Changes

#Note: change passwords from hints hint before running

UPDATE mysql.user SET Password = PASSWORD('tsnhint') WHERE User = 'root'; UPDATE mysql.user SET Password = PASSWORD('tsnhint') WHERE User = 'debian-sys-maint'; UPDATE mysql.user SET Password = PASSWORD('tsnhint') WHERE User = 'mcnair_wp';

=====PostGIS Issues===== 

Update: It seems something did go wrong. Just because the extensions report back doesn't mean they work! When I try to run queries that use PostGIS, I get: SQL Error [58P01]: ERROR: could not access file "$libdir/postgis-2.4": No such file or directory I tried updating the extension (I'm pretty sure that I'm running 2.4.3): ALTER EXTENSION postgis UPDATE TO "2.4.3"; But that didn't fix anything. I checked the versions:

So I backed off the data from the two dbases that I'd used since the upgrade: pg_dump -Fc stockmarket > stockmarket_Fc_20201023.dump pg_dump -Fc vcdb4 > vcdb4_Fc_20201023.dump #FAILED! The second backoff failed: pg_dump: [archiver (db)] query failed: ERROR: could not access file "$libdir/postgis-2.4": No such file or directory pg_dump: [archiver (db)] query was: SELECT a.attnum, a.attname, a.atttypmod, a.attstattarget, a.attstorage, t.typstorage, a.attnotnull, a.atthasdef, a.attisdropped, a.attlen, a.attalign, a.attislocal, pg_catalog.format_type(t.oid,a.atttypmod) AS atttypname, array_to_string(a.attoptions, ', ') AS attoptions, CASE WHEN a.attcollation <> t.typcollation THEN a.attcollation ELSE 0 END AS attcollation, a.attidentity, pg_catalog.array_to_string(ARRAY(SELECT pg_catalog.quote_ident(option_name) || ' ' || pg_catalog.quote_literal(option_value) FROM pg_catalog.pg_options_to_table(attfdwoptions) ORDER BY option_name), E', ') AS attfdwoptions FROM pg_catalog.pg_attribute a LEFT JOIN pg_catalog.pg_type t ON a.atttypid =t.oid WHERE a.attrelid ='19998614'::pg_catalog.oid AND a.attnum > 0::pg_catalog.int2 ORDER BY a.attnum ======Postgres Upgrade Attempt (Failed)==Other Fixes====

Remove redundant user accountsMy changes weren't substantial, so I proceeded with an upgrade. First I checked to see if I had postgres12 installed and listening on another port or not: cat locate postgres ls /usr/bin/postgres dpkg --get-selections | grep postgres pg_lsclusters Ver Cluster Port Status Owner Data directory Log file 10 main 5432 online postgres /data/postgres /var/log/postgresql/postgresql-10-main.log 12 main 5433 online postgres /var/etclib/passwdpostgresql/12/main /var/log/postgresql/postgresql-12-main.log userdel pg_upgradecluster 10 main #This failed: pg_dump: error: query failed: ERROR: could not access file "$libdir/postgis-r username2.4": No such file or directory

So... I need to get Xwindows set up again. My best guess as to can't automatically upgrade without first fixing the cause of this issue is leftover Nvidia drivers from my attempts to install with v10 and postgis. add-apt-repository http://apt.postgresql.org/pub/repos/apt But that put the GPUs on this box went bad in an earlier following into /etc/apt/sources-get upgrade but I can't list: deb http://apt.postgresql.org/pub/repos/apt focal main vi it to (see them listedhttps://wiki.postgresql.org/wiki/Apt): deb http://apt.postgresql.org/pub/repos/apt focal-pgdg dpkg wget -l -quiet -O - http://apt.postgresql.org/pub/repos/apt/ACCC4CF8.asc | grep nvidiasudo apt-key add - apt-get update #Throws a warning: N: Skipping acquire of configured file 'main/binary-i386/Packages' as repository 'http://apt.postgresql.org/pub/repos/apt focal-driverpgdg InRelease' doesn't support architecture 'i386'

There is a .Xauthority file, and an .ICEauthority file, in /home/ed and both are owned by edBut the wretched thing still doesn't seem to be available:ed apt-get install postgresql-10-postgis-2. The former is empty (0 bytes) and the latter has some non4 Package postgresql-10-postgis-UTF8 (I think?) characters in it2. I'm 4 is not sure if either available, but is an issuereferred to by another package.

I didn't see xserverTrying a manual approach. [https://packages.ubuntu.com/bionic/i386/postgresql-xorg10-videopostgis-nouvea in 2.4/download Get the package list or any video driver modulefile], so I installed nouveauput it in /bulk/temp and cd there. Then: dpkg apt-l lsmod | more apt get install xserver./postgresql-xorg10-videopostgis-nouveau2.4_2.4.3+dfsg-4_i386.deb I#This failed too - there are unmet dependencies and they are 'm not sure if I should be fixing my boot image or notinstallable'... shutdown -r now lsmod | more

After doing this ======Switching over the login would give a local desktop but neither installations====== So, I took the alternative approach of changing the keyboard nor mouse workeddata folders [https://www.tutorialspoint. I tried uninstalling and reinstalled the keyboardcom/how-to-change-postgresql-data-folder-configuration again. aptlocation-get remove keyboardon-configuration aptubuntu-get install keyboard16-configuration 04]. The plan:#Take version 10 offline#Move version 10's data to a new location (/var/lib/postgresql/10/main)#Switch the ports of versions 10 and 12#Move version 12's data to /data#Put version 12 online#Load up the data in version 12! shutdown -r now#Optionally wipe out the old installation

But that just put me back where I wasShut it down: with a login loop problem pg_ctlcluster 12 master start pg_lsclusters #The cluster Ver Cluster Port Status Owner Data directory Log file 10 main 5432 online postgres /data/postgres /var/log/postgresql/postgresql-10-main. So I tried switching to lightdm:log 12 aptmaster 5433 online postgres /var/lib/postgresql/12/master /var/log/postgresql/postgresql-get install lightdm12-master.logg systemctl stop postgresql systemctl status postgresql

And it worked even before a reboot. After a reboot, I had a different login screen but Edit the actual desktop looked the sameconfig files: vi /etc/postgresql/10/main/postgresql. The conf data_directory = '/var/lib/postgresql/10/main' port = 5433 vi /etc/postgresql/12/master/postgresql.Xauthority file is now 51 bytes big and I suddenly have a .xsession-errors, which contains a list of environment settings taking place... However, the machine then silently crashed conf data_directory = '/data/postgres' port = 5432 listen_addresses = '*' #While we are here do some performance tuning: shared_buffers = 512MB huge_pages = try temp_buffers = 8G work_mem = 4GB maintenance_work_mem = 64 effective_cache_size = 384GB #Note that night and again the following morning. I couldndidn't find a specific cause in reduce the logs but there did seem to be a number X of connections (and GNOME problems:the max_wal_senders, which must be < max connections), or change max_stack_depth (which gives an error if you set it too high) journalctl -b -1 vi /etc/postgresql/12/master/pg_hba.conf journalctl --since "1 hour ago" Copy over the config to allow access from inside the network

