Changes

This page describes the configuration of the two new research computing machines: '''Father''' (Windows Server 2019) and '''Mother''' (Ubuntu Server 20. This configuration runs on our [[Research Computing Hardware]]04). Note that the configuration of the [[DIGITS DevBoxRDP Software Configuration]] is describes the software installed on its own pageFather.

The hardware description and complete build notes and configuration information for '''Bastard''', our blisteringly fast, multi-GPU, A.I. estimation platform, are on the [[DIGITS DevBox]] page. The hardware descriptions for Father and Mother are on the [[Research Computing Hardware]] page. See also: [[Recovering Astarte]] for notes on moving content from an old mediawiki installation to a new one. ==Both machines(Father and Mother)==

==RDP Server(Father)==

==Dbase Server(Mother)==

#Note: change passwords from hints hint before running

UPDATE mysql.user SET Password = PASSWORD('tsnhint') WHERE User = 'root'; UPDATE mysql.user SET Password = PASSWORD('tsnhint') WHERE User = 'debian-sys-maint'; UPDATE mysql.user SET Password = PASSWORD('tsnhint') WHERE User = 'mcnair_wp';

===Mediawiki Redux=== ====Mobile Front End====

====Does php have mbstring support?====

====Check the skin====

===Upgrade mediawiki===

====Backup====

====New Install====

====Extensions==== =====Retrieve and configure include extensions=====

I tried various methods to get MathML to work and always failed. It looks like the community bet on Mathoid working out, but there's been no development on it for 5 months now, and it looks dead. The good news, if is that MathJax works just fine right out of the box:

#$wgSmjInlineMath = [ [ "$", "$" ], [ "\\(", "\\)" ] ]; Note: the last line lets you demark math with LaTeX-like syntax. I disabled it, as I use $ signs way too much in other contexts.

<nowiki>{{#set: Visible to=whitelist|Visible to group::=team}}</nowiki>

=====BibTeX=====

=====Upload Multiple Files===== Although the Upload multiple files extension installed fine, it is unmaintained and seems to have an issue. I removed its line from LocalSettings.php and deleted its extension directory. I then installed [https://www.mediawiki.org/wiki/Extension:SimpleBatchUpload Simple Batch Upload] using a tarball: in mediawiki/installs wget https://github.com/ProfessionalWiki/SimpleBatchUpload/archive/1.6.0.tar.gz tar -xzf 1.6.0.tar.gz -C /var/lib/mediawiki/extensions mv /var/lib/mediawiki/extensions/SimpleBatchUpload-1.6.0 /var/lib/mediawiki/extensions/SimpleBatchUpload In LocalSettings.php: wfLoadExtension( 'SimpleBatchUpload' ); $wgSimpleBatchUploadMaxFilesPerBatch = ['*' => 10,]; I had previously added Special:MultiUpload|Upload multiple files to http://www.edegan.com/wiki/MediaWiki:Sidebar. I replaced it with a link to [[Special:BatchUpload]]. =====Allow SVG images===== See https://www.mediawiki.org/wiki/Manual:Image_administration#SVG. Essentially, add svg to $wgFileExtensions, then install and designate an image converter. I went with rsvg: apt-get install librsvg2-bin vi LocalSettings.php $wgSVGConverter = 'rsvg'; =====Add HitCounters=====  wget https://extdist.wmflabs.org/dist/extensions/HitCounters-REL1_34-48dd6cb.tar.gz tar -xzf HitCounters-REL1_34-48dd6cb.tar.gz -C /var/lib/mediawiki/extensions vi ../LocalSettings.php wfLoadExtension( 'HitCounters' ); cd ../maintenance php update.php ====Change the Dbase====

I tried to 'rename' the dbase, creating a dedicated dbase user that has access to just the wiki's dbase, and resetting its password.

==Update Linux==Setting up for advanced template(s) import====

Get =====Robelbox===== Importing the Robelbox, or other, templates on mediawiki is tricky [https://stackoverflow.com/questions/678626/where-can-i-get-templates-for-mediawiki], at least the system first time that you do it. Once you've got everything up and running to datesupport templates (see above): apt-get update#Find the template on another mediawiki installation#Go to Special:Export on that installation and export the template (but not its revision history)#Import the template on the wiki using Special:Import, set the interwiki prefix to something that designates the source, like en for English Wikipedias.  apt-get upgradeI did this for the [https://ts.wikipedia.org/wiki/Template:Robelbox Robelbox template], which I got from https://en.wikiversity.org/wiki/Special:Export, however, it wasn't useable and I couldn't work out why. I ultimately deleted Robelbox, having found better boxes (see below) but I expect that my process for fixing the later issues would have sorted out the problems here too.

There were dependcy problem and other warnings during the processI got Template:Box-round from mediawiki.org: https://www.mediawiki.org/wiki/Template:Box-round. It finished withrequired installation of TemplateStyles, which in turn might need JsonConfig: In mediawiki/installs Errors were encountered while processingwget https: keyboard//extdist.wmflabs.org/dist/extensions/TemplateStyles-REL1_34-configurationc4d6f25.tar.gz xserver tar -xorgxzf TemplateStyles-core xserverREL1_34-xorgc4d6f25.tar.gz -input-wacomC /var/lib/mediawiki/extensions console wget https://extdist.wmflabs.org/dist/extensions/JsonConfig-setupREL1_34-linuxf877d87.tar.gz console tar -xzf JsonConfig-setup ubuntuREL1_34-minimal E: Subf877d87.tar.gz -process C /var/usrlib/binmediawiki/dpkg returned an error code extensions Add to LocalSettings.php wfLoadExtension(1'TemplateStyles' ); W: Operation was interrupted before it could finishwfLoadExtension( 'JsonConfig' );

I rebooted the serverNow [[Template:Box-round]] works fine but, like [[Template:Tl]], has an error message on its page about JsonConfig being missing. It came up ok and everything seemed fine (I'm doing this over terminal), but it is still claiming Note that there are updates. The issue might be related to a known Ubuntu bugTemplate: httpsT1 previously said [[Module://bugs.launchpadTNT]] was missing, so I got it from www.netmediawiki/ubuntuw/+source/console-setup/+bug/1770482Module:TNT). The solution(s) might be JsonConfig seems fine and shows in [[httpsSpecial://unix.stackexchangeVersion]].com/questions/202671/circular-dependency-in-ubuntu-release-upgrade]:

Look at the keyboard config fileI added: cat /etc/default/keyboard$wgJsonConfigEnableLuaSupport = true; # KEYBOARD CONFIGURATION FILEwhich gave: Lua error: bad argument # Consult the keyboard1 to "get" (5not a valid title) manual page. XKBMODEL="pc105" XKBLAYOUT="us" XKBVARIANT="" XKBOPTIONS=""

Remove and reinstall So instead, I put all the keyboard-configurationfollowing into LocalSettings.php to configure JsonConfig (see [https://www.mediawiki.org/wiki/Topic:Vdtgrltwf1e5bmdx]): // Safety:before extension.json, these values were initialized by JsonConfig.php apt-get remove keyboard-configurationif ( !isset( $wgJsonConfigModels ) ) { $wgJsonConfigModels = []; apt-get install keyboard-configuration } Note that this launches a screen where the only options are Afghani variants... so cancel it if ( !isset( $wgJsonConfigs ) ) { $wgJsonConfigs = []; } DEBIAN_FRONTEND$wgJsonConfigEnableLuaSupport =noninteractive apt-get install keyboard-configurationtrue; This ran and changed the keyboard layout file to the default // https://www.mediawiki.org/wiki/Extension:JsonConfig#Configuration # KEYBOARD CONFIGURATION FILE $wgJsonConfigModels['Tabular.JsonConfig'] = 'JsonConfig\JCTabularContent'; # Consult the keyboard(5) manual page $wgJsonConfigs['Tabular.JsonConfig'] = [ XKBMODEL 'namespace' => 486, 'nsName' => 'Data', // page name must end in "pc105.tab", and contain at least one symbol XKBLAYOUT 'pattern' ="us> '/.\.tab$/',af" XKBVARIANT 'license' ="> 'CC0-1.0'," XKBOPTIONS 'isLocal' ="grp_led:scroll"> false, ]; vi /etc/default/keyboardEnable Tabular data namespace on Commons - T148745 $wgJsonConfigInterwikiPrefix = 'commons'; I manually removed the af option and the commas, essentially reverting the file (I like a scroll light) $wgJsonConfigs['Tabular. JsonConfig']['remote'] = [ cd 'url' => 'https:/usr/sharecommons.wikimedia.org/X11w/xkb/symbolsapi.php' ln -s us en];  This was Then I copied over Module:Documentation/styles.css from mediawiki.org, commenting out the other solution offeredbackground image in line 168. And everything seems to work fine. .. I was missing an en option, so that might be itgot the following templates from mediawiki (via [https://www.mediawiki.org/wiki/Special:Export mediawiki's Special:Export] to get dependencies):*Template:Colored box*Template:Navbox apt-get install keyboard-configuration*Template:Help box*Template:Side box Now it says that there is nothing to do, which is promising. *Template:Note

Try the update againNote that this overwrote Template: apt-get update && apt-get upgrade Nothing happened Tl, Template:TNT, and everything seems fine..others that I resolved issues with previously. shutdown -r now

On bootNow a new set of issues has emerged. These include JsonConfig problems (again), the box reportsand template loops (which I think are coming from Module: Welcome to Ubuntu 18.04.5 LTS Template translation), and missing dependencies (GNU/Linux 4e.15.0-45-generic x86_64g, Template:Mbox and Module:Color contrast) .Moreover, most of the templates render the if and other conditional logic statements, rather then executing them.. 36 packages can be updated. 30 updates are security updates.I installed ParserFunctions (which I should have done before) and it solved everything outstanding!

