wiki:ParrotServer

Version 11 (modified by chris, 4 years ago) (diff)

--

Parrot

parrot.webarch.net is a 1GB RAM Xen Debian Squeeze virtual server running Transition Network WordPress sites. It has the Webarch Secure Hosting scripts installed.

This server is due to be upgraded from LennyToSqueeze on ticket:535 in May 2013.

The install and initial configuration of this server was tracked on ticket:537.

Websites

See WordPress.

SFTP Access

When a new WordPress site is added to the server a email is sent containing the SFTP username and password. The directory structure that you see when you login is as follows:

/home/username
              /logs     <- access and error logs, rotated daily, kept for 28 days
              /private  <- a place to keep private data, for example .htpasswd files
              /sites
                    /default <- the DocumentRoot for the default site 
                                (additional sites can be added)

PhpMyadmin? Access

Console Access

There is a Xen shell available for console access, see wiki:XenShell.

Munin Stats

There are munin stats for the server available here

Adding a New WordPress Site

The server has been set up with the Webarch Secure Hosting scripts, see http://webarch.net/docs/wsh for some documentation of this.

To add a site run the curses-create-user script as root:

sudo -i
cruses-create-user

The curses interface can be navigated using tab, arrow keys and the space bar on your keyboard.

This will ask you for the following things:

  • Create a new user -- enter the username for SFTP / MySQL and the WordPress admin, this should be short and made up of lowercase letters and numbers
  • Select product -- pick 5 medium+wordpress and this will create the site, database and install WordPress
  • Users email address -- enter the email address that the SFTP, MySQL and WordPress login details are to be sent to

That's it!

Maintaining WordPress sites

This can be done using the wp command line tool, see WordPress#wp.

For site specific notes on maintenance see the page for each site listed on WordPress#WordPressSites

Updates

All systems updates are recorded on ticket:218.

There is a script in /usr/local/bin called a-up which can be used to update the system via aptitude, the advantage of using this script is that it writes things that are changed to the /root/Changelog and the time spent doing the updates can then be reported via ticket:218, see AptitudeUpdateScript for a copy of a-up and the logchange script it uses to update the Changelog.

Tickets

Current Parrot tickets:

Ticket Summary Owner Reporter
#917 Any misc files in Transition Culture web root? chris sam
#916 SSH to parrot please chris sam
#912 Stats for TTT chris chris
#894 Brute Force Attacks Against WordPress XMLRPC chris chris
#887 Lot's of failed logins on conference15.transitionnetwork.org ade sam
#881 Site on ParrotServer with a memory leak? chris chris
#873 New Wordpress site please chris sam
#871 Brute Force Attacks Against WordPress Sites chris chris
#868 Is conference15.tn.org backed up in a convenient manner? chris sam
#853 Parrot access please chris sam
#851 Bot attacks on Transition Culture chris chris
#808 WordPress email being rejected due to From field chris chris
#719 Transition Culture HTML Problems ed chris
#619 Upgrade WordPress sites to 3.9.1 chris chris
#598 Redirect reconomyproject.org to reconomy.org chris chris
#541 Documentation of the WordPress sites chris chris
#540 HTTPS for WordPress sites chris chris
#537 Parrot setup and documentation chris chris

Closed Parrot tickets:

Ticket Summary Owner Reporter
#921 HTTP_PROXY env var vulnerability chris chris
#915 SSH to parrot please chris sam
#914 SSH to parrot please chris sam
#911 Disk space for /home on Parrot is running out chris chris
#891 Issue with TTT and REconomy websites after upgrade to WP 4.4 chris chris
#829 Creation of web space request chris ade
#811 WordPress critical security release chris chris
#805 Parrot: PHP mail function not sending email chris annesley
#778 need access to Parrot chris annesley
#749 Probs with REconomy site again - compromised? chris chris
#718 REconomy site showing adverts randomly chris ed
#710 Incorrect email address for Sam on Transition Culture chris chris
#709 Reconomy sites appears to be sending out spam chris chris
#699 Update Core & Plugins on transitionculture.org sam sam
#696 Disk space error on parrot for TTT site chris chris
#695 File upload problem with TTT WordPress site chris chris
#687 Set up cert expiry date checking for all SSL certs chris chris
#656 Spam being sent out via Transition Culture chris chris
#639 earthin site wordpress error chris chris
#631 Move Transition Culture onto PARROT chris ed
#594 WordPress 3.6.1 Maintenance and Security Release chris chris
#583 tmp files on parrot exceeded inode limit chris ed
#577 Transition Streets Wordpress Migration chris chris
#550 Transition Town Totnes migration chris chris
#542 Parrot RAM chris chris
#539 REconomy site migration and updates chris chris
#538 intransitionmovie.com checks and updates sam chris
#497 New SSL cert needed for intransitionmovie.com chris chris

SSL Certs

There is a ticket regarding what do to for HTTPS for the server ticket:540.

The server has a copy of the *.transitionnetwork.org wild card certificate installed and this is used for https://parrot.transitionnetwork.org/

The server also has a dedicated IP address for the https://intransitionmovie.com/ site and SSL certificate.

All the other sites use a free http://cacert.org/ certificate, see ticket:540#comment:1 for a list of domains. To get rid of the security warnings that you will get if you don't have the CAcert root installed you need to install the root cert from http://www.cacert.org/index.php?id=3 to do this using Windows simply click http://www.cacert.org/certs/CAcert_Root_Certificates.msi and for Firefox and Chrome click https://www.cacert.org/certs/root.crt