7,612
edits
Changes
Jump to navigation
Jump to search
systemctl restart nmbd
===Change the Dbase===
=====PostGIS Issues=====
===Other Fixes===Update: It seems something did go wrong. Just because the extensions report back doesn't mean they work! When I try to run queries that use PostGIS, I get: SQL Error [58P01]: ERROR: could not access file "$libdir/postgis-2.4": No such file or directory
Remove redundant user accountsI tried updating the extension (I'm pretty sure that I'm running 2.4.3): cat /etc/passwd userdel -r usernameALTER EXTENSION postgis UPDATE TO "2.4.3";
There is a .Xauthority file, and an .ICEauthority file, in /home/ed and both are owned by edSo I backed off the data from the two dbases that I'd used since the upgrade:ed pg_dump -Fc stockmarket > stockmarket_Fc_20201023. The former is empty (0 bytes) and the latter has some nondump pg_dump -UTF8 (I think?) characters in it. I'm not sure if either is an issueFc vcdb4 > vcdb4_Fc_20201023.dump #FAILED!
I didn't see xserverThe second backoff failed: pg_dump: [archiver (db)] query failed: ERROR: could not access file "$libdir/postgis-xorg-video-nouvea in the package list 2.4": No such file or any video driver moduledirectory pg_dump: [archiver (db)] query was: SELECT a.attnum, a.attname, a.atttypmod, a.attstattarget, a.attstorage, t.typstorage, a.attnotnull, a.atthasdef, a.attisdropped, a.attlen, a.attalign, a.attislocal, pg_catalog.format_type(t.oid,a.atttypmod) AS atttypname, array_to_string(a.attoptions, ', ') AS attoptions, so I installed nouveau: dpkg -lCASE WHEN a.attcollation <> t.typcollation THEN a.attcollation ELSE 0 END AS attcollation, a.attidentity, pg_catalog.array_to_string(ARRAY(SELECT lsmod pg_catalog.quote_ident(option_name) || ' ' | more| pg_catalog.quote_literal(option_value) FROM pg_catalog.pg_options_to_table(attfdwoptions) ORDER BY option_name), apt install xserver-xorg-video-nouveauE', I 'm not sure if I should be fixing my boot image or not) AS attfdwoptions FROM pg_catalog.pg_attribute a LEFT JOIN pg_catalog.pg_type t ON a.atttypid = t.oid WHERE a.attrelid = '19998614'::pg_catalog.oid AND shutdown -r now lsmod | morea.attnum > 0::pg_catalog.int2 ORDER BY a.attnum
After doing this the login would give a local desktop but neither the keyboard nor mouse worked======Postgres Upgrade Attempt (Failed)====== My changes weren't substantial, so I proceeded with an upgrade. First I checked to see if I tried uninstalling had postgres12 installed and reinstalled listening on another port or not: locate postgres ls /usr/bin/postgres dpkg --get-selections | grep postgres pg_lsclusters Ver Cluster Port Status Owner Data directory Log file 10 main 5432 online postgres /data/postgres /var/log/postgresql/postgresql-10-main.log 12 main 5433 online postgres /var/lib/postgresql/12/main /var/log/postgresql/postgresql-12-main.log pg_upgradecluster 10 main #This failed: pg_dump: error: query failed: ERROR: could not access file "$libdir/postgis-2.4": No such file or directory So... I can't automatically upgrade without first fixing the keyboardissue with v10 and postgis. add-apt-configuration againrepository http://apt.postgresql.org/pub/repos/apt But that put the following into /etc/apt/sources-list: deb http://apt.postgresql.org/pub/repos/apt focal main vi it to (see https://wiki.postgresql.org/wiki/Apt): deb http://apt.postgresql.org/pub/repos/apt focal-get remove keyboardpgdg wget --quiet -O - http://apt.postgresql.org/pub/repos/apt/ACCC4CF8.asc | sudo apt-key add -configuration apt-get install keyboardupdate #Throws a warning: N: Skipping acquire of configured file 'main/binary-configuration shutdown i386/Packages' as repository 'http://apt.postgresql.org/pub/repos/apt focal-r nowpgdg InRelease' doesn't support architecture 'i386'
And it worked even before Trying a rebootmanual approach. After a reboot, I had a different login screen but the actual desktop looked the same[https://packages. The ubuntu.Xauthority file is now 51 bytes big and I suddenly have a .xsessioncom/bionic/i386/postgresql-10-postgis-errors, which contains a list of environment settings taking place2... However4/download Get the file], the machine then silently crashed that night put it in /bulk/temp and again the following morningcd there. I couldn't find a specific cause in the logs but there did seem to be a number X and GNOME problemsThen: journalctl apt-get install ./postgresql-b 10-1postgis-2.4_2.4.3+dfsg-4_i386.deb journalctl #This failed too --since "1 hour ago"there are unmet dependencies and they are 'not installable'.
I ran an update from ======Switching over the GUI, which may have helped. However, there was a warning about an issue with a screensaver the first time that I loaded lightdm, and the crashes seemed to happen sometime after a clean boot. So I uninstalled lightdm, and installed gdm (which failed as installed already) and rebooted but got no GUI. Then I uninstalled and reinstalled gdm and everything seems fine now. apt-get remove lightdm apt-get remove gdm3 apt-get install gdm3installations======
IncidentallySo, I left a clock running in a terminal so that I could see when took the alternative approach of changing the box went down if it crashed againdata folders [https://www.tutorialspoint. The clock code is: while [ 1 com/how-to-change-postgresql-data-folder-location-on-ubuntu-16-04] ; do echo -en "$(date +%T)\r" ; sleep 1; done.
