|
Install a new server Organic Design procedure
|
Download and install Debian
If the server has no OS then download and install Debian first. Depending on the kind of access you have to the server, the following links may be of interest here:
Setting up the software environment
Ensure that you're using the same package repository for your Debian installation as we are:
|
deb http://ftp.us.debian.org/debian stable main contrib non-free
deb http://security.debian.org stable/updates main contrib non-free
|
|
Bring the system up to date and install the organicdesign-server package:
|
echo "deb http://packages.organicdesign.co.nz main/" >> /etc/apt/sources.list
apt-get update
apt-get upgrade
apt-get install organicdesign-server
|
|
If you would like math markup support, also install the following, and see Enabling math markup for more details.
|
apt-get install dvipng tetex-extra cjk-latex ocaml
|
|
You will have a functioning server and LAMP environment.
Post install checklist
- /etc/hostname, hostname -F /etc/hostname, /etc/hosts
- tzselect, tzconfig
- DB info for wikia, webmail, crm
- /etc/ssh/sshd_config
- /etc/crontab
- /var/www/backup.pl
- /var/www and /home structures (should be automatically maintained by adding new server as a peer)
- Exim4 (this will need to be configured even for sending mail, see Configure mail server)
- Import spamassassin bayesian rules
Setting up the Wikia file structure
Either copy the /var/www directory structure from an existing wikia installation (excluding the specific content from the domains and wikis directories). Alternatively, unpack a recent www-yyyy-mm-dd.tgz backup into /var/www and remove specific wiki content.
|
7za x www-yyyy-mm-dd-tgz
tar -xf www.tar /var
|
|
You will need to adjust the following items in the structure:
- /var/www/extensions/wikia.php
- /var/www/activity.log
- /var/www/domains
- /var/www/wikis
LAMP configuration
The easiest way to configure this is to copy the vhosts file which originated from the backup file over the default Apache configuration file, and then make the vhosts file a symlink pointing at the default configuration as usual. Then adjust the file to the wikia's specific needs.
|
mysqladmin -u root -p password *******
mv /var/www/vhosts /etc/apache2/sites-available/default
ln /etc/apache2/sites-available/default vhosts
a2enmod ssl
a2enmod rewrite
|
|
The differences to the default php.ini file in our servers are as follows:
|
max_execution_time = 300
memory_limit = 64M
log_errors = On
error_log = syslog
post_max_size = 100M
upload_max_filesize = 100M
extension=domxml
extension=fileinfo.so
|
|
The Apache configuration will already have been configured from within the decompressed FS backup, but if you're not installing from a backup, then here's our typical vhost configuration which maps domains to filesystem structure. We usually just replace the default virtual hosts file with this one which handles all domains and sites.
|
NameVirtualHost *:80
<VirtualHost *:80>
DocumentRoot /var/www/domains
LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog /var/log/apache2/access.log common
RewriteEngine On
RewriteCond %{HTTP_HOST} ^packages\.
RewriteRule (.*) /packages$1 [L]
RewriteCond %{HTTP_HOST} ^crm\.organicdesign\.co\.nz
RewriteRule (.*) /crm$1 [L]
RewriteCond %{HTTP_HOST} ^webmail\.organicdesign\.co\.nz
RewriteRule (.*) /webmail$1 [L]
RewriteCond %{REQUEST_URI} ^/$
RewriteCond %{HTTP_HOST} ^(www\.|wiki\.)?(.+)$
RewriteRule ^ /%2/wiki/index.php/Main_Page [L]
RewriteCond %{REQUEST_URI} ^/files/thumb/./../.+?/[0-9]+px-
RewriteCond %{HTTP_HOST} ^(www\.|wiki\.)?(.+)$
RewriteRule ^.+/(.+?)/([0-9]+)px- /%2/wiki/thumb.php?w=$2&f=$1 [L]
RewriteCond %{REQUEST_URI} ^/(wiki/|html|files/|[fF]avicon.ico|[rR]obots.txt)
RewriteCond %{HTTP_HOST} ^(www\.|wiki\.)?(.+)$
RewriteRule (.*) /%2$1 [L]
RewriteCond %{HTTP_HOST} ^(www\.|wiki\.)?(.+)$
RewriteRule (.*) /%2/wiki/index.php$1 [L]
</VirtualHost>
|
|
Domain names
Adjust the names of the symlinks in the /var/www/domains directory to local domain names and ensure that those names are added to the /etc/hosts file.
