Difference between revisions of "SAC:staging2.www.osgeo.org"
(Created page with "wwwosgeo (staging server) is running on winnie.postgis.net virtual box ssh port 53022, passwords on secure/access server Virtual Box use VMDK, dynamically allocated, 100GB Sta...") |
|||
Line 1: | Line 1: | ||
wwwosgeo (staging server) is running on winnie.postgis.net virtual box ssh port 53022, passwords on secure/access server | wwwosgeo (staging server) is running on winnie.postgis.net virtual box ssh port 53022, passwords on secure/access server | ||
− | Virtual Box use VMDK, dynamically allocated, 100GB | + | |
− | Start with debian-9.3.0-amd64-netinst.iso image ( https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-9.3.0-amd64-netinst.iso (2017-12-09) | + | # Virtual Box use VMDK, dynamically allocated, 100GB |
+ | # Start with debian-9.3.0-amd64-netinst.iso image ( https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-9.3.0-amd64-netinst.iso (2017-12-09) | ||
(Regular install, don't use graphical) | (Regular install, don't use graphical) | ||
− | set mirror to debian.csail.mit.edu | + | # set mirror to debian.csail.mit.edu |
− | Participate in Package Usage: Yes | + | # Participate in Package Usage: Yes |
− | Uncheck Debian Desktop Environment | + | # Uncheck Debian Desktop Environment |
− | Check SSH server | + | # Check SSH server |
− | Check Web Server | + | # Check Web Server |
− | Uncheck Print Server | + | # Uncheck Print Server |
− | Install Grub | + | # Install Grub |
− | Select 2nd option (only drive) | + | # Select 2nd option (only drive) |
=== Install LDAP === | === Install LDAP === | ||
− | su root | + | su root |
− | apt install locales-all libpam-ldapd libnss-ldapd | + | apt install locales-all libpam-ldapd libnss-ldapd |
− | apt install sudo | + | apt install sudo |
− | apt install tcsh | + | apt install tcsh |
+ | |||
− | #During install fill in below and check passwd, group, shadow | + | # During install fill in below and check passwd, group, shadow |
apt install ldapscripts | apt install ldapscripts | ||
Line 41: | Line 43: | ||
------------------------------- | ------------------------------- | ||
− | copy contents of /etc/nslcd.conf from osgeo6 | + | # copy contents of /etc/nslcd.conf from osgeo6 |
− | nano /etc/nsswitch.conf | + | # nano /etc/nsswitch.conf |
conf should look like | conf should look like | ||
------------------------------------------------------ | ------------------------------------------------------ | ||
Line 77: | Line 79: | ||
getent passwd robe | getent passwd robe | ||
− | + | * should output: | |
robe:x:15108:100:Regina Obe:/home/robe:/bin/bash | robe:x:15108:100:Regina Obe:/home/robe:/bin/bash | ||
ldapsearch -x uid=robe | ldapsearch -x uid=robe | ||
− | + | * should output a lot of information about Regina | |
cp -a /etc/skel /home/robe | cp -a /etc/skel /home/robe | ||
chown -R robe:100 /home/robe | chown -R robe:100 /home/robe | ||
− | + | * add robe to sudoers | |
sudo usermod -a -G sudo robe | sudo usermod -a -G sudo robe | ||
sudo usermod -a -G www-data robe | sudo usermod -a -G www-data robe | ||
Line 97: | Line 99: | ||
− | + | * Install apache, php7 | |
sudo apt install apache2 #was already installed as part of setup so not needed | sudo apt install apache2 #was already installed as part of setup so not needed | ||
− | + | * on debian 9, php7.0 is default, so I can dispense with php7.0 prefix, | |
− | + | * for older, might have to do php7.0, libapache2-mod-php7.0 etc. | |
sudo apt install php php-dev libapache2-mod-php php-mysql php-curl php-gd php-xmlrpc php-intl php-mcrypt php-xsl | sudo apt install php php-dev libapache2-mod-php php-mysql php-curl php-gd php-xmlrpc php-intl php-mcrypt php-xsl | ||
sudo apt install php-ldap | sudo apt install php-ldap |
Revision as of 21:27, 6 January 2018
wwwosgeo (staging server) is running on winnie.postgis.net virtual box ssh port 53022, passwords on secure/access server
- Virtual Box use VMDK, dynamically allocated, 100GB
- Start with debian-9.3.0-amd64-netinst.iso image ( https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-9.3.0-amd64-netinst.iso (2017-12-09)
(Regular install, don't use graphical)
- set mirror to debian.csail.mit.edu
- Participate in Package Usage: Yes
- Uncheck Debian Desktop Environment
- Check SSH server
- Check Web Server
- Uncheck Print Server
- Install Grub
- Select 2nd option (only drive)
Install LDAP
su root apt install locales-all libpam-ldapd libnss-ldapd apt install sudo apt install tcsh
- During install fill in below and check passwd, group, shadow
apt install ldapscripts
/etc/ldap/ldap.conf should have this
BASE dc=osgeo, dc=org URI ldaps://ldap.osgeo.org/
- SIZELIMIT 12
- TIMELIMIT 15
- DEREF never
TLS_CHECKPEER yes TLS_REQCERT demand TLS_CACERT /etc/ssl/certs/ca-certificates.crt #this file you need to copy from osgeo6 as well pam_groupdn cn=telascience,ou=Shell,dc=osgeo,dc=org #not though telascience is defunct so not sure what that cn nss_base_passwd ou=People,dc=osgeo,dc=org nss_base_shadow ou=People,dc=osgeo,dc=org nss_base_group ou=Group,dc=osgeo,dc=org ldap_version 3 pam_password md5 bind_policy soft
