diff options
Diffstat (limited to 'zarb-ml/mageia-sysadm/2011-February/002818.html')
| -rw-r--r-- | zarb-ml/mageia-sysadm/2011-February/002818.html | 245 |
1 files changed, 245 insertions, 0 deletions
diff --git a/zarb-ml/mageia-sysadm/2011-February/002818.html b/zarb-ml/mageia-sysadm/2011-February/002818.html new file mode 100644 index 000000000..1bc77ce57 --- /dev/null +++ b/zarb-ml/mageia-sysadm/2011-February/002818.html @@ -0,0 +1,245 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-sysadm] [Mageia-webteam] Forum installation (almost) complete + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20%5BMageia-webteam%5D%20Forum%20installation%20%28almost%29%0A%09complete&In-Reply-To=%3C4D63C350.40805%40vilarem.net%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="002816.html"> + <LINK REL="Next" HREF="002820.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-sysadm] [Mageia-webteam] Forum installation (almost) complete</H1> + <B>Maât</B> + <A HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20%5BMageia-webteam%5D%20Forum%20installation%20%28almost%29%0A%09complete&In-Reply-To=%3C4D63C350.40805%40vilarem.net%3E" + TITLE="[Mageia-sysadm] [Mageia-webteam] Forum installation (almost) complete">maat-ml at vilarem.net + </A><BR> + <I>Tue Feb 22 15:08:16 CET 2011</I> + <P><UL> + <LI>Previous message: <A HREF="002816.html">[Mageia-sysadm] Forum installation (almost) complete +</A></li> + <LI>Next message: <A HREF="002820.html">[Mageia-sysadm] mirrors readme/howto/script +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#2818">[ date ]</a> + <a href="thread.html#2818">[ thread ]</a> + <a href="subject.html#2818">[ subject ]</a> + <a href="author.html#2818">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>Le 22/02/2011 13:42, Michael Scherer a écrit : +><i> Hi, +</I>><i> +</I>><i> I finished the most part of the puppet deployment of the forum this +</I>><i> night, as those who were idling on #mageia-sysadmin know. +</I>\o/ great ! + +><i> So thanks to the work of Maat and ashledombos, we do have : +</I>><i> - a git repository on <A HREF="git://git.mageia.org/forum/">git://git.mageia.org/forum/</A> ( write access : +</I>><i> <A HREF="ssh://git.mageia.org/git/forum/">ssh://git.mageia.org/git/forum/</A> for them, as they requested ). Filled +</I>><i> with what was sent to me last week. +</I>><i> +</I>><i> - the friteuse vm that hold the forum is hosted on alamut, for the +</I>><i> moment, with a reverse proxy, on both http and https +</I>><i> +</I>We'll need perhaps to force a redirection for http to https (dunno is phpbb works well with both ways) + + +><i> - the database is hosted on alamut, on pgsql. +</I>><i> +</I>><i> - a git snapshot of the current code that was sent is deployed, along +</I>><i> with puppet stuff to deploy it more than once ( hosting for more than +</I>><i> one forum was on the TODO list after all ) +</I>><i> +</I>><i> - I had to remove ./install/, as asked by phpbb who refused to work. I +</I>><i> do not know if there was something needed, it is still in git, just +</I>><i> removed on the snapshot with rm ( I kept in git to ease the merge of +</I>><i> code later ). +</I>><i> +</I>an other approach is to rename install -> noinstall and prevent completely access to noinstall with apache deny + +-> when we need to use again install a move noinstall -> install sets back the forum to maintenance mode + +(for better security controlling access to install with an ip whitelist or even a http based login against ldap would be nice) + +><i> What is left to do : +</I>><i> +</I>><i> - There is likely missing write permissions ( I have started to lock +</I>><i> down and opened ./cache/, and it was sufficient to have something to +</I>><i> see ) +</I>><i> +</I>Yup but we'll need also write access to upload dirs (for uploaded files, pictures, avatars, smilies...) + + +><i> - As using .htaccess cause performance penalty, I have not enabled them, +</I>><i> but maybe part of them are required. In any case, we need to review them +</I>><i> and add them to the apache configuration if needed. IIRC, most are just +</I>><i> "do not go to this directory". +</I>><i> +</I>we need to rewrite, control accesses and other things like that. + +If we don't use .htaccess then all these configs need to be moved to apache vhost config + +><i> - https has to be forced for the login, and cleartext has to be disabled +</I>><i> ( as cleartext passwords for sysadmins and people with ldap admin rights +</I>><i> is IMHO 'niet', and we cannot rely on people never forgetting this to +</I>><i> always log using SSL ) +</I>><i> +</I>https for all ? + +(and redirection http->https) + +><i> - ssl certs should be corrected ( as I discovered during the night ), +</I>><i> but that should be quick ( when I mean corrected, I speak of the wrong +</I>><i> host, not of the fact they are self signed ). +</I>><i> +</I>><i> - IMHO, a clearer separation of code and theme should be done, as for +</I>><i> now, we do have everything in the same git repository +</I>><i> +</I>Ok but how ? + +><i> - Various things would IMHO have to be adjusted ( like email, etc ). +</I>><i> +</I>yup + +><i> - for sysadmin, the git hosting has to be completed ( mail notification, +</I>><i> web interface, various commits hooks, etc ) +</I>><i> +</I>><i> - php deployment should also be hardened and fixed ( fixed because php +</I>><i> complain about some timezone issue ). +</I>><i> +</I>-> Define timezone in php.ini + +><i> - registration on the forum without using identity, as we decided in +</I>><i> this thread +</I>><i> ( <A HREF="https://www.mageia.org/pipermail/mageia-sysadm/2010-November/000897.html">https://www.mageia.org/pipermail/mageia-sysadm/2010-November/000897.html</A> ) should be disabled. I didn't went further but it didn't seemed to be the case ( at least, not in the interface ). +</I>><i> +</I>yes... at registration could be done but the created account would not be able to log in + +><i> - prepare the migration to the vm at nfrance ( once it is ready ). This +</I>><i> will requires some adjustments to some puppet modules, as we assumed +</I>><i> that only one db server would be used. +</I>><i> +</I>ph34r the distance between db server (Marseille) and forum (Toulouse) + + +><i> For now, the forum is locked ( using the builtin forum facility ) until +</I>><i> I do a quick review of the .htaccess stuff, and because I think people +</I>><i> didn't want to have it opened without knowing it was installed. Forum +</I>><i> admin should be able to unlock it if they want ( unless I was wrong +</I>><i> about the way phpbb work ) +</I>I'll try to log in and do also a tiny review + +Thanks Misc + + + + + +</PRE> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="002816.html">[Mageia-sysadm] Forum installation (almost) complete +</A></li> + <LI>Next message: <A HREF="002820.html">[Mageia-sysadm] mirrors readme/howto/script +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#2818">[ date ]</a> + <a href="thread.html#2818">[ thread ]</a> + <a href="subject.html#2818">[ subject ]</a> + <a href="author.html#2818">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-sysadm">More information about the Mageia-sysadm +mailing list</a><br> +</body></html> |