-
Notifications
You must be signed in to change notification settings - Fork 23
Migration
Some cloud service ISP demand a record of the website, which makes me not happy. So we decide to move to other paradise.
Unfortunately dozens of bugs make me screwed.
IMPORTANT: these configurations works well on Ubuntu Xenial; other distributions may differ.
As Hu noticed, mysql_connect
has been removed so downgrade of PHP is required.
sudo apt install mysql-server apache2 apache2-utils phpmyadmin
sudo add-apt-repository ppa:ondrej/php
sudo apt update
sudo apt install php5.6 php-gettext php-xdebug libapache2-mod-php5.6
sudo apt install php5.6-curl php5.6-zip php5.6-xml php5.6-gd php5.6-mbstring php5.6-mysql php5.6-fpm
sudo a2dismod php7.0
sudo a2enmod php5.6
sudo a2enmod sudo a2enmod proxy_fcgi setenvif
sudo a2enconf php5.6-fpm
sudo service apache2 restart
sudo update-alternatives --set php /usr/bin/php5.6
sudo service php5.6-fpm restart
curl
, xml
, gd
, mbstring
and mysql
are all modules needed.
Anyway, since PHP7.0 and PHP5.6 have no conflicts, I prefer having all of them installed.
The only thing we do for MySql is to sync data.
mysql -uroot -p < foo.sql
Maybe we need to add some users and permission as well.
MySql in Xenial use strict SQL mode as default. Thanks to QwertyJack, such restrictions can not limit us (see also #153 and #154. However, strict SQL is highly recommended for further coding.
An experienced SRE would prefer to put source code of the website in some place and make a symbol link to /var/www/
, as Apache grants full access to /var/www
by default. Also make sure Apache has x
permission to all directories along the path to the source code.
As for out website, it recommended to download the code to $HOME/<some-path>/CAPUBBS
and make the symbol link by
sudo ln -s $HOME/<some-path/CAPUBBS> /var/www/
Test the permission by
sudo -u <Apache-user> ls -al /var/www/CAPUBBS
Usually Apache-user
is www-data
for Debian and apache
for RHEL.
Once doing so, no extra config for access control is required.
<VirtualHost *:80>
DocumentRoot /var/www/CAPUBBS
ServerName <FQDN>
ServerAlias <foo> <bar>
</VirtualHost>
Our server seems currently like
...
ServerName cyp.chexie.net
ServerAlias chexie.net www.chexie.net
...
The reason we use FQDN is for convenience consideration.
Meanwhile, chexie.net
is the canonical name(or CNMAE) of cyp.chexie.net
and the same with www.chexie.net
.
Next time when migration we only need to update the CNAME record instead of update all relevant records.
We can also customize where to store logs.
...
ErrorLog logs/chexie.net-error_log
CustomLog logs/chexie.net-access_log common
...
For better performance, limiting download speed is an good idea.
See also the example.
Make sure add this line in the vhost conf file:
ScriptAlias /cgi-bin/ /var/www/CAPUBBS/cgi-bin/
See also "Config-cgi-bin".
Since HTTPS becomes more popular, we try letsencrypt. We need to install it first.
sudo apt install letsencrypt python-letsencrypt-apache
It has a TUI when executing
sudo letsencypt --apache
It will config itself automatically. Redirecting all traffic to https is highly recommended.
IMPORTANT: the certificate varies when IP changes.
Apache is run as www-data:www-data
as default. It may fail to upload files (including images) if Apache does not have write access to some directories. Those are:
.
./bbsimg/upload
./bbsimg/icons/user_upload
./bbs/images
./bbs/attachment
If you want Apache to create some dirs under $myDir
and upload files to those dirs, you also need SGID
on $myDir
.
# chmod u+s $myDir