Changes

#Note: change passwords from hints hint before running

UPDATE mysql.user SET Password = PASSWORD('tsnhint') WHERE User = 'root'; UPDATE mysql.user SET Password = PASSWORD('tsnhint') WHERE User = 'debian-sys-maint'; UPDATE mysql.user SET Password = PASSWORD('tsnhint') WHERE User = 'mcnair_wp';

=====PostGIS Issues===== 

Remove redundant user accountsI tried updating the extension (I'm pretty sure that I'm running 2.4.3): cat /etc/passwd userdel -r usernameALTER EXTENSION postgis UPDATE TO "2.4.3";

But that didn't fix anything. I need to get Xwindows set up againchecked the versions: select version(); PostgreSQL 10.14 (Ubuntu 10.14-0ubuntu0. My best guess as to the cause of this issue is leftover Nvidia drivers from my attempts to install the GPUs 18.04.1) on this box went bad in an earlier aptx86_64-pc-linux-gnu, compiled by gcc (Ubuntu 7.5.0-3ubuntu1~18.04) 7.5.0, 64-bit -get upgrade but -So somehow I can't see them listedm still running version 10! select PostGIS_full_version(); ERROR: could not access file "$libdir/postgis-2.4":No such file or directory CONTEXT: dpkg -l | grep nvidia-driverSQL statement "SELECT public.postgis_lib_version()" PL/pgSQL function postgis_full_version() line 25 at SQL statement

There is a .Xauthority file, and an .ICEauthority file, in /home/ed and both are owned by edSo I backed off the data from the two dbases that I'd used since the upgrade:ed pg_dump -Fc stockmarket > stockmarket_Fc_20201023. The former is empty (0 bytes) and the latter has some nondump pg_dump -UTF8 (I think?) characters in it. I'm not sure if either is an issueFc vcdb4 > vcdb4_Fc_20201023.dump #FAILED!

I didn't see xserverThe second backoff failed: pg_dump: [archiver (db)] query failed: ERROR: could not access file "$libdir/postgis-xorg-video-nouvea in the package list 2.4": No such file or any video driver moduledirectory pg_dump: [archiver (db)] query was: SELECT a.attnum, a.attname, a.atttypmod, a.attstattarget, a.attstorage, t.typstorage, a.attnotnull, a.atthasdef, a.attisdropped, a.attlen, a.attalign, a.attislocal, pg_catalog.format_type(t.oid,a.atttypmod) AS atttypname, array_to_string(a.attoptions, ', ') AS attoptions, so I installed nouveau: dpkg -lCASE WHEN a.attcollation <> t.typcollation THEN a.attcollation ELSE 0 END AS attcollation, a.attidentity, pg_catalog.array_to_string(ARRAY(SELECT lsmod pg_catalog.quote_ident(option_name) || ' ' | more| pg_catalog.quote_literal(option_value) FROM pg_catalog.pg_options_to_table(attfdwoptions) ORDER BY option_name), apt install xserver-xorg-video-nouveauE', I 'm not sure if I should be fixing my boot image or not) AS attfdwoptions FROM pg_catalog.pg_attribute a LEFT JOIN pg_catalog.pg_type t ON a.atttypid = t.oid WHERE a.attrelid = '19998614'::pg_catalog.oid AND shutdown -r now lsmod | morea.attnum > 0::pg_catalog.int2 ORDER BY a.attnum

But that just put me back where My changes weren't substantial, so I was: proceeded with a login loop probleman upgrade. So First I tried switching checked to lightdmsee if I had postgres12 installed and listening on another port or not: aptlocate postgres ls /usr/bin/postgres dpkg --get install lightdm-selections | grep postgres pg_lsclusters Ver Cluster Port Status Owner Data directory Log file 10 main 5432 online postgres /data/postgres /var/log/postgresql/postgresql-10-main.log 12 main 5433 online postgres /var/lib/postgresql/12/main /var/log/postgresql/postgresql-12-main.log pg_upgradecluster 10 main #This failed: pg_dump: error: query failed: ERROR: could not access file "$libdir/postgis-2.4": No such file or directory

And it worked even before a rebootSo... After a reboot, I had a different login screen but can't automatically upgrade without first fixing the actual desktop looked issue with v10 and postgis. add-apt-repository http://apt.postgresql.org/pub/repos/apt But that put the samefollowing into /etc/apt/sources-list: deb http://apt.postgresql.org/pub/repos/apt focal main vi it to (see https://wiki.postgresql.org/wiki/Apt): deb http://apt. The postgresql.Xauthority file is now 51 bytes big and I suddenly have a org/pub/repos/apt focal-pgdg wget --quiet -O - http://apt.postgresql.org/pub/repos/apt/ACCC4CF8.xsessionasc | sudo apt-key add -errors, which contains apt-get update #Throws a list warning: N: Skipping acquire of environment settings taking placeconfigured file 'main/binary-i386/Packages' as repository 'http://apt.postgresql.. However, org/pub/repos/apt focal-pgdg InRelease' doesn't support architecture 'i386' But the machine then silently crashed that night and again the following morning. I couldnwretched thing still doesn't find a specific cause in the logs but there did seem to be a number X and GNOME problemsavailable: journalctl apt-b get install postgresql-110-postgis-2.4 journalctl Package postgresql-10-postgis-since "1 hour ago"2.4 is not available, but is referred to by another package.

I ran an update from the GUI, which may have helpedTrying a manual approach. [https://packages.ubuntu.com/bionic/i386/postgresql-10-postgis-2. However, there was a warning about an issue with a screensaver 4/download Get the first time that I loaded lightdmfile], put it in /bulk/temp and the crashes seemed to happen sometime after a clean boot. So I uninstalled lightdm, and installed gdm (which failed as installed already) and rebooted but got no GUIcd there. Then I uninstalled and reinstalled gdm and everything seems fine now.: apt-get remove lightdm aptinstall ./postgresql-10-postgis-2.4_2.4.3+dfsg-get remove gdm34_i386.deb apt #This failed too -get install gdm3there are unmet dependencies and they are 'not installable'.