I ran an update from Move the GUI, which may have helped. However, there was a warning about an issue with a screensaver the first time data: df #to check diskspace rm -R /var/lib/postgresql/10/main #Note that I loaded lightdm, and none of the crashes seemed to happen sometime after a clean boot. So I uninstalled lightdm, and installed gdm config files in here were valid (which failed as installed alreadythough you should check this is true before you do it!) and rebooted rsync -av /data/postgres/ /var/lib/postgresql/10/main #Takes awhile, but got no GUI. Then I uninstalled and reinstalled gdm and everything seems fine now.make sure it is all done before the next step rm -R /data/postgres aptrsync -get remove lightdmav /var/lib/postgresql/12/master/ /data/postgres systemctl start postgresql aptpg_lsclusters Ver Cluster Port Status Owner Data directory Log file 10 main 5433 online postgres /var/lib/postgresql/10/main /var/log/postgresql/postgresql-get remove gdm310-main.log 12 master apt5432 online postgres /data/postgres /var/log/postgresql/postgresql-12-get install gdm3master.log

Incidentally, I left a clock running in a terminal so that I could see when Do the box went down if it crashed again. The clock code isinstalls for some extensions: while [ 1 ] ; do echo apt-en "$(date +%T)\r" ; sleep 1; doneget install postgresql-12-plr apt-get install postgresql-plperl-12 postgresql-plpython3-12

I kept Make the old versions of mediawiki and wordpress and moved them to /bulk/retired (using yyymmdd dates)user: mv /var/lib/mediawiki26082020 /bulk/retired/ mv /bulk/retired/mediawiki26082020 /bulk/retired/mediawiki20200826 mv /var/www/html/blog20200809 /bulk/retired/createuser --interactive researcher

Put an .htaccess file in that folder to restrict access while we workRemove redundant user accounts: vi blogcat /.htaccessetc/passwd <RequireAny> Require ip 192.168.2.1 </RequireAny> userdel -r username

====Set I need to get Xwindows set up====again. My best guess as to the cause of this issue is leftover Nvidia drivers from my attempts to install the GPUs on this box went bad in an earlier apt-get upgrade but I can't see them listed: dpkg -l | grep nvidia-driver

Then set up the dbase by editing wp-configThere is a .php (it's easiest to modify the sample)Xauthority file, and an . cp blogICEauthority file, in /wp-config-sample.php bloghome/wp-configed and both are owned by ed:ed.php vi blog/wpThe former is empty (0 bytes) and the latter has some non-configUTF8 (I think?) characters in it.php Note get some keys from: https://api.wordpress.org/secret-key/1I'm not sure if either is an issue.1/salt/

Then the backend works I didn't see xserver-xorg- go to http://www.edegan.com/blog/wpvideo-admin! However nouvea in the health check shows a missing required package list or any video driver module and two missing recommended modules. Fix that, so I installed nouveau: aptdpkg -get install php7.3-gdl lsmod | more aptinstall xserver-xorg-video-get install php7nouveau I'm not sure if I should be fixing my boot image or not...3-curl apt-get install php7.3shutdown -imagickr now apachectl restartlsmod | more

Ironically, it then recommends that I upgrade to PHP7.4... but that After doing this the login would just give issues for mediawikia local desktop but neither the keyboard nor mouse worked. On I tried uninstalling and reinstalled the other hand, everything is keyboard-configuration again. apt-get remove keyboard-configuration apt-get install keyboard-configuration shutdown -r now green and just 4 groups of recommendations remain.

See [[Wordpress Blog Site (Tool)]] for And it worked even before a reboot. After a reboot, I had a different login screen but the actual desktop looked the McNair Centersame. The .Xauthority file is now 51 bytes big and I suddenly have a .xsession-errors, which contains a list of environment settings taking place... However, the machine then silently crashed that night and again the following morning. I couldn's build.t find a specific cause in the logs but there did seem to be a number X and GNOME problems: journalctl -b -1 journalctl --since "1 hour ago"

Using wwwI ran an update from the GUI, which may have helped.edeganHowever, there was a warning about an issue with a screensaver the first time that I loaded lightdm, and the crashes seemed to happen sometime after a clean boot.com/blog/wp-admin So I configured the blog uninstalled lightdm, and installed gdm (which failed as follows:installed already) and rebooted but got no GUI. Then I uninstalled and reinstalled gdm and everything seems fine now. apt-get remove lightdm apt-get remove gdm3 apt-get install gdm3*Select Twenty Twenty as the theme*Add the permalink code to the .htaccess fileIncidentally, I left a clock running in a terminal so that I could see when the URLs will work with postnamesbox went down if it crashed again. The clock code is:*Copy over images to wp-content/uploads (use cp while [ 1 ] ; do echo -a to maintain permissions)*Change the site name to https en "$(after fixing the https setup, see belowdate +%T)\r" ; sleep 1; done

I also added:*CoBlocks kept the old versions of mediawiki and wordpress and moved them to /bulk/retired (freeusing yyymmdd dates)*Advanced Gutenberg (free) mv /var/lib/mediawiki26082020 /bulk/retired/ mv /bulk/retired/mediawiki26082020 /bulk/retired/mediawiki20200826*Otter mv /var/www/html/blog20200809 /bulk/retired/

Notes:First, move the old folder to a new name, so that it is there for backup and then get the new install and unpack it. cd /bulk/installs*Twitter embedding: wget https://wwwwordpress.org/latest.wpbeginnertar.comgz mv /var/www/html/blog /var/www/wp-tutorialshtml/howblog20200809 tar -to-display-recent-tweets-inxzf latest.tar.gz -C /var/www/html/ cd /var/www/html/ mv wordpress/ blog/ chown -withR www-twitterdata:www-widgets/data blog

This included:*Fixing file ownership: For fully hardened, change ownership of everything to root, except wflogs, uploads and themes in Then set up the dbase by editing wp-content, which should be owned by www-dataconfig. However, then you wonphp (it't be able s easiest to install plugins etcmodify the sample). A compromise is -R root:root for cp blog and then www/wp-data:wwwconfig-data for sample.php blog/wp-contentconfig.php*Check file permissions: Everything is 644, except vi blog/wp-content which is 755config.php*Checking dbase rights and setting new passwords Note get some keys from: https://api.wordpress.org/secret-key/1.1/salt/*Changing passwords on old accounts (with posts, so Then the accounts shouldn't be deleted) backend works - go to random strong stringshttp://www.edegan.com/blog/wp-admin! However the health check shows a missing required module and two missing recommended modules. Fix that: apt-get install php7.3-gd*Fixing up apt-get install php7.htaccess file to impose restrictions3-curl*Install Sucuri apt-get install php7.3-imagick*Enable more logging apachectl restart

Checking user rights in the dbase and changing their password: mysql -user=root -p use wordpress SELECT User FROM mysqlIronically, it then recommends that I upgrade to PHP7.4...user; SHOW GRANTS FOR 'username'@'localhost'; SET PASSWORD FOR 'username'@'localhost'='newpassword'; (Note but that this shouldn't be logged in clear on would just give issues for mediawiki. On the serverother hand, but might be on a client. Delete .mysql_history at the end everything is now green and just 4 groups of your sessionrecommendations remain.)

.htaccess in wp-includes: # Block the include-only files. <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^wp-admin/includes/ - [F,L] RewriteRule !^wp-includes/ - [S=3] RewriteRule ^wp-includes/[^/]+\.php$ - [F,L] RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L] RewriteRule ^wp-includes/theme-compat/ - [F,L] </IfModule> # BEGIN WordPress===Config====

The #BEGIN WordPress tag is redundant as See [[Wordpress Blog Site (Tool)]] for the file is 644 rootMcNair Center's build.

Using www.edegan.com/blog/wp-admin I configured the blog as follows:*Select Twenty Twenty as the theme*Add the following permalink code to the .htaccess in file, so that the wordpress dir:URLs will work with postnames <files *Copy over images to wp-config.php>content/uploads (use cp -a to maintain permissions) order allow*Change the site name to https (after fixing the https setup,deny deny from all </files>see below)

If there are plugin installation issues then add to wp-config.phpInstall plugins: define*Yoast SEO*Wordfence Security*Disable Comments*Site Kit by Google ('FS_METHOD','direct'set up once live!);*Pixabay

Once I'm all done with the theme etc., I can uncomment the following from wp-config.phpalso added:*CoBlocks (free) define*Advanced Gutenberg ('DISALLOW_FILE_EDIT', truefree);*Otter

Other plugins I built a [[Branding]] palette, to standardize the colors. And I installed the Twentig plugin, to give extra configuration options.might want are:*Revive Old Post (share with twitter)*Optimole (optimize images)*WP Rocket (implement cache)

I changed the site colors, added the logo and the tag line, and made other config changesNotes:*Twitter embedding: https://www.wpbeginner.com/wp-tutorials/how-to-display-recent-tweets-in-wordpress-with-twitter-widgets/

To reduce I hardened the header spacingwordpress installation: https://wordpress.headerorg/support/article/hardening-inner { padding: 1.5rem 0; }wordpress/

To remove the title from the landing pageThis included: *Fixing file ownership: For fully hardened, change ownership of everything to root, except wflogs, uploads and themes in wp-content, which should be owned by www-data. However, then you won't be able to install plugins etc.pageA compromise is -idR root:root for blog and then www-2169 data:www-data for wp-content.entry-title{ display*Check file permissions:none !important;Everything is 644, except wp-content which is 755 }*Checking dbase rights and setting new passwords. *Changing passwords on old accounts (with posts, so the accounts shouldn't be deleted) to random strong strings.page-id-2169 *Fixing up .entry-header {htaccess file to impose restrictions padding: 0;*Install Sucuri }*Enable more logging

To doChecking user rights in the dbase and changing their password:*I need to add social media icons! That might be as easy as adding the social media menu [https://wordpress.org/support/article/twenty mysql -twenty/#adduser=root -social-icons]p use wordpress SELECT User FROM mysql.user; SHOW GRANTS FOR 'username'@'localhost';*Get a SET PASSWORD FOR 'username'@'related posts widgetlocalhost'='newpassword'? There; (Note that this shouldn's Yet Another Related Posts Plugint be logged in clear on the server, Contextual Related Posts, and Inline Related Postsbut might be on a client.Delete .. I went with YARPP, as it is mysql_history at the most popular. It is apparently resource-heavyend of your session.)

I tried the following blocks plugins.htaccess in wp-includes:*'''Ultimate Addons for Guttenberg'''*It's free and adds some nice basic functionality**Post blocks # Block the include: Post Carousel, Post Grid, Post Masonry, Post Timeline, Advanced Columns -- but customization is limited and I can't do one post*'''Getwid''':only files.**Pretty highly customizable <IfModule mod_rewrite. c>**Can specify which posts to show in 3 blocks (Custom Post Type, Post Carousel, and Post Slider) and can build custom templates to arrange how they are displayed RewriteEngine On**Post blocks: Recent Posts, Custom Post Type, Post Carousel, and Post Slider RewriteBase /*'''Redux''' RewriteRule ^wp-admin/includes/ - It's a templates library. You get 5 for free and they upsell hard.[F,L]*'''ZeGuten''' RewriteRule !^wp-includes/ - Couldn't find it[S=3]*'''Advanced Gutenberg''' RewriteRule ^wp- It's free and widely used.includes/[^/]+\.. *'''CoBlocks''' php$ -- Does the basics[F,L]**Posts RewriteRule ^wp-- Can't specify specific postsincludes/js/tinymce/langs/. Can do category+\.**Post Carousel php -- Likewise.*'''Stackable''':**It requested opt-in[F, which I didn't like, and it wants you to 'Go Premium'. **It has settings for everything! By far the most detailed configuration.**Useful blocks:L]***Posts RewriteRule ^wp-includes/theme- can't seem to specify a specific post***Advanced Columns and Grids compat/ -- for layout***Card -- could make posts links with buttons[F,L]***Feature </Feature Grid -- likewiseIfModule>***Container? Might be helpful # BEGIN WordPress*'''Gutenberg Post Blocks'''**Untested with my version. Seems to work. **Has lots of options but does full-page things. Can limit to a post using include but has next page links...**Tried to push for an update to pro.*'''Magical Posts Display''' -- I dumped it for being too weird.*'''Otter Blocks'''**Google maps block and other useful things... I just don't need it right nowThe #BEGIN WordPress tag is redundant as the file is 644 root.

Built-Add the following to .htaccess inthe wordpress dir:*Latest Posts (widget) <files wp-config.php> order allow,deny deny from all </files>

Chosen block plugins:If there are plugin installation issues then add to wp-config.php* define('FS_METHOD','Getwiddirect'); Once I'' -m all done with the theme etc., I can uncomment the following from wp- It's outstanding and embraces templates for serious bespoke customizationconfig.php*'''Stackable define('DISALLOW_FILE_EDIT', true); {{Colored box|title=Notice|content=With hardened permissions, you won' t be able to update Wordpress from the dashboard. To fix this, set ownership of the entire wordpress directory to www-data:www-data (i.e., chown -R www- For its optiondata:www-based customization*I might add back '''coblocks'''data blog/), run the update, '''Advanced Gutenberg''' and '''Ultimate Addons for Gutenberg'''then revert the ownership to root (or some other account).}} ====Redesign====

I installed WP Mail SMTP Litechanged the site colors, added the logo and the tag line, and made other config changes.

