1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE> [Mageia-sysadm] [Mageia-webteam] Forum installation (almost) complete
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20%5BMageia-webteam%5D%20Forum%20installation%20%28almost%29%0A%09complete&In-Reply-To=%3C4D63C350.40805%40vilarem.net%3E">
<META NAME="robots" CONTENT="index,nofollow">
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="002816.html">
<LINK REL="Next" HREF="002820.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[Mageia-sysadm] [Mageia-webteam] Forum installation (almost) complete</H1>
<B>Maât</B>
<A HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20%5BMageia-webteam%5D%20Forum%20installation%20%28almost%29%0A%09complete&In-Reply-To=%3C4D63C350.40805%40vilarem.net%3E"
TITLE="[Mageia-sysadm] [Mageia-webteam] Forum installation (almost) complete">maat-ml at vilarem.net
</A><BR>
<I>Tue Feb 22 15:08:16 CET 2011</I>
<P><UL>
<LI>Previous message: <A HREF="002816.html">[Mageia-sysadm] Forum installation (almost) complete
</A></li>
<LI>Next message: <A HREF="002820.html">[Mageia-sysadm] mirrors readme/howto/script
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#2818">[ date ]</a>
<a href="thread.html#2818">[ thread ]</a>
<a href="subject.html#2818">[ subject ]</a>
<a href="author.html#2818">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>Le 22/02/2011 13:42, Michael Scherer a écrit :
><i> Hi,
</I>><i>
</I>><i> I finished the most part of the puppet deployment of the forum this
</I>><i> night, as those who were idling on #mageia-sysadmin know.
</I>\o/ great !
><i> So thanks to the work of Maat and ashledombos, we do have :
</I>><i> - a git repository on <A HREF="git://git.mageia.org/forum/">git://git.mageia.org/forum/</A> ( write access :
</I>><i> <A HREF="ssh://git.mageia.org/git/forum/">ssh://git.mageia.org/git/forum/</A> for them, as they requested ). Filled
</I>><i> with what was sent to me last week.
</I>><i>
</I>><i> - the friteuse vm that hold the forum is hosted on alamut, for the
</I>><i> moment, with a reverse proxy, on both http and https
</I>><i>
</I>We'll need perhaps to force a redirection for http to https (dunno is phpbb works well with both ways)
><i> - the database is hosted on alamut, on pgsql.
</I>><i>
</I>><i> - a git snapshot of the current code that was sent is deployed, along
</I>><i> with puppet stuff to deploy it more than once ( hosting for more than
</I>><i> one forum was on the TODO list after all )
</I>><i>
</I>><i> - I had to remove ./install/, as asked by phpbb who refused to work. I
</I>><i> do not know if there was something needed, it is still in git, just
</I>><i> removed on the snapshot with rm ( I kept in git to ease the merge of
</I>><i> code later ).
</I>><i>
</I>an other approach is to rename install -> noinstall and prevent completely access to noinstall with apache deny
-> when we need to use again install a move noinstall -> install sets back the forum to maintenance mode
(for better security controlling access to install with an ip whitelist or even a http based login against ldap would be nice)
><i> What is left to do :
</I>><i>
</I>><i> - There is likely missing write permissions ( I have started to lock
</I>><i> down and opened ./cache/, and it was sufficient to have something to
</I>><i> see )
</I>><i>
</I>Yup but we'll need also write access to upload dirs (for uploaded files, pictures, avatars, smilies...)
><i> - As using .htaccess cause performance penalty, I have not enabled them,
</I>><i> but maybe part of them are required. In any case, we need to review them
</I>><i> and add them to the apache configuration if needed. IIRC, most are just
</I>><i> "do not go to this directory".
</I>><i>
</I>we need to rewrite, control accesses and other things like that.
If we don't use .htaccess then all these configs need to be moved to apache vhost config
><i> - https has to be forced for the login, and cleartext has to be disabled
</I>><i> ( as cleartext passwords for sysadmins and people with ldap admin rights
</I>><i> is IMHO 'niet', and we cannot rely on people never forgetting this to
</I>><i> always log using SSL )
</I>><i>
</I>https for all ?
(and redirection http->https)
><i> - ssl certs should be corrected ( as I discovered during the night ),
</I>><i> but that should be quick ( when I mean corrected, I speak of the wrong
</I>><i> host, not of the fact they are self signed ).
</I>><i>
</I>><i> - IMHO, a clearer separation of code and theme should be done, as for
</I>><i> now, we do have everything in the same git repository
</I>><i>
</I>Ok but how ?
><i> - Various things would IMHO have to be adjusted ( like email, etc ).
</I>><i>
</I>yup
><i> - for sysadmin, the git hosting has to be completed ( mail notification,
</I>><i> web interface, various commits hooks, etc )
</I>><i>
</I>><i> - php deployment should also be hardened and fixed ( fixed because php
</I>><i> complain about some timezone issue ).
</I>><i>
</I>-> Define timezone in php.ini
><i> - registration on the forum without using identity, as we decided in
</I>><i> this thread
</I>><i> ( <A HREF="https://www.mageia.org/pipermail/mageia-sysadm/2010-November/000897.html">https://www.mageia.org/pipermail/mageia-sysadm/2010-November/000897.html</A> ) should be disabled. I didn't went further but it didn't seemed to be the case ( at least, not in the interface ).
</I>><i>
</I>yes... at registration could be done but the created account would not be able to log in
><i> - prepare the migration to the vm at nfrance ( once it is ready ). This
</I>><i> will requires some adjustments to some puppet modules, as we assumed
</I>><i> that only one db server would be used.
</I>><i>
</I>ph34r the distance between db server (Marseille) and forum (Toulouse)
><i> For now, the forum is locked ( using the builtin forum facility ) until
</I>><i> I do a quick review of the .htaccess stuff, and because I think people
</I>><i> didn't want to have it opened without knowing it was installed. Forum
</I>><i> admin should be able to unlock it if they want ( unless I was wrong
</I>><i> about the way phpbb work )
</I>I'll try to log in and do also a tiny review
Thanks Misc
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="002816.html">[Mageia-sysadm] Forum installation (almost) complete
</A></li>
<LI>Next message: <A HREF="002820.html">[Mageia-sysadm] mirrors readme/howto/script
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#2818">[ date ]</a>
<a href="thread.html#2818">[ thread ]</a>
<a href="subject.html#2818">[ subject ]</a>
<a href="author.html#2818">[ author ]</a>
</LI>
</UL>
<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-sysadm">More information about the Mageia-sysadm
mailing list</a><br>
</body></html>
|