Incidentally, I left a clock running in a terminal so that I could see when ======Switching over the box went down if it crashed again. The clock code is: while [ 1 ] ; do echo -en "$(date +%T)\r" ; sleep 1; doneinstallations======

I kept the old versions of mediawiki and wordpress and moved them The plan:#Take version 10 offline#Move version 10's data to /bulk/retired a new location (using yyymmdd dates) mv /var/lib/mediawiki26082020 postgresql/bulk10/retiredmain)#Switch the ports of versions 10 and 12#Move version 12's data to /data mv /bulk/retired/mediawiki26082020 /bulk/retired/mediawiki20200826#Put version 12 online#Load up the data in version 12! mv /var/www/html/blog20200809 /bulk/retired/#Optionally wipe out the old installation

Edit the config files: vi /etc/postgresql/10/main/postgresql.conf data_directory ='/var/lib/postgresql/10/main' port =5433 vi /etc/postgresql/12/master/postgresql.conf data_directory ='/data/postgres' port =Install5432 listen_addresses ='*' #While we are here do some performance tuning: shared_buffers =512MB huge_pages =try temp_buffers =8G work_mem = 4GB maintenance_work_mem = 64 effective_cache_size = 384GB #Note that I didn't reduce the number of connections (and the max_wal_senders, which must be < max connections), or change max_stack_depth (which gives an error if you set it too high) vi /etc/postgresql/12/master/pg_hba.conf Copy over the config to allow access from inside the network

First, move Move the old folder data: df #to a new name, so check diskspace rm -R /var/lib/postgresql/10/main #Note that it none of the config files in here were valid (though you should check this is there for backup and then get the new install and unpack true before you do it.!) cd rsync -av /data/postgres/bulk/installsvar/lib/postgresql/10/main #Takes awhile, but make sure it is all done before the next step wget https:rm -R /data/wordpress.org/latest.tar.gzpostgres mv rsync -av /var/wwwlib/htmlpostgresql/blog 12/varmaster/www/htmldata/blog20200809postgres tar -xzf latest.tar.gz -C systemctl start postgresql pg_lsclusters Ver Cluster Port Status Owner Data directory Log file 10 main 5433 online postgres /var/wwwlib/postgresql/html10/ cd main /var/wwwlog/htmlpostgresql/postgresql-10-main.log 12 master mv wordpress5432 online postgres /data/ blogpostgres / chown var/log/postgresql/postgresql-R www12-data:www-data blogmaster.log

Put an .htaccess file in that folder to restrict access while we workDo the installs for some extensions: vi blog/.htaccessapt-get install postgresql-12-plr <RequireAny> apt-get install postgresql-plperl-12 Require ip 192.168.2.1 </RequireAny> postgresql-plpython3-12

Then set up Make the dbase by editing wp-config.php (it's easiest to modify the sample).user: cp blog/wp-configcreateuser -sample.php blog/wp-config.php vi blog/wp-config.php Note get some keys from: https://api.wordpress.org/secret-key/1.1/salt/interactive researcher

Then restore the backend works - go to http://www.edegan.comdatabases (as researcher in /blogbulk/wp-admin! However the health check shows a missing required module and two missing recommended modules. Fix thatbackup): aptcreatedb stockmarket pg_restore -get install php7Fc -d stockmarket stockmarket_Fc_20201023.3-gddump apt-get install php7.3-curlcreatedb vcdb4 aptpg_restore -get install php7Fc -d vcdb4 vcdb4_Fc.3-imagick apachectl restartdump

IronicallyThe restore threw some errors related to not having extension plpythonu, it then recommends but otherwise seemed fine. The issue seems to be that I upgrade to PHP7pythonu is python2[https://www.4postgresql.org/docs/12/plpython-python23.html], and python2 is not available for postgres 12 (it might be here: https://wiki. but that would just give issues for mediawikipostgresql.org/wiki/Apt): apt-cache search ". On the other hand, everything is now green and just 4 groups of recommendations remain*plpython*.*"

====ConfigOther Fixes====

Using www.edeganI need to get Xwindows set up again.com/blog/wp-admin I configured the blog My best guess as follows:*Select Twenty Twenty as the theme*Add to the permalink code cause of this issue is leftover Nvidia drivers from my attempts to install the .htaccess file, so that the URLs will work with postnamesGPUs on this box went bad in an earlier apt-get upgrade but I can't see them listed:*Copy over images to wp dpkg -content/uploads (use cp l | grep nvidia-a to maintain permissions)*Change the site name to https (after fixing the https setup, see below)driver

Install pluginsThere is a .Xauthority file, and an .ICEauthority file, in /home/ed and both are owned by ed:*Yoast SEO*Wordfence Security*Disable Comments*Site Kit by Google ed. The former is empty (0 bytes) and the latter has some non-UTF8 (set up once live!I think?)*Pixabaycharacters in it. I'm not sure if either is an issue.

I also addeddidn't see xserver-xorg-video-nouvea in the package list or any video driver module, so I installed nouveau:*CoBlocks (free) dpkg -l*Advanced Gutenberg (free) lsmod | more*Otter apt install xserver-xorg-video-nouveau I'm not sure if I should be fixing my boot image or not... shutdown -r now lsmod | more

After doing this the login would give a local desktop but neither the keyboard nor mouse worked. I didn't add Cotried uninstalling and reinstalled the keyboard-Authors Plus (https://wordpressconfiguration again.org/plugins/co apt-authorsget remove keyboard-plus/) as it hasn't been tested on the latest version of wordpress. There are other plugins that offer equivalent functionality if I need one later.configuration apt-get install keyboard-configuration shutdown -r now

Other plugins But that just put me back where I might want arewas:with a login loop problem. So I tried switching to lightdm: apt-get install lightdm *Revive Old Post (share with twitter)And it worked even before a reboot. After a reboot, I had a different login screen but the actual desktop looked the same. The .Xauthority file is now 51 bytes big and I suddenly have a .xsession-errors, which contains a list of environment settings taking place... However, the machine then silently crashed that night and again the following morning. I couldn't find a specific cause in the logs but there did seem to be a number X and GNOME problems:*Optimole (optimize images) journalctl -b -1*WP Rocket (implement cache) journalctl --since "1 hour ago"

Notes:*Twitter embedding: https://wwwI ran an update from the GUI, which may have helped. However, there was a warning about an issue with a screensaver the first time that I loaded lightdm, and the crashes seemed to happen sometime after a clean boot. So I uninstalled lightdm, and installed gdm (which failed as installed already) and rebooted but got no GUI.wpbeginnerThen I uninstalled and reinstalled gdm and everything seems fine now.com/wp apt-tutorials/howget remove lightdm apt-to-display-recent-tweets-in-wordpress-with-twitterget remove gdm3 apt-widgets/get install gdm3

This included:*Fixing file ownership: For fully hardened, change ownership I kept the old versions of everything to root, except wflogs, uploads mediawiki and wordpress and themes in wp-content, which should be owned by www-data. However, then you won't be able moved them to install plugins etc. A compromise is -R root:root for blog and then www-data:www-data for wp-content./bulk/retired (using yyymmdd dates)*Check file permissions: Everything is 644, except wp-content which is 755 mv /var/lib/mediawiki26082020 /bulk/retired/*Checking dbase rights and setting new passwords. mv /bulk/retired/mediawiki26082020 /bulk/retired/mediawiki20200826*Changing passwords on old accounts (with posts, so the accounts shouldn't be deleted) to random strong strings.*Fixing up .htaccess file to impose restrictions mv /var/www/html/blog20200809 /bulk/retired/*Install Sucuri *Enable more logging===Wordpress Redux===

