We then had to fix the passwords in the dbase:
#Note: change passwords from hints hint before running
SELECT User, Host, Password FROM mysql.user;
UPDATE mysql.user SET Password = PASSWORD('tsnhint') WHERE User = 'root'; UPDATE mysql.user SET Password = PASSWORD('tsnhint') WHERE User = 'debian-sys-maint'; UPDATE mysql.user SET Password = PASSWORD('tsnhint') WHERE User = 'mcnair_wp';
To do the front page, I copied the source of [ Template:Main page] from mediawiki to a page (called Test) and created [Template:Main page/styles.css] using [ mediawiki's code]. Then I rejigged the contents of the page!
The only minor but non-obvious change, was that I used h2 headings inside each mainpage_box, rather than h3's. As a consequence, I needed to add the following to [[Template:Main_page/styles.css]]:
.mainpage_box h2 {
border-bottom: none;
.mainpage_box h2 .header_icon {
margin-right: 5px;
Old instructions[] suggest using [[Special:ExpandTemplate]] on mediawiki's wiki, with the input text <nowiki>{{:MediaWiki}}</nowiki>. But this isn't necessary as the template doesn't need expanding in its current (at the time of writing) incarnation. Naturally, the page works well on MobileFrontend.
pg_dump -Fc stockmarket > stockmarket_Fc_20201023.dump
pg_dump -Fc vcdb4 > vcdb4_Fc_20201023.dump
The second backoff failed:
======Switching over the installations======
So, I took an the alternative approachof changing the data folders [].
The plan:
data_directory = '/data/postgres'
port = 5432
listen_addresses = '*'
#While we are here do some performance tuning:
shared_buffers = 512MB
work_mem = 4GB
maintenance_work_mem = 64
max_stack_depth = 24MB
effective_cache_size = 384GB
#Note that I didn't reduce the number of connections (and the max_wal_senders, which must be < max connections), or change max_stack_depth (which gives an error if you set it too high) vi /etc/postgresql/12/master/pg_hba.conf Copy over the config to allow access from inside the network
Move the data:
12 master 5432 online postgres /data/postgres /var/log/postgresql/postgresql-12-master.log
Do the installs for some extensions: apt-get install postgresql-12-plr apt-get install postgresql-plperl-12 postgresql-plpython3-12 Check it all works: psql postgres CREATE EXTENSION postgis; CREATE EXTENSION plr; CREATE EXTENSION plperl; CREATE EXTENSION plpython3u; \dx List of installed extensions Name | Version | Schema | Description---------+---------+------------+--------------------------------------------------------------------- plpgsql | 1.0 | pg_catalog | PL/pgSQL procedural language postgis | 3.0.0 | public | PostGIS geometry, geography, and raster spatial types and functions (2 rows) Make the user: createuser --interactive researcher Then restore the databases(as researcher in /bulk/backup): createdb stockmarket pg_restore -Fc -d stockmarket stockmarket_Fc_20201023.dump createdb vcdb4 pg_restore -Fc -d vcdb4 vcdb4_Fc.dump The restore threw some errors related to not having extension plpythonu, but otherwise seemed fine. The issue seems to be that pythonu is python2[], and python2 is not available for postgres 12 (it might be here: apt-cache search ".*plpython*.*"
====Other Fixes====
Once I'm all done with the theme etc., I can uncomment the following from wp-config.php
define('DISALLOW_FILE_EDIT', true);
{{Colored box|title=Notice|content=With hardened permissions, you won't be able to update Wordpress from the dashboard. To fix this, set ownership of the entire wordpress directory to www-data:www-data (i.e., chown -R www-data:www-data blog/), run the update, and then revert the ownership to root (or some other account).}}
This is mentioned in a comment on a topic page, though presumably for an earlier version:
====Another Issue====
Interestingly, I started getting a message from Google Chrome whenever I went to post wiki entries saying:
"The information you’re about to submit is not secure". There's an option to "Proceed anyway" or "Go back".
This started after I had MultiTail running viewing apache's logs, but I couldn't see, beyond some kind of file lock examination, how it could work. I figured that it was a coincidence and something else might have happened.
My first thought was that my SSL certificate might have expired. However, the certificate looks valid and good, and the issue survived a reboot.
By inspecting the webpages (in Chrome) and then reviewing the Console, I could see that it was caused by a mixed content problem:
Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure font '<URL>'.
This request has been blocked; the content must be served over HTTPS.
It seemed that I somehow have some font addresses hardcoded somewhere:
Mixed Content: The page at ... was loaded over HTTPS, but requested an insecure font
This request has been blocked; the content must be served over HTTPS.
The copy of Chrome on my desktop must somehow have been upgraded? Or something else changed to cause a change in behavior...
The IP is from the old web server at the McNair Center, suggesting that when I migrated the McNair database into the new wiki, I migrated this issue. (Note that it doesn't appear to be something hardcoded into a .css file, or similar -- I can't find any trace on the filesystem and besides, this wiki was built from a fresh install.)
I found the URLs hardcoded in [[MediaWiki:Common.css]] (it must have been moved with the last big batch of pages and I somehow didn't notice!) but then couldn't edit it! It seems that following [ Mediawiki 1.32], the rights to edit the interface were separated out, and users now need the editinterface right to change anything in the Mediawiki namespace. So, I went to [[Special:UserRights]] and gave myself permission. Then I edited the page, which changed the look-and-feel of my editor (I have no idea why), removed the consol messages, but left the problem (even after ctrl-shift-r cache flush on Chrome).
===Install VSFTPD===
userdel blog
===Final Configuration Changesto Apache===
Lock down apache somewhat further (as now there are directories that shouldn't be listable, etc.)
Note: Don't change the DocumentRoot to the blog, as this will destroy the design of the wiki. The last rewrite rule will decide the default site!
==Old machines=Changing the Wordpress url=== It seems likely that some Reddit bots are automatically blocking postings with the word blog in their URL. So I decided to move my Wordpress installation from /blog to /journal.  Note that I briefly tried 'article' (singular to save letters). I also considered 'paper', which is shorter but not quite right. Likewise study, etc. Also digest (which was a close second), review, bulletin, and pub (which was just too ambiguous). The problem with article is that although it looks good for article URLS, the landing URL is then A collection word is better. And journal appeals to the academic in me. To do this takes about 10 minutes (see You have to:#Make the change in Wordpress through wp-admin (you have to do this first!) - Set both the Wordpress Address (URL) and Site Address (URL) fields#Move the directory to the new name (at this point I could access aliases in apache and the default subdomain for landing (see below)#Fix the permalinks (update the .htaccess file)#Fix the links hardcoded in menus#(Create and) load up a new icon image (it is set under Appearance -> Customize -> Site Identity)#Run any updates etc.#Reconnect Google site kit#Rerun Yoast SEO optimizer
