1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE> [Mageia-webteam] Forum installation (almost) complete
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:mageia-webteam%40mageia.org?Subject=Re%3A%20%5BMageia-webteam%5D%20Forum%20installation%20%28almost%29%20complete&In-Reply-To=%3C4D63C350.40805%40vilarem.net%3E">
<META NAME="robots" CONTENT="index,nofollow">
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="000365.html">
<LINK REL="Next" HREF="000369.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[Mageia-webteam] Forum installation (almost) complete</H1>
<B>Maât</B>
<A HREF="mailto:mageia-webteam%40mageia.org?Subject=Re%3A%20%5BMageia-webteam%5D%20Forum%20installation%20%28almost%29%20complete&In-Reply-To=%3C4D63C350.40805%40vilarem.net%3E"
TITLE="[Mageia-webteam] Forum installation (almost) complete">maat-ml at vilarem.net
</A><BR>
<I>Tue Feb 22 15:08:16 CET 2011</I>
<P><UL>
<LI>Previous message: <A HREF="000365.html">[Mageia-webteam] Forum installation (almost) complete
</A></li>
<LI>Next message: <A HREF="000369.html">[Mageia-webteam] Forum installation (almost) complete
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#366">[ date ]</a>
<a href="thread.html#366">[ thread ]</a>
<a href="subject.html#366">[ subject ]</a>
<a href="author.html#366">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>Le 22/02/2011 13:42, Michael Scherer a écrit :
><i> Hi,
</I>><i>
</I>><i> I finished the most part of the puppet deployment of the forum this
</I>><i> night, as those who were idling on #mageia-sysadmin know.
</I>\o/ great !
><i> So thanks to the work of Maat and ashledombos, we do have :
</I>><i> - a git repository on <A HREF="git://git.mageia.org/forum/">git://git.mageia.org/forum/</A> ( write access :
</I>><i> <A HREF="ssh://git.mageia.org/git/forum/">ssh://git.mageia.org/git/forum/</A> for them, as they requested ). Filled
</I>><i> with what was sent to me last week.
</I>><i>
</I>><i> - the friteuse vm that hold the forum is hosted on alamut, for the
</I>><i> moment, with a reverse proxy, on both http and https
</I>><i>
</I>We'll need perhaps to force a redirection for http to https (dunno is phpbb works well with both ways)
><i> - the database is hosted on alamut, on pgsql.
</I>><i>
</I>><i> - a git snapshot of the current code that was sent is deployed, along
</I>><i> with puppet stuff to deploy it more than once ( hosting for more than
</I>><i> one forum was on the TODO list after all )
</I>><i>
</I>><i> - I had to remove ./install/, as asked by phpbb who refused to work. I
</I>><i> do not know if there was something needed, it is still in git, just
</I>><i> removed on the snapshot with rm ( I kept in git to ease the merge of
</I>><i> code later ).
</I>><i>
</I>an other approach is to rename install -> noinstall and prevent completely access to noinstall with apache deny
-> when we need to use again install a move noinstall -> install sets back the forum to maintenance mode
(for better security controlling access to install with an ip whitelist or even a http based login against ldap would be nice)
><i> What is left to do :
</I>><i>
</I>><i> - There is likely missing write permissions ( I have started to lock
</I>><i> down and opened ./cache/, and it was sufficient to have something to
</I>><i> see )
</I>><i>
</I>Yup but we'll need also write access to upload dirs (for uploaded files, pictures, avatars, smilies...)
><i> - As using .htaccess cause performance penalty, I have not enabled them,
</I>><i> but maybe part of them are required. In any case, we need to review them
</I>><i> and add them to the apache configuration if needed. IIRC, most are just
</I>><i> "do not go to this directory".
</I>><i>
</I>we need to rewrite, control accesses and other things like that.
If we don't use .htaccess then all these configs need to be moved to apache vhost config
><i> - https has to be forced for the login, and cleartext has to be disabled
</I>><i> ( as cleartext passwords for sysadmins and people with ldap admin rights
</I>><i> is IMHO 'niet', and we cannot rely on people never forgetting this to
</I>><i> always log using SSL )
</I>><i>
</I>https for all ?
(and redirection http->https)
><i> - ssl certs should be corrected ( as I discovered during the night ),
</I>><i> but that should be quick ( when I mean corrected, I speak of the wrong
</I>><i> host, not of the fact they are self signed ).
</I>><i>
</I>><i> - IMHO, a clearer separation of code and theme should be done, as for
</I>><i> now, we do have everything in the same git repository
</I>><i>
</I>Ok but how ?
><i> - Various things would IMHO have to be adjusted ( like email, etc ).
</I>><i>
</I>yup
><i> - for sysadmin, the git hosting has to be completed ( mail notification,
</I>><i> web interface, various commits hooks, etc )
</I>><i>
</I>><i> - php deployment should also be hardened and fixed ( fixed because php
</I>><i> complain about some timezone issue ).
</I>><i>
</I>-> Define timezone in php.ini
><i> - registration on the forum without using identity, as we decided in
</I>><i> this thread
</I>><i> ( <A HREF="https://www.mageia.org/pipermail/mageia-sysadm/2010-November/000897.html">https://www.mageia.org/pipermail/mageia-sysadm/2010-November/000897.html</A> ) should be disabled. I didn't went further but it didn't seemed to be the case ( at least, not in the interface ).
</I>><i>
</I>yes... at registration could be done but the created account would not be able to log in
><i> - prepare the migration to the vm at nfrance ( once it is ready ). This
</I>><i> will requires some adjustments to some puppet modules, as we assumed
</I>><i> that only one db server would be used.
</I>><i>
</I>ph34r the distance between db server (Marseille) and forum (Toulouse)
><i> For now, the forum is locked ( using the builtin forum facility ) until
</I>><i> I do a quick review of the .htaccess stuff, and because I think people
</I>><i> didn't want to have it opened without knowing it was installed. Forum
</I>><i> admin should be able to unlock it if they want ( unless I was wrong
</I>><i> about the way phpbb work )
</I>I'll try to log in and do also a tiny review
Thanks Misc
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="000365.html">[Mageia-webteam] Forum installation (almost) complete
</A></li>
<LI>Next message: <A HREF="000369.html">[Mageia-webteam] Forum installation (almost) complete
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#366">[ date ]</a>
<a href="thread.html#366">[ thread ]</a>
<a href="subject.html#366">[ subject ]</a>
<a href="author.html#366">[ author ]</a>
</LI>
</UL>
<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-webteam">More information about the Mageia-webteam
mailing list</a><br>
</body></html>
|