Checking user rights in the dbase and changing their password: mysql -user=root -p use wordpress SELECT User FROM mysql.user; SHOW GRANTS FOR 'username'@'localhost'; SET PASSWORD FOR 'username'@'localhost'='newpassword'; (Note that this shouldn't be logged in clear on the server, but might be on a client. Delete .mysql_history at the end of your session.)==Install====

First, move the old folder to a new name, so that it is there for backup and then get the new install and unpack it.htaccess in wp-includes: # Block the include-only files.cd /bulk/installs <IfModule mod_rewritewget https://wordpress.c>org/latest.tar.gz RewriteEngine On RewriteBase mv /var/www/html/blog / RewriteRule ^wp-adminvar/includeswww/ - [F,L] RewriteRule !^wp-includeshtml/ - [S=3]blog20200809 RewriteRule ^wptar -includes/[^/]+\xzf latest.tar.php$ gz - [F,L] RewriteRule ^wp-includesC /jsvar/tinymcewww/langshtml/.+\.php - [F,L] RewriteRule ^wp-includescd /var/www/theme-compathtml/ - [F,L] <mv wordpress/ blog/IfModule> # BEGIN WordPresschown -R www-data:www-data blog

The #BEGIN WordPress tag is redundant as the Put an .htaccess file is 644 rootin that folder to restrict access while we work: vi blog/.htaccess <RequireAny> Require ip 192.168.2.1 </RequireAny>

If there are plugin installation issues then add Then set up the dbase by editing wp-config.php (it's easiest to modify the sample). cp blog/wp-config-sample.php blog/wp-config.php define('FS_METHOD','direct');vi blog/wp-config.php Note get some keys from: https://api.wordpress.org/secret-key/1.1/salt/

Once I'm all done with Then the theme etcbackend works - go to http://www., I can uncomment edegan.com/blog/wp-admin! However the following from wphealth check shows a missing required module and two missing recommended modules. Fix that: apt-get install php7.3-gd apt-get install php7.3-curl apt-configget install php7.php3-imagick define('DISALLOW_FILE_EDIT', true);apachectl restart

I changed See [[Wordpress Blog Site (Tool)]] for the site colors, added the logo and the tag line, and made other config changesMcNair Center's build.

Then, Using www.edegan.com/blog/wp-admin I added custom CSS configured the blog as follows:*Select Twenty Twenty as the theme*Add the permalink code to the .htaccess file, so that the URLs will work with postnames*Copy over images to wp-content/uploads (use cp -a to maintain permissions)*Change the site name to https (after fixing the https setup, see below)

To reduce the header spacingInstall plugins: .header-inner {*Yoast SEO padding: 1.5rem 0;*Wordfence Security*Disable Comments*Site Kit by Google (set up once live!) }*Pixabay

To remove the title from the landing pageI also added: .page-id-2169 .entry-title{*CoBlocks (free) display:none !important; } .page-id-2169 .entry-header { padding: 0;*Advanced Gutenberg (free) }*Otter

To do:*I need to didn't add social media icons! That might be as easy as adding the social media menu [Co-Authors Plus (https://wordpress.org/supportplugins/article/twentyco-authors-twentyplus/#add-social-icons].*Get a '''related posts widget'''? There's Yet Another Related Posts Plugin, Contextual Related Posts, and Inline Related Posts... I went with YARPP, ) as it is hasn't been tested on the most popularlatest version of wordpress. It is apparently resource-heavyThere are other plugins that offer equivalent functionality if I need one later.

Other plugins I tried the following blocks pluginsmight want are:*'''Ultimate Addons for Guttenberg'''*It's free and adds some nice basic functionality**Revive Old Post blocks include: Post Carousel, Post Grid, Post Masonry, Post Timeline, Advanced Columns -- but customization is limited and I can't do one post(share with twitter)*'''Getwid''':Optimole (optimize images)**Pretty highly customizable. **Can specify which posts to show in 3 blocks WP Rocket (Custom Post Type, Post Carousel, and Post Sliderimplement cache) and can build custom templates to arrange how they are displayed**Post blocksNotes: Recent Posts, Custom Post Type, Post Carousel, and Post Slider*'''Redux''' Twitter embedding: https://www.wpbeginner.com/wp-tutorials/how- It's a templates library. You get 5 for free and they upsell hard.*'''ZeGuten''' to- Couldn't find it*'''Advanced Gutenberg''' display- It's free and widely used... *'''CoBlocks''' recent-tweets- Does the basics**Posts in-wordpress- Can't specify specific posts. Can do category.**Post Carousel with-twitter- Likewise.widgets/ ====Hardening Wordpress====*'''Stackable''':**It requested opt-in, which I didn't like, and it wants you to 'Go Premium'hardened the wordpress installation: https://wordpress. org/support/article/hardening-wordpress/**It has settings for everything! By far the most detailed configuration.**Useful blocksThis included:***Posts Fixing file ownership: For fully hardened, change ownership of everything to root, except wflogs, uploads and themes in wp-content, which should be owned by www- candata. However, then you won't seem be able to specify a specific post***Advanced Columns install plugins etc. A compromise is -R root:root for blog and Grids then www-data:www- data for layout***Card wp-- could make posts links with buttonscontent.***Feature/Feature Grid Check file permissions: Everything is 644, except wp-- likewisecontent which is 755***Container? Might be helpfulChecking dbase rights and setting new passwords.*Changing passwords on old accounts (with posts, so the accounts shouldn'''Gutenberg Post Blocks'''**Untested with my version. Seems t be deleted) to workrandom strong strings. **Has lots of options but does full-page things. Can limit to a post using include but has next page linksFixing up ...**Tried htaccess file to push for an update to pro.impose restrictions*'''Magical Posts Display''' -- I dumped it for being too weird.*'''Otter Blocks'''Install Sucuri **Google maps block and other useful things... I just don't need it right now.Enable more logging

Built-Checking user rights inthe dbase and changing their password:*Latest Posts mysql -user=root -p use wordpress SELECT User FROM mysql.user; SHOW GRANTS FOR 'username'@'localhost'; SET PASSWORD FOR 'username'@'localhost'='newpassword'; (widgetNote that this shouldn't be logged in clear on the server, but might be on a client. Delete .mysql_history at the end of your session.)