Extract the most recent database backup (this may overwrite existing databases of the same names)
|
7za x all-yyyy-mm-dd.sql.7z
mysql -u root -p < all.sql
mysqladmin -u root -p flush-privileges
|
|
Setting up FTP access
Some clients may require standard FTP access which although not very secure, can have some restrictions put on it to make it a little safer such as restricting users to their home directories and using a non standard port. We use the GPL proFTPD server in standalone mode.
Edit the /etc/proftpd/proftpd.conf file and change the port to something other than 22 and add the following directive to restrict users to their home directories.
Setting up SSL for Apache
This procedure applies to a wildcard self-signed certificate.
|
mkdir /var/www/ssl
cd /var/www/ssl
openssl req -new -newkey rsa:1024 -days 3650 -nodes -x509 -keyout organicdesign.co.nz.pem -out organicdesign.co.nz.pem
|
|
Ensure the common name (cn) is entered as
Open the pem in a text editor and separate the key and cert into two files
|
/var/www/ssl/organicdesign.co.nz.crt
/var/www/ssl/organicdesign.co.nz.key
chown www-data organicdesign.co.nz *
|
|
Create a file in the same dir called organicdesign.co.nz with this content.
|
<VirtualHost organicdesign.co.nz:443>
DocumentRoot /var/www/domains
ServerAlias private.organicdesign.co.nz
ServerAlias www.organicdesign.co.nz
LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog /var/log/apache2/access.log common
RewriteEngine On
SSLEngine on
SSLCertificateFile /var/www/ssl/organicdesign.co.nz.crt
SSLCertificateKeyFile /var/www/ssl/organicdesign.co.nz.key
RewriteCond %{REQUEST_URI} ^/$
RewriteCond %{HTTP_HOST} ^(www\.|wiki\.)?(.+)$
RewriteRule ^ /%2/wiki/index.php/Main_Page [L]
RewriteCond %{REQUEST_URI} ^/files/thumb/./../.+?/[0-9]+px-
RewriteCond %{HTTP_HOST} ^(www\.|wiki\.)?(.+)$
RewriteRule ^.+/(.+?)/([0-9]+)px- /%2/wiki/thumb.php?w=$2&f=$1 [L]
RewriteCond %{REQUEST_URI} ^/(wiki/|html|files/|common/|blogs|[fF]avicon.ico|[rR]obots.txt)
RewriteCond %{HTTP_HOST} ^(www\.|wiki\.)?(.+)$
RewriteRule (.*) /%2$1 [L]
RewriteCond %{HTTP_HOST} ^(www\.|wiki\.)?(.+)$
RewriteRule (.*) /%2/wiki/index.php$1 [L]
</VirtualHost>
|
|
Run this line
|
echo 'Include /var/www/ssl/organicdesign.co.nz' >> /var/www/vhosts
|
|
Check the apache config before reloading
Check the cert with this command:
|
cd /var/www/ssl
openssl s_server -cert organicdesign.co.nz.crt -key organicdesign.co.nz.key
|
|
The following output indicates the cert is working correctly
|
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT
|
|
If everything is ok reload the server
|
/etc/init.d/apache2 reload
|
|
Check the error log for problems.
|
tail -f /var/log/apache2/error.log
|
|
If you see a message like this everything is ok.
|
[Sat Mar 14 11:32:18 2009] [notice]
Apache/2.2.9 (Debian) DAV/2 SVN/1.4.2 PHP/5.2.0-8+etch13 mod_ssl/2.2.9 OpenSSL/0.9.8g configured
-- resuming normal operations
|
|
If you see something like this you have problems:
|
[Fri Mar 13 21:46:54 2009] [error] SSL Library Error:
218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Mar 13 21:46:54 2009] [error] SSL Library Error:
218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
Check permissions and paths of certs and keys. The server will be down now.
Comment the last ''Include'' from ''vhosts'' and ''/etc/init.d/apache2 start''.
Server will be up now with no ssl.
|
|
Next steps
See also