Running apt-get upgrade gives:In mediawiki/installs The following packages have been kept backwget https: fwupd fwupdate fwupdate//extdist.wmflabs.org/dist/extensions/ParserFunctions-signed libfwup1 libgl1REL1_34-mesa-dri libreoffice-avmedia-backend-gstreamer libreoffice-base-core4de6f30.tar.gz libreoffice tar -calc libreofficexzf ParserFunctions-core libreofficeREL1_34-draw libreoffice-gnome libreoffice-gtk3 libreoffice-impress libreoffice-math libreoffice-ogltrans libreoffice-writer libxatracker2 linux-generic linux-headers-generic linux-image-generic netplan4de6f30.tar.io python3-softwaregz -properties python3-uno software-properties-common software-properties-gtk 0 upgraded, 0 newly installed, 0 to remove and 25 not upgraded.C /var/lib/mediawiki/extensions

The latest LTS version (at the time of writing) is 20Add to LocalSettings.04.1 php wfLoadExtension(see https://wiki.ubuntu.com/Releases'ParserFunctions' ). So I could do an: ; apt-get dist-upgradeBut I should really do a full backup and everything first, so that isn't going to happen today.$wgPFEnableStringFunctions = true;

==Reviewing Wordpress==The Front Page====

To do the front page, I copied the source of [https://www.mediawiki.org/w/index.php?title=Template:Main_page&action=edit Template:Main page] from mediawiki to a page (called Test) and created [Template:Main page/styles.css] using [https://www.mediawiki.org/w/index.php?title=Overview==Template:Main_page/styles.css&action=edit mediawiki's code]. Then I rejigged the contents of the page!

Rather The only minor but non-obvious change, was that I used h2 headings inside each mainpage_box, rather than trying to update wordpressh3's. As a consequence, I think it best needed to install add the latest version and use the old dbasefollowing to [[Template:Main_page/styles. This will likely cause problems with imagescss]]: .mainpage_box h2 { border-bottom: none; } .mainpage_box h2 . but we made several suboptimal choices when we built the last version, including using a nonheader_icon { margin-standard theme and customizing it in a way that prevented updates. right: 5px; }

There's a useful wordpress article on the basics of the approach, albeit from a hosted install perspective: Old instructions[https://www.wpbeginnermediawiki.comorg/wp-tutorialswiki/how-to-restore-a-wordpress-site-Topic:R1j08xhjgrtkpj6q] suggest using [[Special:ExpandTemplate]] on mediawiki's wiki, with-just-database-backupthe input text <nowiki>{{:MediaWiki}}</nowiki>. But this isn't necessary as the template doesn't need expanding in its current (at the time of writing) incarnation. Naturally, the page works well on MobileFrontend.

For theme customization beyond that done in The Mass edit page contains several examples, two of which show "Undefined Control Sequence" errors. These examples use backslashed square brackets (I can't even write them on the interfacewiki using nowiki tags), or through a plugin (like Code Snippets [httpswhich have issues because of Extension://wordpressSimpleMathjax.org/plugins/code-snippets/]Regardless, wordpress says the best approach is extension seems to create a child theme [https://www.wpbeginner.com/wp-themes/how-to-create-a-wordpress-child-theme-video/]. work just fine!

It seems that Twenty Fifteen has Get the most active installs, but all the Twenty series, which are [https://wordpress.org/themes/author/wordpressdotorg/ default themes] made by wordpress are wildly popular. It might be worth using [https://wordpress.org/themes/twentytwenty/ Twenty Twenty], as it is the most recent and takes advantage of the block editor (Twenty Nineteen does too but gets mediocre reviews), and I like the look of [httpssystem up to date://wordpress.org/themes/twentyfourteen/ Twenty Fourteen]. apt-get update apt-get upgrade

Outside of During the defaults, [httpsupgrade I chose://wordpress*keep the local smb.org/themes/oceanwp/ OceanWP] is eCommerce oriented but looks good and is very popular. [https://wordpress.org/themes/neve/ Neve] sits between OceanWP and [https://wordpress.org/themes/generatepress/ GeneratePress], which has a more magazine/news focus, and all three take advantage of conf*keep the local grub (new block editor ([https:version in /tmp/wordpressgrub.org/gutenberg/ Gutenberg]), which was introduced in WPv5 (initial release in 2018l1gqsHmubw).

===PreThere were dependcy problem and other warnings during the process. It finished with: Errors were encountered while processing: keyboard-install===configuration xserver-xorg-core xserver-xorg-input-wacom console-setup-linux console-setup ubuntu-minimal E: Sub-process /usr/bin/dpkg returned an error code (1) W: Operation was interrupted before it could finish

Check PHP and MySQL. I need PHP >=7rebooted the server.3 It came up ok and MySQL >=5everything seemed fine (I'm doing this over terminal), but it is still claiming that there are updates.6 butThe issue might be related to a known Ubuntu bug: https: php --version PHP 7//bugs.2launchpad.24net/ubuntu/+source/console-0ubuntu0setup/+bug/1770482.18.04.6 The solution(clis) (builtmight be [https: May 26 2020 13:09:11) ( NTS ) mysql //unix.stackexchange.com/questions/202671/circular-dependency-in-ubuntu-release-version mysql Ver 14.14 Distrib 5.7.31, for Linux (x86_64) using EditLine wrapperupgrade]:

I might be able to upgrade my version of PhP without upgrading Ubuntu (see httpsLook at the keyboard config file: cat /etc/linuxize.com/post/how-to-install-php-on-ubuntu-18-04default/keyboard # KEYBOARD CONFIGURATION FILE # Consult the keyboard(5). However, it is probably a good idea to just fix everything..manual page. XKBMODEL="pc105" XKBLAYOUT="us" XKBVARIANT=Upgrading Linux="" XKBOPTIONS= So it turns out that I shouldn't have done that last update... I do have an Xwindows Server on the box, running Gnome, and now I can't log in using the GUI on the box itself (it loops back to the login screen). This box doesn't contain the GPUs, just the database server, so the GUI isn't key, but it would be nice to have it working again. Hopefully, an upgrade will fix that, as well as other issues.""

Remove and reinstall the keyboard-configuration: apt-get remove keyboard-configuration apt-get install keyboard-configuration Note that this launches a screen where the only options are Afghani variants... so cancel it! DEBIAN_FRONTEND=noninteractive apt-get install keyboard-configuration This ran and changed the keyboard layout file to the default: # KEYBOARD CONFIGURATION FILE # Consult the keyboard(5) manual page. XKBMODEL="pc105" XKBLAYOUT=Backing off="us,af" XKBVARIANT="," XKBOPTIONS="grp_led:scroll" vi /etc/default/keyboard I manually removed the af option and the commas, essentially reverting the file (I like a scroll light). cd /usr/share/X11/xkb/symbols ln -s us en This was the other solution offered. I was missing an en option, so that might be it. apt-get install keyboard-configuration Now it says that there is nothing to do, which is promising.

First, mount the USB drive. Find what's mounted and what Try the dev isupdate again: mount apt-t ext4get update && apt-get upgrade (or just mount for Nothing happened and everything)seems fine... ls shutdown -l r now On boot, the box reports: Welcome to Ubuntu 18.04.5 LTS (GNU/dev/disk/byLinux 4.15.0-id/usb* (or fdisk 45-l or lsblkgeneric x86_64) mkdir -p /media/usb... 36 packages can be updated. mount /dev/sda1 /media/usb30 updates are security updates.

Back up the databasesRunning apt-get upgrade gives: psql postgresThe following packages have been kept back: /l As researcher and in /bulk/backups/ mv lbo_Fc.dump lbo_Fc.dump.org pg_dump fwupd fwupdate fwupdate-signed libfwup1 libgl1-mesa-dri libreoffice-avmedia-backend-gstreamer libreoffice-base-Fc allpatentsprocessed > allpatentsprocessed_Fc.dumpcore pg_dump libreoffice-Fc accelerators > accelerators_Fc.dump pg_dump calc libreoffice-Fc grants > grants_Fc.dump pg_dump core libreoffice-Fc incubators > incubators_Fc.dump pg_dump draw libreoffice-Fc lbo > lbo_Fc.dump pg_dump gnome libreoffice-Fc stockmarket > stockmarket_Fc.dump pg_dump gtk3 libreoffice-Fc crunchbase3 > crunchbase3_Fc.dump pg_dump impress libreoffice-Fc vcdb20h1 > vcdb20h1_Fc.dumpmath pg_dump libreoffice-Fc vcdb4 > vcdb4_Fc.dump mysql ogltrans libreoffice-u root writer libxatracker2 linux-p SHOW DATABASES; \q mysqldump generic linux-headers-databases generic linux-image-password mcnair > mcnairgeneric netplan.sqlio mysqldump python3-software-databases properties python3-uno software-password wordpress > wordpress.sql mysqldump properties-common software-properties-password mcnair > mediawikigtk 0 upgraded, 0 newly installed, 0 to remove and 25 not upgraded.sql

Do The latest LTS version (at the file transfers mkdir /media/usb/mother-2020-08-09 mkdir /media/usb/mother-2020-08-09/bulk rsync -av --progress --exclude="mcnair" /bulk/ /mediatime of writing) is 20.04.1 (see https:/usb/mother-2020-08-09/bulkwiki.ubuntu.com/Releases). So I could do an: mkdir /media/usb/motherapt-2020get dist-08-09/htmlupgrade rsync -av --progress /var/www/html/ /media/usb/mother-2020-08-09/html/But I should really do a full backup and everything first, so that isn't going to happen today.

