} xtrans-dev{a} zlib1g-dev{a}
0 packages upgraded, 166 newly installed, 0 to remove and 0 not upgraded.
Need to get 93.9 MB of archives. After unpacking 282 MB will be used.
The following packages have unmet dependencies:
libpixman-1-dev: Depends: libpixman-1-0 (= 0.16.4-1) but 0.24.0-1~bpo60+1 is installed.
libcairo2-dev: Depends: libcairo2 (= 1.8.10-6) but 1.10.2-7~bpo60+1 is installed.
The following actions will resolve these dependencies:
Keep the following packages at their current version:
1) libcairo2-dev [Not Installed]
2) libgtk2.0-dev [Not Installed]
3) libmagickcore-dev [Not Installed]
4) libmagickwand-dev [Not Installed]
5) libpango1.0-dev [Not Installed]
6) libpixman-1-dev [Not Installed]
7) librsvg2-dev [Not Installed]
Accept this solution? [Y/n/q/?] q
So, these are the packages from backports which are installed:
dpkg -l |awk '/^ii/ && $3 ~ /bpo[456]0/ {print $2}'
gawk
geoip-database
libcairo2
libgeoip1
liblog-dispatch-perl
libnet-server-perl
libpixman-1-0
liburi-perl
libxfont1
munin
munin-common
munin-doc
munin-node
munin-plugins-core
munin-plugins-extra
python-babel
trac
x11-common
So we could upgrade to Wheezy at this stage or install from backports... installing the libpixman-1-dev and libcairo2-dev packages from backports:
aptitude -t squeeze-backports install libpixman-1-dev libcairo2-dev
The following NEW packages will be installed:
binutils{a} cpp{a} cpp-4.4{a} gcc{a} gcc-4.4{a} libc-dev-bin{a} libc6-dev{a} libcairo-gobject2{a} libcairo-script-interpreter2{a} libcairo2-dev
libexpat1-dev{a} libfontconfig1-dev{a} libfreetype6-dev{a} libglib2.0-dev{a} libgmp3c2{a} libgomp1{a} libice-dev{a} libice6{a} libmpfr4{a}
libpixman-1-dev libpng12-dev{a} libpthread-stubs0{a} libpthread-stubs0-dev{a} libsm-dev{a} libsm6{a} libx11-dev{a} libxau-dev{a}
libxcb-render0-dev{a} libxcb-shm0-dev{a} libxcb1-dev{a} libxdmcp-dev{a} libxrender-dev{a} linux-libc-dev{a} manpages-dev{a} pkg-config{a}
x11proto-core-dev{a} x11proto-input-dev{a} x11proto-kb-dev{a} x11proto-render-dev{a} xorg-sgml-doctools{a} xtrans-dev{a} zlib1g-dev{a}
0 packages upgraded, 42 newly installed, 0 to remove and 16 not upgraded.
Need to get 27.5 MB of archives. After unpacking 77.3 MB will be used.
Do you want to continue? [Y/n/?]Y
Rerunning the original list of packages to install:
aptitude install ruby1.9.1 ruby1.9.1-dev rubygems git-core imagemagick libmagick9-dev
Note: selecting "libmagickwand-dev" instead of the
virtual package "libmagick9-dev"
The following NEW packages will be installed:
autopoint{a} autotools-dev{a} build-essential{a} debhelper{a} dpkg-dev{a} exiv2{a} fakeroot{a} g++{a} g++-4.4{a} gettext{a} gettext-base{a}
ghostscript{a} git-core gsfonts{a} hicolor-icon-theme{a} html2text{a} imagemagick intltool-debian{a} libalgorithm-diff-perl{a}
libalgorithm-diff-xs-perl{a} libalgorithm-merge-perl{a} libatk1.0-0{a} libatk1.0-data{a} libatk1.0-dev{a} libavahi-client3{a} libavahi-common-data{a}
libavahi-common3{a} libbz2-dev{a} libcdt4{a} libcgraph5{a} libcroco3{a} libcups2{a} libcupsimage2{a} libdjvulibre-dev{a} libdjvulibre-text{a}
libdjvulibre21{a} libdpkg-perl{a} libexif-dev{a} libexif12{a} libexiv2-9{a} libffi5{a} libgraph4{a} libgraphviz-dev{a} libgs8{a} libgsf-1-114{a}
libgsf-1-common{a} libgtk2.0-0{a} libgtk2.0-bin{a} libgtk2.0-common{a} libgtk2.0-dev{a} libgvc5{a} libgvpr1{a} libilmbase-dev{a} libilmbase6{a}
libjasper-dev{a} libjasper1{a} libjbig2dec0{a} libjpeg62-dev{a} liblcms1-dev{a} liblqr-1-0{a} liblqr-1-0-dev{a} libltdl-dev{a} libltdl7{a}
libmagickcore-dev{a} libmagickcore3{a} libmagickcore3-extra{a} libmagickwand-dev libmagickwand3{a} libmail-sendmail-perl{a} libnetpbm10{a}
libopenexr-dev{a} libopenexr6{a} libpango1.0-dev{a} libpathplan4{a} libreadline5{a} librsvg2-2{a} librsvg2-dev{a} libruby1.8{a} libruby1.9.1{a}
libstdc++6-4.4-dev{a} libsys-hostname-long-perl{a} libtiff4{a} libtiff4-dev{a} libtiffxx0c2{a} libtool{a} libunistring0{a} libwmf-dev{a}
libwmf0.2-7{a} libxcomposite-dev{a} libxcomposite1{a} libxcursor-dev{a} libxcursor1{a} libxdamage-dev{a} libxdamage1{a} libxdot4{a} libxext-dev{a}
libxfixes-dev{a} libxfixes3{a} libxft-dev{a} libxi-dev{a} libxi6{a} libxinerama-dev{a} libxinerama1{a} libxml2-dev{a} libxrandr-dev{a} libxrandr2{a}
libxt-dev{a} libxt6{a} libyaml-0-2{a} make{a} netpbm{a} ocaml-base-nox{a} po-debconf{a} ruby1.8{a} ruby1.8-dev{a} ruby1.9.1 ruby1.9.1-dev rubygems
rubygems1.8{a} ufraw-batch{a} x11proto-composite-dev{a} x11proto-damage-dev{a} x11proto-fixes-dev{a} x11proto-randr-dev{a} x11proto-xext-dev{a}
x11proto-xinerama-dev{a}
0 packages upgraded, 126 newly installed, 0 to remove and 0 not upgraded.
Need to get 68.6 MB of archives. After unpacking 209 MB will be used.
Do you want to continue? [Y/n/?] Y
Also:
aptitude install libmysql-ruby libmysqlclient-dev
And:
gem install rubygems-update Successfully installed rubygems-update-2.1.5 1 gem installed Installing ri documentation for rubygems-update-2.1.5... Installing RDoc documentation for rubygems-update-2.1.5...
And:
/var/lib/gems/1.8/bin/update_rubygems
RubyGems 2.1.5 installed
Installing ri documentation for rubygems-2.1.5
...
------------------------------------------------------------------------------
RubyGems installed the following executables:
/usr/bin/gem1.8
Ruby Interactive (ri) documentation was installed. ri is kind of like man
pages for ruby libraries. You may access it like this:
ri Classname
ri Classname.class_method
ri Classname#instance_method
If you do not wish to install this documentation in the future, use the
--no-document flag, or set it as the default in your ~/.gemrc file. See
'gem help env' for details.
Next:
Fetching: bundler-1.3.5.gem (100%) Successfully installed bundler-1.3.5 Installing ri documentation for bundler-1.3.5 /usr/lib/ruby/1.8/rdoc/rdoc.rb:280: warning: conflicting chdir during another chdir block /usr/lib/ruby/1.8/rdoc/rdoc.rb:287: warning: conflicting chdir during another chdir block Done installing documentation for bundler after 13 seconds 1 gem installed
I'm not sure if the implications, if any, of these warnings.
Next onto the http://wagn.org/installation steps.
cd /web git clone https://github.com/wagn/wagn.git Cloning into wagn... remote: Counting objects: 73397, done. remote: Compressing objects: 100% (19645/19645), done. remote: Total 73397 (delta 54419), reused 71551 (delta 52743) Receiving objects: 100% (73397/73397), 28.23 MiB | 2.44 MiB/s, done. Resolving deltas: 100% (54419/54419), done.
cd /web/wagn bundle install --without postgres:memcache:test:debug:development:assets Fetching gem metadata from http://rubygems.org/......... Fetching gem metadata from http://rubygems.org/.. Resolving dependencies... Installing rake (10.1.0) Installing i18n (0.6.5) Installing multi_json (1.8.0) Installing activesupport (3.2.14) Installing builder (3.0.4) Installing activemodel (3.2.14) Installing erubis (2.7.0) Installing journey (1.0.4) Installing rack (1.4.5) Installing rack-cache (1.2) Installing rack-test (0.6.2) Installing hike (1.2.3) Installing tilt (1.4.1) Installing sprockets (2.2.2) Installing actionpack (3.2.14) Installing mime-types (1.25) Installing polyglot (0.3.3) Installing treetop (1.4.15) Installing mail (2.5.4) Installing actionmailer (3.2.14) Installing arel (3.0.2) Installing tzinfo (0.3.37) Installing activerecord (3.2.14) Installing activeresource (3.2.14) Installing json (1.8.0) Installing airbrake (3.1.14) Using bundler (1.3.5) Installing climate_control (0.0.3) Installing cocaine (0.5.2) Installing coderay (1.1.0) Installing htmlentities (4.3.1) Installing systemu (2.5.2) Installing macaddr (1.6.1) Installing mysql2 (0.3.13) Installing paperclip (2.8.0) Installing rack-ssl (1.3.3) Installing rdoc (3.12.2) Installing thor (0.18.1) Installing railties (3.2.14) Installing rails (3.2.14) Installing recaptcha (0.3.5) Installing rmagick (2.13.2) Installing ruby-prof (0.12.2) Installing rubyzip (0.9.9) Installing sass (3.2.11) Installing smartname (0.2.3) Installing uuid (2.3.7) Installing xmlscan (0.3.0) Your bundle is complete! Gems in the groups postgres, memcache, test, debug, development and assets were not installed. Use `bundle show [gemname]` to see where a bundled gem is installed. Post-install message from rdoc: Depending on your version of ruby, you may need to install ruby rdoc/ri data: <= 1.8.6 : unsupported = 1.8.7 : gem install rdoc-data; rdoc-data --install = 1.9.1 : gem install rdoc-data; rdoc-data --install >= 1.9.2 : nothing to do! Yay!
Then:
bundle exec rake wagn:install cp /web/wagn/config/samples/wagn.yml /web/wagn/config
Then a database was created:
mysql> CREATE DATABASE wagn; mysql> GRANT USAGE ON *.* TO wagn@localhost IDENTIFIED BY 'XXXXXX'; mysql> GRANT ALL PRIVILEGES ON wagn.* TO wagn@localhost; mysql> FLUSH PRIVILEGES;
Then /web/wagn/config/database.yml was edited:
production: database: wagn adapter: mysql2 username: wagn password: XXXXXX pool: 5 encoding: utf8 host: localhost # socket: /tmp/mysql.sock
Then:
bundle exec rake wagn:create
dropping
creating
loading schema
-- create_table("card_references", {:force=>true})
-> 0.1018s
-- add_index("card_references", ["referee_id"], {:name=>"wiki_references_referenced_card_id"})
-> 0.1018s
-- add_index("card_references", ["referee_key"], {:name=>"wiki_references_referenced_name"})
-> 0.0103s
-- add_index("card_references", ["referer_id"], {:name=>"wiki_references_card_id"})
-> 0.0124s
-- create_table("card_revisions", {:force=>true})
-> 0.0059s
-- add_index("card_revisions", ["card_id"], {:name=>"revisions_card_id_index"})
-> 0.0072s
-- add_index("card_revisions", ["creator_id"], {:name=>"revisions_created_by_index"})
-> 0.0080s
-- create_table("cards", {:force=>true})
-> 0.0062s
-- add_index("cards", ["key"], {:unique=>true, :name=>"cards_key_uniq"})
-> 0.0079s
-- add_index("cards", ["left_id"], {:name=>"index_cards_on_trunk_id"})
-> 0.0079s
-- add_index("cards", ["name"], {:name=>"cards_name_index"})
-> 0.0081s
-- add_index("cards", ["read_rule_id"], {:name=>"index_cards_on_read_rule_id"})
-> 0.0272s
-- add_index("cards", ["right_id"], {:name=>"index_cards_on_tag_id"})
-> 0.0161s
-- add_index("cards", ["type_id"], {:name=>"card_type_index"})
-> 0.0176s
-- create_table("schema_migrations_cards", {:force=>true, :id=>false})
-> 0.0144s
-- add_index("schema_migrations_cards", ["version"], {:unique=>true, :name=>"unique_schema_migrations_cards"})
-> 0.0092s
-- create_table("sessions", {:force=>true})
-> 0.0063s
-- add_index("sessions", ["session_id"], {:name=>"sessions_session_id_index"})
-> 0.0079s
-- create_table("users", {:force=>true})
-> 0.0064s
-- initialize_schema_migrations_table()
-> 0.0124s
-- assume_migrated_upto_version(20130411210957, ["/web/wagn/db/migrate"])
-> 0.0059s
-- assume_migrated_upto_version("20130927191728", ["/web/wagn/db/migrate_cards"])
-> 0.0056s
loading bootstrap
bootstrap load starting
The command for running the server:
env STATIC_ASSETS=true bundle exec rails server
Before that was run a wagn user was created and the files were chowned:
adduser --home /web/wagn --disabled-login wagn chown -R wagn:wagn /web/wagn/
Then the /usr/local/bin/su-trac script was copied to su-wagn, it contains:
#!/bin/bash su - wagn -s /bin/bash
So to start the server:
su-wagn env STATIC_ASSETS=true bundle exec rails server => Booting WEBrick => Rails 3.2.14 application starting in production on http://0.0.0.0:3000 => Call with -d to detach => Ctrl-C to shutdown server [2013-10-08 13:04:07] INFO WEBrick 1.3.1 [2013-10-08 13:04:07] INFO ruby 1.8.7 (2010-08-16) [x86_64-linux] [2013-10-08 13:04:07] INFO WEBrick::HTTPServer#start: pid=19565 port=3000
And test it:
lynx http://localhost:3000/
And it works, so, the next steps are:
- Sort out a firewall so people can't connect directly to wagn sites on port 3000 / make webbrick only listen on localhost
- Sort out a Nginx reverse proxy and http auth to start with
comment:8 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.75
- Total Hours changed from 1.5 to 2.25
To set it to only listen to localhost:
env STATIC_ASSETS=true bundle exec rails server --binding=127.0.0.1
To make it run and detach from the shell:
env STATIC_ASSETS=true bundle exec rails server --binding=127.0.0.1 -d => Booting WEBrick => Rails 3.2.14 application starting in production on http://127.0.0.1:3000
Scripts in /web/wagn/bin were created for starting and stopping the server, wagn-start:
#!/bin/bash env STATIC_ASSETS=true bundle exec rails server --binding=127.0.0.1
And wagn-stop:
#!/bin/bash kill -INT $(cat /web/wagn/tmp/pids/server.pid)
Create a htauth passwd:
cd /web/wagn/ /web/tech.transitionnetwork.org/bin/htpasswd -cs .htpasswd wagn
Create /etc/nginx/sites-available/wagn initially HTTPS only:
# wagn.transitionnetwork.org
# virtual server
# http://nginx.org/en/docs/http/ngx_http_core_module.html#server
server {
# listen for ipv4
# http://nginx.org/en/docs/http/ngx_http_core_module.html#listen
#listen 8000;
listen 80;
# server name and server aliases
# http://nginx.org/en/docs/http/ngx_http_core_module.html#server_name
server_name wagn.transitionnetwork.org wagn.transitionresearchnetwork.org wagn.penguin.webarch.net;
# logs, error log levels: info | notice | warn | error | crit | alert
# http://nginx.org/en/docs/http/ngx_http_log_module.html#access_log
# http://nginx.org/en/docs/ngx_core_module.html#error_log
access_log /var/log/nginx/wagn.access.log;
error_log /var/log/nginx/wagn.error.log crit;
# Redirect to HTTPS
location / {
#rewrite ^/(.*)$ https://tech.transitionnetwork.org:4430/$1 permanent;
rewrite ^/(.*)$ https://$server_name/$1 permanent;
}
}
# HTTPS server
#
server {
#listen 4430;
listen 443;
server_name wagn.transitionnetwork.org wagn.transitionresearchnetwork.org wagn.penguin.webarch.net;
access_log /var/log/nginx/wagn.ssl_access.log;
error_log /var/log/nginx/wagn.ssl_error.log crit;
ssl on;
ssl_certificate /etc/ssl/transitionnetwork.org/transitionnetwork.org.chained.pem;
ssl_certificate_key /etc/ssl/transitionnetwork.org/transitionnetwork.org.key;
#ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
#ssl_ciphers RC4-SHA:HIGH:!ADH:!SSLv2:!aNULL;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers RC4:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# http://wiki.nginx.org/LikeApache
location / {
satisfy any;
deny all;
# http://nginx.org/en/docs/http/ngx_http_auth_basic_module.html
auth_basic "Private Area";
auth_basic_user_file /web/wagn/.htpasswd;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:3000/;
}
}
Enable the site and restart nginx and the site is available here:
https://wagn.transitionnetwork.org/
I'll send a email to the ttech list with login info etc.
comment:9 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 1.0
- Total Hours changed from 2.25 to 3.25
An archive from the existing site was uploaded to the server and first the database was imported, following http://wagn.org/Upgrading?view=open and then the files were rsynced across:
cat db | mysql wagn cd /web/wagn rake wagn:reset_cache rake wagn:migrate migrating structure migrating cards rm -rf tmp/cache/ rsync -av source/ /web/wagn/local/files/
And now the site appears to all be there, we just need to sort out what we are going to do regarding HTTPS logins.
comment:11 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.75
- Total Hours changed from 3.25 to 4.0
Add ~/bin/ to the path:
echo "export PATH=$PATH:/web/wagn/bin" >> ~/.bash_profile
I have started to document the site on the wiki, wiki:TransitionResearchWagn
Generate a CSR for the HTTPS cert:
sudo -i cd /etc/ssl/ mkdir wagn cd wagn/ openssl req -nodes -newkey rsa:2048 -keyout wagn.key -out wagn.csr Generating a 2048 bit RSA private key ......................+++ .............................+++ writing new private key to 'wagn.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []:patterns.transitionresearchnetwork.org Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
Now waiting for this to be approved.
I have amended the Nginx config so that requests starting with /account are redirected to HTTPS and also to keep people who access the site using HTTPS I have aded a STS header, so this is the current config (this will need updating when the cert is added):
# http://nginx.org/en/docs/http/ngx_http_core_module.html#server
server {
# listen for ipv4
# http://nginx.org/en/docs/http/ngx_http_core_module.html#listen
#listen 8000;
listen 80;
# server name and server aliases
# http://nginx.org/en/docs/http/ngx_http_core_module.html#server_name
server_name patterns.transitionresearchnetwork.org www.patterns.transitionresearchnetwork.org wagn.transitionnetwork.org wagn.transitionresearchnetwork.org wagn.penguin.webarch.net;
# logs, error log levels: info | notice | warn | error | crit | alert
# http://nginx.org/en/docs/http/ngx_http_log_module.html#access_log
# http://nginx.org/en/docs/ngx_core_module.html#error_log
access_log /var/log/nginx/wagn.access.log;
error_log /var/log/nginx/wagn.error.log crit;
# Redirect logins to HTTPS
location /account {
rewrite ^/account(.*)$ https://$server_name/account$1 permanent;
}
# http://wiki.nginx.org/LikeApache
location / {
#satisfy any;
#deny all;
# http://nginx.org/en/docs/http/ngx_http_auth_basic_module.html
#auth_basic "Private Area";
#auth_basic_user_file /web/wagn/.htpasswd;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:3000/;
}
}
# HTTPS server
#
server {
#listen 4430;
listen 443;
server_name patterns.transitionresearchnetwork.org www.patterns.transitionresearchnetwork.org wagn.transitionnetwork.org wagn.transitionresearchnetwork.org wagn.penguin.webarch.net;
access_log /var/log/nginx/wagn.ssl_access.log;
error_log /var/log/nginx/wagn.ssl_error.log crit;
ssl on;
ssl_certificate /etc/ssl/transitionnetwork.org/transitionnetwork.org.chained.pem;
ssl_certificate_key /etc/ssl/transitionnetwork.org/transitionnetwork.org.key;
#ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
#ssl_ciphers RC4-SHA:HIGH:!ADH:!SSLv2:!aNULL;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers RC4:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# http://wiki.nginx.org/LikeApache
location / {
#satisfy any;
#deny all;
# http://nginx.org/en/docs/http/ngx_http_auth_basic_module.html
#auth_basic "Private Area";
#auth_basic_user_file /web/wagn/.htpasswd;
# STS https://en.wikipedia.org/wiki/Strict_Transport_Security
add_header Strict-Transport-Security max-age=31536000;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:3000/;
}
}
comment:12 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.35
- Total Hours changed from 4.0 to 4.35
Sorting out the cert, which was saved at /etc/ssl/wagn/wagn.pem and following the notes from ticket:475#comment:4
wget http://crt.gandi.net/GandiStandardSSLCA.crt -O GandiStandardSSLCA.crt openssl x509 -inform DER -in GandiStandardSSLCA.crt -out GandiStandardSSLCA.pem cat wagn.pem >> wagn.chained.pem cat GandiStandardSSLCA.pem >> wagn.chained.pem
Edit the Nginx config:
#ssl_certificate /etc/ssl/transitionnetwork.org/transitionnetwork.org.chained.pem;
#ssl_certificate_key /etc/ssl/transitionnetwork.org/transitionnetwork.org.key;
ssl_certificate /etc/ssl/wagn/wagn.chained.pem;
ssl_certificate_key /etc/ssl/wagn/wagn.key;
Edit the domain zone file to:
@ 10800 IN A 199.34.228.100 patterns 10800 IN A 81.95.52.111 www.patterns 10800 IN A 81.95.52.111 www 10800 IN A 199.34.228.100
From:
@ 10800 IN A 199.34.228.100 wagn 10800 IN A 81.95.52.111 www 10800 IN A 199.34.228.100 patterns 10800 IN CNAME patterns.transitionresearchnetwork.org.230.cldstr.com.
Now need to wait for it to propagate and then check.
comment:13 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.1
- Total Hours changed from 4.35 to 4.45
The DNS has updated and the site is now live on PenguinServer, https://patterns.transitionresearchnetwork.org/
The wiki page wiki:TransitionResearchWagn has been updated and I think this ticket is probably ready to be closed.
comment:14 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 4.45 to 4.7
To ensure that the WEBrick server starts after the server is rebooted I found the crontab we set up for trac on ticket:470#comment:30 and added that to the documentation for trac, wiki:PenguinServer#tech.transitionnetwork.org and set the same thing up for the wagn user:
# start wagn after a server reboot @reboot /web/wagn/bin/wagn-start
And documented it wiki:TransitionResearchWagn#TransitionResearchPatterns
comment:15 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 4.7 to 4.95
The redirects to HTTPS for account Sign in and Sign up were not working, they have been fixed by changing the Nginx config and adding ^~ to the location for /account see http://wiki.nginx.org/NginxHttpCoreModule#location
# Redirect logins to HTTPS
location ^~ /account {
rewrite ^(.*)$ https://$server_name$1 permanent;
}
# http://wiki.nginx.org/LikeApache
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:3000/;
}
comment:17 Changed 3 years ago by chris
- Status changed from new to closed
- Resolution set to fixed
There have been no reported issues with the https://patterns.transitionresearchnetwork.org/ site so this ticket looks like it is safe to close.
Note: See
TracTickets for help on using
tickets.
This would take a few hours work, Phusion Passenger and Nginx on wiki:PenguinServer is a possibility, these are the docs I have looked at:
Or we could start by simply using Ngnix as a reverse proxy to the Rails' built-in webserver, Webrick -- this would be quicker to set up and as long as the site doesn't get a huge amount of traffic would probably be fine -- we could always switch to Phusion Passenger at a later date.
One (non-urgent) thought I have had is that transition.ac.uk or trn.ac.uk would be nice and short domain names for the TRN, but they would have to have a legal identity to get a .ac.uk domain name so it might be a non-starter.