Difference between revisions of "Andromeda/Public Server Transfer"

From Nottinghack Wiki
Jump to navigation Jump to search
 
(23 intermediate revisions by 2 users not shown)
Line 16: Line 16:
 
* Debian Wheezy
 
* Debian Wheezy
 
* IPv4 & IPv6 Enabled and Firewalled
 
* IPv4 & IPv6 Enabled and Firewalled
* Ttckeeper (we log all changes to /etc, in a git repo so we know who to blame)
+
* Etckeeper (we log all changes to /etc, in a git repo so we know who to blame)
 
* Nginx (1.4.2 dotdeb maintained)
 
* Nginx (1.4.2 dotdeb maintained)
 
* PHP5-FPM (5.4 dotbeb maintained)
 
* PHP5-FPM (5.4 dotbeb maintained)
Line 23: Line 23:
 
* Dovecot
 
* Dovecot
 
* OpenDKIM
 
* OpenDKIM
* RoundCube (Do we want webmial?)
+
* RoundCube
 
* ViMbAdmin (postfix webadmin, i think this will work for us)
 
* ViMbAdmin (postfix webadmin, i think this will work for us)
 
* phpMyadmin
 
* phpMyadmin
 +
* awstats
 
* new work press
 
* new work press
 
* new mediawiki
 
* new mediawiki
 
* move content* move email* take backups
 
* move content* move email* take backups
  
 +
=== Linode Stack Script ===
 +
Linode provide a the ability to run stackscripts on servers, these are great for doing auto deployment.
 +
I've been working on one for the new server that will get the following stuff setup: --[[User:Lwk|'RepRap' Matt]] ([[User talk:Lwk|talk]])
 +
* system update
 +
* install basic support programs and utilities that no linux should be with our
 +
* setup etckeeper versioning on /etc
 +
* grab config bundle
 +
* time zone ( we are going UTC)
 +
* static ip address
 +
* hostname andromeda.lwk.me
 +
* ditch un-needed dhcp
 +
* iptables and ip6tables
 +
* lockdown ssh config
 +
* add users dpslwk daniel james lwk nottinghack, with shh keys and lock out root
 +
* add dotdeb repo
 +
* install mysql
 +
* setup mysql users
 +
* install php5-fpm and extras
 +
* install nginx
 +
* install postfix, dovecot, opendkim
 +
* ViMbAdmin support packages
 +
* remove exim
 +
* copy across configs
 +
** mysql
 +
** ssl certs?
 +
** nginx
 +
** php5-fpm
 +
** import mail db
 +
** postfix
 +
** dovecot
 +
** openDKIM
 +
** fail2ban
 +
** vimbadmin
 +
* install jungle disk
 +
* clone/install vimbadmin
 +
* base dir setup for sites
 +
* php pool setup
 +
* nginx sites
  
 +
=== Post Stack Script ===
 +
After the stack script there will still be a number of things to check off, install and setup by hand before we are ready for the main site moves.
  
 +
* check ip's
 +
* check hostname/staic ip/resolve/hosts
 +
* check iptables ip6tables
 +
* setup jungle disk backup's
 +
* mysql db backup script
  
 +
 +
Every thing should now be in place to do the big moves detailed below
 +
 +
Other bits to do after the main move
 +
* roundcube install
 +
* ZNC irc bouncer
 +
** install
 +
** xfer config
 +
** update firewall configs and restore
 +
* APC stats page
 +
* awstates http://kamisama.me/2013/03/20/install-configure-and-protect-awstats-for-multiple-nginx-vhost-on-debian/
 +
* [[User:Lwk|'RepRap' Matt]] other sites
  
 
=== Web Root ===
 
=== Web Root ===
Line 39: Line 97:
  