===Do the upgrade=Overview====

Run: apt Rather than trying to update apt upgrade apt distwordpress, I think it best to install the latest version and use the old dbase. This will likely cause problems with images... but we made several suboptimal choices when we built the last version, including using a non-upgrade apt autoremovestandard theme and customizing it in a way that prevented updates.

doThere's a useful wordpress article on the basics of the approach, albeit from a hosted install perspective: https://www.wpbeginner.com/wp-tutorials/how-to-releaserestore-upgrade if no release found because you are too early, add the a-wordpress-site-d to allow development (it will still install LTS if that's available) dowith-releasejust-upgrade database-dbackup/

This failed on the first attempt. So I didThe main install instructions are: https: grep ERROR /var/log/dist-upgrade/mainwordpress.log grep BROKEN org/varsupport/logarticle/disthow-upgrade/apt.log aptto-get remove postgresqlinstall-10-postgis-2.4wordpress/

ThenFor theme customization beyond that done in the interface, or through a plugin (like Code Snippets [https://wordpress.org/plugins/code-snippets/], wordpress says the best approach is to create a child theme [https: do//www.wpbeginner.com/wp-releasethemes/how-upgrade to-d I selected some choices (keep smd.conf, don't notify me of whatever, etc.) I let it replace postgres10 but it still gave me an "Obsolete Major Version" warning on postgres (I said ok)create-a-wordpress-child-theme-video/].

===Address Choosing the upgrade issues===theme (https://wordpress.org/themes/ and https://wordpress.com/themes) is a major decision. This time I want a much more standard theme, that has better plugin and widget support, is responsive and gives a good mobile interface. I also don't want to pay but will have to trade that off against doing customization to make it look distinct.

The first casualty of It seems that Twenty Fifteen has the upgrade was most active installs, but all the networking configurationTwenty series, which are [https://wordpress.org/themes/author/wordpressdotorg/ default themes] made by wordpress are wildly popular. It might be worth using [https://wordpress. You'd think that developers would have figured that one outorg/themes/twentytwenty/ Twenty Twenty], as remote upgrades would leave boxes DOA until someone could get physical access. Neverthelessit is the most recent and takes advantage of the block editor (Twenty Nineteen does too but gets mediocre reviews), and I like the fix is straight forwardlook of [https://wordpress.org/themes/twentyfourteen/ Twenty Fourteen].

The old ifup Outside of the defaults, [https://wordpress.org/themes/oceanwp/ OceanWP] is eCommerce oriented but looks good and down is very popular. [https://wordpress.org/themes/neve/ Neve] sits between OceanWP and eth0 etc[https://wordpress. interface system is gone noworg/themes/generatepress/ GeneratePress], which has a more magazine/news focus, taking its config with it. To get and all three take advantage of the networking backnew block editor ([https://wordpress.org/gutenberg/ Gutenberg]), which was introduced in WPv5 (initial release in 2018). ====Pre-install==== ifconfig Outdated now, Check PHP and MySQL. I think, but it still shows what's up.need PHP >=7.3 and MySQL >=5.6 but: ip php --aversion This will get you the names of the interfaces etcPHP 7. I already had a 2.yaml under a different interface name that set up DHCP, so I used it as a template for the interface that I wanted up that way cp /etc/network/0124-netcfg0ubuntu0.18.yaml /etc/network/99_config04.yaml6 (cli) (built: May 26 2020 13:09:11) ( NTS ) vi /etc/network/99_config.yamlmysql --version change the interface name to eno0 mysql Ver 14.14 Distrib 5.7.31, for Linux (x86_64) using netplan applyEditLine wrapper

Now everything looks good for a foundation - apache2 is working, SSH is working, but I need to do a minor config fix for the wiki. apt-get install php-mbstring apachectl restart And the wiki comes back up but with a error notice. The issue seems to might be with PHP 7.4, and it looks like it affects both mediawiki and wordpress, though wordpress might have fixed it. Regardless, it is possible able to install 7.3 as well, as use that with apache2. add-apt-repository ppa:ondrej/php apt-get update apt-get install php7.3 apt-get install php7.3-cli php7.3-common php7.3-json php7.3-opcache php7.3-mysql php7.3-mbstring php7.3-zip php7.3-fpm php7.3-intl php7.3-simplexml Note we may need to fix some config again as it saidupgrade my version of PhP without upgrading Ubuntu (see https: Creating config file /etc/php/7linuxize.3com/apache2post/php.ini a2dismod php7.4 a2enmod php7.3 I ignored the following notices for now: NOTICE: To enable PHP 7.3 FPM in Apache2 do: NOTICE: a2enmod proxy_fcgi setenvif NOTICE: a2enconf php7.3how-fpm systemctl restart apache2 update-alternatives to-install-set php /usr/bin/php7.3 update-alternatives --set phar /usr/bin/phar7.3 updateon-alternatives ubuntu-18-set phar.phar 04/usr/bin/phar).phar7However, it is probably a good idea to just fix everything.3 update-alternatives --set phpize /usr/bin/phpize7.3 update-alternatives --set php-config /usr/bin/php-config7.3 error: no alternatives for php-config (ignored for now)

I need to get Xwindows set up againFirst, mount the USB drive. My best guess as to Find what's mounted and what the cause of this issue dev is leftover Nvidia drivers from my attempts to install the GPUs on this box went bad in an earlier apt: mount -get upgrade but I can't see them listed:ext4 (or just mount for everything) dpkg ls -l | grep nvidia/dev/disk/by-driverid/usb* (or fdisk -l or lsblk) mkdir -p /media/usb mount /dev/sda1 /media/usb

There is a .Xauthority file, Back up the databases: psql postgres /l As researcher and an .ICEauthority file, in /homebulk/ed and both are owned by ed:edbackups/ mv lbo_Fc.dump lbo_Fc.dump. The former is empty (0 bytes) and the latter has some nonorg pg_dump -UTF8 (I think?) characters in itFc allpatentsprocessed > allpatentsprocessed_Fc. I'm not sure if either is an issuedump pg_dump -Fc accelerators > accelerators_Fc.dump pg_dump -Fc grants > grants_Fc.dumpI didn't see xserver pg_dump -xorgFc incubators > incubators_Fc.dump pg_dump -videoFc lbo > lbo_Fc.dump pg_dump -nouvea in the package list or any video driver module, so I installed nouveau:Fc stockmarket > stockmarket_Fc.dump pg_dump -Fc crunchbase3 > crunchbase3_Fc.dump pg_dump -Fc vcdb20h1 > vcdb20h1_Fc.dump pg_dump -Fc vcdb4 > vcdb4_Fc.dump dpkg mysql -lu root -p SHOW DATABASES; lsmod | more \q apt install xserver mysqldump --xorgdatabases -video-nouveaupassword mcnair > mcnair.sql I'm not sure if I should be fixing my boot image or not..mysqldump --databases --password wordpress > wordpress.sql shutdown mysqldump --r now lsmod | morepassword mcnair > mediawiki.sql

After doing this Do the login would give a local desktop but neither the keyboard nor mouse worked. I tried uninstalling and reinstalled the keyboardfile transfers mkdir /media/usb/mother-2020-08-configuration again.09 aptmkdir /media/usb/mother-get remove keyboard2020-configuration08-09/bulk aptrsync -av --progress --exclude="mcnair" /bulk/ /media/usb/mother-get install keyboard2020-configuration 08-09/bulk/ mkdir /media/usb/mother-2020-08-09/html shutdown rsync -av --progress /var/www/html/ /media/usb/mother-2020-08-r now09/html/

But that just put me back where I was: with a login loop problem. So I tried switching to lightdmFinally: apt-get install lightdmumount /media/usb

And it worked even before a reboot. After a reboot, I had a different login screen but ====Do the actual desktop looked the same. The .Xauthority file is now 51 bytes big and I suddenly have a .xsession-errors, which contains a list of environment settings taking place... However, the machine then silently crashed that night and again the following morning. I couldn't find a specific cause in the logs but there did seem to be a number X and GNOME problems: journalctl -b -1 journalctl --since "1 hour ago"upgrade====

I ran an Run: apt update from the GUI, which may have helped. However, there was a warning about an issue with a screensaver the first time that I loaded lightdm, and the crashes seemed to happen sometime after a clean boot. So I uninstalled lightdm, and installed gdm (which failed as installed already) and rebooted but got no GUI. Then I uninstalled and reinstalled gdm and everything seems fine now. apt-get remove lightdmupgrade aptdist-get remove gdm3upgrade apt-get install gdm3autoremove

Incidentally do-release-upgrade if no release found because you are too early, I left a clock running in a terminal so that I could see when add the box went down -d to allow development (it will still install LTS if it crashed again. The clock code is:that's available) while [ 1 ] ; do echo -en "$(date +%T)\r" ; sleep 1; donerelease-upgrade -d

Then: do-release-upgrade -d I kept the old versions selected some choices (keep smd.conf, don't notify me of mediawiki and wordpress and moved them to /bulk/retired whatever, etc.) I let it replace postgres10 but it still gave me an "Obsolete Major Version" warning on postgres (using yyymmdd datesI said ok) mv /var/lib/mediawiki26082020 /bulk/retired/ mv /bulk/retired/mediawiki26082020 /bulk/retired/mediawiki20200826 mv /var/www/html/blog20200809 /bulk/retired/.

==Wordpress Redux==Address the upgrade issues====

First, move the The old folder to a new nameifup and down and eth0 etc. interface system is gone now, so that taking its config with it is there for backup and then . To get the new install and unpack networking back: ifconfig Outdated now, I think, but itstill shows what's up... cd /bulk/installsip -a wget https://wordpress This will get you the names of the interfaces etc.org/latest I already had a .tar.gzyaml under a different interface name that set up DHCP, so I used it as a template for the interface that I wanted up that way mv /var/www/html/blog /varcp /wwwetc/htmlnetwork/blog20200809 tar 01-xzf latestnetcfg.tar.gz -C yaml /varetc/www/htmlnetwork/99_config.yaml cd vi /varetc/www/htmlnetwork/99_config.yaml mv wordpress/ blog/ change the interface name to eno0 chown -R www-data:www-data blognetplan apply

Put an .htaccess file in that folder to restrict access while we work: vi blog/.htaccess <RequireAny> Require ip 192.168.2.1 </RequireAny> ===Set up=== Then set up the dbase by editing wpNow everything looks good for a foundation -config.php (it's easiest apache2 is working, SSH is working, but I need to modify the sample). cp blog/wp-config-sample.php blog/wp-config.php vi blog/wp-do a minor config.php Note get some keys from: https://api.wordpress.org/secret-key/1.1/salt/ Then fix for the backend works - go to http://www.edegan.com/blog/wp-admin! However the health check shows a missing required module and two missing recommended moduleswiki. Fix that: apt-get install php7.3-gd apt-get install php7.3-curl apt-get install php7.3php-imagickmbstring

Ironically, it then recommends that I upgrade to PHP7.4... but that would just give issues for mediawiki. On the other hand, everything is now green and just 4 groups of recommendations remain. ===Config==PostGIS Issues===== See [[Wordpress Blog Site (Tool)]] for the McNair Center's build. Using www.edegan.com/blog/wp-admin I configured the blog as follows:*Select Twenty Twenty as the theme*Add the permalink code to the .htaccess file, so that the URLs will work with postnames*Copy over images to wp-content/uploads (use cp -a to maintain permissions)*Change the site name to https (after fixing the https setup, see below)

Install pluginsI also checked postgres and everything seemed ok:*Yoast SEO su researcher*Wordfence Security psql vcdb4*Disable Comments \l*Site Kit by Google (set up once live They are all there \dx All my extensions report back. Update: It seems something did go wrong. Just because the extensions report back doesn't mean they work!)When I try to run queries that use PostGIS, I get:*Pixabay SQL Error [58P01]: ERROR: could not access file "$libdir/postgis-2.4": No such file or directory

I also added:*CoBlocks tried updating the extension (free)*Advanced Gutenberg (freeI'm pretty sure that I'm running 2.4.3):*Otter ALTER EXTENSION postgis UPDATE TO "2.4.3";

I But that didn't add Cofix anything. I checked the versions: select version(); PostgreSQL 10.14 (Ubuntu 10.14-0ubuntu0.18.04.1) on x86_64-Authors Plus pc-linux-gnu, compiled by gcc (https://wordpressUbuntu 7.5.0-3ubuntu1~18.04) 7.5.org/plugins/co0, 64-bit -authors-plus/) as it hasnSo somehow I't been tested on the latest m still running version of wordpress10! select PostGIS_full_version(); ERROR: could not access file "$libdir/postgis-2. There are other plugins that offer equivalent functionality if I need one later4": No such file or directory CONTEXT: SQL statement "SELECT public.postgis_lib_version()" PL/pgSQL function postgis_full_version() line 25 at SQL statement

Other plugins So I might want arebacked off the data from the two dbases that I'd used since the upgrade:*Revive Old Post (share with twitter) pg_dump -Fc stockmarket > stockmarket_Fc_20201023.dump*Optimole (optimize images) pg_dump -Fc vcdb4 > vcdb4_Fc_20201023.dump*WP Rocket (implement cache) #FAILED!

NotesThe second backoff failed:*Twitter embedding pg_dump: https[archiver (db)] query failed:ERROR: could not access file "$libdir//wwwpostgis-2.4": No such file or directory pg_dump: [archiver (db)] query was: SELECT a.attnum, a.attname, a.atttypmod, a.attstattarget, a.attstorage, t.typstorage, a.attnotnull, a.atthasdef, a.attisdropped, a.attlen, a.attalign, a.attislocal, pg_catalog.format_type(t.oid,a.atttypmod) AS atttypname, array_to_string(a.attoptions, ', ') AS attoptions, CASE WHEN a.attcollation <> t.typcollation THEN a.attcollation ELSE 0 END AS attcollation, a.attidentity, pg_catalog.array_to_string(ARRAY(SELECT pg_catalog.quote_ident(option_name) || ' ' || pg_catalog.quote_literal(option_value) FROM pg_catalog.pg_options_to_table(attfdwoptions) ORDER BY option_name), E', ') AS attfdwoptions FROM pg_catalog.pg_attribute a LEFT JOIN pg_catalog.pg_type t ON a.atttypid = t.oid WHERE a.attrelid = '19998614'::pg_catalog.oid AND a.attnum > 0::pg_catalog.wpbeginnerint2 ORDER BY a.com/wp-tutorials/how-to-display-recent-tweets-in-wordpress-with-twitter-widgets/attnum

===Hardening Wordpress===Postgres Upgrade Attempt (Failed)======

My changes weren't substantial, so I hardened the wordpress installation: httpsproceeded with an upgrade. First I checked to see if I had postgres12 installed and listening on another port or not: locate postgres ls /usr/bin/postgres dpkg --get-selections | grep postgres pg_lsclusters Ver Cluster Port Status Owner Data directory Log file 10 main 5432 online postgres /data/postgres /var/log/postgresql/wordpresspostgresql-10-main.orglog 12 main 5433 online postgres /var/lib/postgresql/12/main /var/supportlog/articlepostgresql/hardeningpostgresql-12-wordpressmain.log pg_upgradecluster 10 main #This failed: pg_dump: error: query failed: ERROR: could not access file "$libdir/postgis-2.4": No such file or directory

This included:*Fixing file ownership: For fully hardened, change ownership of everything to root, except wflogs, uploads and themes in wp-content, which should be owned by www-dataSo... However, then you wonI can't be able to install plugins etcautomatically upgrade without first fixing the issue with v10 and postgis. A compromise is add-R root:root for blog and then wwwapt-datarepository http:www-data for wp-content//apt.postgresql.org/pub/repos/apt*Check file permissions But that put the following into /etc/apt/sources-list: Everything is 644, except wp-content which is 755*Checking dbase rights and setting new passwords deb http://apt.postgresql.org/pub/repos/apt focal main*Changing passwords on old accounts vi it to (with posts, so the accounts shouldn't be deletedsee https://wiki.postgresql.org/wiki/Apt) to random strong strings: deb http://apt.postgresql.org/pub/repos/apt focal-pgdg *Fixing up wget --quiet -O - http://apt.htaccess file to impose restrictionspostgresql.org/pub/repos/apt/ACCC4CF8.asc | sudo apt-key add - apt-get update*Install Sucuri #Throws a warning:*Enable more logging N: Skipping acquire of configured file 'main/binary-i386/Packages' as repository 'http://apt.postgresql.org/pub/repos/apt focal-pgdg InRelease' doesn't support architecture 'i386'

Checking user rights in But the dbase and changing their passwordwretched thing still doesn't seem to be available: mysql apt-user=root get install postgresql-p use wordpress SELECT User FROM mysql10-postgis-2.user; SHOW GRANTS FOR 'username'@'localhost'; SET PASSWORD FOR 'username'@'localhost'='newpassword';4 (Note that this shouldn't be logged in clear on the serverPackage postgresql-10-postgis-2.4 is not available, but might be on a client. Delete .mysql_history at the end of your sessionis referred to by another package.)

Trying a manual approach.htaccess in wp-includes[https: # Block the include-only files//packages. <IfModule mod_rewriteubuntu.c> RewriteEngine On RewriteBase com/ RewriteRule ^wp-adminbionic/includesi386/ postgresql- [F,L] RewriteRule !^wp10-postgis-includes2.4/ - [S=3download Get the file] RewriteRule ^wp-includes, put it in /[^bulk/]+\temp and cd there.php$ - [F,L]Then: RewriteRule ^wpapt-includes/js/tinymceget install ./langs/.+\.php postgresql- [F,L] RewriteRule ^wp10-includes/themepostgis-compat/ 2.4_2.4.3+dfsg- [F,L]4_i386.deb </IfModule> # BEGIN WordPressThis failed too - there are unmet dependencies and they are 'not installable'.

The #BEGIN WordPress tag is redundant as ======Switching over the file is 644 root.installations======

Add So, I took the following alternative approach of changing the data folders [https://www.tutorialspoint.com/how-to -change-postgresql-data-folder-location-on-ubuntu-16-04].htaccess  The plan:#Take version 10 offline#Move version 10's data to a new location (/var/lib/postgresql/10/main)#Switch the ports of versions 10 and 12#Move version 12's data to /data#Put version 12 online#Load up the data in version 12!#Optionally wipe out the wordpress dirold installation Shut it down: <files wppg_ctlcluster 12 master start pg_lsclusters #The cluster Ver Cluster Port Status Owner Data directory Log file 10 main 5432 online postgres /data/postgres /var/log/postgresql/postgresql-config10-main.php>log 12 order allow,denymaster 5433 online postgres /var/lib/postgresql/12/master /var/log/postgresql/postgresql-12-master.logg deny from allsystemctl stop postgresql </files>systemctl status postgresql

If there are plugin installation issues then add to wp-Edit the configfiles: vi /etc/postgresql/10/main/postgresql.phpconf data_directory = '/var/lib/postgresql/10/main' port = 5433 define(vi /etc/postgresql/12/master/postgresql.conf data_directory = '/data/postgres'FS_METHOD port = 5432 listen_addresses = ',*'direct #While we are here do some performance tuning: shared_buffers = 512MB huge_pages = try temp_buffers = 8G work_mem = 4GB maintenance_work_mem = 64 effective_cache_size = 384GB #Note that I didn't reduce the number of connections (and the max_wal_senders, which must be < max connections);, or change max_stack_depth (which gives an error if you set it too high) vi /etc/postgresql/12/master/pg_hba.conf Copy over the config to allow access from inside the network

