Ticket #561 (closed maintenance: fixed)

Opened 3 years ago

Last modified 3 years ago

Move Transition Research patterns Wagn website onto Penguin

Reported by: ed Owned by: chris
Priority: major Milestone: Production
Component: Wagn Keywords:
Cc: Estimated Number of Hours: 0.0
Add Hours to Ticket: 0 Billable?: yes
Total Hours: 4.95

Description

The Transition Research group currently host their pattern language in the cloud here:
http://patterns.transitionresearchnetwork.org/

(Chris has done a re-direct for this already)

They are keen to move the whole site and WAGN system onto TN servers.

Please investigate and let me know what it will take to sort hosting this out.

Attachments

penguin-2013-09-19_memory-week.png (47.6 KB) - added by chris 3 years ago.
Penguin RAM by Week 2013-09-19

Change History

comment:1 follow-up: ↓ 2 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 0.0 to 0.25

This would take a few hours work, Phusion Passenger and Nginx on wiki:PenguinServer is a possibility, these are the docs I have looked at:

Or we could start by simply using Ngnix as a reverse proxy to the Rails' built-in webserver, Webrick -- this would be quicker to set up and as long as the site doesn't get a huge amount of traffic would probably be fine -- we could always switch to Phusion Passenger at a later date.

One (non-urgent) thought I have had is that transition.ac.uk or trn.ac.uk would be nice and short domain names for the TRN, but they would have to have a legal identity to get a .ac.uk domain name so it might be a non-starter.

Changed 3 years ago by chris

Penguin RAM by Week 2013-09-19

comment:2 in reply to: ↑ 1 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 0.25 to 0.5

Replying to chris:

we could start by simply using Ngnix as a reverse proxy to the Rails' built-in webserver, Webrick -- this would be quicker to set up and as long as the site doesn't get a huge amount of traffic would probably be fine -- we could always switch to Phusion Passenger at a later date.

Agreed with Ed at a meeting earlier this week that the above approach makes sense, Penguin also now has an extra 1GB of RAM so it should be fine running a Webrick server, see:

Penguin RAM by Week 2013-09-19

It might be worth upgrading Penguin to Wheezy before doing the install.

will no longer strongly support Ruby 1.8.7 after Wagn 2.0

http://wagn.org/installation

Squeeze comes with Ruby 1.8.7 http://packages.debian.org/squeeze/ruby1.8 or 1.9.1 http://packages.debian.org/squeeze/ruby1.9.1 and so does Wheezy so upgrading to Wheezy isn't a requirement at this stage.

There is a list of required Debian packages here:

I estimate that setting up Wagen via Webbrick and a nginx reverse proxy should take less than an hour and if I have access to the existing server then copying the current site across should take less than an hour and then an hour documenting everything on the wiki -- 3 hours should be a safe maximum estimate.

comment:3 Changed 3 years ago by chris

  • Summary changed from Investigate hosting Transition Research patterns website to Investigate hosting Transition Research patterns Wagn website

comment:4 Changed 3 years ago by ed

Have emailed Tom researcher and asked - awaiting his go ahead

comment:5 Changed 3 years ago by ed

Tom has approved the move, and 3-4 hours of time, so Chris I suggest you do this in September when things are back to operational again?

comment:6 Changed 3 years ago by ed

  • Summary changed from Investigate hosting Transition Research patterns Wagn website to Move Transition Research patterns Wagn website onto Penguin

Tom's re-approved it - Chris please crack on

comment:7 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 1.0
  • Total Hours changed from 0.5 to 1.5

Installing the packages needed from the list here http://wagn.org/Installation+Ubuntu_Lucid?view=open

aptitude install ruby1.9.1 ruby1.9.1-dev rubygems git-core imagemagick libmagick9-dev
Note: selecting "libmagickwand-dev" instead of the
      virtual package "libmagick9-dev"
The following NEW packages will be installed:
  autopoint{a} autotools-dev{a} binutils{a} build-essential{a} cpp{a} cpp-4.4{a} debhelper{a} dpkg-dev{a} exiv2{a} fakeroot{a} g++{a} g++-4.4{a} gcc{a} 
  gcc-4.4{a} gettext{a} gettext-base{a} ghostscript{a} git-core gsfonts{a} hicolor-icon-theme{a} html2text{a} imagemagick intltool-debian{a} 
  libalgorithm-diff-perl{a} libalgorithm-diff-xs-perl{a} libalgorithm-merge-perl{a} libatk1.0-0{a} libatk1.0-data{a} libatk1.0-dev{a} 
  libavahi-client3{a} libavahi-common-data{a} libavahi-common3{a} libbz2-dev{a} libc-dev-bin{a} libc6-dev{a} libcairo2-dev{ab} libcdt4{a} libcgraph5{a} 
  libcroco3{a} libcups2{a} libcupsimage2{a} libdjvulibre-dev{a} libdjvulibre-text{a} libdjvulibre21{a} libdpkg-perl{a} libexif-dev{a} libexif12{a} 
  libexiv2-9{a} libexpat1-dev{a} libffi5{a} libfontconfig1-dev{a} libfreetype6-dev{a} libglib2.0-dev{a} libgmp3c2{a} libgomp1{a} libgraph4{a} 
  libgraphviz-dev{a} libgs8{a} libgsf-1-114{a} libgsf-1-common{a} libgtk2.0-0{a} libgtk2.0-bin{a} libgtk2.0-common{a} libgtk2.0-dev{a} libgvc5{a} 
  libgvpr1{a} libice-dev{a} libice6{a} libilmbase-dev{a} libilmbase6{a} libjasper-dev{a} libjasper1{a} libjbig2dec0{a} libjpeg62-dev{a} liblcms1-dev{a} 
  liblqr-1-0{a} liblqr-1-0-dev{a} libltdl-dev{a} libltdl7{a} libmagickcore-dev{a} libmagickcore3{a} libmagickcore3-extra{a} libmagickwand-dev 
  libmagickwand3{a} libmail-sendmail-perl{a} libmpfr4{a} libnetpbm10{a} libopenexr-dev{a} libopenexr6{a} libpango1.0-dev{a} libpathplan4{a} 
  libpixman-1-dev{ab} libpng12-dev{a} libpthread-stubs0{a} libpthread-stubs0-dev{a} libreadline5{a} librsvg2-2{a} librsvg2-dev{a} libruby1.8{a} 
  libruby1.9.1{a} libsm-dev{a} libsm6{a} libstdc++6-4.4-dev{a} libsys-hostname-long-perl{a} libtiff4{a} libtiff4-dev{a} libtiffxx0c2{a} libtool{a} 
  libunistring0{a} libwmf-dev{a} libwmf0.2-7{a} libx11-dev{a} libxau-dev{a} libxcb-render-util0{a} libxcb-render-util0-dev{a} libxcb-render0-dev{a} 
  libxcb1-dev{a} libxcomposite-dev{a} libxcomposite1{a} libxcursor-dev{a} libxcursor1{a} libxdamage-dev{a} libxdamage1{a} libxdmcp-dev{a} libxdot4{a} 
  libxext-dev{a} libxfixes-dev{a} libxfixes3{a} libxft-dev{a} libxi-dev{a} libxi6{a} libxinerama-dev{a} libxinerama1{a} libxml2-dev{a} libxrandr-dev{a} 
  libxrandr2{a} libxrender-dev{a} libxt-dev{a} libxt6{a} libyaml-0-2{a} linux-libc-dev{a} make{a} manpages-dev{a} netpbm{a} ocaml-base-nox{a} 
  pkg-config{a} po-debconf{a} ruby1.8{a} ruby1.8-dev{a} ruby1.9.1 ruby1.9.1-dev rubygems rubygems1.8{a} ufraw-batch{a} x11proto-composite-dev{a} 
  x11proto-core-dev{a} x11proto-damage-dev{a} x11proto-fixes-dev{a} x11proto-input-dev{a} x11proto-kb-dev{a} x11proto-randr-dev{a} 
  x11proto-render-dev{a} x11proto-xext-dev{a} x11proto-xinerama-dev{a} xtrans-dev{a} zlib1g-dev{a} 
0 packages upgraded, 166 newly installed, 0 to remove and 0 not upgraded.
Need to get 93.9 MB of archives. After unpacking 282 MB will be used.
The following packages have unmet dependencies:
  libpixman-1-dev: Depends: libpixman-1-0 (= 0.16.4-1) but 0.24.0-1~bpo60+1 is installed.
  libcairo2-dev: Depends: libcairo2 (= 1.8.10-6) but 1.10.2-7~bpo60+1 is installed.
The following actions will resolve these dependencies:

     Keep the following packages at their current version:
1)     libcairo2-dev [Not Installed]                      
2)     libgtk2.0-dev [Not Installed]                      
3)     libmagickcore-dev [Not Installed]                  
4)     libmagickwand-dev [Not Installed]                  
5)     libpango1.0-dev [Not Installed]                    
6)     libpixman-1-dev [Not Installed]                    
7)     librsvg2-dev [Not Installed]   

Accept this solution? [Y/n/q/?] q         

So, these are the packages from backports which are installed:

dpkg -l  |awk '/^ii/ && $3 ~ /bpo[456]0/ {print $2}'
gawk
geoip-database
libcairo2
libgeoip1
liblog-dispatch-perl
libnet-server-perl
libpixman-1-0
liburi-perl
libxfont1
munin
munin-common
munin-doc
munin-node
munin-plugins-core
munin-plugins-extra
python-babel
trac
x11-common

So we could upgrade to Wheezy at this stage or install from backports... installing the libpixman-1-dev and libcairo2-dev packages from backports:

aptitude -t squeeze-backports install libpixman-1-dev libcairo2-dev
The following NEW packages will be installed:
  binutils{a} cpp{a} cpp-4.4{a} gcc{a} gcc-4.4{a} libc-dev-bin{a} libc6-dev{a} libcairo-gobject2{a} libcairo-script-interpreter2{a} libcairo2-dev 
  libexpat1-dev{a} libfontconfig1-dev{a} libfreetype6-dev{a} libglib2.0-dev{a} libgmp3c2{a} libgomp1{a} libice-dev{a} libice6{a} libmpfr4{a} 
  libpixman-1-dev libpng12-dev{a} libpthread-stubs0{a} libpthread-stubs0-dev{a} libsm-dev{a} libsm6{a} libx11-dev{a} libxau-dev{a} 
  libxcb-render0-dev{a} libxcb-shm0-dev{a} libxcb1-dev{a} libxdmcp-dev{a} libxrender-dev{a} linux-libc-dev{a} manpages-dev{a} pkg-config{a} 
  x11proto-core-dev{a} x11proto-input-dev{a} x11proto-kb-dev{a} x11proto-render-dev{a} xorg-sgml-doctools{a} xtrans-dev{a} zlib1g-dev{a} 
0 packages upgraded, 42 newly installed, 0 to remove and 16 not upgraded.
Need to get 27.5 MB of archives. After unpacking 77.3 MB will be used.
Do you want to continue? [Y/n/?]Y

Rerunning the original list of packages to install:

aptitude install ruby1.9.1 ruby1.9.1-dev rubygems git-core imagemagick libmagick9-dev