I first set it up to use Google. Essentially you need to sign in to Google and set up an API in the console: https://console.developers.google.com/flows/enableapi?apiid=gmail&pli=1. However, this seemed to introduce a massive security hole unless you have G SuiteThen, so I abandoned this approachadded custom CSS as follows.

I had previously set up SMTP through Google for To reduce the wiki (See [[Research_Computing_Configuration#Confirm_Account]]). So, I used the same approach with Wordpress. In WP Mail SMTP Lite choose 'Other' (see the [httpsheader spacing://www.wpbeginner.com/plugins/how-to-send-email-in-wordpress-using-the-gmail-smtp-server/ second method]). Then [https://wpmailsmtp.com/docs/how-to-secure-smtp-settings-by-using-constants/ edit wp-config.php to hardcode the values] (this ensures that the password, which is stored plain-text, is a little more secure.): define( 'WPMS_ON', true ); //You MUST set this if you want hardcoded values to work! define( 'WPMS_LICENSE_KEY', '' ); define( 'WPMS_MAIL_FROM', 'blog@edegan.com' ); define( 'WPMS_MAIL_FROM_FORCE', true ); header-inner { define( 'WPMS_MAIL_FROM_NAME', 'The Blog at EdEgan.com' ); define( 'WPMS_MAIL_FROM_NAME_FORCE', true ); define( 'WPMS_MAILER', 'smtp' ); // Possible values: 'mail', 'gmail', 'mailgun', 'sendgrid', 'smtp'. define( 'WPMS_SET_RETURN_PATH', true ); define( 'WPMS_SMTP_HOST', 'ssl padding://smtp1.gmail.com' )5rem 0; define( 'WPMS_SMTP_PORT', 465 ); define( 'WPMS_SSL', 'ssl' ); // Possible values '', 'ssl', 'tls' - note TLS is not STARTTLS. define( 'WPMS_SMTP_AUTH', true ); define( 'WPMS_SMTP_USER', 'username@gmail.com' ); // SMTP authentication username, only used if WPMS_SMTP_AUTH is true. define( 'WPMS_SMTP_PASS', 'password generated by Google' ); define( 'WPMS_SMTP_AUTOTLS', true );}

Getting the To do:*I need to add social media icons on ! That might be as easy as adding the social media menu and correctly linked up is very straight forward. Follow the [https://wordpress.org/support/article/twenty-fifteentwenty/#add-social-icons guide for twenty-fifteen].*Get a '''related posts widget'''? There's Yet Another Related Posts Plugin, Contextual Related Posts, and Inline Related Posts... I went with YARPP, which also works for 2020as it is the most popular. It is apparently resource-heavy.

Getting I tried the following blocks plugins:*'''Ultimate Addons for Guttenberg'''*It's free and adds some share buttons was more problematicnice basic functionality**Post blocks include: Post Carousel, particular as my planned social media usage is somewhat atypical (TwitterPost Grid, LinkedInPost Masonry, and Reddit, really in reverse order)Post Timeline, Advanced Columns -- but customization is limited and because I doncan't want to pay anythingdo one post*'''Getwid''':**Pretty highly customizable. **Can specify which posts to show in 3 blocks (Custom Post Type, Post Carousel, and Post Slider) and can build custom templates to arrange how they are displayedThe free version of [https**Post blocks://revive.social/plugins/reviveRecent Posts, Custom Post Type, Post Carousel, and Post Slider*'''Redux''' -old-post/ Revive Old Posts] lets you push content to Twitter It's a templates library. You get 5 for free and Facebook, but they want you pay to push to LinkedInupsell hard.*'''ZeGuten''' - Couldn't find itThe best *'''Advanced Gutenberg''' - It's free options seem to be:and widely used... *[https://wordpress.org/plugins/add'''CoBlocks''' --toDoes the basics**Posts -any/ AddToAny Share Buttons] - Integrates with Google AnalyticsCan't specify specific posts. Can do category.*[https://wordpress.org/plugins/simple*Post Carousel -social-icons/ Simple Social Icons] - The simplest optionLikewise.*[https'''Stackable'''://wordpress**It requested opt-in, which I didn't like, and it wants you to 'Go Premium'.org/plugins/shared-counts/ Shared Counts] -- Counts hits (but using a 3rd party **It has settings for data?)everything! By far the most detailed configuration.*[https*Useful blocks://wordpress.org/plugins/wordpress***Posts -social-login/ WordPress Social Login] - if you want users can't seem to log in using their SM accounts (note: has specify a bimodal ratings distro)specific post*[https://wordpress.org/plugins/jetpack/ JetPack] **Advanced Columns and Grids -- The plugin used by wordpress.com for this functionality. The free version should suffice, but this thing is a monster. It also uses an account on the wordpress.com cloud, which is a pain for those who are selflayout***Card --hosting.could make posts links with buttons I went with AddToAny, as it had the most installations, is entirely open***Feature/Feature Grid --source, and offers all the functionality I need.likewise***Container? Might be helpful====Avoiding JetPack====*'''Gutenberg Post Blocks'''**Untested with my version. Seems to work. I tried **Has lots of options but does full-page things. Can limit to add a profile picture, post using include but by default, WordPress uses [https://en.gravatar.com/ Gravitar], which, surprise, surprise, has next page links to your WordPress.com account... and **Tried to add a self-hosted site, you have push for an update to install JetPackpro. At this point, *'''Magical Posts Display''' -- I felt harassed dumped it for being too weird.*'''Otter Blocks'''**Google maps block and doubly so because other useful things... I didnjust don't install JetPack and yet, some how, the profile picture correctly updated from the one I'd posted on Gravitarneed it right now. What the hecK?

To set up HTTPS using LetChosen block plugins:*'''Getwid'''s Encrypt, see https://linuxize.com/post/secure-apache-with-let-It'soutstanding and embraces templates for serious bespoke customization*'''Stackable''' -encrypt-onFor its option-ubuntu-20-04/based customization*I might add back '''coblocks''', '''Advanced Gutenberg''' and '''Ultimate Addons for Gutenberg'''

Install it and make some directories...====Email==== apt update apt install certbot openssl dhparam -out /etc/ssl/certs/dhparamI installed WP Mail SMTP Lite.pem 2048 takes ~20 secs mkdir -p /var/lib/letsencrypt/.well-known chgrp www-data /var/lib/letsencrypt chmod g+s /var/lib/letsencrypt