 
All the steps below assume that the webroot is in the backup schedule
 
All the steps below assume that the webroot is in the backup schedule
 +
 +
==== New Folder layout====
 +
The current basic layout of the nottinghack home folder is this:
 +
<pre>/home/nottinghack/+
 +
                  |-planet/                < Planet back end
 +
                  |-public_html/+          < Wordpress install
 +
                  |            |-members/  < members guide pdf (not sure if this is still needed??)
 +
                  |            |-p/        < Planet html files
 +
                  |            |-w/        < Mediawiki install
 +
                  |-www_secure/            < secure web files (dm2tweet)
 +
</pre>
 +
But looking to move to something a little more separated:
 +
<pre>/home/nottinghack/+
 +
                  |-planet/                < Planet back end
 +
                  |-public_html/+            < Wordpress install
 +
                  |          |-members/    < members guide pdf (not sure if this is still needed??)
 +
                  |-public_planet/          < Planet html files
 +
                  |-public_wiki/            < Mediawiki install
 +
                  |-www_secure/            < secure web files (dm2tweet, Wordpress config, Mediawiki config)
 +
</pre>
 +
 +
I like this, but seeing as '''public_wp''' will actually just be the main site and include things like dm2tweet too, why don't we conform a little and call it '''public_html'''? [[User:James|James]] ([[User talk:James|talk]]) 02:18, 21 August 2013 (EST)<br/>
 +
Happy to stick with '''publi_html''' --[[User:Lwk|&#39;RepRap&#39; Matt]] ([[User talk:Lwk|talk]]) 04:45, 22 August 2013 (EST)
 +
 +
==== Databaes ====
 +
On the current server there is just one DB for WP and MW<br />
 +
New config will have three.<br />
 +
<pre>
 +
nh        < general
 +
nh-wp    < wordpress only
 +
nh-wiki  < media wiki only
 +
</pre>
 +
Important design is separate DB's for WP and MW, but have also provisioned a third shared DB for other small things that might need it (planet, dm2tweet, instrumentation, HMS.... etc)
 +
 +
Each will have a it's one user, with the same name as the DB.
  
 
== Planet ==
 
== Planet ==
Line 52: Line 145:
 
=== Set up ===
 
=== Set up ===
  
* Set "p" as seperate site
+
* Set "public_planet" as seperate site
 
* point planet.<new-domain> to point at this site
 
* point planet.<new-domain> to point at this site
 
* Set up cron job to run generator
 
* Set up cron job to run generator
Line 63: Line 156:
  
 
Has a lot of data, but less traffic than the website.  '''Make sure wiki move it announced publicly'''  We could put a temporary banner on the wiki, similar to wikipedia's fund-raising.
 
Has a lot of data, but less traffic than the website.  '''Make sure wiki move it announced publicly'''  We could put a temporary banner on the wiki, similar to wikipedia's fund-raising.
 +
 +
Wiki on nginx guide http://blog.bigdinosaur.org/mediawiki-on-nginx/
  
 
=== First steps ===
 
=== First steps ===
 +
Worth a read http://blog.bigdinosaur.org/mediawiki-on-nginx/
  
* Set up folder "w"
+
* Set up folder "public_wiki"
* point wiki.<new-domain> at "w"
+
* point wiki.<new-domain> at "public_wiki"
 
* Install mediawiki on new server - version 1.19.2 (to match current)
 
* Install mediawiki on new server - version 1.19.2 (to match current)
 
** Use wiki-only database
 
** Use wiki-only database
Line 110: Line 206:
 
=== Set up ===
 
=== Set up ===
  
* Install wordpress on <new-domain>
+
* Install wordpress on <new-domain> under "public_wiki"
 
** Use wordpress-only database
 
** Use wordpress-only database
 +
* for easy wordpress upadte and plugin install pre load ssh access details into wp-config
 +
** seprate ssh key for wp stored under www_secure, need group owner of www-data( check this, should allow for 640 on id_rsa and id_rsa.pub)
 +
** add key to authorized_keys
 +
** add lines to wp-config
 +
** need to check we can get a key with passphrase to work and not have passphrase in config
 +
** need to double check alternative to this might just be the direct method as php pool runs under NottingHack user
 
* Install custom theme
 
* Install custom theme
 
* Install wordpress-plugins
 
* Install wordpress-plugins
 
** http://wordpress.org/plugins/w3-total-cache/
 
** http://wordpress.org/plugins/w3-total-cache/
 +
** nginx compatibility http://www.linuxforu.com/2012/02/wordpress-nginx-part-2-domain-vhost-config-migrating-files-fine-tuning-mysql-apc/
 
* Install custom plugins
 
* Install custom plugins
 
* Ensure url-rewriting working correctly
 
* Ensure url-rewriting working correctly
Line 128: Line 231:
 