Chosen block plugins.htaccess in wp-includes:*'''Getwid''' # Block the include-only files. <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^wp-admin/includes/ - It's outstanding and embraces templates for serious bespoke customization[F,L]*'''Stackable''' RewriteRule !^wp-includes/ - For its option[S=3] RewriteRule ^wp-based customizationincludes/[^/]+\.php$ - [F,L]*I might add back '''coblocks''' RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F, '''Advanced Gutenberg''' and '''Ultimate Addons for Gutenberg'''L] RewriteRule ^wp-includes/theme-compat/ - [F,L] </IfModule> # BEGIN WordPress

I installed WP Mail SMTP Lite. I first set it up Add the following to use Google. Essentially you need to sign in to Google and set up an API htaccess in the consolewordpress dir: https://console <files wp-config.developers.google.comphp> order allow,deny deny from all </flows/enableapi?apiid=gmail&pli=1. However, this seemed to introduce a massive security hole unless you have G Suite, so I abandoned this approach.files>

I had previously set up SMTP through Google for the wiki (See [[Research_Computing_Configuration#Confirm_Account]]). So, I used the same approach with Wordpress. In WP Mail SMTP Lite choose 'Other' (see the [https://www.wpbeginner.com/plugins/how-If there are plugin installation issues then add to-send-email-in-wordpress-using-the-gmail-smtp-server/ second method]). Then [https://wpmailsmtp.com/docs/how-to-secure-smtp-settings-by-using-constants/ edit wp-config.php to hardcode the values] (this ensures that the password, which is stored plain-text, is a little more secure.): define( 'WPMS_ON', true ); //You MUST set this if you want hardcoded values to work! define( 'WPMS_LICENSE_KEY', '' ); define( 'WPMS_MAIL_FROM', 'blog@edegan.com' ); define( 'WPMS_MAIL_FROM_FORCE', true ); define( 'WPMS_MAIL_FROM_NAME', 'The Blog at EdEgan.com' ); define( 'WPMS_MAIL_FROM_NAME_FORCE', true ); define( 'WPMS_MAILER', 'smtp' ); // Possible values: 'mail', 'gmail', 'mailgun', 'sendgrid', 'smtp'. define( 'WPMS_SET_RETURN_PATH', true ); define( 'WPMS_SMTP_HOST', 'ssl://smtp.gmail.com' ); define( 'WPMS_SMTP_PORT', 465 ); define( 'WPMS_SSL', 'ssl' ); // Possible values '', 'sslFS_METHOD', 'tlsdirect' - note TLS is not STARTTLS. define( 'WPMS_SMTP_AUTH', true ); define( 'WPMS_SMTP_USER', 'username@gmail.com' ); // SMTP authentication username, only used if WPMS_SMTP_AUTH is true. define( 'WPMS_SMTP_PASS', 'password generated by Google' ); define( 'WPMS_SMTP_AUTOTLS', true );

Getting {{Colored box|title=Notice|content=With hardened permissions, you won't be able to update Wordpress from the social media icons on the menu and correctly linked up is very straight forwarddashboard. Follow To fix this, set ownership of the [httpsentire wordpress directory to www-data://wordpresswww-data (i.e.org/support/article/twenty, chown -fifteen/#addR www-socialdata:www-icons guide for twenty-fifteen]data blog/), run the update, which also works for 2020and then revert the ownership to root (or some other account).}}

The free version of I built a [https://revive.social/plugins/revive-old-post/ Revive Old Posts[Branding]] lets you push content palette, to Twitter and Facebookstandardize the colors. And I installed the Twentig plugin, but they want you pay to push to LinkedIngive extra configuration options.

The best free options seem to be:*[https://wordpress.org/plugins/add-to-any/ AddToAny Share Buttons] - Integrates with Google Analytics*[https://wordpress.org/plugins/simple-social-icons/ Simple Social Icons] - The simplest option*[https://wordpress.org/plugins/shared-counts/ Shared Counts] -- Counts hits (but using a 3rd party for data?)*[https://wordpress.org/plugins/wordpress-social-login/ WordPress Social Login] - if you want users to log in using their SM accounts (note: has a bimodal ratings distro)*[https://wordpress.org/plugins/jetpack/ JetPack] -- The plugin used by wordpress.com for this functionality. The free version should sufficeI changed the site colors, but this thing is a monster. It also uses an account on added the logo and the wordpress.com cloudtag line, which is a pain for those who are self-hostingand made other config changes.

Then, I went with AddToAny, added custom CSS as it had the most installations, is entirely open-source, and offers all the functionality I needfollows.

I tried to add a profile picture, but by default, WordPress uses [httpsTo remove the title from the landing page://en .gravatarpage-id-2169 .com/ Gravitar], which, surprise, surprise, links to your WordPress.com accountentry-title{ display:none !important; } .page-id-2169 .. and to add a selfentry-hosted site, you have to install JetPack. At this point, I felt harassed and doubly so because I didn't install JetPack and yet, some how, the profile picture correctly updated from the one I'd posted on Gravitar. What the hecK?header { padding: 0; }

To set up HTTPS using LetI tried the following blocks plugins:*'''Ultimate Addons for Guttenberg'''*It's Encryptfree and adds some nice basic functionality**Post blocks include: Post Carousel, Post Grid, see https://linuxize.com/post/securePost Masonry, Post Timeline, Advanced Columns -apache-with-let-s-encrypt-on-ubuntu-20-04/but customization is limited and I can't do one post*'''Getwid''':Install it and make some directories..**Pretty highly customizable. apt update**Can specify which posts to show in 3 blocks (Custom Post Type, Post Carousel, and Post Slider) and can build custom templates to arrange how they are displayed apt install certbot**Post blocks: Recent Posts, Custom Post Type, Post Carousel, and Post Slider openssl dhparam *'''Redux''' -out /etc/ssl/certs/dhparam- It's a templates library. You get 5 for free and they upsell hard.pem 2048 takes ~20 secs*'''ZeGuten''' - Couldn't find it mkdir *'''Advanced Gutenberg''' -p /var/lib/letsencrypt/It's free and widely used...well*'''CoBlocks''' -known chgrp www-data /var/lib/letsencrypt chmod g+s /var/lib/letsencrypt Set up Does the config filesbasics vi /etc/apache2/conf**Posts --available/letsencryptCan't specify specific posts. Can do category.conf Alias /.well**Post Carousel -known/acme-challenge/ "/var/lib/letsencrypt/Likewise.well-known/acme-challenge/" <Directory "/var/lib/letsencrypt/"> AllowOverride None Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec Require method GET POST OPTIONS </Directory>*'''Stackable''': vi /etc/apache2/conf**It requested opt-available/ssl-paramsin, which I didn't like, and it wants you to 'Go Premium'.conf SSLProtocol all -SSLv3 -TLSv1 -TLSv1**It has settings for everything! By far the most detailed configuration.1 SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256**Useful blocks:ECDHE***Posts -RSA-AES128can't seem to specify a specific post***Advanced Columns and Grids -GCM-SHA256:ECDHEfor layout***Card -ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSAcould make posts links with buttons***Feature/Feature Grid - CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384likewise SSLHonorCipherOrder off***Container? Might be helpful SSLSessionTickets off*'''Gutenberg Post Blocks''' **Untested with my version. Seems to work. SSLUseStapling On**Has lots of options but does full-page things. Can limit to a post using include but has next page links... SSLStaplingCache "shmcb:logs/ssl_stapling(32768)" **Tried to push for an update to pro. SSLOpenSSLConfCmd DHParameters "/etc/ssl/certs/dhparam*'''Magical Posts Display''' -- I dumped it for being too weird.pem" *'''Otter Blocks''' Header always set Strict-Transport-Security "max-age=63072000"**Google maps block and other useful things... I just don't need it right now.

