welcome: please sign in

Diff for "MemberManual/WebApplications/WordPress"

Differences between revisions 5 and 18 (spanning 13 versions)
Revision 5 as of 2009-10-26 20:42:08
Size: 1672
Editor: FrankBynum
Comment:
Revision 18 as of 2013-01-21 00:14:31
Size: 4977
Editor: ClintonEbadi
Comment: grant drop/delete permissions to avoid waiting for the fixperms job to run
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
WORK IN PROGRESS BY FrankBynum, please feel free to contribute and edit but please do not use quite yet. ## page was renamed from MemberManual/ServingWebsites/WordPress
Line 7: Line 7:
 1. Navigate to the directory you where want to host Wordpress. This can be anywhere in your home directory, but it is usually within your public_html directory. <<TableOfContents>>
Line 9: Line 9:
 2. Now we will set the initial file permissions for the Wordpress root directory. In a moment, we will be using Subversion to create several folders and files. In AFS, new folders inherit the permissions of the parent folder. So by setting file permissions early, we can save ourselves some work later. == Request Firewall Rules ==
Line 11: Line 11:
Navigate to the directory where you will install Wordpress and execute the following: See FirewallRules
Line 13: Line 13:
''fsr setacl . system:anyuser none'' If you want to use services like akismet or the wordpress plugin registry from the interface itself, you will need to [[https://members.hcoop.net/portal/sec|request firewall rules]] on the web server to contact those services. Something like: `$YOU Client 80,443 rest.akismet.com wordpress.org` is usually sufficient.
Line 15: Line 15:
''fsr sa . $USER.daemon rlk'' == Get the Source ==
Line 17: Line 17:
The first command makes it so that no one that you do not allow (except administrators) may access your Wordpress directory. The second command limits the priviliges that the server software-- Apache and PHP mainly-- have over the directory to just reading, listing files, and executing code. If you have the [[MemberManual/TransferringFiles/OpenAFS|OpenAFS client configured]], you can set up Wordpress on your local system for the most part. If you are performing the steps on the shell server, you will need to request FirewallRules to access http and subversion.
Line 19: Line 19:
X. Follow the [[http://codex.wordpress.org/Installing/Updating_WordPress_with_Subversion | instructions for installing WordPress using Subversion]].  * Navigate to the directory you where want to host Wordpress. This can be anywhere in your home directory, but it is usually within your public_html directory.
 * Now we will set the initial file permissions for the Wordpress root directory. In a moment, we will be using Subversion to create several folders and files. In AFS, new folders inherit the permissions of the parent folder. So by setting file permissions early, we can save ourselves some work later.
 * Navigate to the directory where you will install Wordpress and execute the following:
Line 21: Line 23:
{{{
fsr setacl . system:anyuser none
fsr sa . $USER.daemon rlk
}}}
Line 22: Line 28:
cd wp-content/
fsr sa themes/ USER.daemon rlkw
mkdir uploads
fs sa uploads frank.daemon rlkwid
The first command makes it so that no one that you do not allow (except administrators) may access your Wordpress directory. The second command limits the privileges that the server software have over the directory to just reading, listing files, and executing code.

 * Follow the [[http://codex.wordpress.org/Installing/Updating_WordPress_with_Subversion | instructions for installing WordPress using Subversion]]. You will probably want to [[http://codex.wordpress.org/Installing/Updating_WordPress_with_Subversion#Tracking_Stable_Versions|track the stable version]] rather than trunk.

{{{
svn co http://core.svn.wordpress.org/tags/$VERSION .
}}}

 * If you want to be able to upload files, you need to set some permissions:

{{{
mkdir wp-content/uploads
fs sa wp-content/uploads $USER.daemon write
}}}

== Configure Wordpress ==

 * Using the documentation on DomTool/Examples#WordPress, add wordpress to a location on your site. This handles everything that the `htaccess` file would have done, and also prevents anyone from accessing the `.svn` directories.
 * [[MemberManual/Databases#CreateaDatabase|Create a MySQL database]], and Configure the database per the [[http://codex.wordpress.org/Installing_WordPress#Step_3:_Set_up_wp-config.php|Wordpress instructions]].
 * You will also need to set the cookie salts. Just visit https://api.wordpress.org/secret-key/1.1/salt/ and copy the result over the same part in `wp-config.php`

{{{
# in wp-config.php
define('DB_NAME', '$USER_$DB');
define('DB_USER', '$USER');
define('DB_PASSWORD', 'XXXXX your mysql password XXXXX');
define('DB_HOST', 'mysql');

# visit https://api.wordpress.org/secret-key/1.1/salt/ to generate cookie salts, and copy/paste result over:
define('AUTH_KEY', 'put your unique phrase here');
define('SECURE_AUTH_KEY', 'put your unique phrase here');
define('LOGGED_IN_KEY', 'put your unique phrase here');
define('NONCE_KEY', 'put your unique phrase here');
define('AUTH_SALT', 'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT', 'put your unique phrase here');
define('NONCE_SALT', 'put your unique phrase here');
}}}

 * Visit `$WEBLOG_URL/wp-admin/install.php` to complete the installation process
 * Run `dbtool mysql grant $DATABASE` for the database you created to grant drop and delete permissions

You should now have a working weblog.

== Enabling the Plugin Manager ==

To use the plugin manager you have to allow your daemon user to write to the `wp-content` directory in your installation.

{{{
fsr sa wp-content/ $USER.daemon write
}}}

The way Wordpress tests if it can directly write files is incompatible with openafs<<FootNote(It creates a file and then check that the UID is the same as the current process; at HCoop, this is not true since the file owner will be your daemon user which has a different UID. The owner UID check is pointless, and just makes our lives harder)>>, so you'll need to force it to directly write the file system by adding a line to your `wp-config.php`:

{{{
define('FS_METHOD', 'direct');
}}}

----
CategoryMemberManual

Wordpress is a free and open source content management system that is widely popular. This page will provide you with detailed instructions on how to install Wordpress using DomTool and AFS permissions.

This will guide you through downloading the latest stable version via Subversion, hardening permissions in the filesystem, and making a Domtool entry for the site.

1. Request Firewall Rules

See FirewallRules

If you want to use services like akismet or the wordpress plugin registry from the interface itself, you will need to request firewall rules on the web server to contact those services. Something like: $YOU Client 80,443 rest.akismet.com wordpress.org is usually sufficient.

2. Get the Source

If you have the OpenAFS client configured, you can set up Wordpress on your local system for the most part. If you are performing the steps on the shell server, you will need to request FirewallRules to access http and subversion.

  • Navigate to the directory you where want to host Wordpress. This can be anywhere in your home directory, but it is usually within your public_html directory.
  • Now we will set the initial file permissions for the Wordpress root directory. In a moment, we will be using Subversion to create several folders and files. In AFS, new folders inherit the permissions of the parent folder. So by setting file permissions early, we can save ourselves some work later.
  • Navigate to the directory where you will install Wordpress and execute the following:

fsr setacl . system:anyuser none
fsr sa . $USER.daemon rlk

The first command makes it so that no one that you do not allow (except administrators) may access your Wordpress directory. The second command limits the privileges that the server software have over the directory to just reading, listing files, and executing code.

svn co http://core.svn.wordpress.org/tags/$VERSION .
  • If you want to be able to upload files, you need to set some permissions:

mkdir wp-content/uploads
fs sa wp-content/uploads $USER.daemon write

3. Configure Wordpress

# in wp-config.php
define('DB_NAME', '$USER_$DB');
define('DB_USER', '$USER');
define('DB_PASSWORD', 'XXXXX your mysql password XXXXX');
define('DB_HOST', 'mysql');

# visit https://api.wordpress.org/secret-key/1.1/salt/ to generate cookie salts, and copy/paste result over:
define('AUTH_KEY',         'put your unique phrase here');
define('SECURE_AUTH_KEY',  'put your unique phrase here');
define('LOGGED_IN_KEY',    'put your unique phrase here');
define('NONCE_KEY',        'put your unique phrase here');
define('AUTH_SALT',        'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT',   'put your unique phrase here');
define('NONCE_SALT',       'put your unique phrase here');
  • Visit $WEBLOG_URL/wp-admin/install.php to complete the installation process

  • Run dbtool mysql grant $DATABASE for the database you created to grant drop and delete permissions

You should now have a working weblog.

4. Enabling the Plugin Manager

To use the plugin manager you have to allow your daemon user to write to the wp-content directory in your installation.

fsr sa wp-content/ $USER.daemon write

The way Wordpress tests if it can directly write files is incompatible with openafs1, so you'll need to force it to directly write the file system by adding a line to your wp-config.php:

define('FS_METHOD', 'direct');


CategoryMemberManual

  1. It creates a file and then check that the UID is the same as the current process; at HCoop, this is not true since the file owner will be your daemon user which has a different UID. The owner UID check is pointless, and just makes our lives harder (1)

MemberManual/WebApplications/WordPress (last edited 2022-01-25 07:35:03 by JesseShumway)