* Point nottinghack.org.uk and www.nottinghack.org.uk at site
 
* Point nottinghack.org.uk and www.nottinghack.org.uk at site
 
* Put wordpress database into backup schedule
 
* Put wordpress database into backup schedule
 +
 +
== Mail ==
 +
Need to move over the mail accounts
 +
 +
* Accounts
 +
* Forwards
 +
 +
==Extras==
 +
 +
* Fail2ban
 +
http://www.pontikis.net/blog/fail2ban-install-config-debian-wheezy
 +
http://mattrude.com/projects/roundcube-fail2ban-plugin/
 +
* logwatch
  
 
== Clean up ==
 
== Clean up ==
  
 
Other tools, such as dm2tweet will need moving as well.  These can't be moved until nottinghack.org.uk is pointing at the new webroot.
 
Other tools, such as dm2tweet will need moving as well.  These can't be moved until nottinghack.org.uk is pointing at the new webroot.
 +
 +
 +
[[Category:Network]]

Latest revision as of 06:11, 20 June 2014

All of nottinghack.org.uk will move to a new server, this involves quite a lot of work!

Below is an ordered plan of action

Server Build

Buy the new server, build the OS, install required services (sshd, web server, mysql, etc)

Plan is to base this server on nginx, depending on testing.


Quick list of the planed setup ('RepRap' Matt (talk))

  • ClonDNS (to handle all DNS)
  • Linode 2gb (with Linode Backup)
  • Jungle Disk ( Backups, To cloud files or S3, not sure which yet)
  • Debian Wheezy
  • IPv4 & IPv6 Enabled and Firewalled
  • Etckeeper (we log all changes to /etc, in a git repo so we know who to blame)
  • Nginx (1.4.2 dotdeb maintained)
  • PHP5-FPM (5.4 dotbeb maintained)
  • Mysql (5.5, wheezy core)
  • Postfix
  • Dovecot
  • OpenDKIM
  • RoundCube
  • ViMbAdmin (postfix webadmin, i think this will work for us)
  • phpMyadmin
  • awstats
  • new work press
  • new mediawiki
  • move content* move email* take backups

Linode Stack Script

Linode provide a the ability to run stackscripts on servers, these are great for doing auto deployment. I've been working on one for the new server that will get the following stuff setup: --'RepRap' Matt (talk)

  • system update
  • install basic support programs and utilities that no linux should be with our
  • setup etckeeper versioning on /etc
  • grab config bundle
  • time zone ( we are going UTC)
  • static ip address
  • hostname andromeda.lwk.me
  • ditch un-needed dhcp
  • iptables and ip6tables
  • lockdown ssh config
  • add users dpslwk daniel james lwk nottinghack, with shh keys and lock out root
  • add dotdeb repo
  • install mysql
  • setup mysql users
  • install php5-fpm and extras
  • install nginx
  • install postfix, dovecot, opendkim
  • ViMbAdmin support packages
  • remove exim
  • copy across configs
    • mysql
    • ssl certs?
    • nginx
    • php5-fpm
    • import mail db
    • postfix
    • dovecot
    • openDKIM
    • fail2ban
    • vimbadmin
  • install jungle disk
  • clone/install vimbadmin
  • base dir setup for sites
  • php pool setup
  • nginx sites

Post Stack Script

After the stack script there will still be a number of things to check off, install and setup by hand before we are ready for the main site moves.

  • check ip's
  • check hostname/staic ip/resolve/hosts
  • check iptables ip6tables
  • setup jungle disk backup's
  • mysql db backup script


Every thing should now be in place to do the big moves detailed below

Other bits to do after the main move

Web Root

Before most of the remaining changes can be made, the server will need to have a live webroot. Maybe we can repurpose nottinghack.co.uk temporarily, or register a new domain. Called <new-domain> in steps below.