Enable some apache2 mods! a2enmod ssl a2enmod headers a2enconf letsencrypt a2enconf sslBuilt-params sudo a2enmod http2in: systemctl reload apache2*Latest Posts (widget)

Run certbot!Chosen block plugins: certbot certonly *'''Getwid''' --agreeIt's outstanding and embraces templates for serious bespoke customization*'''Stackable''' -tos -For its option-email ed@edeganbased customization*I might add back '''coblocks''', '''Advanced Gutenberg''' and '''Ultimate Addons for Gutenberg''' ====Email==== I installed WP Mail SMTP Lite.com --webroot -w  I first set it up to use Google. Essentially you need to sign in to Google and set up an API in the console: https:/var/lib/letsencrypt/ -d edeganconsole.com -d wwwdevelopers.edegangoogle.com Note that I needed an @ entry in my A record for edegan/flows/enableapi?apiid=gmail&pli=1.com pointed However, this seemed to my IP address to get the main challenge to succeedintroduce a massive security hole unless you have G Suite, so I abandoned this approach.

Then I had previously set up a new apache2 config file SMTP through Google for the wiki (See [[Research_Computing_Configuration#Confirm_Account]]). So, I used the same approach with Wordpress. In WP Mail SMTP Lite choose 'Other' (in see the [https://www.wpbeginner.com/etcplugins/apache): mv siteshow-to-send-email-in-wordpress-available/000using-default.conf sitesthe-available/000gmail-default.conf.bak vi sitessmtp-availableserver/edegansecond method]).com.conf <VirtualHost *Then [https:80> ServerName www.edegan.com ServerAdmin ed@edegan//wpmailsmtp.com Redirect permanent / https:docs/how-to-secure-smtp-settings-by-using-constants/wwwedit wp-config.edeganphp to hardcode the values] (this ensures that the password, which is stored plain-text, is a little more secure.com/): <define( 'WPMS_ON', true ); //VirtualHost>You MUST set this if you want hardcoded values to work! define( 'WPMS_LICENSE_KEY', '' ); <VirtualHost *:443> ServerName www.define( 'WPMS_MAIL_FROM', 'blog@edegan.com' ); define( 'WPMS_MAIL_FROM_FORCE', true ); Protocols h2 http/1 define( 'WPMS_MAIL_FROM_NAME', 'The Blog at EdEgan.1com' ); DocumentRoot /var/www/html define( 'WPMS_MAIL_FROM_NAME_FORCE', true ); ErrorLog ${APACHE_LOG_DIR} define( 'WPMS_MAILER', 'smtp' ); /error.log CustomLog ${APACHE_LOG_DIR}/accessPossible values: 'mail', 'gmail', 'mailgun', 'sendgrid', 'smtp'.log combined SSLEngine On define( 'WPMS_SET_RETURN_PATH', true ); SSLCertificateFile /etc/letsencrypt define( 'WPMS_SMTP_HOST', 'ssl:/live/edegansmtp.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/edegangmail.com/privkey.pem' ); # Other Apache Configuration define( 'WPMS_SMTP_PORT', 465 ); Alias /wiki define( 'WPMS_SSL', 'ssl' ); /var/www/html/mediawiki/indexPossible values '', 'ssl', 'tls' - note TLS is not STARTTLS.php RewriteEngine On RewriteRule ^/*$ %{DOCUMENT_ROOT}/mediawiki/index.php [L] </VirtualHost>define( 'WPMS_SMTP_AUTH', true ); ln -s sites-available/edegandefine( 'WPMS_SMTP_USER', 'username@gmail.com.conf sites-enabled' ); //edeganSMTP authentication username, only used if WPMS_SMTP_AUTH is true.com.conf systemctl reload apache2define( 'WPMS_SMTP_PASS', 'password generated by Google' ); define( 'WPMS_SMTP_AUTOTLS', true );

FinallyThe blog supports multiple authors and by default, edit /etc/cronWordpress emails an author whenever one of their posts gets a comment.If you'd/certbot and append the following like to disable author comment emails but keep the last line (after -renew)moderator emails, there's a simple fix: --renew-hook "systemctl reload apache2" certbot renew --dry-run Tests the renewal!

Enabling and requiring HTTPS causes an issue with PDFEmbed on mediawiki, where you get a blank frameMore complicated methods involve writing your own plugin [https://wordpress.stackexchange.com/questions/150125/disabling-comment-notifications-for-post-author] to refine wp_new_comment_notify_postauthor[https://developer. The PDF is still there, other images load fine, but the PDF frame won't render the PDFwordpress. The problem is actually that org/reference/functions/wp_new_comment_notify_postauthor/] or changing the PDF is served with HTTP and the rest of the page is served with HTTPS, and Chrome (and perhaps other browsers) don't render the insecure content as a consequence (see hooks[https://wwwdeveloper.mediawikiwordpress.org/wikireference/hooks/notify_post_author/] used in wp-includes/Topiccomment.php:Uhgnq0wbmzfurbj0] for a description of the symptoms $maybe_notify = apply_filters( 'notify_post_author', $maybe_notify, but not the solution.$comment_ID ).;

The solution is to edit mediawiki/extensions/PDFEmbed/PDFEmbed.hooks.php. For me it was line 103 that previously said: 'src' => $file->getFullUrl().'#page='.$page,I changed this line to: 'src' => preg_replace("/^http:/i", "https:", $file->getFullUrl()).'#page='.$page,Social Media Integration====

This Getting the social media icons on the menu and correctly linked up is mentioned in a comment on a topic page, though presumably for an earlier version: very straight forward. Follow the [https://www.mediawikiwordpress.org/wikisupport/article/twenty-fifteen/Topic:Syxow0why4c0cvvm#add-social-icons guide for twenty-fifteen], which also works for 2020.

With the security restrictions on wordpress, I now need an FTP server to get files for themes, plugins, etc. I like VSFTPD, as its simple, secure, and has a nice standalone config. Old documentation on an earlier install on the old The free version of [[Wordpress Blog Site (Tool)]] page. Instructions are here: https://linuxconfigrevive.orgsocial/plugins/howrevive-old-post/ Revive Old Posts] lets you push content to-setup-ftp-server-on-ubuntu-20-04-focal-fossa-linuxTwitter and Facebook, but they want you pay to push to LinkedIn.

aptThe best free options seem to be:*[https://wordpress.org/plugins/add-to-any/ AddToAny Share Buttons] -get install vsftpdIntegrates with Google Analytics cp *[https:/etc/vsftpdwordpress.conf org/plugins/simple-social-icons/ Simple Social Icons] - The simplest option*[https:/etc/vsftpdwordpress.conf_origorg/plugins/shared-counts/ Shared Counts] -- Counts hits (but using a 3rd party for data?) vi *[https:/etc/vsftpdwordpress.conf #Change the following write_enable=YES local_umask=022 ssl_enable=YES #Add the following org/plugins/wordpress-social-login/ WordPress Social Login] - if you want users to log in using their SM accounts (forces sslnote: has a bimodal ratings distro) allow_anon_ssl=NO force_local_data_ssl=YES force_local_logins_ssl=YES ssl_tlsv1=YES ssl_sslv2=YES ssl_sslv3=YES *[https:/etc/initwordpress.dorg/plugins/jetpack/vsftpd restartJetPack] -- The plugin used by wordpress.com for this functionality. The free version should suffice, but this thing is a monster. It also uses an account on the wordpress.com cloud, which is a pain for those who are self-hosting. I went with AddToAny, as it had the most installations, is entirely open-source, and offers all the functionality I need.

