Configuration

From Lettvin

Contents 1 General Operations 1.1 svn services 1.2 to engage X11 through ssh 2 Backup/Restore wikis 2.1 Backup 2.2 Restore 2.3 SCRIPT 3 Creating another wiki on this site 4 Drupal 6.12 Config Updates 5 20090526 OLD 6 Getting started

General Operations

svn services

/usr/sbin/groupadd -g 56 svn && /usr/sbin/useradd -c "SVN Owner" -d /home/svn -m -g svn -s /bin/false -u 56 svn
/usr/sbin/groupadd -g 57 svntest && /usr/sbin/usermod -G svntest -a svn

mv /usr/bin/svn /usr/bin/svn.orig &&
mv /usr/bin/svnserve /usr/bin/svnserve.orig &&
cat >> /usr/bin/svn << "EOF"
#!/bin/sh
umask 002
/usr/bin/svn.orig "$@"
EOF
cat >> /usr/bin/svnserve << "EOF"
#!/bin/sh
umask 002
/usr/bin/svnserve.orig "$@"
EOF
chmod 0755 /usr/bin/svn{,serve}

install -v -m 0755 -d /srv &&
install -v -m 0755 -o svn -g svn -d /srv/svn/repositories &&
svnadmin create --fs-type fsfs /srv/svn/repositories/svntest

cat >> /etc/xinetd.d/svn << "EOF"
# Begin /etc/xinetd.d/svn
service svn
{
port                    = 3690
socket_type             = stream
protocol                = tcp
wait                    = no
user                    = svn
server                  = /usr/bin/svnserve
server_args             = -i -r /srv/svn/repositories
}
# End /etc/xinetd.d/svn
EOF

to engage X11 through ssh

/sbin/service vncserver start

This allows "ssh -X -l jlettvin lettvin.net gnome-terminal"

but not "vncviewer lettvin.net:13"

20090624: Failing

Run "vncserver" on lettvin.net

as root it generated:

New 'ip-97-74-196-41.ip.secureserver.net:1 (jlettvin)' desktop is ip-97-74-196-41.ip.secureserver.net:1

as jlettvin it generated:

New 'ip-97-74-196-41.ip.secureserver.net:2 (jlettvin)' desktop is ip-97-74-196-41.ip.secureserver.net:2

Backup/Restore wikis

Backup

Original mediawiki documentation recommends this:

/usr/bin/nice -n 19 /usr/bin/mysqldump -u $USER -p$PASSWORD --default-character-set=$CHARSET $DATABASE -c | /usr/bin/nice -n 19 /bin/gzip -9 > ~/backup/wiki-sql-$(date '+%a').sql.gz

This script (with local adaptation) is in /root/bin

#!/bin/bash
export USER=********
export PASSWORD=********
export DATABASE=wikidb
export BACKUP=/root/wikibackup/wiki-$DATABASE-$(date '+%Y%m%d').sql.gz
nice -n 19 mysqldump -u $USER --password=$PASSWORD $DATABASE -c | nice -n 19 gzip -9 > $BACKUP

Restore

#!/bin/bash
export USER=********
export PASSWORD=********
export DATABASE=wikidb
export BACKUP=/root/wikibackup/wiki-$1.sql.gz
if[ -f "$BACKUP" ]
then
 gunzip < $BACKUP | mysql -u $USER -p $PASSWORD $DATABASE
fi

SCRIPT

Creating another wiki on this site

http://www.steverumberg.com/wiki/index.php?title=WikiHelp_-_Method_Two

Perform these functions as root.

linux commands

• mkdir /var/www/html/new/wiki
• cwd /var/www/html/new/wiki
• mkdir config
• chmod a+w config
• ln -s /var/www/wiki/* .
• rm LocalSettings.php
• cd /var/www/html/new/wiki/config
• ln -s /var/www/wiki/config/index.php .

browser actions

• http://www.yourdomain.com/new/wiki/index.php
• follow configure wiki link
• specify DATABASE TABLE PREFIX

linux commands

• cd /var/www/html/new/wiki
• mv config/LocalSettings.php .