===Important Moves===The plan:#Take version 10 offline#Move version 10's data to a new location (/var/lib/postgresql/10/main)#Switch the ports of versions 10 and 12#Move version 12's data to /data#Put version 12 online#Load up the data in version 12!#Optionally wipe out the old installation
I kept the old versions of mediawiki and wordpress and moved them to /bulk/retired (using yyymmdd dates)Shut it down: pg_ctlcluster 12 master start pg_lsclusters #The cluster Ver Cluster Port Status Owner Data directory Log file 10 mv main 5432 online postgres /vardata/libpostgres /mediawiki26082020 var/bulklog/retiredpostgresql/postgresql-10-main.log 12 master mv 5433 online postgres /bulkvar/retired/mediawiki26082020 lib/bulkpostgresql/retired12/mediawiki20200826 mv master /var/wwwlog/html/blog20200809 /bulk/retiredpostgresql/postgresql-12-master.logg systemctl stop postgresql systemctl status postgresql
===Install===Move the data: df #to check diskspace rm -R /var/lib/postgresql/10/main #Note that none of the config files in here were valid (though you should check this is true before you do it!) rsync -av /data/postgres/ /var/lib/postgresql/10/main #Takes awhile, but make sure it is all done before the next step rm -R /data/postgres rsync -av /var/lib/postgresql/12/master/ /data/postgres systemctl start postgresql pg_lsclusters Ver Cluster Port Status Owner Data directory Log file 10 main 5433 online postgres /var/lib/postgresql/10/main /var/log/postgresql/postgresql-10-main.log 12 master 5432 online postgres /data/postgres /var/log/postgresql/postgresql-12-master.log
First, move Do the old folder to a new name, so that it is there installs for backup and then get the new install and unpack it. cd /bulk/installs wget httpssome extensions://wordpress.org/latest.tar.gz mv /var/www/html/blog /var/www/html/blog20200809apt-get install postgresql-12-plr tar apt-get install postgresql-xzf latest.tar.gz plperl-C /var/www/html/12 cd /var/www/html/ mv wordpress/ blog/ chown postgresql-R www-data:wwwplpython3-data blog12
Put an .htaccess file in that folder to restrict access while we workCheck it all works: vi blog/.htaccesspsql postgres CREATE EXTENSION postgis; CREATE EXTENSION plr; CREATE EXTENSION plperl; CREATE EXTENSION plpython3u; \dx List of installed extensions <RequireAny>Name | Version | Schema | Description---------+---------+------------+--------------------------------------------------------------------- Require ip 192 plpgsql | 1.1680 | pg_catalog | PL/pgSQL procedural language postgis | 3.20.10 | public | PostGIS geometry, geography, and raster spatial types and functions </RequireAny> (2 rows)
===Set up===Make the user: createuser --interactive researcher
Then the backend works - go The restore threw some errors related to not having extension plpythonu, but otherwise seemed fine. The issue seems to httpbe that pythonu is python2[https://www.edeganpostgresql.comorg/blogdocs/wp12/plpython-admin! However the health check shows a missing required module python23.html], and two missing recommended modulespython2 is not available for postgres 12 (it might be here: https://wiki. Fix thatpostgresql.org/wiki/Apt): apt-get install php7cache search ".3-gd apt-get install php7.3-curl apt-get install php7*plpython*.3-imagick apachectl restart*"
Ironically, it then recommends that I upgrade to PHP7.4... but that would just give issues for mediawiki. On the other hand, everything is now green and just 4 groups of recommendations remain.====Other Fixes====
===Config===Remove redundant user accounts: cat /etc/passwdSee [[Wordpress Blog Site (Tool)]] for the McNair Center's build. userdel -r username
Using www.edeganI need to get Xwindows set up again.com/blog/wp-admin I configured the blog My best guess as follows:*Select Twenty Twenty as the theme*Add to the permalink code cause of this issue is leftover Nvidia drivers from my attempts to install the .htaccess file, so that the URLs will work with postnamesGPUs on this box went bad in an earlier apt-get upgrade but I can't see them listed:*Copy over images to wp dpkg -content/uploads (use cp l | grep nvidia-a to maintain permissions)*Change the site name to https (after fixing the https setup, see below)driver
Install pluginsThere is a .Xauthority file, and an .ICEauthority file, in /home/ed and both are owned by ed:*Yoast SEO*Wordfence Security*Disable Comments*Site Kit by Google ed. The former is empty (0 bytes) and the latter has some non-UTF8 (set up once live!I think?)*Pixabaycharacters in it. I'm not sure if either is an issue.
Other plugins After doing this the login would give a local desktop but neither the keyboard nor mouse worked. I might want are:tried uninstalling and reinstalled the keyboard-configuration again.*Revive Old Post (share with twitter) apt-get remove keyboard-configuration*Optimole (optimize images) apt-get install keyboard-configuration *WP Rocket (implement cache) shutdown -r now
NotesBut that just put me back where I was:*Twitter embedding: https://wwwwith a login loop problem.wpbeginner.com/wp-tutorials/how-So I tried switching tolightdm: apt-display-recent-tweets-in-wordpress-with-twitter-widgets/get install lightdm
===Hardening Wordpress===And it worked even before a reboot. After a reboot, I had a different login screen but the actual desktop looked the same. The .Xauthority file is now 51 bytes big and I suddenly have a .xsession-errors, which contains a list of environment settings taking place... However, the machine then silently crashed that night and again the following morning. I couldn't find a specific cause in the logs but there did seem to be a number X and GNOME problems: journalctl -b -1 journalctl --since "1 hour ago"
This included:*Fixing file ownership: For fully hardenedIncidentally, change ownership of everything to root, except wflogs, uploads and themes I left a clock running in wp-content, which should be owned by www-data. However, then you won't be able to install plugins etca terminal so that I could see when the box went down if it crashed again. A compromise The clock code is -R root:root for blog and then www while [ 1 ] ; do echo -data:www-data for wp-content.en "$(date +%T)\r" ; sleep 1; done *Check file permissions: Everything is 644, except wp-content which is 755====Important Moves====*Checking dbase rights and setting new passwords.*Changing passwords on I kept the old accounts versions of mediawiki and wordpress and moved them to /bulk/retired (with posts, so the accounts shouldn't be deletedusing yyymmdd dates) to random strong strings.*Fixing up .htaccess file to impose restrictions mv /var/lib/mediawiki26082020 /bulk/retired/ mv /bulk/retired/mediawiki26082020 /bulk/retired/mediawiki20200826 mv /var/www/html/blog20200809 /bulk/retired/*Install Sucuri *Enable more logging===Wordpress Redux===
Checking user rights in the dbase and changing their password: mysql -user=root -p use wordpress SELECT User FROM mysql.user; SHOW GRANTS FOR 'username'@'localhost'; SET PASSWORD FOR 'username'@'localhost'='newpassword'; (Note that this shouldn't be logged in clear on the server, but might be on a client. Delete .mysql_history at the end of your session.)==Install====
The #BEGIN WordPress tag is redundant as the Put an .htaccess file is 644 rootin that folder to restrict access while we work: vi blog/.htaccess <RequireAny> Require ip 192.168.2.1 </RequireAny>
Add the following to .htaccess in the wordpress dir: <files wp-config.php> order allow,deny deny from all </files>====Set up====
If there are plugin installation issues then add Then set up the dbase by editing wp-config.php (it's easiest to modify the sample). cp blog/wp-config-sample.php blog/wp-config.php define('FS_METHOD','direct');vi blog/wp-config.php Note get some keys from: https://api.wordpress.org/secret-key/1.1/salt/
Once I'm all done with Then the theme etcbackend works - go to http://www., I can uncomment edegan.com/blog/wp-admin! However the following from wphealth check shows a missing required module and two missing recommended modules. Fix that: apt-get install php7.3-gd apt-get install php7.3-curl apt-configget install php7.php3-imagick define('DISALLOW_FILE_EDIT', true);apachectl restart
===Redesign===Ironically, it then recommends that I upgrade to PHP7.4... but that would just give issues for mediawiki. On the other hand, everything is now green and just 4 groups of recommendations remain.