Test itI tried to add a profile picture, but by default, WordPress uses [https: ftp 127//en.0gravatar.0com/ Gravitar], which, surprise, surprise, links to your WordPress.1 sftp 127com account.0.0.1and to add a self-hosted site, you have to install JetPack. At this point, I felt harassed and doubly so because I didn't install JetPack and yet, some how, the profile picture correctly updated from the one I'd posted on Gravitar. What the hecK?

See also: ===SEO===*http://praveen.kumar.in/2009/05/31/setting-up-ftps-using-vsftpd-I used Site Kit plugin for wordpess, and for-wordpress-plugins-auto-upgrade/*https://askubuntu.com/questions/14371/how-mediawiki I made a sitemap to-setup-ftp-submit to-use-in-locally-hosted-wordpressGoogle.

To address some of the issues with the FTP server's file permissions in wordpress add to wp-config.phpSee https: define( 'WP_CONTENT_DIR', 'wp-content' ); define( 'FTP_BASE', '/var/www.mediawiki.org/htmlwiki/blog/' );Manual:GenerateSitemap.php

If I chmod blogIn mediawiki:blog mkdir sitemap php maintenance/generateSitemap.php --memory-limit=50M --fspath=/var/www/html/blog then everything seems to work find when I sftp but wordpress is unable to create a directorymediawiki/sitemap/ --identifier=edegancom --urlpath=/sitemap/ --server=https://www.edegan.. I can't work out why this is happening. I expect it has to do with the need for another wordpress specific define() statement, but I'm spending too much time on it. So I'm going to use direct installation of plugins instead, and remove the FTP server as it is a point of vulnerability. aptcom --get remove vsftpd userdel blogcompress=yes

Lock down apache somewhat further (as now there are directories And with that shouldn't be listablesuccess behind you, etc.install Google XML Sitemaps on Wordpress, chose some settings (on Settings -> XML-Sitemap), and then post the URL to Google: cd https:/etc/apache2 vi apache2www.conf #Change the directory definitionsedegan. Notes that if -SomeOption is used then other options must have + or - in front of them: <Directory /var/wwwcom/html> Options -Indexes +FollowSymLinks AllowOverride All Require all granted <blog/Directory> systemctl reload apache2 #To debug: systemctl status apache2sitemap.servicexml

In the wiki (LocalSettings.php), comment the debug lines (I can't see when I added them from the documentation, but if you want to see error messages during the config, you'd want them uncommented): #error_reporting( -1 ); #ini_set( 'display_errors',1 ); #$wgShowExceptionDetails = true; #$wgShowDBErrorBacktrace = true; #$wgShowSQLErrors = true;HTTPS===

Check the permissions To set up HTTPS using $wgGroupPermissions - Let's Encrypt, see https://www.mediawikilinuxize.orgcom/wikipost/secure-apache-with-let-s-encrypt-on-ubuntu-20-04/Manual:User_rights

Run all the updates to the blog, etcInstall it and make some directories., from the consol before locking it down. Then in wp-config.php, lock down the ability to apt update apt install plugins, certbot openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 takes ~20 secs mkdir -p /var/lib/letsencrypt/., by commenting:well-known chgrp www-data /var/lib/letsencrypt #define('FS_METHOD','direct');chmod g+s /var/lib/letsencrypt

Edit Set up the config files vi /etc/apache2/conf-available/letsencrypt.htaccess files in blog and mediawiki to allow access but with appropriate restrictionsconf Alias /.well-known/acme-challenge/ "/var/lib/letsencrypt/.well-known/acme-challenge/" <Directory "/var/lib/letsencrypt/"> AllowOverride None Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec Require method GET POST OPTIONS </Directory>

Note that the rewrite rules for the blog are in its vi /etc/apache2/conf-available/ssl-params.htaccess fileconf <IfModule mod_rewriteSSLProtocol all -SSLv3 -TLSv1 -TLSv1.c>1 RewriteEngine OnSSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA- CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 SSLHonorCipherOrder off SSLSessionTickets off RewriteBase /blog/ RewriteRule ^index\.php$ - [L]SSLUseStapling On RewriteCond %{REQUEST_FILENAME} !-fSSLStaplingCache "shmcb:logs/ssl_stapling(32768)" RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . SSLOpenSSLConfCmd DHParameters "/etc/ssl/blogcerts/indexdhparam.php [L]pem" </IfModule>Header always set Strict-Transport-Security "max-age=63072000"

To make the blog the default, edit Enable some apache2 mods! a2enmod ssl a2enmod headers a2enconf letsencrypt a2enconf ssl-params sudo a2enmod http2 systemctl reload apache2 Run certbot! certbot certonly --agree-tos --email ed@edegan.com --webroot -w /var/etclib/apacheletsencrypt/sites-available-d edegan.com-d www.conf, add an alias (don't alias to indexedegan.php as it will cause design issues, the rewrite rule for com Note that is already I needed an @ entry in my A record for edegan.com pointed to my IP address to get the main challenge to succeed.htaccess file!): Alias /blog /var/www/html/blog/

Then set up a new apache2 config file (in /etc/apache): mv sites-available/000-default.conf sites-available/000-default.conf.bak vi sites-available/edegan.com.conf <VirtualHost *:80> ServerName www.edegan.com ServerAdmin ed@edegan.com Redirect permanent / https://www.edegan.com/ </VirtualHost> <VirtualHost *:443> ServerName www.edegan.com Protocols h2 http/1.1 DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLEngine On SSLCertificateFile /etc/letsencrypt/live/edegan.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/edegan.com/privkey.pem # Other Apache Configuration Alias /wiki /var/www/html/mediawiki/index.php RewriteEngine On RewriteRule ^/*$ %{DOCUMENT_ROOT}/mediawiki/index.php [L] </VirtualHost> ln -s sites-available/edegan.com.conf sites-enabled/edegan.com.conf systemctl reload apache2 Test it by going to https://www.ssllabs.com/ssltest/ Finally, edit /etc/cron.d/certbot and append the following to the last line (after -renew): --renew-hook "systemctl reload apache2" certbot renew --dry-run Tests the renewal! ====PDFEmbed Issue==== Enabling and requiring HTTPS causes an issue with PDFEmbed on mediawiki, where you get a blank frame. The PDF is still there, other images load fine, but the PDF frame won't render the PDF. The problem is actually that the PDF is served with HTTP and the rest of the page is served with HTTPS, and Chrome (and perhaps other browsers) don't render the insecure content as a consequence (see [https://www.mediawiki.org/wiki/Topic:Uhgnq0wbmzfurbj0] for a description of the symptoms, but not the solution.). The solution is to edit mediawiki/extensions/PDFEmbed/PDFEmbed.hooks.php. For me it was line 103 that previously said: 'src' => $file->getFullUrl().'#page='.$page,I changed this line to: 'src' => preg_replace("/^http:/i", "https:", $file->getFullUrl()).'#page='.$page, This is mentioned in a comment on a topic page, though presumably for an earlier version: https://www.mediawiki.org/wiki/Topic:Syxow0why4c0cvvm ====Another Issue==== Interestingly, I started getting a message from Google Chrome whenever I went to post wiki entries saying: "The information you’re about to submit is not secure". There's an option to "Proceed anyway" or "Go back".  This started after I had MultiTail running viewing apache's logs, but I couldn't see, beyond some kind of file lock examination, how it could work. I figured that it was a coincidence and something else might have happened.  My first thought was that my SSL certificate might have expired. However, the certificate looks valid and good, and the issue survived a reboot. By inspecting the webpages (in Chrome) and then reviewing the Console, I could see that it was caused by a mixed content problem: Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure font '<URL>'. This request has been blocked; the content must be served over HTTPS. It seemed that I somehow have some font addresses hardcoded somewhere: Mixed Content: The page at ... was loaded over HTTPS, but requested an insecure font 'http://128.42.44.180/mediawiki/resources/assets/fonts/BonvenoCF-Light.otf'. This request has been blocked; the content must be served over HTTPS. The copy of Chrome on my desktop must somehow have been upgraded? Or something else changed to cause a change in behavior... The IP is from the old web server at the McNair Center, suggesting that when I migrated the McNair database into the new wiki, I migrated this issue. (Note that it doesn't appear to be something hardcoded into a .css file, or similar -- I can't find any trace on the filesystem and besides, this wiki was built from a fresh install.)  I found the URLs hardcoded in [[MediaWiki:Common.css]] (it must have been moved with the last big batch of pages and I somehow didn't notice!) but then couldn't edit it! It seems that following [https://www.mediawiki.org/wiki/MediaWiki_1.32/interface-admin Mediawiki 1.32], the rights to edit the interface were separated out, and users now need the editinterface right to change anything in the Mediawiki namespace. So, I went to [[Special:UserRights]] and gave myself permission. Then I edited the page, which changed the look-and-feel of my editor (I have no idea why), removed the consol messages, but left the problem (even after ctrl-shift-r cache flush on Chrome). ===Install VSFTPD=== With the security restrictions on wordpress, I now need an FTP server to get files for themes, plugins, etc. I like VSFTPD, as its simple, secure, and has a nice standalone config. Old documentation on an earlier install on the old [[Wordpress Blog Site (Tool)]] page. Instructions are here: https://linuxconfig.org/how-to-setup-ftp-server-on-ubuntu-20-04-focal-fossa-linux  apt-get install vsftpd cp /etc/vsftpd.conf /etc/vsftpd.conf_orig vi /etc/vsftpd.conf #Change the following write_enable=YES local_umask=022 ssl_enable=YES #Add the following (forces ssl) allow_anon_ssl=NO force_local_data_ssl=YES force_local_logins_ssl=YES ssl_tlsv1=YES ssl_sslv2=YES ssl_sslv3=YES /etc/init.d/vsftpd restart Then add a user and set it up: useradd -m blog passwd blog usermod -a -G www-data blog usermod -d /var/www/html/blog blog Test it: ftp 127.0.0.1 sftp 127.0.0.1 See also: *http://praveen.kumar.in/2009/05/31/setting-up-ftps-using-vsftpd-for-wordpress-plugins-auto-upgrade/*https://askubuntu.com/questions/14371/how-to-setup-ftp-to-use-in-locally-hosted-wordpress To address some of the issues with the FTP server's file permissions in wordpress add to wp-config.php: define( 'WP_CONTENT_DIR', 'wp-content' ); define( 'FTP_BASE', '/var/www/html/blog/' ); If I chmod blog:blog /var/www/html/blog then everything seems to work find when I sftp but wordpress is unable to create a directory... I can't work out why this is happening. I expect it has to do with the need for another wordpress specific define() statement, but I'm spending too much time on it. So I'm going to use direct installation of plugins instead, and remove the FTP server as it is a point of vulnerability. apt-get remove vsftpd userdel blog ===Final Configuration Changes to Apache=== Lock down apache somewhat further (as now there are directories that shouldn't be listable, etc.) cd /etc/apache2 vi apache2.conf #Change the directory definitions. Notes that if -SomeOption is used then other options must have + or - in front of them: <Directory /var/www/html> Options -Indexes +FollowSymLinks AllowOverride All Require all granted </Directory> systemctl reload apache2 #To debug: systemctl status apache2.service ====Remove the debug setup==== In the wiki (LocalSettings.php), comment the debug lines (I can't see when I added them from the documentation, but if you want to see error messages during the config, you'd want them uncommented): #error_reporting( -1 ); #ini_set( 'display_errors',1 ); #$wgShowExceptionDetails = true; #$wgShowDBErrorBacktrace = true; #$wgShowSQLErrors = true; Check the permissions set using $wgGroupPermissions - see https://www.mediawiki.org/wiki/Manual:User_rights Run all the updates to the blog, etc., from the consol before locking it down. Then in wp-config.php, lock down the ability to install plugins, etc., by commenting: #define('FS_METHOD','direct'); Edit the .htaccess files in blog and mediawiki to allow access but with appropriate restrictions. Note that the rewrite rules for the blog are in its .htaccess file <IfModule mod_rewrite.c> RewriteEngine On RewriteBase /blog/ RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /blog/index.php [L] </IfModule> To make the blog the default, edit /etc/apache/sites-available-edegan.com.conf, add an alias (don't alias to index.php as it will cause design issues, the rewrite rule for that is already in the .htaccess file!): Alias /blog /var/www/html/blog/ And change: RewriteRule ^/*$ %{DOCUMENT_ROOT}/mediawiki/index.php [L] To: RewriteRule ^/*$ %{DOCUMENT_ROOT}/blog/index.php [L] Then: systemctl reload apache2 Note: Don't change the DocumentRoot to the blog, as this will destroy the design of the wiki. The last rewrite rule will decide the default site! ===Changing the Wordpress url=== It seems likely that some Reddit bots are automatically blocking postings with the word blog in their URL. So I decided to move my Wordpress installation from /blog to /journal.  