browser actions

• http://www.yourdomain.com/new/wiki/index.php

Edit LocalSettings.php

• $wgEnableUploads = true;
• $wgUseTeX = true;
• $wgUploadDirectory = "$IP/images";
• $wgMathDirectory = "{$wgUploadDirectory}/math";
• $wgTmpDirectory = "{$wgUploadDirectory}/tmp";
• $wgTexvc = '/usr/lib/mediawiki/math/texvc';
• $wgLogo = "/wiki/1.WAV3b.png";

linux commands

• cd /var/www/html/new/wiki; mv images images.old; ln -s /usr/share/mediawiki/images
• /etc/init.d/httpd restart

Drupal 6.12 Config Updates

• Installed Drupal 6.12 Core under /var/www/html/drupal. The previous install moved to /drupal5
• Added canonical .htaccess file under /drupal directory.
• Under /etc/httpd/conf/httpd.conf I added a <Directory> element that allows Overrides in /drupal. Needed in order for the .htaccess file to take effect.
• Added a bunch of Modules to drupal/sites/all/modules: addresses, admin_menu, cck, filefield, token, and getid3. Within the getid3 directory, a collection of .php files were added to a lower-level getid3 sub-directory. This is necessary to implement the getID() functionality.

20090526 OLD

MediaWiki has been successfully installed.

Consult the User's Guide for information on using the wiki software.

Getting started

• Configuration settings list
• MediaWiki FAQ
• MediaWiki release mailing list

---

For an SSL encrypted web server you will need a few things. Depending on your install you may or may not have OpenSSL and mod_ssl, Apache's interface to OpenSSL.

Use yum to get them if you need them.

yum install mod_ssl openssl

Yum will either tell you they are installed or will install them for you.

Generate a self-signed certificate

Using OpenSSL we will generate a self-signed certificate. If you are using this on a production server you will need a key from Trusted Certificate Authority, but if you are just using this on a personal site or for testing purposes a self-signed certificate is fine. To create the key you will need to be root so you can either su to root or use sudo in front of the commands

openssl genrsa -out ca.key 1024 # Generate private key

Generate CSR

openssl req -new -key ca.key -out ca.csr

Generate Self Signed Key

openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

Move the files to the correct locations

mv ca.crt /etc/pki/tls/certs mv ca.key /etc/pki/tls/private/ca.key mv ca.csr /etc/pki/tls/private/ca.csr

Then we need to update the Apache SSL configuration file

vi +/SSLCertificateFile /etc/httpd/conf.d/ssl.conf

Change the paths to match where the Key file is stored. If you've used the method above it will be

SSLCertificateFile /etc/pki/tls/certs/ca.crt

Then set the correct path for the Certificate Key File a few lines below. If you've followed the instructions above it is:

SSLCertificateKeyFile /etc/pki/tls/private/ca.key

Quit and save the file and then restart Apache

/etc/init.d/httpd restart

All being well you should now be able to connect over https to your server and see a default Centos page. As the certificate is self signed browsers will generally ask you whether you want to accept the certificate. Firefox 3 won't let you connect at all but you can override this.

Setting up the virtual hosts

Just as you set virtual hosts for http on port 80 so you do for https on port 433. A typical virtual host for a site on port 80 looks like this

<VirtualHost *:80>

<Directory /var/www/vhosts/yoursite.com/httpdocs> AllowOverride All </Directory> DocumentRoot /var/www/vhosts/yoursite.com/httpdocs ServerName yoursite.com

</VirtualHost>

To add a sister site on port 443 you need to add the following at the top of your file

NameVirtualHost *:443

and then a VirtualHost record something like this:

<VirtualHost *:443>

SSLEngine on SSLCertificateFile /etc/pki/tls/certs/ca.crt SSLCertificateKeyFile /etc/pki/tls/private/ca.key <Directory /var/www/vhosts/yoursite.com/httpsdocs> AllowOverride All </Directory> DocumentRoot /var/www/vhosts/yoursite.com/httpsdocs ServerName yoursite.com

</VirtualHost>

Restart Apache again using

/etc/init.d/httpd restart

You should now have a site working over https. If you can't connect you probably need to open the port on your firewall:

iptables -A INPUT -p tcp --dport 443 -j ACCEPT /sbin/service iptables save iptables -L -v