Once I'm Move the data: df #to check diskspace rm -R /var/lib/postgresql/10/main #Note that none of the config files in here were valid (though you should check this is true before you do it!) rsync -av /data/postgres/ /var/lib/postgresql/10/main #Takes awhile, but make sure it is all done with before the theme etc., I can uncomment the following from wpnext step rm -R /data/postgres rsync -av /var/lib/postgresql/12/master/ /data/postgres systemctl start postgresql pg_lsclusters Ver Cluster Port Status Owner Data directory Log file 10 main 5433 online postgres /var/lib/postgresql/10/main /var/log/postgresql/postgresql-10-configmain.phplog 12 master define('DISALLOW_FILE_EDIT', true);5432 online postgres /data/postgres /var/log/postgresql/postgresql-12-master.log

I built a [[Branding]] paletteCheck it all works: psql postgres CREATE EXTENSION postgis; CREATE EXTENSION plr; CREATE EXTENSION plperl; CREATE EXTENSION plpython3u; \dx List of installed extensions Name | Version | Schema | Description---------+---------+------------+--------------------------------------------------------------------- plpgsql | 1.0 | pg_catalog | PL/pgSQL procedural language postgis | 3.0.0 | public | PostGIS geometry, to standardize the colors. And I installed the Twentig plugingeography, to give extra configuration options.and raster spatial types and functions (2 rows)

I changed Make the site colors, added the logo and the tag line, and made other config changes.user: createuser --interactive researcher

Then, I added custom CSS restore the databases (as followsresearcher in /bulk/backup): createdb stockmarket pg_restore -Fc -d stockmarket stockmarket_Fc_20201023.dump createdb vcdb4 pg_restore -Fc -d vcdb4 vcdb4_Fc.dump

To reduce the header spacingThe restore threw some errors related to not having extension plpythonu, but otherwise seemed fine. The issue seems to be that pythonu is python2[https: //www.postgresql.headerorg/docs/12/plpython-inner { paddingpython23.html], and python2 is not available for postgres 12 (it might be here: https: 1//wiki.5rem 0;postgresql.org/wiki/Apt): }apt-cache search ".*plpython*.*"

To remove the title from the landing page:====Other Fixes==== .page-id-2169 .entry-title{ displayRemove redundant user accounts:none !important; }cat /etc/passwd .pageuserdel -id-2169 r username I need to get Xwindows set up again.entryMy best guess as to the cause of this issue is leftover Nvidia drivers from my attempts to install the GPUs on this box went bad in an earlier apt-header { paddingget upgrade but I can't see them listed: 0; }dpkg -l | grep nvidia-driver

To do:*I need to add social media icons! That might be as easy as adding the social media menu [https://wordpressThere is a .Xauthority file, and an .orgICEauthority file, in /supporthome/article/twenty-twenty/#add-social-icons]ed and both are owned by ed:ed.*Get a '''related posts widget'''? There's Yet Another Related Posts Plugin, Contextual Related Posts, The former is empty (0 bytes) and Inline Related Posts... the latter has some non-UTF8 (I went with YARPP, as think?) characters in it is the most popular. It I'm not sure if either is apparently resource-heavyan issue.

I tried the following blocks plugins:*didn'''Ultimate Addons for Guttenberg'''*It's free and adds some nice basic functionality**Post blocks include: Post Carousel, Post Grid, Post Masonry, Post Timeline, Advanced Columns t see xserver-xorg-video- but customization is limited and nouvea in the package list or any video driver module, so I can't do one post*'''Getwid'''installed nouveau:**Pretty highly customizable. dpkg -l**Can specify which posts to show in 3 blocks (Custom Post Type, Post Carousel, and Post Slider) and can build custom templates to arrange how they are displayed**Post blocks: Recent Posts, Custom Post Type, Post Carousel, and Post Slider lsmod | more*'''Redux''' apt install xserver-xorg- It's a templates library. You get 5 for free and they upsell hard.*'''ZeGuten''' video- Couldn't find itnouveau* I'''Advanced Gutenberg''' - It's free and widely usedm not sure if I should be fixing my boot image or not... *'''CoBlocks''' shutdown -- Does the basicsr now lsmod | more**Posts -- Can't specify specific posts. Can do category.**Post Carousel -- LikewiseAfter doing this the login would give a local desktop but neither the keyboard nor mouse worked.*'''Stackable''':**It requested opt-in, which I didn't like, tried uninstalling and it wants you to 'Go Premium'. **It has settings for everything! By far reinstalled the most detailed keyboard-configurationagain.**Useful blocks:***Posts apt-get remove keyboard- can't seem to specify a specific postconfiguration***Advanced Columns and Grids apt-get install keyboard- for layoutconfiguration ***Card shutdown -- could make posts links with buttonsr now***Feature/Feature Grid -- likewise***Container? Might be helpful*'''Gutenberg Post Blocks'''**Untested But that just put me back where I was: with my version. Seems to work. **Has lots of options but does full-page things. Can limit to a post using include but has next page linkslogin loop problem...**Tried So I tried switching to push for an update to pro.lightdm:*'''Magical Posts Display''' apt-- I dumped it for being too weird.*'''Otter Blocks'''**Google maps block and other useful things... I just don't need it right now.get install lightdm

BuiltAnd it worked even before a reboot. After a reboot, I had a different login screen but the actual desktop looked the same. The .Xauthority file is now 51 bytes big and I suddenly have a .xsession-errors, which contains a list of environment settings taking place... However, the machine then silently crashed that night and again the following morning. I couldn't find a specific cause inthe logs but there did seem to be a number X and GNOME problems:*Latest Posts (widget) journalctl -b -1 journalctl --since "1 hour ago"

Chosen block plugins:I ran an update from the GUI, which may have helped. However, there was a warning about an issue with a screensaver the first time that I loaded lightdm, and the crashes seemed to happen sometime after a clean boot. So I uninstalled lightdm, and installed gdm (which failed as installed already) and rebooted but got no GUI. Then I uninstalled and reinstalled gdm and everything seems fine now.*'''Getwid''' apt-get remove lightdm apt- It's outstanding and embraces templates for serious bespoke customizationget remove gdm3*'''Stackable''' -- For its option apt-based customization*I might add back '''coblocks''', '''Advanced Gutenberg''' and '''Ultimate Addons for Gutenberg'''get install gdm3

Install it I kept the old versions of mediawiki and make some directories...wordpress and moved them to /bulk/retired (using yyymmdd dates) apt update apt install certbot openssl dhparam -out mv /var/lib/etcmediawiki26082020 /sslbulk/certsretired/dhparam.pem 2048 takes ~20 secs mkdir -p mv /bulk/retired/varmediawiki26082020 /libbulk/letsencryptretired/.well-knownmediawiki20200826 chgrp www-data mv /var/libwww/html/letsencrypt chmod g+s blog20200809 /varbulk/libretired/letsencrypt ===Wordpress Redux===

First, move the old folder to a new name, so that it is there for backup and then get the new install and unpack it. vi cd /etcbulk/apache2installs wget https:/conf-available/ssl-paramswordpress.org/latest.tar.confgz SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1mv /var/www/html/blog /var/www/html/blog20200809 SSLCipherSuite ECDHEtar -ECDSAxzf latest.tar.gz -AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA- CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384C /var/www/html/ SSLHonorCipherOrder offcd /var/www/html/ SSLSessionTickets offmv wordpress/ blog/ chown -R www-data:www-data blog SSLUseStapling On SSLStaplingCache "shmcbPut an .htaccess file in that folder to restrict access while we work:logs/ssl_stapling(32768)" SSLOpenSSLConfCmd DHParameters "/etc/ssl/certsvi blog/dhparam.pem" htaccess <RequireAny> Require ip 192.168.2.1 Header always set Strict-Transport-Security "max-age=63072000" </RequireAny>

Enable some apache2 mods!====Set up==== Then set up the dbase by editing wp-config.php (it's easiest to modify the sample). a2enmod sslcp blog/wp-config-sample.php blog/wp-config.php a2enmod headersvi blog/wp-config.php Note get some keys from: https://api.wordpress.org/secret-key/1.1/salt/ Then the backend works - go to http://www.edegan.com/blog/wp-admin! However the health check shows a missing required module and two missing recommended modules. Fix that: a2enconf letsencryptapt-get install php7.3-gd a2enconf sslapt-paramsget install php7.3-curl sudo a2enmod http2apt-get install php7.3-imagick systemctl reload apache2apachectl restart Ironically, it then recommends that I upgrade to PHP7.4... but that would just give issues for mediawiki. On the other hand, everything is now green and just 4 groups of recommendations remain.

Then set up a new apache2 config file See [[Wordpress Blog Site (in /etc/apacheTool): mv sites-available/000-default.conf sites-available/000-default.conf.bak vi sites-available/edegan.com.conf <VirtualHost *:80> ServerName www.edegan.com ServerAdmin ed@edegan.com Redirect permanent / https://www.edegan.com/ </VirtualHost> <VirtualHost *:443> ServerName www.edegan.com Protocols h2 http/1.1 DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLEngine On SSLCertificateFile /etc/letsencrypt/live/edegan.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/edegan.com/privkey.pem # Other Apache Configuration Alias /wiki /var/www/html/mediawiki/index.php RewriteEngine On RewriteRule ^/*$ %{DOCUMENT_ROOT}/mediawiki/index.php [L] </VirtualHost> ln -] for the McNair Center's sites-available/edegan.com.conf sites-enabled/edegan.combuild.conf systemctl reload apache2

Test it by going to https://Using www.ssllabsedegan.com/ssltestblog/wp-admin I configured the blog as follows:*Select Twenty Twenty as the theme*Add the permalink code to the .htaccess file, so that the URLs will work with postnames*Copy over images to wp-content/uploads (use cp -a to maintain permissions)*Change the site name to https (after fixing the https setup, see below)

Finally, edit /etc/cron.d/certbot and append the following to the last line (after -renew)Install plugins: --renew-hook "systemctl reload apache2"*Yoast SEO*Wordfence Security certbot renew --dry-run*Disable Comments Tests the renewal*Site Kit by Google (set up once live!)*Pixabay

Enabling and requiring HTTPS causes an issue with PDFEmbed on mediawiki, where you get a blank frame. The PDF is still there, other images load fine, but the PDF frame won't render the PDF. The problem is actually that the PDF is served with HTTP and the rest of the page is served with HTTPS, and Chrome (and perhaps other browsers) donI didn't render the insecure content as a consequence add Co-Authors Plus (see [https://www.mediawikiwordpress.org/wikiplugins/co-authors-plus/Topic:Uhgnq0wbmzfurbj0] for a description ) as it hasn't been tested on the latest version of the symptoms, but not the solutionwordpress.)There are other plugins that offer equivalent functionality if I need one later.

The solution is to edit mediawiki/extensions/PDFEmbed/PDFEmbed.hooks.php. For me it was line 103 that previously saidOther plugins I might want are: 'src' => $file->getFullUrl*Revive Old Post (share with twitter).'#page='.$page,I changed this line to:*Optimole (optimize images) 'src' => preg_replace*WP Rocket ("/^http:/i", "https:", $file->getFullUrl()implement cache).'#page='.$page,

This is mentioned in a comment on a topic page, though presumably for an earlier versionNotes:*Twitter embedding: https://www.mediawikiwpbeginner.orgcom/wikiwp-tutorials/how-to-display-recent-tweets-in-wordpress-with-twitter-widgets/Topic:Syxow0why4c0cvvm

==Install VSFTPD==Hardening Wordpress====

With I hardened the security restrictions on wordpress, I now need an FTP server to get files for themes, plugins, etc. I like VSFTPD, as its simple, secure, and has a nice standalone config. Old documentation on an earlier install on the old [[Wordpress Blog Site (Tool)]] page. Instructions are hereinstallation: https://linuxconfigwordpress.org/howsupport/article/hardening-to-setup-ftp-server-on-ubuntu-20-04-focal-fossa-linuxwordpress/

aptThis included:*Fixing file ownership: For fully hardened, change ownership of everything to root, except wflogs, uploads and themes in wp-content, which should be owned by www-get data. However, then you won't be able to install vsftpd cp /plugins etc/vsftpd.conf /etc/vsftpdA compromise is -R root:root for blog and then www-data:www-data for wp-content.conf_orig vi /etc/vsftpd*Check file permissions: Everything is 644, except wp-content which is 755*Checking dbase rights and setting new passwords.conf #Change the following write_enable=YES local_umask=022 ssl_enable=YES #Add *Changing passwords on old accounts (with posts, so the following (forces sslaccounts shouldn't be deleted)to random strong strings. allow_anon_ssl=NO force_local_data_ssl=YES force_local_logins_ssl=YES ssl_tlsv1=YES*Fixing up .htaccess file to impose restrictions ssl_sslv2=YES*Install Sucuri ssl_sslv3=YES /etc/init.d/vsftpd restart*Enable more logging

Then add a Checking user rights in the dbase and set it upchanging their password: useradd mysql -user=root -m blogp passwd bloguse wordpress usermod -a -G www-data blogSELECT User FROM mysql.user; SHOW GRANTS FOR 'username'@'localhost'; usermod -d /var/www/html/blog blogSET PASSWORD FOR 'username'@'localhost'='newpassword'; (Note that this shouldn't be logged in clear on the server, but might be on a client. Delete .mysql_history at the end of your session.)

.htaccess in wp-includes: # Block the include-only files. <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^wp-admin/includes/ - [F,L] RewriteRule !^wp-includes/ - [S=3] RewriteRule ^wp-includes/[^/]+\.php$ - [F,L] RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L] RewriteRule ^wp-includes/theme-compat/ - [F,L] </IfModule> # BEGIN WordPress The #BEGIN WordPress tag is redundant as the file is 644 root. Add the following to .htaccess in the wordpress dir: <files wp-config.php> order allow,deny deny from all </files> If there are plugin installation issues then add to wp-config.php define('FS_METHOD','direct'); Once I'm all done with the theme etc., I can uncomment the following from wp-config.php define('DISALLOW_FILE_EDIT', true); {{Colored box|title=Notice|content=With hardened permissions, you won't be able to update Wordpress from the dashboard. To fix this, set ownership of the entire wordpress directory to www-data:www-data (i.e., chown -R www-data:www-data blog/), run the update, and then revert the ownership to root (or some other account).}} ====Redesign==== I built a [[Branding]] palette, to standardize the colors. And I installed the Twentig plugin, to give extra configuration options. I changed the site colors, added the logo and the tag line, and made other config changes. Then, I added custom CSS as follows. To reduce the header spacing: .header-inner { padding: 1.5rem 0; } To remove the title from the landing page: .page-id-2169 .entry-title{ display:none !important; } .page-id-2169 .entry-header { padding: 0; } To do:*I need to add social media icons! That might be as easy as adding the social media menu [https://wordpress.org/support/article/twenty-twenty/#add-social-icons].*Get a '''related posts widget'''? There's Yet Another Related Posts Plugin, Contextual Related Posts, and Inline Related Posts... I went with YARPP, as it is the most popular. It is apparently resource-heavy. I tried the following blocks plugins:*'''Ultimate Addons for Guttenberg'''*It's free and adds some nice basic functionality**Post blocks include: Post Carousel, Post Grid, Post Masonry, Post Timeline, Advanced Columns -- but customization is limited and I can't do one post*'''Getwid''':**Pretty highly customizable. **Can specify which posts to show in 3 blocks (Custom Post Type, Post Carousel, and Post Slider) and can build custom templates to arrange how they are displayed**Post blocks: Recent Posts, Custom Post Type, Post Carousel, and Post Slider*'''Redux''' -- It's a templates library. You get 5 for free and they upsell hard.*'''ZeGuten''' - Couldn't find it*'''Advanced Gutenberg''' - It's free and widely used... *'''CoBlocks''' -- Does the basics**Posts -- Can't specify specific posts. Can do category.**Post Carousel -- Likewise.*'''Stackable''':**It requested opt-in, which I didn't like, and it wants you to 'Go Premium'. **It has settings for everything! By far the most detailed configuration.**Useful blocks:***Posts -- can't seem to specify a specific post***Advanced Columns and Grids -- for layout***Card -- could make posts links with buttons***Feature/Feature Grid -- likewise***Container? Might be helpful*'''Gutenberg Post Blocks'''**Untested with my version. Seems to work. **Has lots of options but does full-page things. Can limit to a post using include but has next page links...**Tried to push for an update to pro.*'''Magical Posts Display''' -- I dumped it for being too weird.*'''Otter Blocks'''**Google maps block and other useful things... I just don't need it right now. Built-in:*Latest Posts (widget) Chosen block plugins:*'''Getwid''' -- It's outstanding and embraces templates for serious bespoke customization*'''Stackable''' -- For its option-based customization*I might add back '''coblocks''', '''Advanced Gutenberg''' and '''Ultimate Addons for Gutenberg''' ====Email==== I installed WP Mail SMTP Lite. I first set it up to use Google. Essentially you need to sign in to Google and set up an API in the console: https://console.developers.google.com/flows/enableapi?apiid=gmail&pli=1. However, this seemed to introduce a massive security hole unless you have G Suite, so I abandoned this approach. I had previously set up SMTP through Google for the wiki (See [[Research_Computing_Configuration#Confirm_Account]]). So, I used the same approach with Wordpress. In WP Mail SMTP Lite choose 'Other' (see the [https://www.wpbeginner.com/plugins/how-to-send-email-in-wordpress-using-the-gmail-smtp-server/ second method]). Then [https://wpmailsmtp.com/docs/how-to-secure-smtp-settings-by-using-constants/ edit wp-config.php to hardcode the values] (this ensures that the password, which is stored plain-text, is a little more secure.): define( 'WPMS_ON', true ); //You MUST set this if you want hardcoded values to work! define( 'WPMS_LICENSE_KEY', '' ); define( 'WPMS_MAIL_FROM', 'blog@edegan.com' ); define( 'WPMS_MAIL_FROM_FORCE', true ); define( 'WPMS_MAIL_FROM_NAME', 'The Blog at EdEgan.com' ); define( 'WPMS_MAIL_FROM_NAME_FORCE', true ); define( 'WPMS_MAILER', 'smtp' ); // Possible values: 'mail', 'gmail', 'mailgun', 'sendgrid', 'smtp'. define( 'WPMS_SET_RETURN_PATH', true ); define( 'WPMS_SMTP_HOST', 'ssl://smtp.gmail.com' ); define( 'WPMS_SMTP_PORT', 465 ); define( 'WPMS_SSL', 'ssl' ); // Possible values '', 'ssl', 'tls' - note TLS is not STARTTLS. define( 'WPMS_SMTP_AUTH', true ); define( 'WPMS_SMTP_USER', 'username@gmail.com' ); // SMTP authentication username, only used if WPMS_SMTP_AUTH is true. define( 'WPMS_SMTP_PASS', 'password generated by Google' ); define( 'WPMS_SMTP_AUTOTLS', true ); =====Author Comments===== The blog supports multiple authors and by default, Wordpress emails an author whenever one of their posts gets a comment. If you'd like to disable author comment emails but keep the moderator emails, there's a simple fix: '''Just go to wp-admin/options.php and set 'comments_notify' to 0.''' (See https://codex.wordpress.org/Option_Reference) More complicated methods involve writing your own plugin [https://wordpress.stackexchange.com/questions/150125/disabling-comment-notifications-for-post-author] to refine wp_new_comment_notify_postauthor[https://developer.wordpress.org/reference/functions/wp_new_comment_notify_postauthor/] or changing the hooks[https://developer.wordpress.org/reference/hooks/notify_post_author/] used in wp-includes/comment.php: $maybe_notify = apply_filters( 'notify_post_author', $maybe_notify, $comment_ID ); ====Social Media Integration==== Getting the social media icons on the menu and correctly linked up is very straight forward. Follow the [https://wordpress.org/support/article/twenty-fifteen/#add-social-icons guide for twenty-fifteen], which also works for 2020. Getting some share buttons was more problematic, particular as my planned social media usage is somewhat atypical (Twitter, LinkedIn, and Reddit, really in reverse order), and because I don't want to pay anything.  The free version of [https://revive.social/plugins/revive-old-post/ Revive Old Posts] lets you push content to Twitter and Facebook, but they want you pay to push to LinkedIn. The best free options seem to be:*[https://wordpress.org/plugins/add-to-any/ AddToAny Share Buttons] - Integrates with Google Analytics*[https://wordpress.org/plugins/simple-social-icons/ Simple Social Icons] - The simplest option*[https://wordpress.org/plugins/shared-counts/ Shared Counts] -- Counts hits (but using a 3rd party for data?)*[https://wordpress.org/plugins/wordpress-social-login/ WordPress Social Login] - if you want users to log in using their SM accounts (note: has a bimodal ratings distro)*[https://wordpress.org/plugins/jetpack/ JetPack] -- The plugin used by wordpress.com for this functionality. The free version should suffice, but this thing is a monster. It also uses an account on the wordpress.com cloud, which is a pain for those who are self-hosting. I went with AddToAny, as it had the most installations, is entirely open-source, and offers all the functionality I need. ====Avoiding JetPack==== I tried to add a profile picture, but by default, WordPress uses [https://en.gravatar.com/ Gravitar], which, surprise, surprise, links to your WordPress.com account... and to add a self-hosted site, you have to install JetPack. At this point, I felt harassed and doubly so because I didn't install JetPack and yet, some how, the profile picture correctly updated from the one I'd posted on Gravitar. What the hecK? ===SEO=== I used Site Kit plugin for wordpess, and for mediawiki I made a sitemap to submit to Google. See https://www.mediawiki.org/wiki/Manual:GenerateSitemap.php In mediawiki: mkdir sitemap php maintenance/generateSitemap.php --memory-limit=50M --fspath=/var/www/html/mediawiki/sitemap/ --identifier=edegancom --urlpath=/sitemap/ --server=https://www.edegan.com --compress=yes Then submit it to Google... I did this by making an alias in apache2.conf from sitemap to /var/www/html/mediawiki/sitemap/, then submitting https://www.edegan.com/sitemap/sitemap-index-edegancom.xml #in retrospect, I wish I'd used an identifier with 'wiki' in it but what the hey. And with that success behind you, install Google XML Sitemaps on Wordpress, chose some settings (on Settings -> XML-Sitemap), and then post the URL to Google: https://www.edegan.com/blog/sitemap.xml It seems Yoast already builds a sitemap, you just need to submit to it Google... (I uninstalled XML Sitemaps): https://www.edegan.com/blog/sitemap_index.xml ===HTTPS=== To set up HTTPS using Let's Encrypt, see https://linuxize.com/post/secure-apache-with-let-s-encrypt-on-ubuntu-20-04/ Install it and make some directories... apt update apt install certbot openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 takes ~20 secs mkdir -p /var/lib/letsencrypt/.well-known chgrp www-data /var/lib/letsencrypt chmod g+s /var/lib/letsencrypt Set up the config files vi /etc/apache2/conf-available/letsencrypt.conf Alias /.well-known/acme-challenge/ "/var/lib/letsencrypt/.well-known/acme-challenge/" <Directory "/var/lib/letsencrypt/"> AllowOverride None Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec Require method GET POST OPTIONS </Directory>  vi /etc/apache2/conf-available/ssl-params.conf SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA- CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 SSLHonorCipherOrder off SSLSessionTickets off SSLUseStapling On SSLStaplingCache "shmcb:logs/ssl_stapling(32768)" SSLOpenSSLConfCmd DHParameters "/etc/ssl/certs/dhparam.pem" Header always set Strict-Transport-Security "max-age=63072000" Enable some apache2 mods! a2enmod ssl a2enmod headers a2enconf letsencrypt a2enconf ssl-params sudo a2enmod http2 systemctl reload apache2 Run certbot! certbot certonly --agree-tos --email ed@edegan.com --webroot -w /var/lib/letsencrypt/ -d edegan.com -d www.edegan.com Note that I needed an @ entry in my A record for edegan.com pointed to my IP address to get the main challenge to succeed. Then set up a new apache2 config file (in /etc/apache): mv sites-available/000-default.conf sites-available/000-default.conf.bak vi sites-available/edegan.com.conf <VirtualHost *:80> ServerName www.edegan.com ServerAdmin ed@edegan.com Redirect permanent / https://www.edegan.com/ </VirtualHost> <VirtualHost *:443> ServerName www.edegan.com Protocols h2 http/1.1 DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLEngine On SSLCertificateFile /etc/letsencrypt/live/edegan.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/edegan.com/privkey.pem # Other Apache Configuration Alias /wiki /var/www/html/mediawiki/index.php RewriteEngine On RewriteRule ^/*$ %{DOCUMENT_ROOT}/mediawiki/index.php [L] </VirtualHost> ln -s sites-available/edegan.com.conf sites-enabled/edegan.com.conf systemctl reload apache2 Test it by going to https://www.ssllabs.com/ssltest/ Finally, edit /etc/cron.d/certbot and append the following to the last line (after -renew): --renew-hook "systemctl reload apache2" certbot renew --dry-run Tests the renewal! ====PDFEmbed Issue==== Enabling and requiring HTTPS causes an issue with PDFEmbed on mediawiki, where you get a blank frame. The PDF is still there, other images load fine, but the PDF frame won't render the PDF. The problem is actually that the PDF is served with HTTP and the rest of the page is served with HTTPS, and Chrome (and perhaps other browsers) don't render the insecure content as a consequence (see [https://www.mediawiki.org/wiki/Topic:Uhgnq0wbmzfurbj0] for a description of the symptoms, but not the solution.). The solution is to edit mediawiki/extensions/PDFEmbed/PDFEmbed.hooks.php. For me it was line 103 that previously said: 'src' => $file->getFullUrl().'#page='.$page,I changed this line to: 'src' => preg_replace("/^http:/i", "https:", $file->getFullUrl()).'#page='.$page, This is mentioned in a comment on a topic page, though presumably for an earlier version: https://www.mediawiki.org/wiki/Topic:Syxow0why4c0cvvm ====Another Issue==== Interestingly, I started getting a message from Google Chrome whenever I went to post wiki entries saying: "The information you’re about to submit is not secure". There's an option to "Proceed anyway" or "Go back".  This started after I had MultiTail running viewing apache's logs, but I couldn't see, beyond some kind of file lock examination, how it could work. I figured that it was a coincidence and something else might have happened.  My first thought was that my SSL certificate might have expired. However, the certificate looks valid and good, and the issue survived a reboot. By inspecting the webpages (in Chrome) and then reviewing the Console, I could see that it was caused by a mixed content problem: Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure font '<URL>'. This request has been blocked; the content must be served over HTTPS. It seemed that I somehow have some font addresses hardcoded somewhere: Mixed Content: The page at ... was loaded over HTTPS, but requested an insecure font 'http://128.42.44.180/mediawiki/resources/assets/fonts/BonvenoCF-Light.otf'. This request has been blocked; the content must be served over HTTPS. The copy of Chrome on my desktop must somehow have been upgraded? Or something else changed to cause a change in behavior... The IP is from the old web server at the McNair Center, suggesting that when I migrated the McNair database into the new wiki, I migrated this issue. (Note that it doesn't appear to be something hardcoded into a .css file, or similar -- I can't find any trace on the filesystem and besides, this wiki was built from a fresh install.)  I found the URLs hardcoded in [[MediaWiki:Common.css]] (it must have been moved with the last big batch of pages and I somehow didn't notice!) but then couldn't edit it! It seems that following [https://www.mediawiki.org/wiki/MediaWiki_1.32/interface-admin Mediawiki 1.32], the rights to edit the interface were separated out, and users now need the editinterface right to change anything in the Mediawiki namespace. So, I went to [[Special:UserRights]] and gave myself permission. Then I edited the page, which changed the look-and-feel of my editor (I have no idea why), removed the consol messages, but left the problem (even after ctrl-shift-r cache flush on Chrome). ===Install VSFTPD=== With the security restrictions on wordpress, I now need an FTP server to get files for themes, plugins, etc. I like VSFTPD, as its simple, secure, and has a nice standalone config. Old documentation on an earlier install on the old [[Wordpress Blog Site (Tool)]] page. Instructions are here: https://linuxconfig.org/how-to-setup-ftp-server-on-ubuntu-20-04-focal-fossa-linux  apt-get install vsftpd cp /etc/vsftpd.conf /etc/vsftpd.conf_orig vi /etc/vsftpd.conf #Change the following write_enable=YES local_umask=022 ssl_enable=YES #Add the following (forces ssl) allow_anon_ssl=NO force_local_data_ssl=YES force_local_logins_ssl=YES ssl_tlsv1=YES ssl_sslv2=YES ssl_sslv3=YES /etc/init.d/vsftpd restart Then add a user and set it up: useradd -m blog passwd blog usermod -a -G www-data blog usermod -d /var/www/html/blog blog Test it: ftp 127.0.0.1 sftp 127.0.0.1

