FeministWiki:Server setup: Difference between revisions

(8 intermediate revisions by the same user not shown)

Line 4:

This section describes various initialization tasks for the new server that are independent of the old server.

=== Configure reverse DNS ===

In the settings of the VPS host (e.g. Strato AG), you can configure reverse-DNS for the IP address of the server. Set the FQDN for the IP address to {{C|feministwiki.org}}. It's good to do this early since it can take some time to propagate.

=== Make feministwiki.dev point to the new server ===

Line 131:

Line 135:

* After copying in the new {{C|/etc/aliases}} file, run {{C|newaliases}} for the changes to take effect

* After populating {{C|/etc/letsencrypt/renewal-hooks}}, remember to {{C|chmod +x}} all the scripts

* Likewise, don't forget {{C|chmod +x}} for <code>/etc/cron.{hourly,daily,weekly,monthly}</code> and {{C|/etc/boot.d}}

=== Enable Apache modules, config, and sites ===

Line 249:

Line 254:

cd /var/lib/mailman

~~tar~~ -~~czf~~ - archives data lists ~~| ssh~~ root@feministwiki.dev ~~'cd~~ /var/lib/mailman ~~&& tar -xzf - && check_perms -f'~~

rsync -az --delete archives data lists root@feministwiki.dev:/var/lib/mailman

And then this on the new server:

The {{C|check_perms}} command, which is part of GNU Mailman, will take care of fixing ~~the group~~ ownership ~~of the extracted files~~.

check_perms -f

The {{C|check_perms}} command, which is part of GNU Mailman, will take care of fixing file ownership and permissions.

== Recreate SQL users ==

Line 272:

Line 281:

create user feministwiki@localhost identified by '$(cat ~/pwd/mysql-wiki)';

grant all on feministwiki.* to feministwiki@localhost;

grant all on feministwiki_de.* to feministwiki@localhost;

grant all on feministwiki_es.* to feministwiki@localhost;

grant all on feministwiki_it.* to feministwiki@localhost;

grant all on feministwiki_pt.* to feministwiki@localhost;

create user fff@localhost identified by '$(cat ~/pwd/mysql-fff)';

Line 298:

Line 311:

Some things may not work because they're hard-coded to work as "feministwiki.org" and not under the "feministwiki.dev" name. This is a point of future improvement: all the services should be configured, if at all possible, in a way that they will work when invoked as feministwiki.dev just as well.

=== Deactivate again ===

After we're done testing, we can "deactivate" the new server again to prepare it for the final switch-over:

for port in 25 80 443 465 587 993 995 5222 5223 5269 5270 5443 6697 7777

do ufw delete allow proto tcp to 0.0.0.0/0 port $port

done

systemctl stop apache2

systemctl stop dovecot

systemctl stop ejabberd

systemctl stop inspircd

systemctl stop mailman

systemctl stop postfix

systemctl stop slapd

== Finishing up ==

Line 323:

Line 352:

=== Copy over the live data one more time ===

~~The techniques and commands described above in~~ the section '''Copying over live data''' ~~are~~ ''idempotent'', meaning you can simply repeat them and they will make sure that the new copy of the live data is fresh and doesn't leave any outdated data on the new server. (For instance, the {{C|--delete}} argument to the {{C|rsync}} command and the {{C|--add-drop-database}} argument to the {{C|mysqldump}} command help to make sure of this.)

'''Simply repeat the whole section ''Copying over live data''.'''

So in ~~short~~, just repeat the steps from that section exactly one more time.

The techniques and commands described above in the section ''Copying over live data'' are ''idempotent'', meaning you can simply repeat them and they will make sure that the new copy of the live data is fresh and doesn't leave any outdated data on the new server. For instance, the {{C|--delete}} argument to the {{C|rsync}} command and the {{C|--add-drop-database}} argument to the {{C|mysqldump}} command help to make sure of this.

So just repeat the steps from that section exactly one more time.

=== Reboot the new server ===

At this point we can reboot the new server again, to make sure all services are properly restarted.

=== Open ports on the new server ===

Now we can open the ports again on the new server:

for port in 25 80 443 465 587 993 995 5222 5223 5269 5270 5443 6697 7777

do ufw allow proto tcp to 0.0.0.0/0 port $port

done

=== Update DNS entries ===

@@ Line 4: / Line 4: @@
 This section describes various initialization tasks for the new server that are independent of the old server.
+=== Configure reverse DNS ===
+In the settings of the VPS host (e.g. Strato AG), you can configure reverse-DNS for the IP address of the server.  Set the FQDN for the IP address to {{C|feministwiki.org}}.  It's good to do this early since it can take some time to propagate.
 === Make feministwiki.dev point to the new server ===
@@ Line 131: / Line 135: @@
 * After copying in the new {{C|/etc/aliases}} file, run {{C|newaliases}} for the changes to take effect
 * After populating {{C|/etc/letsencrypt/renewal-hooks}}, remember to {{C|chmod +x}} all the scripts
+* Likewise, don't forget {{C|chmod +x}} for <code>/etc/cron.{hourly,daily,weekly,monthly}</code> and {{C|/etc/boot.d}}
 === Enable Apache modules, config, and sites ===
@@ Line 249: / Line 254: @@
   cd /var/lib/mailman
-  tar -czf - archives data lists | ssh root@feministwiki.dev 'cd /var/lib/mailman && tar -xzf - && check_perms -f'
+  rsync -az --delete archives data lists root@feministwiki.dev:/var/lib/mailman
+And then this on the new server:
-The {{C|check_perms}} command, which is part of GNU Mailman, will take care of fixing the group ownership of the extracted files.
+ check_perms -f
+The {{C|check_perms}} command, which is part of GNU Mailman, will take care of fixing file ownership and permissions.
 == Recreate SQL users ==
@@ Line 272: / Line 281: @@
   create user feministwiki@localhost identified by '$(cat ~/pwd/mysql-wiki)';
   grant all on feministwiki.* to feministwiki@localhost;
+ grant all on feministwiki_de.* to feministwiki@localhost;
+ grant all on feministwiki_es.* to feministwiki@localhost;
+ grant all on feministwiki_it.* to feministwiki@localhost;
+ grant all on feministwiki_pt.* to feministwiki@localhost;
   create user fff@localhost identified by '$(cat ~/pwd/mysql-fff)';
@@ Line 298: / Line 311: @@
 Some things may not work because they're hard-coded to work as "feministwiki.org" and not under the "feministwiki.dev" name.  This is a point of future improvement: all the services should be configured, if at all possible, in a way that they will work when invoked as feministwiki.dev just as well.
+=== Deactivate again ===
+After we're done testing, we can "deactivate" the new server again to prepare it for the final switch-over:
+ for port in 25 80 443 465 587 993 995 5222 5223 5269 5270 5443 6697 7777
+ do ufw delete allow proto tcp to 0.0.0.0/0 port $port
+ done
+ systemctl stop apache2
+ systemctl stop dovecot
+ systemctl stop ejabberd
+ systemctl stop inspircd
+ systemctl stop mailman
+ systemctl stop postfix
+ systemctl stop slapd
 == Finishing up ==
@@ Line 323: / Line 352: @@
 === Copy over the live data one more time ===
-The techniques and commands described above in the section '''Copying over live data''' are ''idempotent'', meaning you can simply repeat them and they will make sure that the new copy of the live data is fresh and doesn't leave any outdated data on the new server.  (For instance, the {{C|--delete}} argument to the {{C|rsync}} command and the {{C|--add-drop-database}} argument to the {{C|mysqldump}} command help to make sure of this.)
+'''Simply repeat the whole section ''Copying over live data''.'''
-So in short, just repeat the steps from that section exactly one more time.
+The techniques and commands described above in the section ''Copying over live data'' are ''idempotent'', meaning you can simply repeat them and they will make sure that the new copy of the live data is fresh and doesn't leave any outdated data on the new server.  For instance, the {{C|--delete}} argument to the {{C|rsync}} command and the {{C|--add-drop-database}} argument to the {{C|mysqldump}} command help to make sure of this.
+So just repeat the steps from that section exactly one more time.
+=== Reboot the new server ===
+At this point we can reboot the new server again, to make sure all services are properly restarted.
+=== Open ports on the new server ===
+Now we can open the ports again on the new server:
+ for port in 25 80 443 465 587 993 995 5222 5223 5269 5270 5443 6697 7777
+ do ufw allow proto tcp to 0.0.0.0/0 port $port
+ done
 === Update DNS entries ===