Note: selecting "libmagickwand-dev" instead of the
      virtual package "libmagick9-dev"
The following NEW packages will be installed:
  autopoint{a} autotools-dev{a} build-essential{a} debhelper{a} dpkg-dev{a} exiv2{a} fakeroot{a} g++{a} g++-4.4{a} gettext{a} gettext-base{a} 
  ghostscript{a} git-core gsfonts{a} hicolor-icon-theme{a} html2text{a} imagemagick intltool-debian{a} libalgorithm-diff-perl{a} 
  libalgorithm-diff-xs-perl{a} libalgorithm-merge-perl{a} libatk1.0-0{a} libatk1.0-data{a} libatk1.0-dev{a} libavahi-client3{a} libavahi-common-data{a} 
  libavahi-common3{a} libbz2-dev{a} libcdt4{a} libcgraph5{a} libcroco3{a} libcups2{a} libcupsimage2{a} libdjvulibre-dev{a} libdjvulibre-text{a} 
  libdjvulibre21{a} libdpkg-perl{a} libexif-dev{a} libexif12{a} libexiv2-9{a} libffi5{a} libgraph4{a} libgraphviz-dev{a} libgs8{a} libgsf-1-114{a} 
  libgsf-1-common{a} libgtk2.0-0{a} libgtk2.0-bin{a} libgtk2.0-common{a} libgtk2.0-dev{a} libgvc5{a} libgvpr1{a} libilmbase-dev{a} libilmbase6{a} 
  libjasper-dev{a} libjasper1{a} libjbig2dec0{a} libjpeg62-dev{a} liblcms1-dev{a} liblqr-1-0{a} liblqr-1-0-dev{a} libltdl-dev{a} libltdl7{a} 
  libmagickcore-dev{a} libmagickcore3{a} libmagickcore3-extra{a} libmagickwand-dev libmagickwand3{a} libmail-sendmail-perl{a} libnetpbm10{a} 
  libopenexr-dev{a} libopenexr6{a} libpango1.0-dev{a} libpathplan4{a} libreadline5{a} librsvg2-2{a} librsvg2-dev{a} libruby1.8{a} libruby1.9.1{a} 
  libstdc++6-4.4-dev{a} libsys-hostname-long-perl{a} libtiff4{a} libtiff4-dev{a} libtiffxx0c2{a} libtool{a} libunistring0{a} libwmf-dev{a} 
  libwmf0.2-7{a} libxcomposite-dev{a} libxcomposite1{a} libxcursor-dev{a} libxcursor1{a} libxdamage-dev{a} libxdamage1{a} libxdot4{a} libxext-dev{a} 
  libxfixes-dev{a} libxfixes3{a} libxft-dev{a} libxi-dev{a} libxi6{a} libxinerama-dev{a} libxinerama1{a} libxml2-dev{a} libxrandr-dev{a} libxrandr2{a} 
  libxt-dev{a} libxt6{a} libyaml-0-2{a} make{a} netpbm{a} ocaml-base-nox{a} po-debconf{a} ruby1.8{a} ruby1.8-dev{a} ruby1.9.1 ruby1.9.1-dev rubygems 
  rubygems1.8{a} ufraw-batch{a} x11proto-composite-dev{a} x11proto-damage-dev{a} x11proto-fixes-dev{a} x11proto-randr-dev{a} x11proto-xext-dev{a} 
  x11proto-xinerama-dev{a} 
0 packages upgraded, 126 newly installed, 0 to remove and 0 not upgraded.
Need to get 68.6 MB of archives. After unpacking 209 MB will be used.
Do you want to continue? [Y/n/?] Y

Also:

aptitude install libmysql-ruby libmysqlclient-dev

And:

gem install rubygems-update
Successfully installed rubygems-update-2.1.5
1 gem installed
Installing ri documentation for rubygems-update-2.1.5...
Installing RDoc documentation for rubygems-update-2.1.5...

And:

/var/lib/gems/1.8/bin/update_rubygems
RubyGems 2.1.5 installed
Installing ri documentation for rubygems-2.1.5

...

------------------------------------------------------------------------------

RubyGems installed the following executables:
        /usr/bin/gem1.8

Ruby Interactive (ri) documentation was installed. ri is kind of like man 
pages for ruby libraries. You may access it like this:
  ri Classname
  ri Classname.class_method
  ri Classname#instance_method
If you do not wish to install this documentation in the future, use the
--no-document flag, or set it as the default in your ~/.gemrc file. See
'gem help env' for details.

Next:

Fetching: bundler-1.3.5.gem (100%)
Successfully installed bundler-1.3.5
Installing ri documentation for bundler-1.3.5
/usr/lib/ruby/1.8/rdoc/rdoc.rb:280: warning: conflicting chdir during another chdir block
/usr/lib/ruby/1.8/rdoc/rdoc.rb:287: warning: conflicting chdir during another chdir block
Done installing documentation for bundler after 13 seconds
1 gem installed

I'm not sure if the implications, if any, of these warnings.

Next onto the http://wagn.org/installation steps.

cd /web
git clone https://github.com/wagn/wagn.git
Cloning into wagn...
remote: Counting objects: 73397, done.
remote: Compressing objects: 100% (19645/19645), done.
remote: Total 73397 (delta 54419), reused 71551 (delta 52743)
Receiving objects: 100% (73397/73397), 28.23 MiB | 2.44 MiB/s, done.
Resolving deltas: 100% (54419/54419), done.
cd /web/wagn
bundle install --without postgres:memcache:test:debug:development:assets