I built a [[Branding]] palette, to standardize the colors. And I installed the Twentig plugin, to give extra configuration options.====Config====
I changed See [[Wordpress Blog Site (Tool)]] for the site colors, added the logo and the tag line, and made other config changesMcNair Center's build.
Then, Using www.edegan.com/blog/wp-admin I added custom CSS configured the blog as follows:*Select Twenty Twenty as the theme*Add the permalink code to the .htaccess file, so that the URLs will work with postnames*Copy over images to wp-content/uploads (use cp -a to maintain permissions)*Change the site name to https (after fixing the https setup, see below)
To reduce the header spacingInstall plugins: .header-inner {*Yoast SEO padding*Wordfence Security*Disable Comments*Site Kit by Google (set up once live!)*Pixabay I also added: 1.5rem 0; }*CoBlocks (free)*Advanced Gutenberg (free)*Otter
To remove the title from the landing pageI didn't add Co-Authors Plus (https: //wordpress.pageorg/plugins/co-idauthors-2169 plus/) as it hasn't been tested on the latest version of wordpress.entry-title{ display:none !important; } There are other plugins that offer equivalent functionality if I need one later.page-id-2169 .entry-header { padding: 0; }
To do:*Other plugins I need to add social media icons! That might be as easy as adding the social media menu [httpswant are://wordpress.org/support/article/twenty-twenty/#add-social-icons].*Get a '''related posts widget'''? There's Yet Another Related Posts Plugin, Contextual Related Posts, and Inline Related Posts... I went Revive Old Post (share with YARPP, as it is the most popular. It is apparently resource-heavy.twitter)*Optimole (optimize images)*WP Rocket (implement cache)
I tried the following blocks pluginsNotes:*'''Ultimate Addons for Guttenberg'''*It's free and adds some nice basic functionality**Post blocks includeTwitter embedding: https: Post Carousel, Post Grid, Post Masonry, Post Timeline, Advanced Columns //www.wpbeginner.com/wp-tutorials/how- but customization is limited and I can't do one post*'''Getwid''':**Pretty highly customizable. **Can specify which posts to show in 3 blocks (Custom Post Type, Post Carousel, and Post Slider) and can build custom templates to arrange how they are displayed**Post blocks: Recent Posts, Custom Post Type, Post Carousel, and Post Slider*'''Redux''' -display- It's a templates library. You get 5 for free and they upsell hard.*'''ZeGuten''' recent- Couldn't find it*'''Advanced Gutenberg''' tweets- It's free and widely used... *'''CoBlocks''' in-wordpress- Does the basics**Posts with-twitter- Can't specify specific posts. Can do category.widgets/ **Post Carousel -- Likewise.====Hardening Wordpress====*'''Stackable''':**It requested opt-in, which I didn't like, and it wants you to 'Go Premium'hardened the wordpress installation: https://wordpress. org/support/article/hardening-wordpress/**It has settings for everything! By far the most detailed configuration.**Useful blocksThis included:***Posts Fixing file ownership: For fully hardened, change ownership of everything to root, except wflogs, uploads and themes in wp-content, which should be owned by www- candata. However, then you won't seem be able to specify a specific post***Advanced Columns install plugins etc. A compromise is -R root:root for blog and Grids then www-data:www- data for layout***Card wp-- could make posts links with buttonscontent.***Feature/Feature Grid Check file permissions: Everything is 644, except wp-- likewisecontent which is 755***Container? Might be helpfulChecking dbase rights and setting new passwords.*Changing passwords on old accounts (with posts, so the accounts shouldn'''Gutenberg Post Blocks'''**Untested with my version. Seems t be deleted) to workrandom strong strings. **Has lots of options but does full-page things. Can limit to a post using include but has next page links..Fixing up .**Tried htaccess file to push for an update to pro.impose restrictions*'''Magical Posts Display''' -- I dumped it for being too weird.Install Sucuri *'''Otter Blocks'''**Google maps block and other useful things... I just don't need it right now.Enable more logging
Built-Checking user rights inthe dbase and changing their password:*Latest Posts mysql -user=root -p use wordpress SELECT User FROM mysql.user; SHOW GRANTS FOR 'username'@'localhost'; SET PASSWORD FOR 'username'@'localhost'='newpassword'; (widgetNote that this shouldn't be logged in clear on the server, but might be on a client. Delete .mysql_history at the end of your session.)
Chosen block plugins.htaccess in wp-includes:*'''Getwid''' # Block the include-only files. <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^wp-admin/includes/ - It's outstanding and embraces templates for serious bespoke customization[F,L]*'''Stackable''' RewriteRule !^wp-includes/ - For its option[S=3] RewriteRule ^wp-based customizationincludes/[^/]+\.php$ - [F,L]*I might add back '''coblocks''' RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F, '''Advanced Gutenberg''' and '''Ultimate Addons for Gutenberg'''L] RewriteRule ^wp-includes/theme-compat/ - [F,L] </IfModule> # BEGIN WordPress
==HTTPS==The #BEGIN WordPress tag is redundant as the file is 644 root.
To set up HTTPS using Let's Encrypt, see httpsAdd the following to .htaccess in the wordpress dir://linuxize <files wp-config.comphp> order allow,deny deny from all </post/securefiles> If there are plugin installation issues then add to wp-apache-with-let-s-encrypt-on-ubuntu-20-04/config.php define('FS_METHOD','direct');
Install it and make some directories... apt update apt install certbot openssl dhparam -out /Once I'm all done with the theme etc/ssl/certs/dhparam.pem 2048 takes ~20 secs mkdir , I can uncomment the following from wp-p /var/lib/letsencrypt/config.well-known chgrp www-data /var/lib/letsencryptphp chmod g+s /var/lib/letsencryptdefine('DISALLOW_FILE_EDIT', true);
Set up the config files vi /etc/apache2/conf-available/letsencrypt.conf Alias /.well-known/acme-challenge/ "/var/lib/letsencrypt/.well-known/acme-challenge/" <Directory "/var/lib/letsencrypt/"> AllowOverride None Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec Require method GET POST OPTIONS </Directory>====Redesign====
vi /etc/apache2/conf-available/ssl-paramsI built a [[Branding]] palette, to standardize the colors.conf SSLProtocol all -SSLv3 -TLSv1 -TLSv1And I installed the Twentig plugin, to give extra configuration options.1 SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA- CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 SSLHonorCipherOrder off SSLSessionTickets off SSLUseStapling On SSLStaplingCache "shmcb:logs/ssl_stapling(32768)" SSLOpenSSLConfCmd DHParameters "/etc/ssl/certs/dhparam.pem" Header always set Strict-Transport-Security "max-age=63072000"
Enable some apache2 mods!I changed the site colors, added the logo and the tag line, and made other config changes. a2enmod ssl a2enmod headers a2enconf letsencrypt a2enconf ssl-params sudo a2enmod http2 systemctl reload apache2Then, I added custom CSS as follows.