Note that I briefly tried 'article' (singular to save letters). I also considered 'paper', which is shorter but not quite right. Likewise study, etc. Also digest (which was a close second), review, bulletin, and pub (which was just too ambiguous). The problem with article is that although it looks good for article URLS, the landing URL is then www.edegan.com/article. A collection word is better. And journal appeals to the academic in me. To do this takes about 10 minutes (see https://wordpress.org/support/article/moving-wordpress/). You have to:#Make the change in Wordpress through wp-admin (you have to do this first!) - Set both the Wordpress Address (URL) and Site Address (URL) fields#Move the directory to the new name (at this point I could access www.edegan.com/article)#Fix aliases in apache and the default subdomain for landing (see below)#Fix the permalinks (update the .htaccess file)#Fix the links hardcoded in menus#(Create and) load up a new icon image (it is set under Appearance -> Customize -> Site Identity)#Run any updates etc.#Reconnect Google site kit#Rerun Yoast SEO optimizer To fix the main alias in apache: vi /etc/apache2/sites-available/edegan.com.conf Change: Alias /blog /var/www/html/blog/ RewriteRule ^/*$ %{DOCUMENT_ROOT}/blog/index.php [L] systemctl reload apache2 I also needed to:#Perform a backup (I really should have done this before moving the site but hey...)#Fix the images etc. (they initially fine... but I came to suspect that they were cached and an HTML inspected revealed the wrong URLs) Do the backup (with a user that has process privileges): cd /bulk/backups mysqldump --add-drop-table -h localhost -u user -p wordpress | gzip > wordpress-20210209.sql.gz or mysqldump --add-drop-table -h localhost -u user -p wordpress > wordpress-20210209.sql Then install and use Velvet Blues (see https://www.wpbeginner.com/plugins/how-to-update-urls-when-moving-your-wordpress-site/) and use it to change the URLs (use https:// as a page inspection shows that this is correct) ===Another Change to the Wordpress URL and some updates === As root get the mysql dbase details: mysql -p #hint: tsn select host, user from mysql.user; show databases; Read mail: less /var/mail/$(whoami) Look in wp-config.php for dbase, user, pword etc. cat /var/www/html/journal/wp-config.php Back up the dbase mysqldump --add-drop-table -h localhost -u root -p wordpress > wordpress-20220814.sql Change settings (on https://www.edegan.com/journal/wp-admin/options-general.php)* WordPress Address (URL)** https://www.edegan.com/articles* Site Address (URL)** https://www.edegan.com/articles Move the folder: cd /var/www/html/ mv journal articles Reload: https://www.edegan.com/articles/wp-admin/options-general.php? Fix the .htaccess file to do the permalinks cd articles vi .htaccess #change 2 instances of journal to articles Fix the links in the menu on https://www.edegan.com/articles/wp-admin/customize.php?* Change links in menus! (2 instances - then publish) Upgrade php to 7.4 sudo apt-add-repository ppa:ondrej/php apt update apt install -y php7.4 php7.4-cli php7.4-common php7.4-fpm apt install -y php7.4-mysql php7.4-dom php7.4-simplexml php7.4-ssh2 php7.4-xml php7.4-xmlreader php7.4-curl php7.4-exif php7.4-ftp php7.4-gd php7.4-iconv php7.4-imagick php7.4-json php7.4-mbstring php7.4-posix php7.4-sockets php7.4-tokenizer apt install -y php7.4-mysqli php7.4-pdo php7.4-sqlite3 php7.4-ctype php7.4-fileinfo php7.4-zip php7.4-exif a2dismod php7.3 a2enmod php7.4 a2enmod proxy_fcgi setenvif a2enconf php7.4-fpm systemctl reload apache2 Update wordpress* Note that I have wordpress chown -R root:root for articles and then www-data:www-data for wp-content.* Didn't read: https://www.edegan.com/articles/wp-admin/update-core.php?action=do-core-upgrade Do the update /var/www/html# chown -R www-data:www-data articles/ run update in wp-admin * Update all the plugins* Update themes* Wordfence** Update .htaccess for extended protection. Reharden: chown -R root:root articles/ chown -R www-data:www-data articles/wp-content/ Fix the alias in apache! vi /etc/apache2/sites-available/edegan.com.conf Alias /journal /var/www/html/articles Alias /articles /var/www/html/article Alias /blog /var/www/html/blog RewriteRule ^/*$ %{DOCUMENT_ROOT}/articles/index.php [L] #Redirect the journal root to articles Redirect permanent /journal https://www.edegan.com/articles systemctl reload apache2 Plugins etc.* Site Kit by Google** Setup! (sign in using dredegan@gmail.com)* Yoast SEO** Rerun optimization Fix image links, etc.* I repointed the /journal and /blog aliases* Run the velvet blues plugin Fix the icon:* https://www.edegan.com/articles/wp-content/uploads/2021/02/edegandotcomslashjournal-LightGreyOnDarkBlue.png* In Z:\projects\WebDesign\LogosV2.xcf* Export as edegandotcomslasharticles-LightGreyOnDarkBlue.png* Set under Site Identity ===Useful tools=== ====Multitail==== I installed [https://www.vanheusden.com/multitail/manual.php Multitail]: apt-get multitail The [https://www.vanheusden.com/multitail/manual.php manual] is pretty weak, but the [https://www.vanheusden.com/multitail/examples.php examples] are good and the [https://www.vanheusden.com/multitail/features.php feature list] is excellent. Here's some useful commands to review log files: multitail -cS apache -ev "Bot" /var/log/apache2/access.log -ci white -e "Bot" -I /var/log/apache2/access.log multitail -cS apache -ev "Bot" -ev "bot" -ev "internal dummy connection" /var/log/apache2/access.log ====Traceroute====  apt install traceroute Note: [https://zmap.io/ Zmap] seems popular nowadays, based on traffic logs. ====Other==== Connect with smb from Mother to Father: smbclient //192.168.2.200/sharename -U Domainname/username Note that you need to specify the domain. Mount a thru connection: mount -t cifs -o user=username //192.168.2.200/sharename /mnt/father ln -s /mnt/father/whatever/ /bulk/whatever ==Old machines== For the configuration of the servers built for the McNair Center, see the old [[Center IT]] page or the pages below:*[[Database Server Documentation]]*[[RDP Documentation]]**[[Server Backup Policy]]**[[Power Backup]]*[[Test Web Server Documentation]]*[[Web Server Documentation]]**[[Wiki Configuration]]**[[Security on the wiki]] Some of this information is still useful! In addition, at UC Berkeley, Ed designed and built three machines - two postgresql database servers and a wiki server. The documentation is here:*[[Haas PhD Server Configuration]]*[[Posgres Server Configuration]] -- documents the build of postgres2

In addition, at UC Berkeley, Ed designed and built three machines - two postgresql database servers and a wiki server. The documentation is here:*Some [[Haas PhD Server Private Configuration]]*[[Posgres Server Configuration]] -- documents changes to the research computing setup are not recorded on the build of postgres2public wiki pages.