*http://praveen.kumar.in/2009/05/31/setting-up-ftps-using-vsftpd-for-wordpress-plugins-auto-upgrade/*https://askubuntu.com/questions/14371/how-to-setup-ftp-to-use-in-locally-hosted-wordpress To address some of the issues with the FTP server's file permissions in wordpress add to wp-config.php: define( 'WP_CONTENT_DIR', 'wp-content' ); define( 'FTP_BASE', '/var/www/html/blog/' ); If I chmod blog:blog /var/www/html/blog then everything seems to work find when I sftp but wordpress is unable to create a directory... I can't work out why this is happening. I expect it has to do with the need for another wordpress specific define() statement, but I'm spending too much time on it. So I'm going to use direct installation of plugins instead, and remove the FTP server as it is a point of vulnerability. apt-get remove vsftpd userdel blog ===Final Configuration Changes to Apache=== Lock down apache somewhat further (as now there are directories that shouldn't be listable, etc.) cd /etc/apache2 vi apache2.conf #Change the directory definitions. Notes that if -SomeOption is used then other options must have + or - in front of them: <Directory /var/www/html> Options -Indexes +FollowSymLinks AllowOverride All Require all granted </Directory> systemctl reload apache2 #To debug: systemctl status apache2.service ====Remove the debug setup==== In the wiki (LocalSettings.php), comment the debug lines (I can't see when I added them from the documentation, but if you want to see error messages during the config, you'd want them uncommented): #error_reporting( -1 ); #ini_set( 'display_errors',1 ); #$wgShowExceptionDetails = true; #$wgShowDBErrorBacktrace = true; #$wgShowSQLErrors = true; Check the permissions set using $wgGroupPermissions - see https://www.mediawiki.org/wiki/Manual:User_rights Run all the updates to the blog, etc., from the consol before locking it down. Then in wp-config.php, lock down the ability to install plugins, etc., by commenting: #define('FS_METHOD','direct'); Edit the .htaccess files in blog and mediawiki to allow access but with appropriate restrictions. Note that the rewrite rules for the blog are in its .htaccess file <IfModule mod_rewrite.c> RewriteEngine On RewriteBase /blog/ RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /blog/index.php [L] </IfModule> To make the blog the default, edit /etc/apache/sites-available-edegan.com.conf, add an alias (don't alias to index.php as it will cause design issues, the rewrite rule for that is already in the .htaccess file!): Alias /blog /var/www/html/blog/ And change: RewriteRule ^/*$ %{DOCUMENT_ROOT}/mediawiki/index.php [L] To: RewriteRule ^/*$ %{DOCUMENT_ROOT}/blog/index.php [L] Then: systemctl reload apache2 Note: Don't change the DocumentRoot to the blog, as this will destroy the design of the wiki. The last rewrite rule will decide the default site! ===Changing the Wordpress url=== It seems likely that some Reddit bots are automatically blocking postings with the word blog in their URL. So I decided to move my Wordpress installation from /blog to /journal.  Note that I briefly tried 'article' (singular to save letters). I also considered 'paper', which is shorter but not quite right. Likewise study, etc. Also digest (which was a close second), review, bulletin, and pub (which was just too ambiguous). The problem with article is that although it looks good for article URLS, the landing URL is then www.edegan.com/article. A collection word is better. And journal appeals to the academic in me. To do this takes about 10 minutes (see https://wordpress.org/support/article/moving-wordpress/). You have to:#Make the change in Wordpress through wp-admin (you have to do this first!) - Set both the Wordpress Address (URL) and Site Address (URL) fields#Move the directory to the new name (at this point I could access www.edegan.com/article)#Fix aliases in apache and the default subdomain for landing (see below)#Fix the permalinks (update the .htaccess file)#Fix the links hardcoded in menus#(Create and) load up a new icon image (it is set under Appearance -> Customize -> Site Identity)#Run any updates etc.#Reconnect Google site kit#Rerun Yoast SEO optimizer To fix the main alias in apache: vi /etc/apache2/sites-available/edegan.com.conf Change: Alias /blog /var/www/html/blog/ RewriteRule ^/*$ %{DOCUMENT_ROOT}/blog/index.php [L] systemctl reload apache2 I also needed to:#Perform a backup (I really should have done this before moving the site but hey...)#Fix the images etc. (they initially fine... but I came to suspect that they were cached and an HTML inspected revealed the wrong URLs) Do the backup (with a user that has process privileges): cd /bulk/backups mysqldump --add-drop-table -h localhost -u user -p wordpress | gzip > wordpress-20210209.sql.gz or mysqldump --add-drop-table -h localhost -u user -p wordpress > wordpress-20210209.sql Then install and use Velvet Blues (see https://www.wpbeginner.com/plugins/how-to-update-urls-when-moving-your-wordpress-site/) and use it to change the URLs (use https:// as a page inspection shows that this is correct) ===Another Change to the Wordpress URL and some updates === As root get the mysql dbase details: mysql -p #hint: tsn select host, user from mysql.user; show databases; Read mail: less /var/mail/$(whoami) Look in wp-config.php for dbase, user, pword etc. cat /var/www/html/journal/wp-config.php Back up the dbase mysqldump --add-drop-table -h localhost -u root -p wordpress > wordpress-20220814.sql Change settings (on https://www.edegan.com/journal/wp-admin/options-general.php)* WordPress Address (URL)** https://www.edegan.com/articles* Site Address (URL)** https://www.edegan.com/articles Move the folder: cd /var/www/html/ mv journal articles Reload: https://www.edegan.com/articles/wp-admin/options-general.php? Fix the .htaccess file to do the permalinks cd articles vi .htaccess #change 2 instances of journal to articles Fix the links in the menu on https://www.edegan.com/articles/wp-admin/customize.php?* Change links in menus! (2 instances - then publish) Upgrade php to 7.4 sudo apt-add-repository ppa:ondrej/php apt update apt install -y php7.4 php7.4-cli php7.4-common php7.4-fpm apt install -y php7.4-mysql php7.4-dom php7.4-simplexml php7.4-ssh2 php7.4-xml php7.4-xmlreader php7.4-curl php7.4-exif php7.4-ftp php7.4-gd php7.4-iconv php7.4-imagick php7.4-json php7.4-mbstring php7.4-posix php7.4-sockets php7.4-tokenizer apt install -y php7.4-mysqli php7.4-pdo php7.4-sqlite3 php7.4-ctype php7.4-fileinfo php7.4-zip php7.4-exif a2dismod php7.3 a2enmod php7.4 a2enmod proxy_fcgi setenvif a2enconf php7.4-fpm systemctl reload apache2 Update wordpress* Note that I have wordpress chown -R root:root for articles and then www-data:www-data for wp-content.* Didn't read: https://www.edegan.com/articles/wp-admin/update-core.php?action=do-core-upgrade Do the update /var/www/html# chown -R www-data:www-data articles/ run update in wp-admin * Update all the plugins* Update themes* Wordfence** Update .htaccess for extended protection. Reharden: chown -R root:root articles/ chown -R www-data:www-data articles/wp-content/ Fix the alias in apache! vi /etc/apache2/sites-available/edegan.com.conf Alias /journal /var/www/html/articles Alias /articles /var/www/html/article Alias /blog /var/www/html/blog RewriteRule ^/*$ %{DOCUMENT_ROOT}/articles/index.php [L] #Redirect the journal root to articles Redirect permanent /journal https://www.edegan.com/articles systemctl reload apache2 Plugins etc.* Site Kit by Google** Setup! (sign in using dredegan@gmail.com)* Yoast SEO** Rerun optimization Fix image links, etc.* I repointed the /journal and /blog aliases* Run the velvet blues plugin Fix the icon:* https://www.edegan.com/articles/wp-content/uploads/2021/02/edegandotcomslashjournal-LightGreyOnDarkBlue.png* In Z:\projects\WebDesign\LogosV2.xcf* Export as edegandotcomslasharticles-LightGreyOnDarkBlue.png* Set under Site Identity ===Useful tools=== ====Multitail==== I installed [https://www.vanheusden.com/multitail/manual.php Multitail]: apt-get multitail The [https://www.vanheusden.com/multitail/manual.php manual] is pretty weak, but the [https://www.vanheusden.com/multitail/examples.php examples] are good and the [https://www.vanheusden.com/multitail/features.php feature list] is excellent. Here's some useful commands to review log files: multitail -cS apache -ev "Bot" /var/log/apache2/access.log -ci white -e "Bot" -I /var/log/apache2/access.log multitail -cS apache -ev "Bot" -ev "bot" -ev "internal dummy connection" /var/log/apache2/access.log ====Traceroute====  apt install traceroute Note: [https://zmap.io/ Zmap] seems popular nowadays, based on traffic logs. ====Other==== Connect with smb from Mother to Father: smbclient //192.168.2.200/sharename -U Domainname/username Note that you need to specify the domain. Mount a thru connection: mount -t cifs -o user=username //192.168.2.200/sharename /mnt/father ln -s /mnt/father/whatever/ /bulk/whatever ==Old machines== For the configuration of the servers built for the McNair Center, see the old [[Center IT]] page or the pages below:*[[Database Server Documentation]]*[[RDP Documentation]]**[[Server Backup Policy]]**[[Power Backup]]*[[Test Web Server Documentation]]*[[Web Server Documentation]]**[[Wiki Configuration]]**[[Security on the wiki]] Some of this information is still useful! In addition, at UC Berkeley, Ed designed and built three machines - two postgresql database servers and a wiki server. The documentation is here:*[[Haas PhD Server Configuration]]*[[Posgres Server Configuration]] -- documents the build of postgres2

In addition, at UC Berkeley, Ed designed and built three machines - two postgresql database servers and a wiki server. The documentation is here:*Some [[Haas PhD Server Private Configuration]]*[[Posgres Server Configuration]] -- documents changes to the research computing setup are not recorded on the build of postgres2public wiki pages.