To fix the main alias in apache: vi /etc/apache2/sites-available/ Change: Alias /blog /var/www/html/blog/ RewriteRule ^/*$ %{DOCUMENT_ROOT}/blog/index.php [L] systemctl reload apache2 I also needed to:#Perform a backup (I really should have done this before moving the site but hey...)#Fix the images etc. (they initially fine... but I came to suspect that they were cached and an HTML inspected revealed the wrong URLs) Do the backup (with a user that has process privileges): cd /bulk/backups mysqldump --add-drop-table -h localhost -u user -p wordpress | gzip > wordpress-20210209.sql.gz or mysqldump --add-drop-table -h localhost -u user -p wordpress > wordpress-20210209.sql Then install and use Velvet Blues (see and use it to change the URLs (use https:// as a page inspection shows that this is correct) ===Another Change to the Wordpress URL and some updates === As root get the mysql dbase details: mysql -p #hint: tsn select host, user from mysql.user; show databases; Read mail: less /var/mail/$(whoami) Look in wp-config.php for dbase, user, pword etc. cat /var/www/html/journal/wp-config.php Back up the dbase mysqldump --add-drop-table -h localhost -u root -p wordpress > wordpress-20220814.sql Change settings (on* WordPress Address (URL)*** Site Address (URL)** Move the folder: cd /var/www/html/ mv journal articles Reload: Fix the .htaccess file to do the permalinks cd articles vi .htaccess #change 2 instances of journal to articles Fix the links in the menu on* Change links in menus! (2 instances - then publish) Upgrade php to 7.4 sudo apt-add-repository ppa:ondrej/php apt update apt install -y php7.4 php7.4-cli php7.4-common php7.4-fpm apt install -y php7.4-mysql php7.4-dom php7.4-simplexml php7.4-ssh2 php7.4-xml php7.4-xmlreader php7.4-curl php7.4-exif php7.4-ftp php7.4-gd php7.4-iconv php7.4-imagick php7.4-json php7.4-mbstring php7.4-posix php7.4-sockets php7.4-tokenizer apt install -y php7.4-mysqli php7.4-pdo php7.4-sqlite3 php7.4-ctype php7.4-fileinfo php7.4-zip php7.4-exif a2dismod php7.3 a2enmod php7.4 a2enmod proxy_fcgi setenvif a2enconf php7.4-fpm systemctl reload apache2 Update wordpress* Note that I have wordpress chown -R root:root for articles and then www-data:www-data for wp-content.* Didn't read: Do the update /var/www/html# chown -R www-data:www-data articles/ run update in wp-admin * Update all the plugins* Update themes* Wordfence** Update .htaccess for extended protection. Reharden: chown -R root:root articles/ chown -R www-data:www-data articles/wp-content/ Fix the alias in apache! vi /etc/apache2/sites-available/ Alias /journal /var/www/html/articles Alias /articles /var/www/html/article Alias /blog /var/www/html/blog RewriteRule ^/*$ %{DOCUMENT_ROOT}/articles/index.php [L] #Redirect the journal root to articles Redirect permanent /journal systemctl reload apache2 Plugins etc.* Site Kit by Google** Setup! (sign in using* Yoast SEO** Rerun optimization Fix image links, etc.* I repointed the /journal and /blog aliases* Run the velvet blues plugin Fix the icon:** In Z:\projects\WebDesign\LogosV2.xcf* Export as edegandotcomslasharticles-LightGreyOnDarkBlue.png* Set under Site Identity ===Useful tools=== ====Multitail==== I installed [ Multitail]: apt-get multitail The [ manual] is pretty weak, but the [ examples] are good and the [ feature list] is excellent. Here's some useful commands to review log files: multitail -cS apache -ev "Bot" /var/log/apache2/access.log -ci white -e "Bot" -I /var/log/apache2/access.log multitail -cS apache -ev "Bot" -ev "bot" -ev "internal dummy connection" /var/log/apache2/access.log ====Traceroute====  apt install traceroute Note: [ Zmap] seems popular nowadays, based on traffic logs. ====Other==== Connect with smb from Mother to Father: smbclient // -U Domainname/username Note that you need to specify the domain. Mount a thru connection: mount -t cifs -o user=username // /mnt/father ln -s /mnt/father/whatever/ /bulk/whatever ==Old machines== For the configuration of the servers built for the McNair Center, see the old [[Center IT]] page or the pages below:*[[Database Server Documentation]]*[[RDP Documentation]]
**[[Server Backup Policy]]
**[[Power Backup]]
*[[Haas PhD Server Configuration]]
*[[Posgres Server Configuration]] -- documents the build of postgres2
== [[Private Configuration]] ==
Some [[Private Configuration]] changes to the research computing setup are not recorded on the public wiki pages.