Set I first set it up to use Google. Essentially you need to sign in to Google and set up an API in the config files vi console: https:/etc/apache2/conf-available/letsencryptconsole.developers.conf Alias /google.well-knowncom/acme-challenge/ "/var/lib/letsencryptflows/enableapi?apiid=gmail&pli=1. However, this seemed to introduce a massive security hole unless you have G Suite, so I abandoned this approach.well-known/acme-challenge/" <Directory "/var/lib/letsencrypt/"> AllowOverride None Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec Require method GET POST OPTIONS </Directory>

vi I had previously set up SMTP through Google for the wiki (See [[Research_Computing_Configuration#Confirm_Account]]). So, I used the same approach with Wordpress. In WP Mail SMTP Lite choose 'Other' (see the [https:/etc/apache2www.wpbeginner.com/conf-availableplugins/sslhow-params.conf SSLProtocol all to-SSLv3 send-TLSv1 email-TLSv1.1 SSLCipherSuite ECDHEin-ECDSAwordpress-AES128using-GCMthe-SHA256:ECDHEgmail-RSAsmtp-AES128-GCM-SHA256server/ second method]). Then [https:ECDHE//wpmailsmtp.com/docs/how-ECDSAto-AES256secure-GCMsmtp-SHA384:ECDHEsettings-RSAby-AES256using-GCMconstants/ edit wp-SHA384:ECDHEconfig.php to hardcode the values] (this ensures that the password, which is stored plain-ECDSA- CHACHA20-POLY1305text, is a little more secure.):ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 SSLHonorCipherOrder offdefine( 'WPMS_ON', true ); //You MUST set this if you want hardcoded values to work! define( 'WPMS_LICENSE_KEY', '' ); define( 'WPMS_MAIL_FROM', 'blog@edegan.com' ); SSLSessionTickets offdefine( 'WPMS_MAIL_FROM_FORCE', true ); define( 'WPMS_MAIL_FROM_NAME', 'The Blog at EdEgan.com' ); SSLUseStapling Ondefine( 'WPMS_MAIL_FROM_NAME_FORCE', true ); SSLStaplingCache "shmcbdefine( 'WPMS_MAILER', 'smtp' ); // Possible values: 'mail', 'gmail', 'mailgun', 'sendgrid', 'smtp'. define( 'WPMS_SET_RETURN_PATH', true ); define( 'WPMS_SMTP_HOST', 'ssl:logs/ssl_stapling(32768/smtp.gmail.com' )" ; define( 'WPMS_SMTP_PORT', 465 ); SSLOpenSSLConfCmd DHParameters "define( 'WPMS_SSL', 'ssl' ); /etc/Possible values '', 'ssl', 'tls' - note TLS is not STARTTLS. define( 'WPMS_SMTP_AUTH', true ); define( 'WPMS_SMTP_USER', 'username@gmail.com' ); /certs/dhparamSMTP authentication username, only used if WPMS_SMTP_AUTH is true.pem" define( 'WPMS_SMTP_PASS', 'password generated by Google' ); define( 'WPMS_SMTP_AUTOTLS', true ); =====Author Comments===== The blog supports multiple authors and by default, Wordpress emails an author whenever one of their posts gets a comment. If you'd like to disable author comment emails but keep the moderator emails, there's a simple fix:  Header always '''Just go to wp-admin/options.php and set Strict-Transport-Security "max-age=63072000"'comments_notify' to 0.''' (See https://codex.wordpress.org/Option_Reference)

Enable some apache2 mods!More complicated methods involve writing your own plugin [https://wordpress.stackexchange.com/questions/150125/disabling-comment-notifications-for-post-author] to refine wp_new_comment_notify_postauthor[https://developer.wordpress.org/reference/functions/wp_new_comment_notify_postauthor/] or changing the hooks[https://developer.wordpress.org/reference/hooks/notify_post_author/] used in wp-includes/comment.php: a2enmod ssl$maybe_notify = apply_filters( 'notify_post_author', $maybe_notify, $comment_ID );  a2enmod headers====Social Media Integration==== a2enconf letsencrypt a2enconf sslGetting the social media icons on the menu and correctly linked up is very straight forward. Follow the [https://wordpress.org/support/article/twenty-fifteen/#add-social-icons guide for twenty-paramsfifteen], which also works for 2020. sudo a2enmod http2 systemctl reload apache2Getting some share buttons was more problematic, particular as my planned social media usage is somewhat atypical (Twitter, LinkedIn, and Reddit, really in reverse order), and because I don't want to pay anything.

Run certbot! certbot certonly --agree-tos --email ed@edegan.com --webroot -w The free version of [https:/var/librevive.social/letsencryptplugins/ revive-d edegan.com old-d www.edegan.com Note that I needed an @ entry in my A record for edegan.com pointed post/ Revive Old Posts] lets you push content to my IP address Twitter and Facebook, but they want you pay to get the main challenge push to succeedLinkedIn.

Then set up a new apache2 config file (in /etc/apache)The best free options seem to be: mv sites-available*[https://000-defaultwordpress.conf sites-availableorg/plugins/000add-default.conf.bak vi sitesto-availableany/edegan.com.confAddToAny Share Buttons] - Integrates with Google Analytics <VirtualHost *:80> ServerName www.edegan.com ServerAdmin ed@edegan.com Redirect permanent / [https://wwwwordpress.edegan.comorg/plugins/ <simple-social-icons/VirtualHost>Simple Social Icons] - The simplest option <VirtualHost *[https:443> ServerName www.edegan.com Protocols h2 http/1/wordpress.1 DocumentRoot org/varplugins/wwwshared-counts/htmlShared Counts] -- Counts hits (but using a 3rd party for data?) ErrorLog ${APACHE_LOG_DIR}*[https:/error.log CustomLog ${APACHE_LOG_DIR}/accesswordpress.log combined SSLEngine On SSLCertificateFile org/etcplugins/letsencryptwordpress-social-login/live/edegan.com/fullchain.pemWordPress Social Login] - if you want users to log in using their SM accounts (note: has a bimodal ratings distro) SSLCertificateKeyFile *[https:/etc/letsencrypt/live/edegan.com/privkeywordpress.pem # Other Apache Configuration Alias /wiki org/varplugins/wwwjetpack/html/mediawiki/index.php RewriteEngine On RewriteRule ^/*$ %{DOCUMENT_ROOT}/mediawiki/index.php [LJetPack] </VirtualHost> ln -s sites-available/edeganThe plugin used by wordpress.comfor this functionality. The free version should suffice, but this thing is a monster.conf sites-enabled/edeganIt also uses an account on the wordpress.comcloud, which is a pain for those who are self-hosting.conf systemctl reload apache2

Test I went with AddToAny, as it by going to https://wwwhad the most installations, is entirely open-source, and offers all the functionality I need.ssllabs.com/ssltest/

The solution is to edit I used Site Kit plugin for wordpess, and for mediawiki/extensions/PDFEmbed/PDFEmbed.hooks.php. For me it was line 103 that previously said: 'src' => $file->getFullUrl().'#page='.$page,I changed this line made a sitemap to submit to: 'src' => preg_replace("/^http:/i", "https:", $file->getFullUrl())Google.'#page='.$page,

This is mentioned in a comment on a topic page, though presumably for an earlier version: See https://www.mediawiki.org/wiki/TopicManual:Syxow0why4c0cvvmGenerateSitemap.php

In mediawiki: mkdir sitemap php maintenance/generateSitemap.php --memory-limit=50M --fspath=/var/www/html/mediawiki/sitemap/ --identifier=Install VSFTPDedegancom --urlpath=/sitemap/ --server=https://www.edegan.com --compress=yes

With the security restrictions on wordpress, I now need an FTP server Then submit it to get files for themes, plugins, etcGoogle... I like VSFTPD, as its simple, secure, and has a nice standalone config. Old documentation on did this by making an earlier install on the old [[Wordpress Blog Site (Tool)]] pagealias in apache2. Instructions are here: conf from sitemap to /var/www/html/mediawiki/sitemap/, then submitting https://linuxconfigwww.orgedegan.com/howsitemap/sitemap-toindex-setup-ftp-server-on-ubuntu-20-04-focal-fossa-linuxedegancom.xml #in retrospect, I wish I'd used an identifier with 'wiki' in it but what the hey.

aptAnd with that success behind you, install Google XML Sitemaps on Wordpress, chose some settings (on Settings -> XML-get install vsftpdSitemap), and then post the URL to Google: cp https:/etc/vsftpdwww.conf /etc/vsftpdedegan.conf_orig vi /etc/vsftpd.conf #Change the following write_enable=YES local_umask=022 ssl_enable=YES #Add the following (forces ssl) allow_anon_ssl=NO force_local_data_ssl=YES force_local_logins_ssl=YES ssl_tlsv1=YES ssl_sslv2=YES ssl_sslv3=YES com/etcblog/initsitemap.d/vsftpd restartxml

Then add It seems Yoast already builds a user and set sitemap, you just need to submit to it upGoogle... (I uninstalled XML Sitemaps): useradd -m blog passwd blog usermod -a -G www-data blog usermod -d https:/var/www.edegan.com/htmlblog/blog blogsitemap_index.xml

See also: *http://praveen.kumar.in/2009/05/31/setting-To set up-ftps-HTTPS using-vsftpd-for-wordpress-plugins-auto-upgrade/*Let's Encrypt, see https://askubuntulinuxize.com/questionspost/14371/howsecure-toapache-setupwith-ftplet-tos-useencrypt-inon-locallyubuntu-hosted20-wordpress04/

To address Install it and make some of the issues with the FTP server's file permissions in wordpress add to wpdirectories... apt update apt install certbot openssl dhparam -configout /etc/ssl/certs/dhparam.php:pem 2048 takes ~20 secs define( 'WP_CONTENT_DIR', 'wpmkdir -p /var/lib/letsencrypt/.well-content' );known define( 'FTP_BASE', 'chgrp www-data /var/wwwlib/letsencrypt chmod g+s /htmlvar/bloglib/' );letsencrypt

If I chmod blog:blog Set up the config files vi /varetc/wwwapache2/htmlconf-available/blog then everything seems to work find when I sftp but wordpress is unable to create a directoryletsencrypt.conf Alias /.well-known/acme-challenge/ "/var/lib/letsencrypt/. I can't work out why this is happening. I expect it has to do with the need for another wordpress specific define() statement, but I'm spending too much time on it. So I'm going to use direct installation of plugins instead, and remove the FTP server as it is a point of vulnerability.well-known/acme-challenge/" apt-get remove vsftpd<Directory "/var/lib/letsencrypt/"> AllowOverride None Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec Require method GET POST OPTIONS userdel blog</Directory>

vi /etc/apache2/conf-available/ssl-params.conf SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA- CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 SSLHonorCipherOrder off SSLSessionTickets off SSLUseStapling On SSLStaplingCache "shmcb:logs/ssl_stapling(32768)" SSLOpenSSLConfCmd DHParameters "/etc/ssl/certs/dhparam.pem" Header always set Strict-Transport-Security "max-age===Final Configuration Changes===63072000"

Lock down apache somewhat further (as now there are directories that shouldn't be listable, etc.)Enable some apache2 mods! cd /etc/apache2a2enmod ssl vi apache2.confa2enmod headers #Change the directory definitions. Notes that if -SomeOption is used then other options must have + or - in front of them: a2enconf letsencrypt <Directory /var/www/html> Options a2enconf ssl-Indexes +FollowSymLinks AllowOverride All Require all granted </Directory>params sudo a2enmod http2 systemctl reload apache2 #To debug: systemctl status apache2.service

====Remove Run certbot! certbot certonly --agree-tos --email ed@edegan.com --webroot -w /var/lib/letsencrypt/ -d edegan.com -d www.edegan.com Note that I needed an @ entry in my A record for edegan.com pointed to my IP address to get the debug setup====main challenge to succeed.

In the wiki Then set up a new apache2 config file (LocalSettings.php), comment the debug lines (I can't see when I added them from the documentation, but if you want to see error messages during the config, you'd want them uncommentedin /etc/apache): #error_reporting( mv sites-available/000-default.conf sites-available/000-default.conf.bak vi sites-1 );available/edegan.com.conf <VirtualHost *:80> ServerName www.edegan.com ServerAdmin ed@edegan.com Redirect permanent / https://www.edegan.com/ </VirtualHost> #ini_set( 'display_errors',<VirtualHost *:443> ServerName www.edegan.com Protocols h2 http/1.1 ); DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLEngine On SSLCertificateFile /etc/letsencrypt/live/edegan.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/edegan.com/privkey.pem #Other Apache Configuration Alias /wiki /var/www/html/mediawiki/index.php RewriteEngine On RewriteRule ^/*$wgShowExceptionDetails = true;%{DOCUMENT_ROOT}/mediawiki/index.php [L] #$wgShowDBErrorBacktrace = true;</VirtualHost> ln -s sites-available/edegan.com.conf sites-enabled/edegan.com.conf #$wgShowSQLErrors = true;systemctl reload apache2

Check the permissions set using $wgGroupPermissions - see Test it by going to https://www.mediawikissllabs.orgcom/wikissltest/Manual:User_rights

Run all the updates to the blogFinally, edit /etc/cron., from d/certbot and append the following to the consol before locking it down. Then in wplast line (after -config.php, lock down the ability to install plugins, etc., by commentingrenew): #define('FS_METHOD','direct');--renew-hook "systemctl reload apache2" certbot renew --dry-run Tests the renewal! ====PDFEmbed Issue====

Edit Enabling and requiring HTTPS causes an issue with PDFEmbed on mediawiki, where you get a blank frame. The PDF is still there, other images load fine, but the PDF frame won't render the PDF.htaccess files in blog The problem is actually that the PDF is served with HTTP and the rest of the page is served with HTTPS, and Chrome (and perhaps other browsers) don't render the insecure content as a consequence (see [https://www.mediawiki to allow access .org/wiki/Topic:Uhgnq0wbmzfurbj0] for a description of the symptoms, but with appropriate restrictionsnot the solution.).

Note The solution is to edit mediawiki/extensions/PDFEmbed/PDFEmbed.hooks.php. For me it was line 103 that the rewrite rules for the blog are in its .htaccess filepreviously said: <IfModule mod_rewrite'src' => $file->getFullUrl().'#page='.c>$page, RewriteEngine OnI changed this line to: RewriteBase 'src' => preg_replace("/blog^http:/ RewriteRule ^index\.phpi", "https:", $ file- [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule >getFullUrl()). /blog/index'#page='.php [L] </IfModule>$page,

To make the blog the defaultThis is mentioned in a comment on a topic page, edit /etc/apache/sites-available-edegan.com.conf, add though presumably for an alias (don't alias to index.php as it will cause design issues, the rewrite rule for that is already in the .htaccess file!)earlier version: https: Alias /blog /var/www.mediawiki.org/html/blogwiki/Topic:Syxow0why4c0cvvm

====Another Issue==== Interestingly, I started getting a message from Google Chrome whenever I went to post wiki entries saying: "The information you’re about to submit is not secure". There's an option to "Proceed anyway" or "Go back".  This started after I had MultiTail running viewing apache's logs, but I couldn't see, beyond some kind of file lock examination, how it could work. I figured that it was a coincidence and something else might have happened.  My first thought was that my SSL certificate might have expired. However, the certificate looks valid and good, and the issue survived a reboot. By inspecting the webpages (in Chrome) and then reviewing the Console, I could see that it was caused by a mixed content problem: Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure font '<URL>'. This request has been blocked; the content must be served over HTTPS. It seemed that I somehow have some font addresses hardcoded somewhere: Mixed Content: The page at ... was loaded over HTTPS, but requested an insecure font 'http://128.42.44.180/mediawiki/resources/assets/fonts/BonvenoCF-Light.otf'. This request has been blocked; the content must be served over HTTPS. The copy of Chrome on my desktop must somehow have been upgraded? Or something else changed to cause a change in behavior... The IP is from the old web server at the McNair Center, suggesting that when I migrated the McNair database into the new wiki, I migrated this issue. (Note that it doesn't appear to be something hardcoded into a .css file, or similar -- I can't find any trace on the filesystem and besides, this wiki was built from a fresh install.)  I found the URLs hardcoded in [[MediaWiki:Common.css]] (it must have been moved with the last big batch of pages and I somehow didn't notice!) but then couldn't edit it! It seems that following [https://www.mediawiki.org/wiki/MediaWiki_1.32/interface-admin Mediawiki 1.32], the rights to edit the interface were separated out, and users now need the editinterface right to change anything in the Mediawiki namespace. So, I went to [[Special:UserRights]] and gave myself permission. Then I edited the page, which changed the look-and-feel of my editor (I have no idea why), removed the consol messages, but left the problem (even after ctrl-shift-r cache flush on Chrome). ===Install VSFTPD=== With the security restrictions on wordpress, I now need an FTP server to get files for themes, plugins, etc. I like VSFTPD, as its simple, secure, and has a nice standalone config. Old documentation on an earlier install on the old [[Wordpress Blog Site (Tool)]] page. Instructions are here: https://linuxconfig.org/how-to-setup-ftp-server-on-ubuntu-20-04-focal-fossa-linux  apt-get install vsftpd cp /etc/vsftpd.conf /etc/vsftpd.conf_orig vi /etc/vsftpd.conf #Change the following write_enable=YES local_umask=022 ssl_enable=YES #Add the following (forces ssl) allow_anon_ssl=NO force_local_data_ssl=YES force_local_logins_ssl=YES ssl_tlsv1=YES ssl_sslv2=YES ssl_sslv3=YES /etc/init.d/vsftpd restart Then add a user and set it up: useradd -m blog passwd blog usermod -a -G www-data blog usermod -d /var/www/html/blog blog Test it: ftp 127.0.0.1 sftp 127.0.0.1 See also: *http://praveen.kumar.in/2009/05/31/setting-up-ftps-using-vsftpd-for-wordpress-plugins-auto-upgrade/*https://askubuntu.com/questions/14371/how-to-setup-ftp-to-use-in-locally-hosted-wordpress To address some of the issues with the FTP server's file permissions in wordpress add to wp-config.php: define( 'WP_CONTENT_DIR', 'wp-content' ); define( 'FTP_BASE', '/var/www/html/blog/' ); If I chmod blog:blog /var/www/html/blog then everything seems to work find when I sftp but wordpress is unable to create a directory... I can't work out why this is happening. I expect it has to do with the need for another wordpress specific define() statement, but I'm spending too much time on it. So I'm going to use direct installation of plugins instead, and remove the FTP server as it is a point of vulnerability. apt-get remove vsftpd userdel blog ===Final Configuration Changes to Apache=== Lock down apache somewhat further (as now there are directories that shouldn't be listable, etc.) cd /etc/apache2 vi apache2.conf #Change the directory definitions. Notes that if -SomeOption is used then other options must have + or - in front of them: <Directory /var/www/html> Options -Indexes +FollowSymLinks AllowOverride All Require all granted </Directory> systemctl reload apache2 #To debug: systemctl status apache2.service ====Remove the debug setup==== In the wiki (LocalSettings.php), comment the debug lines (I can't see when I added them from the documentation, but if you want to see error messages during the config, you'd want them uncommented): #error_reporting( -1 ); #ini_set( 'display_errors',1 ); #$wgShowExceptionDetails = true; #$wgShowDBErrorBacktrace = true; #$wgShowSQLErrors = true; Check the permissions set using $wgGroupPermissions - see https://www.mediawiki.org/wiki/Manual:User_rights Run all the updates to the blog, etc., from the consol before locking it down. Then in wp-config.php, lock down the ability to install plugins, etc., by commenting: #define('FS_METHOD','direct'); Edit the .htaccess files in blog and mediawiki to allow access but with appropriate restrictions. Note that the rewrite rules for the blog are in its .htaccess file <IfModule mod_rewrite.c> RewriteEngine On RewriteBase /blog/ RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /blog/index.php [L] </IfModule> To make the blog the default, edit /etc/apache/sites-available-edegan.com.conf, add an alias (don't alias to index.php as it will cause design issues, the rewrite rule for that is already in the .htaccess file!): Alias /blog /var/www/html/blog/ And change: RewriteRule ^/*$ %{DOCUMENT_ROOT}/mediawiki/index.php [L] To: RewriteRule ^/*$ %{DOCUMENT_ROOT}/blog/index.php [L] Then: systemctl reload apache2 Note: Don't change the DocumentRoot to the blog, as this will destroy the design of the wiki. The last rewrite rule will decide the default site! ===Changing the Wordpress url=== It seems likely that some Reddit bots are automatically blocking postings with the word blog in their URL. So I decided to move my Wordpress installation from /blog to /journal.  