Run certbot!To reduce the header spacing: certbot certonly --agree-tos --email ed@edegan.com header--webroot -w /var/lib/letsencrypt/ -d edegan.com -d www.edeganinner { padding: 1.com5rem 0; Note that I needed an @ entry in my A record for edegan.com pointed to my IP address to get the main challenge to succeed.}
Then set up a new apache2 config file (in /etc/apache)To remove the title from the landing page: mv sites-available/000-default.conf sitespage-available/000id-default.conf2169 .bak vi sitesentry-available/edegan.com.conf <VirtualHost *:80> ServerName www.edegan.com ServerAdmin ed@edegan.comtitle{ Redirect permanent / https display://www.edegan.com/none !important; </VirtualHost> } <VirtualHost *:443> ServerName www.edegan.com Protocols h2 http/1.1 DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLEngine On SSLCertificateFile /etc/letsencrypt/live/edegan.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/edegan.com/privkey.pem # Other Apache Configuration Alias /wiki /var/www/html/mediawiki/index.php RewriteEngine On RewriteRule ^/*$ %{DOCUMENT_ROOT}/mediawiki/index.php [L] </VirtualHost> ln page-s sitesid-available/edegan.com2169 .conf sitesentry-enabled/edegan.com.confheader { padding: 0; systemctl reload apache2}
Test it by going To do:*I need to add social media icons! That might be as easy as adding the social media menu [https://wwwwordpress.ssllabs.comorg/support/article/ssltesttwenty-twenty/#add-social-icons].*Get a '''related posts widget'''? There's Yet Another Related Posts Plugin, Contextual Related Posts, and Inline Related Posts... I went with YARPP, as it is the most popular. It is apparently resource-heavy.
FinallyI tried the following blocks plugins:*'''Ultimate Addons for Guttenberg'''*It's free and adds some nice basic functionality**Post blocks include: Post Carousel, Post Grid, Post Masonry, edit /etc/cronPost Timeline, Advanced Columns -- but customization is limited and I can't do one post*'''Getwid''':**Pretty highly customizable.d/certbot and append the following **Can specify which posts to the last line show in 3 blocks (after -renewCustom Post Type, Post Carousel, and Post Slider)and can build custom templates to arrange how they are displayed**Post blocks:Recent Posts, Custom Post Type, Post Carousel, and Post Slider *'''Redux''' --renewIt's a templates library. You get 5 for free and they upsell hard.*'''ZeGuten''' -hook "systemctl reload apache2"Couldn't find it certbot renew *'''Advanced Gutenberg''' -It's free and widely used... *'''CoBlocks''' -dry-run Tests Does the renewal!basics**Posts -- Can't specify specific posts. Can do category.===PDFEmbed Issue===**Post Carousel -- Likewise.*'''Stackable''':Enabling and requiring HTTPS causes an issue with PDFEmbed on mediawiki**It requested opt-in, where you get a blank frame. The PDF is still there, other images load fine, but the PDF frame wonwhich I didn't render the PDF. The problem is actually that the PDF is served with HTTP and the rest of the page is served with HTTPSlike, and Chrome (and perhaps other browsers) donit wants you to 'Go Premium't render the insecure content as a consequence (see [https://www.mediawiki.org/wiki/Topic:Uhgnq0wbmzfurbj0] **It has settings for a description of the symptoms, but not everything! By far the solution.)most detailed configuration.**Useful blocks:The solution is ***Posts -- can't seem to edit mediawikispecify a specific post***Advanced Columns and Grids -- for layout***Card -- could make posts links with buttons***Feature/extensions/PDFEmbed/PDFEmbedFeature Grid -- likewise***Container? Might be helpful*'''Gutenberg Post Blocks'''**Untested with my version.hooks.phpSeems to work. For me it was line 103 that previously said: 'src' => $file**Has lots of options but does full->getFullUrl()page things.'#Can limit to a post using include but has next page='links...$page,I changed this line **Tried to push for an update to:pro. *''src' => preg_replace("/^http:/i", "https:", $fileMagical Posts Display''' -->getFullUrl())I dumped it for being too weird.*'''Otter Blocks''#page='**Google maps block and other useful things..$page, This is mentioned in a comment on a topic page, though presumably for an earlier version: https://www.mediawikiI just don't need it right now.org/wiki/Topic:Syxow0why4c0cvvm
==Install VSFTPD==Built-in:*Latest Posts (widget)
With the security restrictions on wordpressChosen block plugins:*'''Getwid''' -- It's outstanding and embraces templates for serious bespoke customization*'''Stackable''' -- For its option-based customization*I might add back '''coblocks''', '''Advanced Gutenberg''' and '''Ultimate Addons for Gutenberg''' ====Email==== I installed WP Mail SMTP Lite. I now first set it up to use Google. Essentially you need an FTP server to get files for themes, plugins, etc. I like VSFTPD, as its simple, secure, sign in to Google and has a nice standalone config. Old documentation on set up an earlier install on API in the old [[Wordpress Blog Site (Tool)]] page. Instructions are hereconsole: https://linuxconfigconsole.developers.google.orgcom/flows/how-enableapi?apiid=gmail&pli=1. However, this seemed to-setup-ftp-server-on-ubuntu-20-04-focal-fossa-linuxintroduce a massive security hole unless you have G Suite, so I abandoned this approach.
Test itNote: ftp 127.0.0.1 sftp 127.0.0.1 See also: *http://praveen.kumar.in/2009/05/31/setting-up-ftps-using-vsftpd-for-wordpress-plugins-auto-upgrade/*https://askubuntu.com/questions/14371/how-Don't change the DocumentRoot to-setup-ftp-to-use-in-locally-hosted-wordpress To address some of the issues with the FTP server's file permissions in wordpress add to wp-config.php: define( 'WP_CONTENT_DIR'blog, 'wp-content' ); define( 'FTP_BASE', '/var/www/html/blog/' ); If I chmod blog:blog /var/www/html/blog then everything seems to work find when I sftp but wordpress is unable to create a directory... I can't work out why as this is happening. I expect it has to do with will destroy the need for another wordpress specific define() statement, but I'm spending too much time on it. So I'm going to use direct installation design of plugins instead, and remove the FTP server as it is a point of vulnerabilitywiki. apt-get remove vsftpd userdel blogThe last rewrite rule will decide the default site!
Research Computing Configuration (view source)
Revision as of 15:39, 28 October 2020
, 15:39, 28 October 2020→The Front Page
This page describes the configuration of the two new research computing machines: '''Father''' (Windows Server 2019) and '''Mother''' (Ubuntu Server 20. This configuration runs on our [[Research Computing Hardware]]04). Note that the configuration of the [[DIGITS DevBoxRDP Software Configuration]] is describes the software installed on its own pageFather.
The hardware description and complete build notes and configuration information for '''Bastard''', our blisteringly fast, multi-GPU, A.I. estimation platform, are on the [[DIGITS DevBox]] page. The hardware descriptions for Father and Mother are on the [[Research Computing Hardware]] page. See also: [[Recovering Astarte]] for notes on moving content from an old mediawiki installation to a new one. ==Both machines(Father and Mother)==
===Fan Control===
*NVIDIA USBC Driver 1.1.27.831
==Dbase Server(Mother)==
The dbase server runs Ubuntu 18.04. You can mostly follow the instructions at https://www.pugetsystems.com/labs/hpc/The-Best-Way-To-Install-Ubuntu-18-04-with-NVIDIA-Drivers-and-any-Desktop-Flavor-1178/
Finally restart samba:
systemctl restart smbd
Check it works:
*Fix [[<haloacl-inclusion-denied>|Terms of Service]] on sign up page...
===Mediawiki Redux=== ====Mobile Front End====
It seems that the [https://www.mediawiki.org/wiki/Extension:MobileFrontend Extension:MobileFrontend] isn't working properly.
====Does php have mbstring support?====
First check the apache version:
So everything seems fine (the extension it is listed as loaded in Special:Version), but the interface still has obvious issues.
====Check the skin====
From Special:Version
And it looks like my version of mediawiki is too old to support [https://www.mediawiki.org/wiki/Skin:Minerva_Neue Minerva Neue]
===Upgrade mediawiki===
Essentially, follow instructions in [https://www.mediawiki.org/wiki/Manual:Upgrading Manual:Upgrading]:
====Backup====
I just moved everything to a different directory, backed off the dbase, and started again.
mysqldump --user=root --password=password > dbase.sql
====New Install====
Get a new version, put it in /var/lib/mediawiki (leaving the old shortcuts pointing there), then copy in the files.
php update.php
====Extensions==== =====Retrieve and configure include extensions=====
Get the bulk of them...
wget https://extdist.wmflabs.org/dist/extensions/GeoData-REL1_34-8a52fa4.tar.gz
tar -xzf GeoData-REL1_34-8a52fa4.tar.gz -C /var/lib/mediawiki/extensions
wget https://extdist.wmflabs.org/dist/extensions/NumberFormat-REL1_34-cf8a23e.tar.gz
tar -xzf NumberFormat-REL1_34-cf8a23e.tar.gz -C /var/lib/mediawiki/extensions
Do the semantic mediawiki install and config. Last time, we installed Semantic Mediawiki using composer, which is the preferred method. See [[Web_Server_Documentation]].
====MathML====
I tried various methods to get MathML to work and always failed. It looks like the community bet on Mathoid working out, but there's been no development on it for 5 months now, and it looks dead. The good news, if is that MathJax works just fine right out of the box:
git clone https://github.com/jmnote/SimpleMathJax.git
wfLoadExtension( 'SimpleMathJax' );
#$wgSmjInlineMath = [ [ "$", "$" ], [ "\\(", "\\)" ] ];
Note: the last line lets you demark math with LaTeX-like syntax. I disabled it, as I use $ signs way to too much in other contexts.
====PDFEmbed====
or equivalently (but silently):
<nowiki>{{#set: Visible to=whitelist|Visible to group::=team}}</nowiki>
=====BibTeX=====
The BibTeX extension doesn't work anymore. Though it never really worked, so it's not much of a loss. I should probably build a replacement but I don't have the time right now.
=====Upload Multiple Files=====
Although the Upload multiple files extension installed fine, it is unmaintained and seems to have an issue. I removed its line from LocalSettings.php and deleted its extension directory.
I had previously added Special:MultiUpload|Upload multiple files to http://www.edegan.com/wiki/MediaWiki:Sidebar. I replaced it with a link to [[Special:BatchUpload]].
=====Allow SVG images=====
See https://www.mediawiki.org/wiki/Manual:Image_administration#SVG. Essentially, add svg to $wgFileExtensions, then install and designate an image converter. I went with rsvg:
$wgSVGConverter = 'rsvg';
=====Add HitCounters=====
wget https://extdist.wmflabs.org/dist/extensions/HitCounters-REL1_34-48dd6cb.tar.gz
cd ../maintenance
php update.php
====Change the Dbase==== I tried to 'rename' the dbase, creating a dedicated dbase user that has access to just the wiki's dbase, and resetting its password.
in /bulk/backups:
</files>
====Setting up for advanced template(s) import====
=====Robelbox=====
Importing the Robelbox, or other, templates on mediawiki is tricky [https://stackoverflow.com/questions/678626/where-can-i-get-templates-for-mediawiki], at least the first time that you do it. Once you've got everything up and running to support templates (see above):
I did this for the [https://ts.wikipedia.org/wiki/Template:Robelbox Robelbox template], which I got from https://en.wikiversity.org/wiki/Special:Export, however, it wasn't useable and I couldn't work out why. I ultimately deleted Robelbox, having found better boxes (see below) but I expect that my process for fixing the later issues would have sorted out the problems here too.
=====Fixing Template Issues=====
I got Template:Box-round from mediawiki.org: https://www.mediawiki.org/wiki/Template:Box-round. It required installation of TemplateStyles, which in turn might need JsonConfig:
To do the front page, I copied the source of [https://www.mediawiki.org/w/index.php?title=Template:Main_page&action=edit Template:Main page] from mediawiki to a page (called Test) and created [Template:Main page/styles.css] using [https://www.mediawiki.org/w/index.php?title=Template:Main_page/styles.css&action=edit mediawiki's code]. Then I rejigged the contents of the page!