Fetching gem metadata from http://rubygems.org/.........
Fetching gem metadata from http://rubygems.org/..
Resolving dependencies...
Installing rake (10.1.0) 
Installing i18n (0.6.5) 
Installing multi_json (1.8.0) 
Installing activesupport (3.2.14) 
Installing builder (3.0.4) 
Installing activemodel (3.2.14) 
Installing erubis (2.7.0) 
Installing journey (1.0.4) 
Installing rack (1.4.5) 
Installing rack-cache (1.2) 
Installing rack-test (0.6.2) 
Installing hike (1.2.3) 
Installing tilt (1.4.1) 
Installing sprockets (2.2.2) 
Installing actionpack (3.2.14) 
Installing mime-types (1.25) 
Installing polyglot (0.3.3) 
Installing treetop (1.4.15) 
Installing mail (2.5.4) 
Installing actionmailer (3.2.14) 
Installing arel (3.0.2) 
Installing tzinfo (0.3.37) 
Installing activerecord (3.2.14) 
Installing activeresource (3.2.14) 
Installing json (1.8.0) 
Installing airbrake (3.1.14) 
Using bundler (1.3.5) 
Installing climate_control (0.0.3) 
Installing cocaine (0.5.2) 
Installing coderay (1.1.0) 
Installing htmlentities (4.3.1) 
Installing systemu (2.5.2) 
Installing macaddr (1.6.1) 
Installing mysql2 (0.3.13) 
Installing paperclip (2.8.0) 
Installing rack-ssl (1.3.3) 
Installing rdoc (3.12.2) 
Installing thor (0.18.1) 
Installing railties (3.2.14) 
Installing rails (3.2.14) 
Installing recaptcha (0.3.5) 
Installing rmagick (2.13.2) 
Installing ruby-prof (0.12.2) 
Installing rubyzip (0.9.9) 
Installing sass (3.2.11) 
Installing smartname (0.2.3) 
Installing uuid (2.3.7) 
Installing xmlscan (0.3.0) 
Your bundle is complete!
Gems in the groups postgres, memcache, test, debug, development and assets were not installed.
Use `bundle show [gemname]` to see where a bundled gem is installed.
Post-install message from rdoc:
Depending on your version of ruby, you may need to install ruby rdoc/ri data:

<= 1.8.6 : unsupported
 = 1.8.7 : gem install rdoc-data; rdoc-data --install
 = 1.9.1 : gem install rdoc-data; rdoc-data --install
>= 1.9.2 : nothing to do! Yay!

Then:

bundle exec rake wagn:install
cp /web/wagn/config/samples/wagn.yml /web/wagn/config

Then a database was created:

mysql> CREATE DATABASE wagn;
mysql> GRANT USAGE ON *.* TO wagn@localhost IDENTIFIED BY 'XXXXXX';
mysql> GRANT ALL PRIVILEGES ON wagn.* TO wagn@localhost;
mysql> FLUSH PRIVILEGES;

Then /web/wagn/config/database.yml was edited:

production:
  database: wagn
  adapter: mysql2
  username: wagn
  password: XXXXXX
  pool: 5
  encoding: utf8
  host: localhost
#  socket: /tmp/mysql.sock

Then:

bundle exec rake wagn:create
dropping
creating
loading schema
-- create_table("card_references", {:force=>true})
   -> 0.1018s
-- add_index("card_references", ["referee_id"], {:name=>"wiki_references_referenced_card_id"})
   -> 0.1018s
-- add_index("card_references", ["referee_key"], {:name=>"wiki_references_referenced_name"})
   -> 0.0103s
-- add_index("card_references", ["referer_id"], {:name=>"wiki_references_card_id"})
   -> 0.0124s
-- create_table("card_revisions", {:force=>true})
   -> 0.0059s
-- add_index("card_revisions", ["card_id"], {:name=>"revisions_card_id_index"})
   -> 0.0072s
-- add_index("card_revisions", ["creator_id"], {:name=>"revisions_created_by_index"})
   -> 0.0080s
-- create_table("cards", {:force=>true})
   -> 0.0062s
-- add_index("cards", ["key"], {:unique=>true, :name=>"cards_key_uniq"})
   -> 0.0079s
-- add_index("cards", ["left_id"], {:name=>"index_cards_on_trunk_id"})
   -> 0.0079s
-- add_index("cards", ["name"], {:name=>"cards_name_index"})
   -> 0.0081s
-- add_index("cards", ["read_rule_id"], {:name=>"index_cards_on_read_rule_id"})
   -> 0.0272s
-- add_index("cards", ["right_id"], {:name=>"index_cards_on_tag_id"})
   -> 0.0161s
-- add_index("cards", ["type_id"], {:name=>"card_type_index"})
   -> 0.0176s
-- create_table("schema_migrations_cards", {:force=>true, :id=>false})
   -> 0.0144s
-- add_index("schema_migrations_cards", ["version"], {:unique=>true, :name=>"unique_schema_migrations_cards"})
   -> 0.0092s
-- create_table("sessions", {:force=>true})
   -> 0.0063s
-- add_index("sessions", ["session_id"], {:name=>"sessions_session_id_index"})
   -> 0.0079s
-- create_table("users", {:force=>true})
   -> 0.0064s
-- initialize_schema_migrations_table()
   -> 0.0124s
-- assume_migrated_upto_version(20130411210957, ["/web/wagn/db/migrate"])
   -> 0.0059s
-- assume_migrated_upto_version("20130927191728", ["/web/wagn/db/migrate_cards"])
   -> 0.0056s
loading bootstrap
bootstrap load starting

