http://localhost:8080/trac/ticket/853 <p> Hi Chris </p> <p> Ade &amp; I were going to have a play around with making a proof of concept Wordpress microsite on Parrot. </p> <p> Could you add me as a SSH user using the SSH keys associated with my sam@… account so I can follow the instructions here: <a class="ext-link" href="https://trac.transitionnetwork.org/trac/wiki/ParrotServer#AddingaNewWordPressSite"><span class="icon">​</span>https://trac.transitionnetwork.org/trac/wiki/ParrotServer#AddingaNewWordPressSite</a> </p> <p> Or if you'd rather not do that, just spin up a site titled 'conference15' with a user 'conference15' and my TN email as the admin email. </p> <p> Thanks </p> <p> Sam </p> en-us /trac/chrome/site/TransitionNetwork-Logo-Web-Small.jpg http://localhost:8080/trac/ticket/853 Trac 0.12.5 chris Wed, 20 May 2015 09:20:35 GMT http://localhost:8080/trac/ticket/853#comment:1 http://localhost:8080/trac/ticket/853#comment:1 <ul> <li><strong>hours</strong> changed from <em>0.0</em> to <em>0.65</em> </li> <li><strong>totalhours</strong> changed from <em>0.0</em> to <em>0.65</em> </li> </ul> <p> I have added a <tt>sam</tt> account on <a class="wiki" href="http://localhost:8080/trac/wiki/ParrotServer">ParrotServer</a> and given you password-less <tt>sudo</tt>, regarding setting up a new <a class="wiki" href="http://localhost:8080/trac/wiki/WordPress">WordPress</a> site, I thought that the <tt>gpg</tt> private key for the root user might have expired and that this would cause the account creation script to fail to send out a email, so I though I'd best create the account to see if this was the case and so I could work around it, but this doesn't seem to be the case, the site has been created: </p> <ul><li><a class="ext-link" href="http://conference15.parrot.transitionnetwork.org/"><span class="icon">​</span>http://conference15.parrot.transitionnetwork.org/</a> </li></ul><p> I have added a dns entry for <tt>conference15.transitionnetwork.org</tt> (or would a shorter <tt>conf15.transitionnetwork.org</tt> be better?) so the site can use the <tt>*.transitionnetwork.org</tt> wildcard SSL/TLS cert. </p> <p> Running the account creation script it failed here: </p> <pre class="wiki">Error: YIKES! It looks like you're running this as root. You probably meant to run this as the user that your WordPress install exists under. If you REALLY mean to run this as root, we won't stop you, but just bear in mind that any code on this site will then have full control of your server, making it quite DANGEROUS. If you'd like to continue as root, please run this again, adding this flag: --allow-root If you'd like to run it as the user that this site is under, you can run the following to become the respective user: sudo -u USER -i -- wp ... </pre><p> So it needed <tt>--allow-root</tt> adding to <tt>/usr/local/webarch/lib/func.sh</tt>, the <tt>conference15</tt> user was deleted and the <tt>curses-create-user</tt> script was re-run and then <tt>/root/webarch/accounts/sites.txt</tt> was edited to add additional domain names: </p> <pre class="wiki">conference15 default conference15.parrot.webarch.net conference15.transitionnetwork.org,www.conference15.transitionnetwork.org,conference15.parrot.transitionnetwork.org,www.conference15.parrot.transitionnetwork.org </pre><p> Then the Apache config was rebuilt by running <tt>buildapache conference15</tt>, the cert and key were switched to use the <tt>*.transitionnetwork.org</tt> wildcard one (after it was copied from <a class="wiki" href="http://localhost:8080/trac/wiki/PenguinServer">PenguinServer</a>): </p> <pre class="wiki">cd /etc/ssl/wsh/ rm conference15.parrot.webarch.net-cert.pem ; ln -s ../transitionnetwork.org/transitionnetwork.org.crt conference15.parrot.webarch.net-cert.pem rm conference15.parrot.webarch.net-key.pem ; ln -s ../transitionnetwork.org/transitionnetwork.org.key conference15.parrot.webarch.net-key.pem rm conference15.parrot.webarch.net-root.pem ; ln -s ../transitionnetwork.org/gandi.pem conference15.parrot.webarch.net-root.pem </pre><p> Then change the site URL in the MySQL database: </p> <pre class="wiki">su - conference15 -s /bin/bash cd sites/default/ wp search-replace "conference15.parrot.webarch.net" "conference15.transitionnetwork.org" +------------------+-----------------------+--------------+------+ | Table | Column | Replacements | Type | +------------------+-----------------------+--------------+------+ | wp_options | option_value | 3 | PHP | | wp_posts | post_content | 1 | SQL | | wp_posts | guid | 2 | SQL | +------------------+-----------------------+--------------+------+ Success: Made 6 replacements. wp search-replace "http://conference15.transitionnetwork.org" "https://conference15.transitionnetwork.org" +------------------+-----------------------+--------------+------+ | Table | Column | Replacements | Type | +------------------+-----------------------+--------------+------+ | wp_options | option_value | 2 | PHP | | wp_posts | post_content | 1 | SQL | | wp_posts | guid | 2 | SQL | +------------------+-----------------------+--------------+------+ Success: Made 5 replacements. </pre><p> I have updated the DNS so now it is simply a matter of waiting for that top propergate, then the site will be available here: </p> <ul><li><a class="ext-link" href="https://conference15.transitionnetwork.org/"><span class="icon">​</span>https://conference15.transitionnetwork.org/</a> </li></ul><p> (If you get a "under construction page" then you are getting <a class="wiki" href="http://localhost:8080/trac/wiki/PuffinServer">PuffinServer</a> and the DNS hasn't updated for you yet). </p> Ticket chris Wed, 20 May 2015 09:26:18 GMT http://localhost:8080/trac/ticket/853#comment:2 http://localhost:8080/trac/ticket/853#comment:2 <ul> <li><strong>hours</strong> changed from <em>0.0</em> to <em>0.15</em> </li> <li><strong>totalhours</strong> changed from <em>0.65</em> to <em>0.8</em> </li> </ul> <p> I also created a <tt>.htaccess</tt> file and added these rules to ensure HTTPS is used: </p> <pre class="wiki"># Redirect HTTP to HTTPS # https://wiki.apache.org/httpd/RewriteHTTPToHTTPS &lt;IfModule mod_rewrite.c&gt; RewriteEngine on RewriteCond %{HTTPS} !=on RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] &lt;/IfModule&gt; # STS Header # https://stackoverflow.com/questions/24144552/how-to-set-hsts-header-from-htaccess-only-on-https Header set Strict-Transport-Security "max-age=31536000" env=HTTPS </pre><p> The above taken from <a class="ext-link" href="https://docs.webarch.net/wiki/HTAccess#Enforcing_HTTPS"><span class="icon">​</span>https://docs.webarch.net/wiki/HTAccess#Enforcing_HTTPS</a> </p> <p> Let me know if you want <a class="wiki" href="http://localhost:8080/trac/wiki/PiwikServer">PiwikServer</a> stats for this site and I'll create an account for it and add the <a class="wiki" href="http://localhost:8080/trac/wiki/WordPress">WordPress</a> Piwik plugin, <a class="ext-link" href="https://wordpress.org/plugins/wp-piwik/"><span class="icon">​</span>https://wordpress.org/plugins/wp-piwik/</a> </p> Ticket chris Wed, 20 May 2015 09:31:36 GMT http://localhost:8080/trac/ticket/853#comment:3 http://localhost:8080/trac/ticket/853#comment:3 <ul> <li><strong>hours</strong> changed from <em>0.0</em> to <em>0.05</em> </li> <li><strong>totalhours</strong> changed from <em>0.8</em> to <em>0.85</em> </li> </ul> <p> Note that the Gandi DNS servers have still to update: </p> <pre class="wiki">dig @A.DNS.GANDI.NET conference15.transitionnetwork.org +short 81.95.52.103 </pre><p> The IP address above should be <tt>81.95.52.43</tt>, this is the current Gandi Zone file (omitting the Google site verification entries): </p> <pre class="wiki">* 3600 IN A 81.95.52.103 *.newdev 3600 IN A 81.95.52.103 *.parrot 3600 IN A 81.95.52.43 2010.archive 3600 IN A 81.95.52.111 2011.archive 3600 IN A 81.95.52.111 @ 3600 IN A 81.95.52.103 conference15 3600 IN A 81.95.52.43 lists 3600 IN A 212.113.133.235 mail 3600 IN A 212.113.133.235 newdev 3600 IN A 81.95.52.103 parrot 3600 IN A 81.95.52.43 penguin 3600 IN A 81.95.52.111 power 3600 IN A 81.95.52.111 projects 3600 IN A 81.95.52.43 puffin 3600 IN A 81.95.52.103 redirects 3600 IN A 81.95.52.111 static 3600 IN A 81.95.52.111 stats 3600 IN A 81.95.52.111 tech 3600 IN A 81.95.52.111 totnes 3600 IN A 81.95.52.111 trac 3600 IN A 81.95.52.111 wagn 3600 IN A 81.95.52.111 wiki 3600 IN A 81.95.52.111 www 3600 IN A 81.95.52.103 www.penguin 3600 IN A 81.95.52.111 www.projects 3600 IN A 81.95.52.43 www.totnes 3600 IN A 81.95.52.111 www.wiki 3600 IN A 81.95.52.111 @ 3600 IN MX 5 alt1.aspmx.l.google.com. @ 3600 IN MX 5 alt2.aspmx.l.google.com. @ 3600 IN MX 1 aspmx.l.google.com. @ 3600 IN MX 10 aspmx2.googlemail.com. @ 3600 IN MX 10 aspmx3.googlemail.com. tech 10800 IN MX 10 mx.webarch.net. </pre><p> It should update soon... </p> Ticket