The only minor but non-obvious change, was that I used h2 headings inside each mainpage_box, rather than h3's. As a consequence, I needed to add the following to [[Template:Main_page/styles.css]]:
.mainpage_box h2 {
border-bottom: none;
}
.mainpage_box h2 .header_icon {
margin-right: 5px;
}
Old instructions[https://www.mediawiki.org/wiki/Topic:R1j08xhjgrtkpj6q] suggest using [[Special:ExpandTemplate]] on mediawiki's wiki, with the input text <nowiki>{{:MediaWiki}}</nowiki>. But this isn't necessary as the template doesn't need expanding in its current (at the time of writing) incarnation. Naturally, the page works well on MobileFrontend.
The Mass edit page contains several examples, two of which show "Undefined Control Sequence" errors. These examples use backslashed square brackets (I can't even write them on the wiki using nowiki tags), which have issues because of Extension:SimpleMathjax. Regardless, the extension seems to work just fine!
===Update Linux===
Get the system up to date:
But I should really do a full backup and everything first, so that isn't going to happen today.
==Reviewing =Wordpress===
====Overview====
Rather than trying to update wordpress, I think it best to install the latest version and use the old dbase. This will likely cause problems with images... but we made several suboptimal choices when we built the last version, including using a non-standard theme and customizing it in a way that prevented updates.
Outside of the defaults, [https://wordpress.org/themes/oceanwp/ OceanWP] is eCommerce oriented but looks good and is very popular. [https://wordpress.org/themes/neve/ Neve] sits between OceanWP and [https://wordpress.org/themes/generatepress/ GeneratePress], which has a more magazine/news focus, and all three take advantage of the new block editor ([https://wordpress.org/gutenberg/ Gutenberg]), which was introduced in WPv5 (initial release in 2018).
====Pre-install====
Check PHP and MySQL. I need PHP >=7.3 and MySQL >=5.6 but:
I might be able to upgrade my version of PhP without upgrading Ubuntu (see https://linuxize.com/post/how-to-install-php-on-ubuntu-18-04/). However, it is probably a good idea to just fix everything...
===Upgrading LinuxDistro===
So it turns out that I shouldn't have done that last update... I do have an Xwindows Server on the box, running Gnome, and now I can't log in using the GUI on the box itself (it loops back to the login screen). This box doesn't contain the GPUs, just the database server, so the GUI isn't key, but it would be nice to have it working again. Hopefully, an upgrade will fix that, as well as other issues.
====Backing off====
First, mount the USB drive. Find what's mounted and what the dev is:
umount /media/usb
====Do the upgrade====
Run:
I let it replace postgres10 but it still gave me an "Obsolete Major Version" warning on postgres (I said ok).
====Address the upgrade issues====
The first casualty of the upgrade was the networking configuration. You'd think that developers would have figured that one out, as remote upgrades would leave boxes DOA until someone could get physical access. Nevertheless, the fix is straight forward.
And the wiki now seems happy!
I also checked postgres and everything seemed ok:
su researcher
All my extensions report back.
But that didn't fix anything. I need to get Xwindows set up againchecked the versions: select version(); PostgreSQL 10.14 (Ubuntu 10.14-0ubuntu0. My best guess as to the cause of this issue is leftover Nvidia drivers from my attempts to install the GPUs 18.04.1) on this box went bad in an earlier aptx86_64-pc-linux-gnu, compiled by gcc (Ubuntu 7.5.0-3ubuntu1~18.04) 7.5.0, 64-bit -get upgrade but -So somehow I can't see them listedm still running version 10! select PostGIS_full_version(); ERROR: could not access file "$libdir/postgis-2.4":No such file or directory CONTEXT: dpkg -l | grep nvidia-driverSQL statement "SELECT public.postgis_lib_version()" PL/pgSQL function postgis_full_version() line 25 at SQL statement
But that just put me back where I was: with a login loop problem. So I tried switching the wretched thing still doesn't seem to lightdmbe available: apt-get install lightdmpostgresql-10-postgis-2.4 Package postgresql-10-postgis-2.4 is not available, but is referred to by another package.
Edit the config files: vi /etc/postgresql/10/main/postgresql.conf data_directory ='/var/lib/postgresql/10/main' port =Wordpress Redux5433 vi /etc/postgresql/12/master/postgresql.conf data_directory ='/data/postgres' port =5432 listen_addresses = '*' #While we are here do some performance tuning: shared_buffers = 512MB huge_pages = try temp_buffers = 8G work_mem = 4GB maintenance_work_mem = 64 effective_cache_size = 384GB #Note that I didn't reduce the number of connections (and the max_wal_senders, which must be < max connections), or change max_stack_depth (which gives an error if you set it too high) vi /etc/postgresql/12/master/pg_hba.conf Copy over the config to allow access from inside the network
Then set up restore the dbase by editing wp-config.php databases (it's easiest to modify the sampleas researcher in /bulk/backup).: createdb stockmarket cp blog/wppg_restore -configFc -sampled stockmarket stockmarket_Fc_20201023.php blog/wp-config.phpdump createdb vcdb4 vi blog/wppg_restore -config.php Note get some keys from: https://api.wordpress.org/secretFc -key/1d vcdb4 vcdb4_Fc.1/salt/dump
I also addeddidn't see xserver-xorg-video-nouvea in the package list or any video driver module, so I installed nouveau:*CoBlocks (free)*Advanced Gutenberg (free) dpkg -l*Otter lsmod | more I didn't add Co apt install xserver-Authors Plus (https://wordpress.org/plugins/coxorg-authorsvideo-plus/) as it hasnnouveau I't been tested on the latest version of wordpress. There are other plugins that offer equivalent functionality m not sure if I need one latershould be fixing my boot image or not... shutdown -r now lsmod | more
I hardened ran an update from the wordpress installation: https://wordpressGUI, which may have helped.org/support/article/hardeningHowever, there was a warning about an issue with a screensaver the first time that I loaded lightdm, and the crashes seemed to happen sometime after a clean boot. So I uninstalled lightdm, and installed gdm (which failed as installed already) and rebooted but got no GUI. Then I uninstalled and reinstalled gdm and everything seems fine now. apt-get remove lightdm apt-get remove gdm3 apt-wordpress/get install gdm3