The command for running the server:

env STATIC_ASSETS=true bundle exec rails server

Before that was run a wagn user was created and the files were chowned:

adduser --home /web/wagn --disabled-login wagn
chown -R wagn:wagn /web/wagn/

Then the /usr/local/bin/su-trac script was copied to su-wagn, it contains:

#!/bin/bash

su - wagn -s /bin/bash

So to start the server:

su-wagn
env STATIC_ASSETS=true bundle exec rails server
=> Booting WEBrick
=> Rails 3.2.14 application starting in production on http://0.0.0.0:3000
=> Call with -d to detach
=> Ctrl-C to shutdown server
[2013-10-08 13:04:07] INFO  WEBrick 1.3.1
[2013-10-08 13:04:07] INFO  ruby 1.8.7 (2010-08-16) [x86_64-linux]
[2013-10-08 13:04:07] INFO  WEBrick::HTTPServer#start: pid=19565 port=3000

And test it:

lynx http://localhost:3000/

And it works, so, the next steps are:

  1. Sort out a firewall so people can't connect directly to wagn sites on port 3000 / make webbrick only listen on localhost
  2. Sort out a Nginx reverse proxy and http auth to start with

comment:8 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.75
  • Total Hours changed from 1.5 to 2.25

To set it to only listen to localhost:

env STATIC_ASSETS=true bundle exec rails server --binding=127.0.0.1 

To make it run and detach from the shell:

env STATIC_ASSETS=true bundle exec rails server --binding=127.0.0.1 -d
=> Booting WEBrick
=> Rails 3.2.14 application starting in production on http://127.0.0.1:3000

Scripts in /web/wagn/bin were created for starting and stopping the server, wagn-start:

#!/bin/bash

env STATIC_ASSETS=true bundle exec rails server --binding=127.0.0.1

And wagn-stop:

#!/bin/bash

kill -INT $(cat /web/wagn/tmp/pids/server.pid)

Create a htauth passwd:

cd /web/wagn/
/web/tech.transitionnetwork.org/bin/htpasswd -cs .htpasswd wagn

Create /etc/nginx/sites-available/wagn initially HTTPS only:

# wagn.transitionnetwork.org
# virtual server
# http://nginx.org/en/docs/http/ngx_http_core_module.html#server
server {

        # listen for ipv4
        # http://nginx.org/en/docs/http/ngx_http_core_module.html#listen
        #listen   8000; 
        listen   80;

        # server name and server aliases        
        # http://nginx.org/en/docs/http/ngx_http_core_module.html#server_name 
        server_name wagn.transitionnetwork.org wagn.transitionresearchnetwork.org wagn.penguin.webarch.net;

        # logs, error log levels: info | notice | warn | error | crit | alert 
        # http://nginx.org/en/docs/http/ngx_http_log_module.html#access_log
        # http://nginx.org/en/docs/ngx_core_module.html#error_log
        access_log  /var/log/nginx/wagn.access.log;
        error_log   /var/log/nginx/wagn.error.log   crit;

        # Redirect to HTTPS
        location / {
                #rewrite ^/(.*)$ https://tech.transitionnetwork.org:4430/$1 permanent;
                rewrite ^/(.*)$ https://$server_name/$1 permanent;
        }

}

# HTTPS server
#
server {
        #listen   4430;
        listen   443;
        server_name wagn.transitionnetwork.org wagn.transitionresearchnetwork.org wagn.penguin.webarch.net;
        access_log  /var/log/nginx/wagn.ssl_access.log;
        error_log   /var/log/nginx/wagn.ssl_error.log crit;

        ssl  on;
        ssl_certificate  /etc/ssl/transitionnetwork.org/transitionnetwork.org.chained.pem;
        ssl_certificate_key  /etc/ssl/transitionnetwork.org/transitionnetwork.org.key;
        #ssl_protocols  SSLv3 TLSv1 TLSv1.1 TLSv1.2;
        #ssl_ciphers  RC4-SHA:HIGH:!ADH:!SSLv2:!aNULL;
        ssl_protocols  SSLv3 TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers  RC4:HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers   on;

        # http://wiki.nginx.org/LikeApache 
        location / {
                satisfy any;
                deny all;
                # http://nginx.org/en/docs/http/ngx_http_auth_basic_module.html
                auth_basic "Private Area";
                auth_basic_user_file /web/wagn/.htpasswd;

                proxy_set_header X-Forwarded-Host $host;
                proxy_set_header X-Forwarded-Server $host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_pass http://localhost:3000/;
        }

}

Enable the site and restart nginx and the site is available here:

https://wagn.transitionnetwork.org/

I'll send a email to the ttech list with login info etc.

comment:9 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 1.0
  • Total Hours changed from 2.25 to 3.25

An archive from the existing site was uploaded to the server and first the database was imported, following http://wagn.org/Upgrading?view=open and then the files were rsynced across:

cat db | mysql wagn
cd /web/wagn
rake wagn:reset_cache
rake wagn:migrate
 migrating structure
 migrating cards
rm -rf tmp/cache/
rsync -av source/ /web/wagn/local/files/

And now the site appears to all be there, we just need to sort out what we are going to do regarding HTTPS logins.

comment:10 Changed 3 years ago by chris

  • Component changed from Unassigned to Wagn

comment:11 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.75
  • Total Hours changed from 3.25 to 4.0

Add ~/bin/ to the path:

echo "export PATH=$PATH:/web/wagn/bin" >> ~/.bash_profile

I have started to document the site on the wiki, wiki:TransitionResearchWagn

Generate a CSR for the HTTPS cert:

sudo -i
cd /etc/ssl/
mkdir wagn
cd wagn/
 openssl req -nodes -newkey rsa:2048 -keyout wagn.key -out wagn.csr
Generating a 2048 bit RSA private key
......................+++
.............................+++
writing new private key to 'wagn.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:patterns.transitionresearchnetwork.org
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Now waiting for this to be approved.

I have amended the Nginx config so that requests starting with /account are redirected to HTTPS and also to keep people who access the site using HTTPS I have aded a STS header, so this is the current config (this will need updating when the cert is added):

# http://nginx.org/en/docs/http/ngx_http_core_module.html#server
server {

        # listen for ipv4
        # http://nginx.org/en/docs/http/ngx_http_core_module.html#listen
        #listen   8000; 
        listen   80;

        # server name and server aliases        
        # http://nginx.org/en/docs/http/ngx_http_core_module.html#server_name 
        server_name patterns.transitionresearchnetwork.org www.patterns.transitionresearchnetwork.org wagn.transitionnetwork.org wagn.transitionresearchnetwork.org wagn.penguin.webarch.net; 

        # logs, error log levels: info | notice | warn | error | crit | alert 
        # http://nginx.org/en/docs/http/ngx_http_log_module.html#access_log
        # http://nginx.org/en/docs/ngx_core_module.html#error_log
        access_log  /var/log/nginx/wagn.access.log;
        error_log   /var/log/nginx/wagn.error.log   crit;

        # Redirect logins to HTTPS
        location /account {
                rewrite  ^/account(.*)$ https://$server_name/account$1 permanent;
        }

        # http://wiki.nginx.org/LikeApache 
        location / {
                #satisfy any;
                #deny all;
                # http://nginx.org/en/docs/http/ngx_http_auth_basic_module.html
                #auth_basic "Private Area";
                #auth_basic_user_file /web/wagn/.htpasswd;

                proxy_set_header X-Forwarded-Host $host;
                proxy_set_header X-Forwarded-Server $host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_pass http://localhost:3000/;
        }