All the steps below assume that the webroot is in the backup schedule

New Folder layout

The current basic layout of the nottinghack home folder is this: 

/home/nottinghack/+
                  |-planet/                 < Planet back end
                  |-public_html/+           < Wordpress install
                  |             |-members/  < members guide pdf (not sure if this is still needed??)
                  |             |-p/        < Planet html files
                  |             |-w/        < Mediawiki install
                  |-www_secure/             < secure web files (dm2tweet)

But looking to move to something a little more separated: 

/home/nottinghack/+
                  |-planet/                 < Planet back end
                  |-public_html/+             < Wordpress install
                  |           |-members/    < members guide pdf (not sure if this is still needed??)
                  |-public_planet/          < Planet html files
                  |-public_wiki/            < Mediawiki install
                  |-www_secure/             < secure web files (dm2tweet, Wordpress config, Mediawiki config)

I like this, but seeing as public_wp will actually just be the main site and include things like dm2tweet too, why don't we conform a little and call it public_html? James (talk) 02:18, 21 August 2013 (EST)
Happy to stick with publi_html --'RepRap' Matt (talk) 04:45, 22 August 2013 (EST)

Databaes

On the current server there is just one DB for WP and MW
New config will have three.

nh        < general
nh-wp     < wordpress only
nh-wiki   < media wiki only

Important design is separate DB's for WP and MW, but have also provisioned a third shared DB for other small things that might need it (planet, dm2tweet, instrumentation, HMS.... etc)

Each will have a it's one user, with the same name as the DB.

Planet

Easiest to move, so let's move it first. No actual data is involved.

Files

  • Transfer the planet generation files outside of the webroot.
  • Create necessary files underneath webroot (call folder "p")
  • run generator to check that it is pulling in all blogs.

Set up

  • Set "public_planet" as seperate site
  • point planet.<new-domain> to point at this site
  • Set up cron job to run generator

Final

Point planet.nottinghack.org.uk at site

Wiki

Has a lot of data, but less traffic than the website. Make sure wiki move it announced publicly We could put a temporary banner on the wiki, similar to wikipedia's fund-raising.

Wiki on nginx guide http://blog.bigdinosaur.org/mediawiki-on-nginx/

First steps

Worth a read http://blog.bigdinosaur.org/mediawiki-on-nginx/

  • Set up folder "public_wiki"
  • point wiki.<new-domain> at "public_wiki"
  • Install mediawiki on new server - version 1.19.2 (to match current)
    • Use wiki-only database
    • Do not set up any additional users
  • Set up url rewriting
  • Look into APC Cache settings http://www.mediawiki.org/wiki/Manual:$wgMainCacheType
  • Install plugins (some of these are part of normal mediawiki install):
    • Interwiki
    • Renameuser
    • Replace Text
    • CSS
    • MagicNumberedHeadings
    • ParserFunctions
    • Poem
    • SyntaxHighlight
    • Widgets
    • ConfirmEdit
    • CategorySortHeaders
    • Vector
    • WikiEditor

Transfer

  • point wiki.nottinghack.org.uk at splash page explaining transfer
  • Take database dump
  • Extract wiki tables
  • Transfer media files
  • Install database

Final

  • Point wiki.nottinghack.org.uk at site
  • Put wiki database into backup schedule

Website

First steps

  • Update nottinghack.org.uk to latest Wordpress
  • Update all plugins

Set up

  • Install wordpress on <new-domain> under "public_wiki"
    • Use wordpress-only database
  • for easy wordpress upadte and plugin install pre load ssh access details into wp-config
    • seprate ssh key for wp stored under www_secure, need group owner of www-data( check this, should allow for 640 on id_rsa and id_rsa.pub)
    • add key to authorized_keys
    • add lines to wp-config
    • need to check we can get a key with passphrase to work and not have passphrase in config
    • need to double check alternative to this might just be the direct method as php pool runs under NottingHack user
  • Install custom theme
  • Install wordpress-plugins
  • Install custom plugins
  • Ensure url-rewriting working correctly

Transfer

We have two options - use the wordpress backup and restore functionality, or dump the database & media files and transfer manually. I suggest we try the backup and restore first, but I seem to remember that this causes a lot of issues with media.

  • Put nottinghack.org.uk into maintenance mode

Final

  • Point nottinghack.org.uk and www.nottinghack.org.uk at site
  • Put wordpress database into backup schedule

Mail

Need to move over the mail accounts

  • Accounts
  • Forwards

Extras

  • Fail2ban

http://www.pontikis.net/blog/fail2ban-install-config-debian-wheezy http://mattrude.com/projects/roundcube-fail2ban-plugin/

  • logwatch

Clean up

Other tools, such as dm2tweet will need moving as well. These can't be moved until nottinghack.org.uk is pointing at the new webroot.

Retrieved from "https://wiki.nottinghack.org.uk/index.php?title=Andromeda/Public_Server_Transfer&oldid=8948"