First, move the old folder to a new name, so that it is there for backup and then get the new install and unpack it.htaccess in wp-includes: # Block the include-only files.cd /bulk/installs <IfModule mod_rewritewget https://wordpress.c>org/latest.tar.gz RewriteEngine On RewriteBase mv /var/www/html/blog / RewriteRule ^wp-adminvar/includeswww/ - [F,L] RewriteRule !^wp-includeshtml/ - [S=3]blog20200809 RewriteRule ^wptar -includes/[^/]+\xzf latest.tar.php$ gz - [F,L] RewriteRule ^wp-includesC /jsvar/tinymcewww/langshtml/.+\.php - [F,L] RewriteRule ^wp-includescd /var/www/theme-compathtml/ - [F,L] <mv wordpress/ blog/IfModule> # BEGIN WordPresschown -R www-data:www-data blog
I had previously set up SMTP through Google for the wiki (See [[Research_Computing_Configuration#Confirm_Account]]). So, I used the same approach with Wordpress. In WP Mail SMTP Lite choose 'Other' (see the [https://www.wpbeginner.com/plugins/how-to-send-email-in-wordpress-using-the-gmail-smtp-server/ second method]). Then [https://wpmailsmtp.com/docs/how-to-secure-smtp-settings-by-using-constants/ edit wp-config.php to hardcode the values] (this ensures that the password, which is stored plain-text, is a little more secure.): define( 'WPMS_ON', true ); //You MUST set this if you want hardcoded values to work! define( 'WPMS_LICENSE_KEY', '' ); define( 'WPMS_MAIL_FROM', 'blog@edegan.com' ); define( 'WPMS_MAIL_FROM_FORCE', true ); define( 'WPMS_MAIL_FROM_NAME', 'The Blog at EdEgan.com' ); define( 'WPMS_MAIL_FROM_NAME_FORCE', true ); define( 'WPMS_MAILER', 'smtp' ); // Possible values: 'mail', 'gmail', 'mailgun', 'sendgrid', 'smtp'. define( 'WPMS_SET_RETURN_PATH', true ); define( 'WPMS_SMTP_HOST', 'ssl://smtp.gmail.com' ); define( 'WPMS_SMTP_PORT', 465 ); define( 'WPMS_SSL', 'ssl' ); // Possible values '', 'ssl', 'tls' - note TLS is not STARTTLS. define( 'WPMS_SMTP_AUTH', true ); define( 'WPMS_SMTP_USER', 'username@gmail.com' ); // SMTP authentication username, only used if WPMS_SMTP_AUTH is true. define( 'WPMS_SMTP_PASS', 'password generated by Google' ); define( 'WPMS_SMTP_AUTOTLS', true ); =====Author Comments===== The blog supports multiple authors and by default, Wordpress emails an author whenever one of their posts gets a comment. If you'd like to disable author comment emails but keep the moderator emails, there's a simple fix: '''Just go to wp-admin/options.php and set 'comments_notify' to 0.''' (See https://codex.wordpress.org/Option_Reference) More complicated methods involve writing your own plugin [https://wordpress.stackexchange.com/questions/150125/disabling-comment-notifications-for-post-author] to refine wp_new_comment_notify_postauthor[https://developer.wordpress.org/reference/functions/wp_new_comment_notify_postauthor/] or changing the hooks[https://developer.wordpress.org/reference/hooks/notify_post_author/] used in wp-includes/comment.php: $maybe_notify = apply_filters( 'notify_post_author', $maybe_notify, $comment_ID ); ====Social Media Integration==== Getting the social media icons on the menu and correctly linked up is very straight forward. Follow the [https://wordpress.org/support/article/twenty-fifteen/#add-social-icons guide for twenty-fifteen], which also works for 2020. Getting some share buttons was more problematic, particular as my planned social media usage is somewhat atypical (Twitter, LinkedIn, and Reddit, really in reverse order), and because I don't want to pay anything. The free version of [https://revive.social/plugins/revive-old-post/ Revive Old Posts] lets you push content to Twitter and Facebook, but they want you pay to push to LinkedIn. The best free options seem to be:*[https://wordpress.org/plugins/add-to-any/ AddToAny Share Buttons] - Integrates with Google Analytics*[https://wordpress.org/plugins/simple-social-icons/ Simple Social Icons] - The simplest option*[https://wordpress.org/plugins/shared-counts/ Shared Counts] -- Counts hits (but using a 3rd party for data?)*[https://wordpress.org/plugins/wordpress-social-login/ WordPress Social Login] - if you want users to log in using their SM accounts (note: has a bimodal ratings distro)*[https://wordpress.org/plugins/jetpack/ JetPack] -- The plugin used by wordpress.com for this functionality. The free version should suffice, but this thing is a monster. It also uses an account on the wordpress.com cloud, which is a pain for those who are self-hosting. I went with AddToAny, as it had the most installations, is entirely open-source, and offers all the functionality I need. ====Avoiding JetPack==== I tried to add a profile picture, but by default, WordPress uses [https://en.gravatar.com/ Gravitar], which, surprise, surprise, links to your WordPress.com account... and to add a self-hosted site, you have to install JetPack. At this point, I felt harassed and doubly so because I didn't install JetPack and yet, some how, the profile picture correctly updated from the one I'd posted on Gravitar. What the hecK? ===SEO=== I used Site Kit plugin for wordpess, and for mediawiki I made a sitemap to submit to Google. See https://www.mediawiki.org/wiki/Manual:GenerateSitemap.php In mediawiki: mkdir sitemap php maintenance/generateSitemap.php --memory-limit=50M --fspath=/var/www/html/mediawiki/sitemap/ --identifier=edegancom --urlpath=/sitemap/ --server=https://www.edegan.com --compress=yes Then submit it to Google... I did this by making an alias in apache2.conf from sitemap to /var/www/html/mediawiki/sitemap/, then submitting https://www.edegan.com/sitemap/sitemap-index-edegancom.xml #in retrospect, I wish I'd used an identifier with 'wiki' in it but what the hey. And with that success behind you, install Google XML Sitemaps on Wordpress, chose some settings (on Settings -> XML-Sitemap), and then post the URL to Google: https://www.edegan.com/blog/sitemap.xml It seems Yoast already builds a sitemap, you just need to submit to it Google... (I uninstalled XML Sitemaps): https://www.edegan.com/blog/sitemap_index.xml ===HTTPS=== To set up HTTPS using Let's Encrypt, see https://linuxize.com/post/secure-apache-with-let-s-encrypt-on-ubuntu-20-04/ Install it and make some directories... apt update apt install certbot openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 takes ~20 secs mkdir -p /var/lib/letsencrypt/.well-known chgrp www-data /var/lib/letsencrypt chmod g+s /var/lib/letsencrypt Set up the config files vi /etc/apache2/conf-available/letsencrypt.conf Alias /.well-known/acme-challenge/ "/var/lib/letsencrypt/.well-known/acme-challenge/" <Directory "/var/lib/letsencrypt/"> AllowOverride None Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec Require method GET POST OPTIONS </Directory> vi /etc/apache2/conf-available/ssl-params.conf SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA- CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 SSLHonorCipherOrder off SSLSessionTickets off SSLUseStapling On SSLStaplingCache "shmcb:logs/ssl_stapling(32768)" SSLOpenSSLConfCmd DHParameters "/etc/ssl/certs/dhparam.pem" Header always set Strict-Transport-Security "max-age=63072000" Enable some apache2 mods! a2enmod ssl a2enmod headers a2enconf letsencrypt a2enconf ssl-params sudo a2enmod http2 systemctl reload apache2 Run certbot! certbot certonly --agree-tos --email ed@edegan.com --webroot -w /var/lib/letsencrypt/ -d edegan.com -d www.edegan.com Note that I needed an @ entry in my A record for edegan.com pointed to my IP address to get the main challenge to succeed. Then set up a new apache2 config file (in /etc/apache): mv sites-available/000-default.conf sites-available/000-default.conf.bak vi sites-available/edegan.com.conf <VirtualHost *:80> ServerName www.edegan.com ServerAdmin ed@edegan.com Redirect permanent / https://www.edegan.com/ </VirtualHost> <VirtualHost *:443> ServerName www.edegan.com Protocols h2 http/1.1 DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLEngine On SSLCertificateFile /etc/letsencrypt/live/edegan.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/edegan.com/privkey.pem # Other Apache Configuration Alias /wiki /var/www/html/mediawiki/index.php RewriteEngine On RewriteRule ^/*$ %{DOCUMENT_ROOT}/mediawiki/index.php [L] </VirtualHost> ln -s sites-available/edegan.com.conf sites-enabled/edegan.com.conf systemctl reload apache2 Test it by going to https://www.ssllabs.com/ssltest/ Finally, edit /etc/cron.d/certbot and append the following to the last line (after -renew): --renew-hook "systemctl reload apache2" certbot renew --dry-run Tests the renewal! ====PDFEmbed Issue==== Enabling and requiring HTTPS causes an issue with PDFEmbed on mediawiki, where you get a blank frame. The PDF is still there, other images load fine, but the PDF frame won't render the PDF. The problem is actually that the PDF is served with HTTP and the rest of the page is served with HTTPS, and Chrome (and perhaps other browsers) don't render the insecure content as a consequence (see [https://www.mediawiki.org/wiki/Topic:Uhgnq0wbmzfurbj0] for a description of the symptoms, but not the solution.). The solution is to edit mediawiki/extensions/PDFEmbed/PDFEmbed.hooks.php. For me it was line 103 that previously said: 'src' => $file->getFullUrl().'#page='.$page,I changed this line to: 'src' => preg_replace("/^http:/i", "https:", $file->getFullUrl()).'#page='.$page, This is mentioned in a comment on a topic page, though presumably for an earlier version: https://www.mediawiki.org/wiki/Topic:Syxow0why4c0cvvm ===Install VSFTPD=== With the security restrictions on wordpress, I now need an FTP server to get files for themes, plugins, etc. I like VSFTPD, as its simple, secure, and has a nice standalone config. Old documentation on an earlier install on the old [[Wordpress Blog Site (Tool)]] page. Instructions are here: https://linuxconfig.org/how-to-setup-ftp-server-on-ubuntu-20-04-focal-fossa-linux apt-get install vsftpd cp /etc/vsftpd.conf /etc/vsftpd.conf_orig vi /etc/vsftpd.conf #Change the following write_enable=YES local_umask=022 ssl_enable=YES #Add the following (forces ssl) allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES ssl_tlsv1=YES ssl_sslv2=YES ssl_sslv3=YES /etc/init.d/vsftpd restart Then add a user and set it up: useradd -m blog passwd blog usermod -a -G www-data blog usermod -d /var/www/html/blog blog Test it: ftp 127.0.0.1 sftp 127.0.0.1 See also: *http://praveen.kumar.in/2009/05/31/setting-up-ftps-using-vsftpd-for-wordpress-plugins-auto-upgrade/*https://askubuntu.com/questions/14371/how-to-setup-ftp-to-use-in-locally-hosted-wordpress To address some of the issues with the FTP server's file permissions in wordpress add to wp-config.php: define( 'WP_CONTENT_DIR', 'wp-content' ); define( 'FTP_BASE', '/var/www/html/blog/' ); If I chmod blog:blog /var/www/html/blog then everything seems to work find when I sftp but wordpress is unable to create a directory... I can't work out why this is happening. I expect it has to do with the need for another wordpress specific define() statement, but I'm spending too much time on it. So I'm going to use direct installation of plugins instead, and remove the FTP server as it is a point of vulnerability. apt-get remove vsftpd userdel blog ===Final Configuration Changes=== Lock down apache somewhat further (as now there are directories that shouldn't be listable, etc.) cd /etc/apache2 vi apache2.conf #Change the directory definitions. Notes that if -SomeOption is used then other options must have + or - in front of them: <Directory /var/www/html> Options -Indexes +FollowSymLinks AllowOverride All Require all granted </Directory> systemctl reload apache2 #To debug: systemctl status apache2.service ====Remove the debug setup==== In the wiki (LocalSettings.php), comment the debug lines (I can't see when I added them from the documentation, but if you want to see error messages during the config, you'd want them uncommented): #error_reporting( -1 ); #ini_set( 'display_errors',1 ); #$wgShowExceptionDetails = true; #$wgShowDBErrorBacktrace = true; #$wgShowSQLErrors = true; Check the permissions set using $wgGroupPermissions - see https://www.mediawiki.org/wiki/Manual:User_rights Run all the updates to the blog, etc., from the consol before locking it down. Then in wp-config.php, lock down the ability to install plugins, etc., by commenting: #define('FS_METHOD','direct'); Edit the .htaccess files in blog and mediawiki to allow access but with appropriate restrictions. Note that the rewrite rules for the blog are in its .htaccess file <IfModule mod_rewrite.c> RewriteEngine On RewriteBase /blog/ RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /blog/index.php [L] </IfModule> To make the blog the default, edit /etc/apache/sites-available-edegan.com.conf, add an alias (don't alias to index.php as it will cause design issues, the rewrite rule for that is already in the .htaccess file!): Alias /blog /var/www/html/blog/ And change: RewriteRule ^/*$ %{DOCUMENT_ROOT}/mediawiki/index.php [L] To: RewriteRule ^/*$ %{DOCUMENT_ROOT}/blog/index.php [L] Then: systemctl reload apache2
==Old machines==