}

# HTTPS server
#
server {
        #listen   4430;
        listen   443;
        server_name patterns.transitionresearchnetwork.org www.patterns.transitionresearchnetwork.org wagn.transitionnetwork.org wagn.transitionresearchnetwork.org wagn.penguin.webarch.net;
        access_log  /var/log/nginx/wagn.ssl_access.log;
        error_log   /var/log/nginx/wagn.ssl_error.log crit;

        ssl  on;
        ssl_certificate  /etc/ssl/transitionnetwork.org/transitionnetwork.org.chained.pem;
        ssl_certificate_key  /etc/ssl/transitionnetwork.org/transitionnetwork.org.key;
        #ssl_protocols  SSLv3 TLSv1 TLSv1.1 TLSv1.2;
        #ssl_ciphers  RC4-SHA:HIGH:!ADH:!SSLv2:!aNULL;
        ssl_protocols  SSLv3 TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers  RC4:HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers   on;

        # http://wiki.nginx.org/LikeApache 
        location / {
                #satisfy any;
                #deny all;
                # http://nginx.org/en/docs/http/ngx_http_auth_basic_module.html
                #auth_basic "Private Area";
                #auth_basic_user_file /web/wagn/.htpasswd;

                # STS https://en.wikipedia.org/wiki/Strict_Transport_Security
                add_header Strict-Transport-Security max-age=31536000;

                proxy_set_header X-Forwarded-Host $host;
                proxy_set_header X-Forwarded-Server $host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_pass http://localhost:3000/;
        }

}

comment:12 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.35
  • Total Hours changed from 4.0 to 4.35

Sorting out the cert, which was saved at /etc/ssl/wagn/wagn.pem and following the notes from ticket:475#comment:4

wget http://crt.gandi.net/GandiStandardSSLCA.crt -O GandiStandardSSLCA.crt
openssl x509 -inform DER -in GandiStandardSSLCA.crt -out GandiStandardSSLCA.pem
cat wagn.pem >> wagn.chained.pem
cat GandiStandardSSLCA.pem >> wagn.chained.pem

Edit the Nginx config:

        #ssl_certificate  /etc/ssl/transitionnetwork.org/transitionnetwork.org.chained.pem;
        #ssl_certificate_key  /etc/ssl/transitionnetwork.org/transitionnetwork.org.key;
        ssl_certificate  /etc/ssl/wagn/wagn.chained.pem;
        ssl_certificate_key  /etc/ssl/wagn/wagn.key;

Edit the domain zone file to:

@ 10800 IN A 199.34.228.100
patterns 10800 IN A 81.95.52.111
www.patterns 10800 IN A 81.95.52.111
www 10800 IN A 199.34.228.100

From:

@ 10800 IN A 199.34.228.100
wagn 10800 IN A 81.95.52.111
www 10800 IN A 199.34.228.100
patterns 10800 IN CNAME patterns.transitionresearchnetwork.org.230.cldstr.com.

Now need to wait for it to propagate and then check.

comment:13 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.1
  • Total Hours changed from 4.35 to 4.45

The DNS has updated and the site is now live on PenguinServer, https://patterns.transitionresearchnetwork.org/

The wiki page wiki:TransitionResearchWagn has been updated and I think this ticket is probably ready to be closed.

comment:14 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 4.45 to 4.7

To ensure that the WEBrick server starts after the server is rebooted I found the crontab we set up for trac on ticket:470#comment:30 and added that to the documentation for trac, wiki:PenguinServer#tech.transitionnetwork.org and set the same thing up for the wagn user:

# start wagn after a server reboot
@reboot /web/wagn/bin/wagn-start

And documented it wiki:TransitionResearchWagn#TransitionResearchPatterns

comment:15 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 4.7 to 4.95

The redirects to HTTPS for account Sign in and Sign up were not working, they have been fixed by changing the Nginx config and adding ^~ to the location for /account see http://wiki.nginx.org/NginxHttpCoreModule#location

        # Redirect logins to HTTPS
        location ^~ /account {
                rewrite  ^(.*)$ https://$server_name$1 permanent;
        }

        # http://wiki.nginx.org/LikeApache 
        location / {
                proxy_set_header X-Forwarded-Host $host;
                proxy_set_header X-Forwarded-Server $host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_pass http://localhost:3000/;
        }
Last edited 3 years ago by chris (previous) (diff)

comment:16 Changed 3 years ago by ed

  • Milestone changed from Maintenance to Production

comment:17 Changed 3 years ago by chris

  • Status changed from new to closed
  • Resolution set to fixed

There have been no reported issues with the https://patterns.transitionresearchnetwork.org/ site so this ticket looks like it is safe to close.

Note: See TracTickets for help on using tickets.