- copy contents of /etc/nslcd.conf from osgeo6
- nano /etc/nsswitch.conf
conf should look like
# /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file.
passwd: compat ldap group: compat ldap shadow: compat gshadow: files
hosts: files dns networks: files
protocols: db files ldap services: db files ldap ethers: db files rpc: db files
netgroup: nis aliases: ldap
service nscd restart service nslcd restart service ssh restart
Verify ldap authentication and query all set up
getent passwd robe
- should output:
robe:x:15108:100:Regina Obe:/home/robe:/bin/bash
ldapsearch -x uid=robe
- should output a lot of information about Regina
cp -a /etc/skel /home/robe chown -R robe:100 /home/robe
- add robe to sudoers
sudo usermod -a -G sudo robe sudo usermod -a -G www-data robe
should now be able to log in as robe
Installing PHP, MariaDb etc for wordpress
sudo apt install mariadb-server #installed Mariadb 10.1
- Install apache, php7
sudo apt install apache2 #was already installed as part of setup so not needed
- on debian 9, php7.0 is default, so I can dispense with php7.0 prefix,
- for older, might have to do php7.0, libapache2-mod-php7.0 etc.
sudo apt install php php-dev libapache2-mod-php php-mysql php-curl php-gd php-xmlrpc php-intl php-mcrypt php-xsl sudo apt install php-ldap
Download backups and restore, and setup website
copy configs to etc/apache2/sites-available (for this server I created staging version) copy database and sql backups from old server to /var/www/backups
sudo a2dissite 000-default.conf sudo a2ensite staging.www.osgeo.org.conf sudo a2enmod rewrite sudo a2enmod file_cache sudo a2enmod expires
cd /var/www/backups tar -xvf osgeo_wp_daily.tar.gz mv osgeo.org /var/www/staging.osgeo.org
cd /var/www sudo chown -R www-data:www-data staging.osgeo.org sudo chmod -R 770 staging.osgeo.org
- create new database and user and restore backup
mysql CREATE USER 'osgeo_site' @'localhost' IDENTIFIED BY 'look in config for password';
CREATE DATABASE staging_osgeo; GRANT ALL ON staging_osgeo.* TO 'osgeo_site'@'localhost'; exit
- restore backup
cd /var/www/backups sudo gunzip osgeo_daily.sql.gz sudo mysql --user=root staging_osgeo < osgeo_daily.sql
sudo apt update sudo apt upgrade sudo reboot
- you may need to fiddle with the www/osgeo.org/httpdocs/core/.htaccess if you are setting up a dev
sudo systemctl reload apache2
Install apache, php7
sudo apt install apache2 #was already installed as part of setup so not needed
- on debian 9, php7.0 is default, so I can dispense with php7.0 prefix,
- for older, might have to do php7.0, libapache2-mod-php7.0 etc.
sudo apt install php php-dev libapache2-mod-php php-mysql php-curl php-gd php-xmlrpc php-intl php-mcrypt php-xsl sudo apt install php-ldap
download backups and restore
copy configs to etc/apache2/sites-available (for this server I created staging version) copy database and sql backups from old server to /var/www/backups
sudo a2dissite 000-default.conf sudo a2ensite staging.www.osgeo.org.conf sudo a2enmod rewrite sudo a2enmod file_cache sudo a2enmod expires
cd /var/www/backups tar -xvf osgeo_wp_daily.tar.gz mv osgeo.org /var/www/staging.osgeo.org
cd /var/www sudo chown -R www-data:www-data staging.osgeo.org sudo chmod -R 770 staging.osgeo.org
Create new database and user and restore backup
mysql CREATE USER 'osgeo_site' @'localhost' IDENTIFIED BY 'look in config for password';
CREATE DATABASE staging_osgeo; GRANT ALL ON staging_osgeo.* TO 'osgeo_site'@'localhost'; exit
- restore backup
cd /var/www/backups sudo gunzip osgeo_daily.sql.gz sudo mysql --user=root staging_osgeo < osgeo_daily.sql
sudo apt update sudo apt upgrade sudo reboot
- you may need to fiddle with the www/osgeo.org/httpdocs/core/.htaccess if you are setting up a dev
sudo systemctl reload apache2