Note that I briefly tried 'article' (singular to save letters). I also considered 'paper', which is shorter but not quite right. Likewise study, etc. Also digest (which was a close second), review, bulletin, and pub (which was just too ambiguous). The problem with article is that although it looks good for article URLS, the landing URL is then www.edegan.com/article. A collection word is better. And journal appeals to the academic in me. To do this takes about 10 minutes (see https://wordpress.org/support/article/moving-wordpress/). You have to:#Make the change in Wordpress through wp-admin (you have to do this first!) - Set both the Wordpress Address (URL) and Site Address (URL) fields#Move the directory to the new name (at this point I could access www.edegan.com/article)#Fix aliases in apache and the default subdomain for landing (see below)#Fix the permalinks (update the .htaccess file)#Fix the links hardcoded in menus#(Create and) load up a new icon image (it is set under Appearance -> Customize -> Site Identity)#Run any updates etc.#Reconnect Google site kit#Rerun Yoast SEO optimizer To fix the main alias in apache: vi /etc/apache2/sites-available/edegan.com.conf Change: Alias /blog /var/www/html/blog/ RewriteRule ^/*$ %{DOCUMENT_ROOT}/blog/index.php [L] systemctl reload apache2 I also needed to:#Perform a backup (I really should have done this before moving the site but hey...)#Fix the images etc. (they initially fine... but I came to suspect that they were cached and an HTML inspected revealed the wrong URLs) Do the backup (with a user that has process privileges): cd /bulk/backups mysqldump --add-drop-table -h localhost -u user -p wordpress | gzip > wordpress-20210209.sql.gz or mysqldump --add-drop-table -h localhost -u user -p wordpress > wordpress-20210209.sql Then install and use Velvet Blues (see https://www.wpbeginner.com/plugins/how-to-update-urls-when-moving-your-wordpress-site/) and use it to change the URLs (use https:// as a page inspection shows that this is correct) ===Another Change to the Wordpress URL and some updates === As root get the mysql dbase details: mysql -p #hint: tsn select host, user from mysql.user; show databases; Read mail: less /var/mail/$(whoami) Look in wp-config.php for dbase, user, pword etc. cat /var/www/html/journal/wp-config.php Back up the dbase mysqldump --add-drop-table -h localhost -u root -p wordpress > wordpress-20220814.sql Change settings (on https://www.edegan.com/journal/wp-admin/options-general.php)* WordPress Address (URL)** https://www.edegan.com/articles* Site Address (URL)** https://www.edegan.com/articles Move the folder: cd /var/www/html/ mv journal articles Reload: https://www.edegan.com/articles/wp-admin/options-general.php? Fix the .htaccess file to do the permalinks cd articles vi .htaccess #change 2 instances of journal to articles Fix the links in the menu on https://www.edegan.com/articles/wp-admin/customize.php?* Change links in menus! (2 instances - then publish) Upgrade php to 7.4 sudo apt-add-repository ppa:ondrej/php apt update apt install -y php7.4 php7.4-cli php7.4-common php7.4-fpm apt install -y php7.4-mysql php7.4-dom php7.4-simplexml php7.4-ssh2 php7.4-xml php7.4-xmlreader php7.4-curl php7.4-exif php7.4-ftp php7.4-gd php7.4-iconv php7.4-imagick php7.4-json php7.4-mbstring php7.4-posix php7.4-sockets php7.4-tokenizer apt install -y php7.4-mysqli php7.4-pdo php7.4-sqlite3 php7.4-ctype php7.4-fileinfo php7.4-zip php7.4-exif a2dismod php7.3 a2enmod php7.4 a2enmod proxy_fcgi setenvif a2enconf php7.4-fpm systemctl reload apache2 Update wordpress* Note that I have wordpress chown -R root:root for articles and then www-data:www-data for wp-content.* Didn't read: https://www.edegan.com/articles/wp-admin/update-core.php?action=do-core-upgrade Do the update /var/www/html# chown -R www-data:www-data articles/ run update in wp-admin * Update all the plugins* Update themes* Wordfence** Update .htaccess for extended protection. Reharden: chown -R root:root articles/ chown -R www-data:www-data articles/wp-content/ Fix the alias in apache! vi /etc/apache2/sites-available/edegan.com.conf Alias /journal /var/www/html/articles Alias /articles /var/www/html/article Alias /blog /var/www/html/blog RewriteRule ^/*$ %{DOCUMENT_ROOT}/articles/index.php [L] #Redirect the journal root to articles Redirect permanent /journal https://www.edegan.com/articles systemctl reload apache2 Plugins etc.* Site Kit by Google** Setup! (sign in using dredegan@gmail.com)* Yoast SEO** Rerun optimization Fix image links, etc.* I repointed the /journal and /blog aliases* Run the velvet blues plugin Fix the icon:* https://www.edegan.com/articles/wp-content/uploads/2021/02/edegandotcomslashjournal-LightGreyOnDarkBlue.png* In Z:\projects\WebDesign\LogosV2.xcf* Export as edegandotcomslasharticles-LightGreyOnDarkBlue.png* Set under Site Identity ===Useful tools=== ====Multitail==== I installed [https://www.vanheusden.com/multitail/manual.php Multitail]: apt-get multitail The [https://www.vanheusden.com/multitail/manual.php manual] is pretty weak, but the [https://www.vanheusden.com/multitail/examples.php examples] are good and the [https://www.vanheusden.com/multitail/features.php feature list] is excellent. Here's some useful commands to review log files: multitail -cS apache -ev "Bot" /var/log/apache2/access.log -ci white -e "Bot" -I /var/log/apache2/access.log multitail -cS apache -ev "Bot" -ev "bot" -ev "internal dummy connection" /var/log/apache2/access.log ====Traceroute====  apt install traceroute Note: [https://zmap.io/ Zmap] seems popular nowadays, based on traffic logs. ====Other==== Connect with smb from Mother to Father: smbclient //192.168.2.200/sharename -U Domainname/username Note that you need to specify the domain. Mount a thru connection: mount -t cifs -o user=username //192.168.2.200/sharename /mnt/father ln -s /mnt/father/whatever/ /bulk/whatever ==Old machines== For the configuration of the servers built for the McNair Center, see the old [[Center IT]] page or the pages below:*[[Database Server Documentation]]*[[RDP Documentation]]**[[Server Backup Policy]]**[[Power Backup]]*[[Test Web Server Documentation]]*[[Web Server Documentation]]**[[Wiki Configuration]]**[[Security on the wiki]] Some of this information is still useful! In addition, at UC Berkeley, Ed designed and built three machines - two postgresql database servers and a wiki server. The documentation is here:*[[Haas PhD Server Configuration]]*[[Posgres Server Configuration]] -- documents the build of postgres2

In addition, at UC Berkeley, Ed designed and built three machines - two postgresql database servers and a wiki server. The documentation is here:*Some [[Haas PhD Server Private Configuration]]*[[Posgres Server Configuration]] -- documents changes to the research computing setup are not recorded on the build of postgres2public wiki pages.