Ticket #853 (new defect)

Opened 18 months ago

Last modified 18 months ago

Parrot access please

Reported by: sam Owned by: chris
Priority: major Milestone: Maintenance
Component: Parrot server Keywords:
Cc: ade Estimated Number of Hours: 0.0
Add Hours to Ticket: 0 Billable?: yes
Total Hours: 0.85

Description

Hi Chris

Ade & I were going to have a play around with making a proof of concept Wordpress microsite on Parrot.

Could you add me as a SSH user using the SSH keys associated with my sam@… account so I can follow the instructions here: /trac/wiki/ParrotServer#AddingaNewWordPressSite

Or if you'd rather not do that, just spin up a site titled 'conference15' with a user 'conference15' and my TN email as the admin email.

Thanks

Sam

Change History

comment:1 Changed 18 months ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.65
  • Total Hours changed from 0.0 to 0.65

I have added a sam account on ParrotServer and given you password-less sudo, regarding setting up a new WordPress site, I thought that the gpg private key for the root user might have expired and that this would cause the account creation script to fail to send out a email, so I though I'd best create the account to see if this was the case and so I could work around it, but this doesn't seem to be the case, the site has been created:

I have added a dns entry for conference15.transitionnetwork.org (or would a shorter conf15.transitionnetwork.org be better?) so the site can use the *.transitionnetwork.org wildcard SSL/TLS cert.

Running the account creation script it failed here:

Error: YIKES! It looks like you're running this as root. You probably meant to run this as the user that your WordPress install exists under.

If you REALLY mean to run this as root, we won't stop you, but just bear in mind that any code on this site will then have full control of your server, making it quite DANGEROUS.

If you'd like to continue as root, please run this again, adding this flag:  --allow-root

If you'd like to run it as the user that this site is under, you can run the following to become the respective user:

    sudo -u USER -i -- wp ...

So it needed --allow-root adding to /usr/local/webarch/lib/func.sh, the conference15 user was deleted and the curses-create-user script was re-run and then /root/webarch/accounts/sites.txt was edited to add additional domain names:

conference15 default conference15.parrot.webarch.net conference15.transitionnetwork.org,www.conference15.transitionnetwork.org,conference15.parrot.transitionnetwork.org,www.conference15.parrot.transitionnetwork.org

Then the Apache config was rebuilt by running buildapache conference15, the cert and key were switched to use the *.transitionnetwork.org wildcard one (after it was copied from PenguinServer):

cd /etc/ssl/wsh/
rm conference15.parrot.webarch.net-cert.pem ; ln -s ../transitionnetwork.org/transitionnetwork.org.crt conference15.parrot.webarch.net-cert.pem
rm conference15.parrot.webarch.net-key.pem ; ln -s ../transitionnetwork.org/transitionnetwork.org.key conference15.parrot.webarch.net-key.pem
rm conference15.parrot.webarch.net-root.pem ; ln -s ../transitionnetwork.org/gandi.pem conference15.parrot.webarch.net-root.pem

Then change the site URL in the MySQL database:

su - conference15 -s /bin/bash
cd sites/default/
wp search-replace "conference15.parrot.webarch.net" "conference15.transitionnetwork.org"
  +------------------+-----------------------+--------------+------+
  | Table            | Column                | Replacements | Type |
  +------------------+-----------------------+--------------+------+
  | wp_options       | option_value          | 3            | PHP  |
  | wp_posts         | post_content          | 1            | SQL  |
  | wp_posts         | guid                  | 2            | SQL  |
  +------------------+-----------------------+--------------+------+
  Success: Made 6 replacements.
wp search-replace "http://conference15.transitionnetwork.org" "https://conference15.transitionnetwork.org"
  +------------------+-----------------------+--------------+------+
  | Table            | Column                | Replacements | Type |
  +------------------+-----------------------+--------------+------+
  | wp_options       | option_value          | 2            | PHP  |
  | wp_posts         | post_content          | 1            | SQL  |
  | wp_posts         | guid                  | 2            | SQL  |
  +------------------+-----------------------+--------------+------+
  Success: Made 5 replacements.

I have updated the DNS so now it is simply a matter of waiting for that top propergate, then the site will be available here:

(If you get a "under construction page" then you are getting PuffinServer and the DNS hasn't updated for you yet).

comment:2 Changed 18 months ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.15
  • Total Hours changed from 0.65 to 0.8

I also created a .htaccess file and added these rules to ensure HTTPS is used:

# Redirect HTTP to HTTPS
# https://wiki.apache.org/httpd/RewriteHTTPToHTTPS
<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteCond %{HTTPS} !=on
  RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
</IfModule>
 
# STS Header
# https://stackoverflow.com/questions/24144552/how-to-set-hsts-header-from-htaccess-only-on-https
Header set Strict-Transport-Security "max-age=31536000" env=HTTPS

The above taken from https://docs.webarch.net/wiki/HTAccess#Enforcing_HTTPS

Let me know if you want PiwikServer stats for this site and I'll create an account for it and add the WordPress Piwik plugin, https://wordpress.org/plugins/wp-piwik/

Last edited 18 months ago by chris (previous) (diff)

comment:3 Changed 18 months ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.05
  • Total Hours changed from 0.8 to 0.85

Note that the Gandi DNS servers have still to update:

dig @A.DNS.GANDI.NET conference15.transitionnetwork.org +short
  81.95.52.103

The IP address above should be 81.95.52.43, this is the current Gandi Zone file (omitting the Google site verification entries):

* 3600 IN A 81.95.52.103
*.newdev 3600 IN A 81.95.52.103
*.parrot 3600 IN A 81.95.52.43
2010.archive 3600 IN A 81.95.52.111
2011.archive 3600 IN A 81.95.52.111
@ 3600 IN A 81.95.52.103
conference15 3600 IN A 81.95.52.43
lists 3600 IN A 212.113.133.235
mail 3600 IN A 212.113.133.235
newdev 3600 IN A 81.95.52.103
parrot 3600 IN A 81.95.52.43
penguin 3600 IN A 81.95.52.111
power 3600 IN A 81.95.52.111
projects 3600 IN A 81.95.52.43
puffin 3600 IN A 81.95.52.103
redirects 3600 IN A 81.95.52.111
static 3600 IN A 81.95.52.111
stats 3600 IN A 81.95.52.111
tech 3600 IN A 81.95.52.111
totnes 3600 IN A 81.95.52.111
trac 3600 IN A 81.95.52.111
wagn 3600 IN A 81.95.52.111
wiki 3600 IN A 81.95.52.111
www 3600 IN A 81.95.52.103
www.penguin 3600 IN A 81.95.52.111
www.projects 3600 IN A 81.95.52.43
www.totnes 3600 IN A 81.95.52.111
www.wiki 3600 IN A 81.95.52.111
@ 3600 IN MX 5 alt1.aspmx.l.google.com.
@ 3600 IN MX 5 alt2.aspmx.l.google.com.
@ 3600 IN MX 1 aspmx.l.google.com.
@ 3600 IN MX 10 aspmx2.googlemail.com.
@ 3600 IN MX 10 aspmx3.googlemail.com.
tech 10800 IN MX 10 mx.webarch.net.

It should update soon...

Note: See TracTickets for help on using tickets.