Setup

From My Wiki
Jump to: navigation, search

Host

Server is from Hetzner. More specifically: https://www.hetzner.de/en/hosting/produkte_rootserver/ex40

The server runs Windows Server 2012 R2. It hosts three virtual machines using Hyper-V. Including one ubuntu machine that hosts this website.

The machines initially run with an internal private IPs so they can connect to the internet, but to host stuff off them you'll need to request an external IP address. Then set the virtual machine to use an External virtual switch with the MAC address they provide you.

Domain Name / DNS

Domain name bought from namecheap.com. DNS is handled by Cloudflare (point the domain name bought from namecheap to the name servers provided by Cloudflare). From there set up the DNS records.

 hostname: @
 ip address/url: <your ip address here>
 record type: A (Address)
 hostname: www
 ip address/url: alaning.me.
 record type: CNAME (Alias)

In DNS an A record maps a hostname (eg alaning.me) to an IP

A CNAME record maps one hostname (eg www.alaning.me) to another hostname (eg alaning.me). This means that going to the address www.alaning.me has the same effect as going to alaning.me.

There are other types of records, (see wikipedia 'List of DNS record types').

Installing LAMP stack

The LAMP stack is made up of Linux, Apache for the http server, MySQL for database and the PHP programming language. This stack creates a platform for web applications to run.

 sudo apt-get install apache2 php5 mysql-server php5-mysql
 apache2 - web server
 php5 - server-side scripting language
 mysql-server - database server
 php5-mysql - allows php scripts to connect to mysql database

you will be prompted to enter a mysql root password, note this down

after install must reload apache (important: things didn't work correctly because I didn't do this).

 sudo /etc/init.d/apache2 reload

then to test php works correctly go into the web directory

 sudo echo "<?php phpinfo(); ?>" > /var/www/html/info.php

To find the proper web directory

cat /etc/apache2/sites-available/000-default.conf | grep DocumentRoot

Installing MediaWiki

now to clear everything in the web directory, download and extract mediawiki Grab the latest download link from http://www.mediawiki.org/wiki/Download

 cd /var/www/html
 sudo su
 rm index.*
 wget http://download.wikimedia.org/mediawiki/1.20/mediawiki-1.21.1.tar.gz
 tar zxvf mediawiki-1.21.1.tar.gz
 mv mediawiki-1.21.1/* ./
 rm -r mediawiki-1.21.1/

Open website in your browser and then follow the instructions. Download your LocalSettings.php open it and copy everything. Create a LocalSettings.php in /var/www/html and paste it in.

while in /var/www/html

vim LocalSettings.php 
i - type i to go into insert mode
(paste) - using your shortcut keys
wq! - to save an quit

after finished go to your website in your browser and everything should be working normally.

I can't be stuff supporting images so don't use them.

things to note

  • unix permissions
  • vim

Lock Down Mediawiki

http://www.mediawiki.org/wiki/Manual:Preventing_access Add to LocalSettings.php

 # Prevent new user registrations except by sysops
 $wgGroupPermissions['*']['createaccount'] = false;
 # Disable anonymous editing
 $wgGroupPermissions['*']['edit'] = false;
 $wgShowIPinHeader = false;
 $wgDisableCounters = true;

Additional Apache configuration

sub domains

Multiple domains can point to the same server (IP) and apache can serve up different websites depending on the Host: header used in the request.

 # cat /etc/apache2/sites-available/blog.alaning.me
 <VirtualHost *:80>
         ServerName blog.alaning.me
         DocumentRoot /var/www/blog.alaning.me
         <Directory /var/www/blog.alaning.me>
                 AllowOverride All
         </Directory>  
         <Location />
                 Options Indexes FollowSymLinks MultiViews
         </Location>
 </VirtualHost>
 
 
 # cat /etc/apache2/sites-available/alaning.me
 <VirtualHost *:80>
         ServerName alaning.me
         ServerAlias www.alaning.me
         DocumentRoot /var/www/alaning.me
         <Directory /var/www/alaning.me>
                 AllowOverride All
         </Directory>
         <Location />
                 Order Allow,Deny
                 Allow from All
         </Location>
 </VirtualHost>

 a2ensite alaning.me
 a2ensite blog.alaning.me

To check the configuration files for syntax errors run:

apache2ctl -t

To list virtual hosts

apache2ctl -S

Reverse Proxy

# cat git.alaning.me.conf
<VirtualHost *:80>
        ServerName git.alaning.me
        ProxyPreserveHost Off
        ProxyPass / http://127.0.0.1:10080/
        ProxyPassReverse / http://127.0.0.1:10080/
</VirtualHost>

Upon visiting http://git.alaning.me you are actually accessing the resource located at http://alaning.me:10080 (note that because I'm using Cloudflare you won't actually be able to access this port directly).

note you'll need to enable these two mods for it to work.

a2enmod proxy
a2enmod proxy_http

more info: https://www.digitalocean.com/community/tutorials/how-to-use-apache-http-server-as-reverse-proxy-using-mod_proxy-extension

mod_rewrite

 a2enmod rewrite
 touch .htaccess
 chmod -v 666 .htaccess 
 cat .htaccess 
 RewriteEngine on
 RewriteRule (.*) http://blog.alaning.me/$1 [R=301,L]

SSH key setup

 ssh-keygen -t rsa
 cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys'

Permissions

chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_rsa
chmod 644 ~/.ssh/id_rsa.pub  
chmod 644 ~/.ssh/authorized_keys
chmod 644 ~/.ssh/known_hosts

For multiple keys and hosts

.ssh/config:

Host myshortname realname.example.com
Hostname realname.example.com
IdentityFile ~/.ssh/realname_rsa # private key for realname

Host myother realname2.example.org
Hostname realname2.example.org
IdentityFile ~/.ssh/realname2_rsa

Web server Permissions

find what apache is running as (usually www-data)

 ps aux | grep apache
 find /var/www/ -type d -print0 | xargs -0 chmod 755
 find /var/www/ -type f -print0 | xargs -0 chmod 644

webserver: www-data

 chown www-data:www-data -R /var/www/

this would make just your wp-content directory writable by the webserver. You will have to change those names/webroots to your situation. This should push you in the right direction.