Jump to content

FeministWiki:Server setup: Difference between revisions

no edit summary
No edit summary
Line 11: Line 11:
=== Make feministwiki.dev point to the new server ===
=== Make feministwiki.dev point to the new server ===


During setup and testing of the new server, we want to make it accessible under the '''feministwiki.dev''' domain.  So change the {{C|A}} entry of the {{C|feministwiki.dev}} DNS settings to point to the IP address of the new server.
During setup and testing of the new server, we want to make it accessible under the '''feministwiki.dev''' domain.  So change {{C|A}} entries of the {{C|feministwiki.dev}} DNS settings to point to the IP address of the new server.


=== Update & upgrade ===
=== Update & upgrade ===
Line 26: Line 26:


Before restarting the SSH service, make sure you've actually added your public key (the contents of {{C|~/.ssh/id_rsa.pub}} on your computer) to {{C|/root/.ssh/authorized_keys}} on the server, or you'll lock yourself out.
Before restarting the SSH service, make sure you've actually added your public key (the contents of {{C|~/.ssh/id_rsa.pub}} on your computer) to {{C|/root/.ssh/authorized_keys}} on the server, or you'll lock yourself out.
Some shell commands below reference the variable '''{{C|<nowiki>${SSH_PORT}</nowiki>}}'''.  This variable doesn't actually exist, unless you set it in your shell session.  So either set the variable, or just replace it with the actual value of the SSH port you've configured.


=== Copy SSH key from old server ===
=== Copy SSH key from old server ===
Line 179: Line 181:
But for now, copy over the certs from the old server, since most DNS entries still point to the old server:
But for now, copy over the certs from the old server, since most DNS entries still point to the old server:


  tar -czPf- /etc/fw-certs | ssh feministwiki.dev -p "$SSH_PORT" 'tar -xzf-'
  tar -czPf- /etc/fw-certs | ssh feministwiki.dev -p ${SSH_PORT} 'tar -xzf-'


Our {{C|letsencrypt-refresh}} script makes sure that the cert files are found in {{C|/etc/fw-certs}} and that the private key and cert-and-key bundle are owned by the "ssl-cert" group and are readable by group members.  A number of users have to be added to this group so they can read said files:
Our {{C|letsencrypt-refresh}} script makes sure that the cert files are found in {{C|/etc/fw-certs}} and that the private key and cert-and-key bundle are owned by the "ssl-cert" group and are readable by group members.  A number of users have to be added to this group so they can read said files: