Compare commits

..

2 Commits

Author SHA1 Message Date
reaction.la
ec0e8650cb
2024-10-27 08:09:22 +10:00
reaction.la
230b748a09
updating instructions for restoring blog 2024-10-25 10:07:14 +10:00
4 changed files with 147 additions and 137 deletions

Binary file not shown.

Before

Width:  |  Height:  |  Size: 38 KiB

After

Width:  |  Height:  |  Size: 24 KiB

View File

@ -912,6 +912,9 @@ But other systems like a `*.rpm` package, which is built by `git-buildpackage-rp
But desktop integration is kind of random. But desktop integration is kind of random.
To put a program into the desktop applications menu, put its desktop file in
`~/.local/share/applications` (which may need to be created).
Under Mate and KDE Plasma, bitcoin implements run-on-login by generating a Under Mate and KDE Plasma, bitcoin implements run-on-login by generating a
`bitcoin.desktop` file and writing it into `~/.config/autostart` `bitcoin.desktop` file and writing it into `~/.config/autostart`

View File

@ -158,6 +158,10 @@ Everyone shall be white, male, heterosexual, and vaguely Christian, even
if they quite obviously are not, but no one shall unnecessarily and if they quite obviously are not, but no one shall unnecessarily and
irrelevantly reveal their actual race, sex, religion, or political orientation. irrelevantly reveal their actual race, sex, religion, or political orientation.
No one shall be a citizen or resident of any identifiable country, as this results
in the applicability of a pile of sanctions related laws. If you are resident of
country X, this can cause problems for someone who is resident of country Y.
Unnecessarily informing people one is female or Jewish or nonwhite Unnecessarily informing people one is female or Jewish or nonwhite
should get similar treatment to unnecessarily informing people one is a should get similar treatment to unnecessarily informing people one is a
pure blooded Aryan. pure blooded Aryan.

View File

@ -136,7 +136,7 @@ m-a -qi prepare
apt autoremove -qy apt autoremove -qy
mount /media/cdrom0 mount /media/cdrom0
cd /media/cdrom0 && sh ./VBoxLinuxAdditions.run cd /media/cdrom0 && sh ./VBoxLinuxAdditions.run
usermod -a -G vboxsf cherry usermod -a -G vboxsf «username»
``` ```
You will need to do another `m-a prepare` and to reinstall it after a You will need to do another `m-a prepare` and to reinstall it after a
@ -167,7 +167,7 @@ to
```ini ```ini
autologin-guest=false autologin-guest=false
autologin-user=cherry autologin-user=«username»
autologin-user-timeout=0 autologin-user-timeout=0
``` ```
@ -229,7 +229,7 @@ hostname && domainname -s && hostnamectl status
And if need be, set them with And if need be, set them with
```bash ```bash
fn=reaction.la fn=«example.com»
domainname -b $fn domainname -b $fn
hostnamectl set-hostname $fn hostnamectl set-hostname $fn
``` ```
@ -238,7 +238,7 @@ Your /etc/hosts file should contain
```text ```text
127.0.0.1 localhost 127.0.0.1 localhost
127.0.0.1 reaction.la 127.0.0.1 «example.com»
# The following lines are desirable for IPv6 capable hosts # The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback ::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet fe00::0 ip6-localnet
@ -330,7 +330,7 @@ apt autoremove -qy
Then you click on the autorun.sh in the cdrom through the gui. Then you click on the autorun.sh in the cdrom through the gui.
```bash ```bash
usermod -a -G vboxsf cherry usermod -a -G vboxsf «username»
``` ```
## Setting up OpenWrt in VirtualBox ## Setting up OpenWrt in VirtualBox
@ -575,7 +575,7 @@ On an actual server, it is advisable to enable passwordless sudo for one user.
issue the command `visudo` and edit the sudoers file to contain the line: issue the command `visudo` and edit the sudoers file to contain the line:
``` default ``` default
cherry ALL=(ALL) NOPASSWD:ALL «username» ALL=(ALL) NOPASSWD:ALL
``` ```
That user can now sudo any root command, with no password login nor That user can now sudo any root command, with no password login nor
@ -808,9 +808,9 @@ ssh-keygen -t ed25519 -f ssh_host_ed25519_key
(I don't trust the other key algorithms, because I suspect the NSA has been up to cleverness with the details of the implementation.) (I don't trust the other key algorithms, because I suspect the NSA has been up to cleverness with the details of the implementation.)
On windows, your secret key should be in `%HOMEPATH%/.ssh`, on linux On windows, your secret key should be in `%HOMEPATH%/.ssh`, on linux
in `/home/cherry/.ssh`, as is your config file for your ssh client, listing in `/home/«username»/.ssh`, as is your config file for your ssh client, listing
the keys for hosts. The public keys of your authorized keys are in the keys for hosts. The public keys of your authorized keys are in
`/home/cherry/.ssh/authorized_keys`, enabling you to login from afar as `/home/«username»/.ssh/authorized_keys`, enabling you to login from afar as
that user over the internet. The linux system for remote login is a cleaner that user over the internet. The linux system for remote login is a cleaner
and simpler system that the multitude of mysterious, complicated, and and simpler system that the multitude of mysterious, complicated, and
failure prone facilities for remote windows login, which is a major reason failure prone facilities for remote windows login, which is a major reason
@ -1106,7 +1106,7 @@ rsync -aAXvzP --delete remote_host:~/name .
To make sure the files are truly identical: To make sure the files are truly identical:
```bash ```bash
rsync -aAXvzc --delete reaction.la:~/name . rsync -aAXvzc --delete «example.com»:~/name .
``` ```
`rsync, ssh, git` and so forth know how to logon from the `rsync, ssh, git` and so forth know how to logon from the
@ -1208,7 +1208,7 @@ The sites-available directory looks like
```default ```default
000-default.conf 000-default.conf
reaction.la.conf «example.com».conf
default-ssl.conf default-ssl.conf
``` ```
@ -1216,37 +1216,37 @@ The sites enabled directory looks like
```default ```default
000-default.conf -> ../sites-available/000-default.conf 000-default.conf -> ../sites-available/000-default.conf
reaction.la-le-ssl.conf «example.com»-le-ssl.conf
reaction.la.conf «example.com».conf
``` ```
And the contents of reaction.la.conf are (before the https thingly has And the contents of «example.com».conf are (before the https thingly has
worked its magic) worked its magic)
```default ```default
<VirtualHost *:80> <VirtualHost *:80>
ServerName reaction.la ServerName «example.com»
ServerAlias www.reaction.la ServerAlias www.«example.com»
ServerAlias «foo.reaction.la» ServerAlias «foo.«example.com»»
ServerAlias «bar.reaction.la» ServerAlias «bar.«example.com»»
ServerAdmin «me@mysite» ServerAdmin «me@mysite»
DocumentRoot /var/www/reaction.la DocumentRoot /var/www/«example.com»
<Directory /var/www/reaction.la> <Directory /var/www/«example.com»>
Options -Indexes +FollowSymLinks Options -Indexes +FollowSymLinks
AllowOverride All AllowOverride All
</Directory> </Directory>
ErrorLog ${APACHE_LOG_DIR}/reaction.la-error.log ErrorLog ${APACHE_LOG_DIR}/«example.com»-error.log
CustomLog ${APACHE_LOG_DIR}/reaction.la-access.log combined CustomLog ${APACHE_LOG_DIR}/«example.com»-access.log combined
RewriteEngine on RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.reaction.la\.com [NC] RewriteCond %{HTTP_HOST} ^www\.«example.com»\.com [NC]
RewriteRule ^(.*)$ https://reaction.la/$1 [L,R=301] RewriteRule ^(.*)$ https://«example.com»/$1 [L,R=301]
</VirtualHost> </VirtualHost>
``` ```
All the other files dont matter. The conf file gets you to the named All the other files dont matter. The conf file gets you to the named
server. The contents of /var/www/reaction.la are the html files, the server. The contents of /var/www/«example.com» are the html files, the
important one being index.html. important one being index.html.
[install certbot]:https://certbot.eff.org/instructions [install certbot]:https://certbot.eff.org/instructions
@ -1265,31 +1265,31 @@ your nameservers, and only those names, certbot automagically converts
these from http virtual hosts to https virtual hosts and sets up these from http virtual hosts to https virtual hosts and sets up
redirect from http to https. redirect from http to https.
If you have an alias server such as www.reaction.la for reaction.la, If you have an alias server such as www.«example.com» for «example.com»,
certbot will guess you also have the domain name www.reaction.la and get certbot will guess you also have the domain name www.«example.com» and get
a certificate for that. a certificate for that.
Thus, after certbot has worked its magic, your conf file looks like Thus, after certbot has worked its magic, your conf file looks like
```default ```default
<VirtualHost *:80> <VirtualHost *:80>
ServerName reaction.la ServerName «example.com»
ServerAlias foo.reaction.la ServerAlias foo.«example.com»
ServerAlias bar.reaction.la ServerAlias bar.«example.com»
ServerAdmin me@mysite ServerAdmin me@mysite
DocumentRoot /var/www/reaction.la DocumentRoot /var/www/«example.com»
<Directory /var/www/reaction.la> <Directory /var/www/«example.com»>
Options -Indexes +FollowSymLinks Options -Indexes +FollowSymLinks
AllowOverride All AllowOverride All
</Directory> </Directory>
ErrorLog ${APACHE_LOG_DIR}/reaction.la-error.log ErrorLog ${APACHE_LOG_DIR}/«example.com»-error.log
CustomLog ${APACHE_LOG_DIR}/reaction.la-access.log combined CustomLog ${APACHE_LOG_DIR}/«example.com»-access.log combined
RewriteEngine on RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.example\.com [NC] RewriteCond %{HTTP_HOST} ^www\.example\.com [NC]
RewriteRule ^(.*)$ https://reaction.la/$1 [L,R=301] RewriteRule ^(.*)$ https://«example.com»/$1 [L,R=301]
RewriteCond %{SERVER_NAME} =reaction.la [OR] RewriteCond %{SERVER_NAME} =«example.com» [OR]
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost> </VirtualHost>
``` ```
@ -1297,7 +1297,13 @@ Thus, after certbot has worked its magic, your conf file looks like
## Lemp stack on Debian ## Lemp stack on Debian
```bash ```bash
apt-get -qy update && apt-get -qy install nginx mariadb-server php php-cli php-xml php-mbstring php-mysql php7.3-fpm systemctl stop apache2
apt-get remove --purge apache2 #apache is routinely installed by default,
# and then nginix tries to respect its files and configuration,
# with confusing and disturbing results.
# Apache must die. DIE DIE DIE.
apt-get upgrade
apt-get -qy update && apt-get -qy install ufw nginx mariadb-server php php-cli php-xml php-mbstring php-mysql php-fpm
nginx -t nginx -t
ufw status verbose ufw status verbose
``` ```
@ -1373,11 +1379,11 @@ when your site has your actual content on it.
Check again that the default nginx web page comes up when you browse to the server. Check again that the default nginx web page comes up when you browse to the server.
Create the directories `/var/www/blog.reaction.la` and `/var/www/reaction.la` and put some html files in them, substituting your actual domains for the example domains. Create the directories `/var/www/«subdomain.example.com»` and `/var/www/«example.com»` and put some html files in them, substituting your actual domains for the example domains.
```bash ```bash
mkdir /var/www/reaction.la && nano /var/www/reaction.la/index.html mkdir /var/www/«example.com» && nano /var/www/«example.com»/index.html
mkdir /var/www/blog.reaction.la && nano /var/www/blog.reaction.la/index.html mkdir /var/www/«subdomain.example.com» && nano /var/www/«subdomain.example.com»/index.html
``` ```
```default ```default
@ -1386,7 +1392,7 @@ mkdir /var/www/blog.reaction.la && nano /var/www/blog.reaction.la/index.html
<head> <head>
<meta charset="utf-8" /> <meta charset="utf-8" />
</head> </head>
<body><h1>reaction.la index file</h1></body> <body><h1>«example.com» index file</h1></body>
</html> </html>
``` ```
@ -1394,8 +1400,8 @@ Delete the default in `/etc/nginx/sites-enabled`, and create a file, which I
arbitrarily name `config` that specifies how your domain names are to be arbitrarily name `config` that specifies how your domain names are to be
handled, and how php is to be executed for each domain names. handled, and how php is to be executed for each domain names.
This config file assumes your domain is called `reaction.la` and your This config file assumes your domain is called `«example.com»` and your
service is called `php7.3-fpm.service`. Create the following config file, service is called `php-fpm.service`. Create the following config file,
substituting your actual domains for the example domains, and your actual substituting your actual domains for the example domains, and your actual
php fpm service for the fpm service. php fpm service for the fpm service.
@ -1403,8 +1409,6 @@ php fpm service for the fpm service.
nginx -t nginx -t
# find the name of your php fpm service # find the name of your php fpm service
systemctl status php* | grep fpm.service systemctl status php* | grep fpm.service
# substitute the actual php fpm service for
# php7.3-fpm.sock in the configuration file.
systemctl stop nginx systemctl stop nginx
rm -v /etc/nginx/sites-enabled/* rm -v /etc/nginx/sites-enabled/*
nano /etc/nginx/sites-enabled/config nano /etc/nginx/sites-enabled/config
@ -1412,21 +1416,21 @@ nano /etc/nginx/sites-enabled/config
```default ```default
server { server {
return 301 $scheme://reaction.la$request_uri; return 301 $scheme://«example.com»$request_uri;
} }
server { server {
listen 80; listen 80;
listen [::]:80; listen [::]:80;
index index.php index.html; index index.php index.html;
server_name blog.reaction.la; server_name «subdomain.example.com»;
root /var/www/blog.reaction.la; root /var/www/«subdomain.example.com»;
index index.php index.html; index index.php index.html;
location / { location / {
try_files $uri $uri/ =404; try_files $uri $uri/ =404;
} }
location ~ \.php$ { location ~ \.php$ {
include snippets/fastcgi-php.conf; include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.3-fpm.sock; fastcgi_pass unix:/run/php/php-fpm.sock;
} }
location = /favicon.ico {access_log off; } location = /favicon.ico {access_log off; }
location = /robots.txt {access_log off; allow all; } location = /robots.txt {access_log off; allow all; }
@ -1438,14 +1442,14 @@ server {
listen 80; listen 80;
listen [::]:80; listen [::]:80;
index index.php index.html; index index.php index.html;
server_name reaction.la; server_name «example.com»;
root /var/www/reaction.la; root /var/www/«example.com»;
location / { location / {
try_files $uri $uri/ =404; try_files $uri $uri/ =404;
} }
location ~ \.php$ { location ~ \.php$ {
include snippets/fastcgi-php.conf; include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.3-fpm.sock; fastcgi_pass unix:/run/php/php-fpm.sock;
} }
location = /favicon.ico {access_log off; } location = /favicon.ico {access_log off; }
location = /robots.txt {access_log off; allow all; } location = /robots.txt {access_log off; allow all; }
@ -1454,8 +1458,8 @@ server {
} }
} }
server { server {
server_name *.blog.reaction.la; server_name *.«subdomain.example.com»;
return 301 $scheme://blog.reaction.la$request_uri; return 301 $scheme://«subdomain.example.com»$request_uri;
} }
``` ```
@ -1467,7 +1471,7 @@ eliminates those pesky `www`s.
The root tells it where to find the actual files. The root tells it where to find the actual files.
The first location tells nginx that if a file name is not found, give a 404 rather than doing the disastrously clever stuff that it is apt to do, and the second location tells it that if a file name ends in `.php`, pass it to `php7.3-fpm.sock` (you did substitute your actual php fpm service for `php7.3-fpm.sock`, right?) The first location tells nginx that if a file name is not found, give a 404 rather than doing the disastrously clever stuff that it is apt to do, and the second location tells it that if a file name ends in `.php`, pass it to `php-fpm.sock` (you did substitute your actual php fpm service for `php-fpm.sock`, right?)
Now check that your configuration is OK with `nginx -t`, and restart nginx to read your configuration. Now check that your configuration is OK with `nginx -t`, and restart nginx to read your configuration.
@ -1482,12 +1486,12 @@ www gets redirected.
Now we will create some php files in those directories to check that php works. Now we will create some php files in those directories to check that php works.
```bash ```bash
echo "<?php phpinfo(); ?>" |tee /var/www/reaction.la/info.php echo "<?php phpinfo(); ?>" |tee /var/www/«example.com»/info.php
``` ```
Then take a look at `info.php` in a browser. Then take a look at `info.php` in a browser.
If that works, then create the file `/var/www/reaction.la/index.php` containing: If that works, then create the file `/var/www/«example.com»/index.php` containing:
```php ```php
<?php <?php
@ -1510,9 +1514,9 @@ If that works, then create the file `/var/www/reaction.la/index.php` containing:
?> ?>
``` ```
[http://reaction.la]:http://reaction.la [http://«example.com»]:http://«example.com»
Browse to [http://reaction.la] If that works, delete the `info.php` file as it reveals private information. You now have domain names being served Browse to [http://«example.com»] If that works, delete the `info.php` file as it reveals private information. You now have domain names being served
by lemp. Your database now is accessible over the internet through PHP by lemp. Your database now is accessible over the internet through PHP
on those domain names. on those domain names.
@ -1600,7 +1604,7 @@ map to the old server, until the new server works.)
```bash ```bash
certbot register --register-unsafely-without-email --agree-tos certbot register --register-unsafely-without-email --agree-tos
certbot run -a manual --preferred-challenges dns -i nginx \ certbot run -a manual --preferred-challenges dns -i nginx \
-d reaction.la -d blog.reaction.la -d «example.com» -d «subdomain.example.com»
nginx -t nginx -t
``` ```
@ -1642,11 +1646,11 @@ certbot renew --renew-by-default --http01
Because certbot automatically renews using the previous defaults, you Because certbot automatically renews using the previous defaults, you
have to have previously used a process to obtain certificate suitable for have to have previously used a process to obtain certificate suitable for
automation, which mean you have to have given it the information\ automation, which mean you have to have given it the information\
(`--webroot --webroot-path /var/www/reaction.la`)\ (`--webroot --webroot-path /var/www/«example.com»`)\
about how to do an automatic renewal by actually obtaining a certificate that way. about how to do an automatic renewal by actually obtaining a certificate that way.
To backup and restore letsencrypt, to move your certificates from one To backup and restore letsencrypt, to move your certificates from one
server to another, `rsync -HAvaX reaction.la:/etc/letsencrypt /etc`, as root server to another, `rsync -HAvaX «example.com»:/etc/letsencrypt /etc`, as root
on the computer which will receive the backup. The letsencrypt directory on the computer which will receive the backup. The letsencrypt directory
gets mangled by `tar`, `scp` and `sftp`. gets mangled by `tar`, `scp` and `sftp`.
@ -1663,19 +1667,19 @@ The certbot modified file for your ssl enabled domain should now look like
```default ```default
server { server {
return 301 $scheme://reaction.la$request_uri; return 301 $scheme://«example.com»$request_uri;
} }
server { server {
index index.php index.html; index index.php index.html;
server_name blog.reaction.la; server_name «subdomain.example.com»;
root /var/www/blog.reaction.la; root /var/www/«subdomain.example.com»;
index index.php; index index.php;
location / { location / {
try_files $uri $uri/ =404; try_files $uri $uri/ =404;
} }
location ~ \.php$ { location ~ \.php$ {
include snippets/fastcgi-php.conf; include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.3-fpm.sock; fastcgi_pass unix:/run/php/php-fpm.sock;
} }
location = /favicon.ico {access_log off; } location = /favicon.ico {access_log off; }
location = /robots.txt {access_log off; allow all; } location = /robots.txt {access_log off; allow all; }
@ -1684,21 +1688,21 @@ server {
} }
listen [::]:443 ssl; # managed by Certbot listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/reaction.la/fullchain.pem; # managed by Certbot ssl_certificate /etc/letsencrypt/live/«example.com»/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/reaction.la/privkey.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/«example.com»/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
} }
server { server {
index index.html; index index.html;
server_name reaction.la; server_name «example.com»;
root /var/www/reaction.la; root /var/www/«example.com»;
location / { location / {
try_files $uri $uri/ =404; try_files $uri $uri/ =404;
} }
location ~ \.php$ { location ~ \.php$ {
include snippets/fastcgi-php.conf; include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.3-fpm.sock; fastcgi_pass unix:/run/php/php-fpm.sock;
} }
location = /favicon.ico {access_log off; } location = /favicon.ico {access_log off; }
location = /robots.txt {access_log off; allow all; } location = /robots.txt {access_log off; allow all; }
@ -1707,35 +1711,35 @@ server {
} }
listen [::]:443 ssl ipv6only=on; # managed by Certbot listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/reaction.la/fullchain.pem; # managed by Certbot ssl_certificate /etc/letsencrypt/live/«example.com»/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/reaction.la/privkey.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/«example.com»/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
} }
server { server {
server_name *.blog.reaction.la; server_name *.«subdomain.example.com»;
return 301 $scheme://blog.reaction.la$request_uri; return 301 $scheme://«subdomain.example.com»$request_uri;
} }
server { server {
server_name *.reaction.la; server_name *.«example.com»;
return 301 $scheme://reaction.la$request_uri; return 301 $scheme://«example.com»$request_uri;
} }
server { server {
if ($host = reaction.la) { if ($host = «example.com») {
return 301 https://$host$request_uri; return 301 https://$host$request_uri;
} # managed by Certbot } # managed by Certbot
listen 80; listen 80;
listen [::]:80; listen [::]:80;
server_name reaction.la; server_name «example.com»;
return 404; # managed by Certbot return 404; # managed by Certbot
} }
server { server {
if ($host = blog.reaction.la) { if ($host = «subdomain.example.com») {
return 301 https://$host$request_uri; return 301 https://$host$request_uri;
} # managed by Certbot } # managed by Certbot
listen 80; listen 80;
listen [::]:80; listen [::]:80;
server_name blog.reaction.la; server_name «subdomain.example.com»;
return 404; # managed by Certbot return 404; # managed by Certbot
} }
``` ```
@ -1783,7 +1787,7 @@ apt-get -qy install php-curl php-gd php-intl php-mbstring php-soap php-xml php-x
systemctl status php* | grep fpm.service systemctl status php* | grep fpm.service
# restart the service indicated above # restart the service indicated above
systemctl stop nginx systemctl stop nginx
systemctl stop php7.3-fpm.service systemctl stop php-fpm.service
mariadb mariadb
``` ```
@ -1791,7 +1795,7 @@ mariadb
CREATE DATABASE wordpress DEFAULT CHARACTER SET CREATE DATABASE wordpress DEFAULT CHARACTER SET
utf8mb4 COLLATE utf8mb4_unicode_ci; utf8mb4 COLLATE utf8mb4_unicode_ci;
GRANT ALL ON wordpress.* TO 'wordpress_user'@'localhost' GRANT ALL ON wordpress.* TO 'wordpress_user'@'localhost'
IDENTIFIED BY 'FGikkdfj3878'; IDENTIFIED BY '«password»';
FLUSH PRIVILEGES; FLUSH PRIVILEGES;
exit exit
``` ```
@ -1820,11 +1824,11 @@ cd temp
curl -LO https://wordpress.org/latest.tar.gz curl -LO https://wordpress.org/latest.tar.gz
tar -xzvf latest.tar.gz tar -xzvf latest.tar.gz
cp -v wordpress/wp-config-sample.php wordpress/wp-config.php cp -v wordpress/wp-config-sample.php wordpress/wp-config.php
cp -av wordpress/. /var/www/blog.reaction.la cp -av wordpress/* /var/www/«subdomain.example.com»
chown -R www-data:www-data /var/www/blog.reaction.la && find /var/www -type d -exec chmod 755 {} \; && find /var/www -type f -exec chmod 644 {} \; chown -R www-data:www-data /var/www/«subdomain.example.com» && find /var/www -type d -exec chmod 755 {} \; && find /var/www -type f -exec chmod 644 {} \;
# so that wordpress can write to the directory # so that wordpress can write to the directory
curl -s https://api.wordpress.org/secret-key/1.1/salt/ curl -s https://api.wordpress.org/secret-key/1.1/salt/
nano /var/www/blog.reaction.la/wp-config.php nano /var/www/«subdomain.example.com»/wp-config.php
``` ```
Replace the defines that are there\ Replace the defines that are there\
@ -1841,7 +1845,7 @@ define('DB_NAME', 'wordpress');
/** MySQL database username */ /** MySQL database username */
define('DB_USER', 'wordpress_user'); define('DB_USER', 'wordpress_user');
/** MySQL database password */ /** MySQL database password */
define('DB_PASSWORD', 'FGikkdfj3878'); define('DB_PASSWORD', '«password»');
/** MySQL hostname */ /** MySQL hostname */
define( 'DB_HOST', 'localhost' ); define( 'DB_HOST', 'localhost' );
/** Database Charset to use in creating database tables. */ /** Database Charset to use in creating database tables. */
@ -1852,7 +1856,6 @@ define( 'DB_COLLATE', 'utf8mb4_unicode_ci' );
``` ```
```bash ```bash
systemctl start php7.3-fpm.service
systemctl start nginx systemctl start nginx
``` ```
@ -1870,16 +1873,16 @@ PhpMyAdmin even though it is easer and safer.
```bash ```bash
systemctl stop nginx systemctl stop nginx
systemctl stop php7.3-fpm.service systemctl stop php-fpm.service
mdir temp && cd temp mdir temp && cd temp
fn=blogdb fn=blogdb
db=wordpress db=wordpress
dbuser=wordpress_user dbuser=wordpress_user
dbpass=FGikkdfj3878 dbpass=«password»
mysqldump -u $dbuser --password=$dbpass $db > $fn.sql mysqldump -u $dbuser --password=$dbpass $db > $fn.sql
head -n 30 $fn.sql head -n 30 $fn.sql
zip $fn.sql.zip $fn.sql zip $fn.sql.zip $fn.sql
systemctl start php7.3-fpm.service systemctl start php-fpm.service
systemctl start nginx systemctl start nginx
``` ```
@ -1893,7 +1896,7 @@ Copy everything from the web server source directory of the previous
wordpress installation to the web server of the new wordpress installation. wordpress installation to the web server of the new wordpress installation.
```bash ```bash
chown -R www-data:www-data /var/www/blog.reaction.la chown -R www-data:www-data /var/www/«subdomain.example.com»
``` ```
Replace the defines for `DB_NAME`, `DB_USER`, and `DB_PASSWORD` in `wp_config.php`, as described in [Wordpress on Lemp] Replace the defines for `DB_NAME`, `DB_USER`, and `DB_PASSWORD` in `wp_config.php`, as described in [Wordpress on Lemp]
@ -1902,7 +1905,6 @@ Replace the defines for `DB_NAME`, `DB_USER`, and `DB_PASSWORD` in `wp_config.ph
```bash ```bash
systemctl stop nginx systemctl stop nginx
systemctl stop php7.3-fpm.service
# we dont want anyone browsing the blog while we are setting it up # we dont want anyone browsing the blog while we are setting it up
# nor the wordpress update service running. # nor the wordpress update service running.
mariadb mariadb
@ -1910,10 +1912,9 @@ mariadb
```sql ```sql
DROP DATABASE IF EXISTS wordpress; DROP DATABASE IF EXISTS wordpress;
CREATE DATABASE wordpress DEFAULT CHARACTER SET CREATE DATABASE wordpress DEFAULT CHARACTER SET utf8;
utf8mb4 COLLATE utf8mb4_unicode_ci;
GRANT ALL ON wordpress.* TO 'wordpress_user'@'localhost' GRANT ALL ON wordpress.* TO 'wordpress_user'@'localhost'
IDENTIFIED BY 'FGikkdfj3878'; IDENTIFIED BY '«password»';
exit exit
``` ```
@ -1923,15 +1924,19 @@ on Lemp]. Dont do that, or if you start nginx and do that to make sure
everything is working, then start over by deleting and recreating the everything is working, then start over by deleting and recreating the
database as above. database as above.
Alternatively, if you want to merge this content into an blog that has
already been setup, perhaps an almost empty blog, you remove all the drop
table commands and create table commands from the sql, and replace all the `INSERT INTO`
statements with `INSERT IGNORE INTO`
Now we will populate the database. Now we will populate the database.
```bash ```bash
tar -xvf wordpress.sql.zst
fn=wordpress fn=wordpress
db=wordpress db=wordpress
dbuser=wordpress_user dbuser=wordpress_user
dbpass=FGikkdfj3878 dbpass=«password»
unzip $fn.sql.zip
mv *.sql $fn.sql
mariadb -u $dbuser --password=$dbpass $db < $fn.sql mariadb -u $dbuser --password=$dbpass $db < $fn.sql
mariadb -u $dbuser --password=$dbpass $db mariadb -u $dbuser --password=$dbpass $db
``` ```
@ -1946,7 +1951,6 @@ exit
Adjust `$table_prefix = 'wp_';` in `wp_config.php` if necessary. Adjust `$table_prefix = 'wp_';` in `wp_config.php` if necessary.
```bash ```bash
systemctl start php7.3-fpm.service
systemctl start nginx systemctl start nginx
``` ```
@ -1972,7 +1976,6 @@ SELECT * FROM wp_comments l LIMIT 10;
Adjust `$table_prefix = 'wp_';` in `wp_config.php` if necessary. Adjust `$table_prefix = 'wp_';` in `wp_config.php` if necessary.
```bash ```bash
systemctl start php7.3-fpm.service
systemctl start nginx systemctl start nginx
``` ```
@ -1993,11 +1996,11 @@ Then edit the virtual servers to be logged, which are in the directory `/etc/ngi
```text ```text
server { server {
server_name reaction.la; server_name «example.com»;
root /var/www/reaction.la; root /var/www/«example.com»;
access_log /var/log/nginx/reaction.la.access.log; access_log /var/log/nginx/«example.com».access.log;
error_log /var/log/nginx/reaction.la.error.log; error_log /var/log/nginx/«example.com».error.log;
} }
``` ```
@ -2077,7 +2080,7 @@ obscurely connected to the configuration of each of the other things.
### Setting DNS entries for email ### Setting DNS entries for email
An MX record for `reaction.la` will read simply `mail` (no full stop, that An MX record for `«example.com»` will read simply `mail` (no full stop, that
is for the case that you are trying to have a totally unrelated host handle is for the case that you are trying to have a totally unrelated host handle
your mail) Check that it is working by using an MX lookup service such your mail) Check that it is working by using an MX lookup service such
as [MX tools] and [Dig] as [MX tools] and [Dig]
@ -2151,8 +2154,8 @@ know for sure it is from you, and has not been altered in transit, but not be
able to prove to the whole world that it is from you. able to prove to the whole world that it is from you.
A DMARK record can tell the recipient that mail from A DMARK record can tell the recipient that mail from
`rhocoin.org` will always and only come senders like `«example.com»` will always and only come senders like
`user@rhocoin.org`. This can be an inconvenient restriction on `user@«example.com»`. This can be an inconvenient restriction on
one's ability to use a more relevant identity. one's ability to use a more relevant identity.
Further, intermediate servers keep manging messages sent through them, Further, intermediate servers keep manging messages sent through them,
@ -2283,7 +2286,7 @@ The `postmaster: root` setting ensures that system-generated emails are sent
to the `root` user. You want to edit these settings so these emails are rerouted to the `root` user. You want to edit these settings so these emails are rerouted
to your email address. To accomplish that, replace «your_email_address» to your email address. To accomplish that, replace «your_email_address»
with your actual email address, or the name of a non root user.. Most systems do not allow email clients to with your actual email address, or the name of a non root user.. Most systems do not allow email clients to
login as root, so you cannot easily access emails that wind up as `root@mail.rhocoin.org` login as root, so you cannot easily access emails that wind up as `root@mail.«example.com»`
Probably you should create a user `postmaster` Probably you should create a user `postmaster`
@ -2408,8 +2411,8 @@ Modify `/etc/postfix/main.cf` using the postconf command:
# SMTP from other servers to yours # SMTP from other servers to yours
# Make sure to substitute your certificates in for the smtp # Make sure to substitute your certificates in for the smtp
# and smtpd certificates. # and smtpd certificates.
postconf -e smtpd_tls_cert_file=/etc/letsencrypt/live/rhocoin.org/fullchain.pem postconf -e smtpd_tls_cert_file=/etc/letsencrypt/live/«example.com»/fullchain.pem
postconf -e smtpd_tls_key_file=/etc/letsencrypt/live/rhocoin.org/privkey.pem postconf -e smtpd_tls_key_file=/etc/letsencrypt/live/«example.com»/privkey.pem
postconf -e smtpd_tls_security_level = may postconf -e smtpd_tls_security_level = may
postconf -e smtpd_tls_auth_only = yes postconf -e smtpd_tls_auth_only = yes
postconf -e smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3,!TLSv1, !TLSv1.1 postconf -e smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3,!TLSv1, !TLSv1.1
@ -2421,8 +2424,8 @@ postconf smtpd_tls_session_cache_database
# smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache # smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
# #
# SMTP from your server to others # SMTP from your server to others
postconf -e smtp_tls_cert_file=/etc/letsencrypt/live/rhocoin.org/fullchain.pem postconf -e smtp_tls_cert_file=/etc/letsencrypt/live/«example.com»/fullchain.pem
postconf -e smtp_tls_key_file=/etc/letsencrypt/live/rhocoin.org/privkey.pem postconf -e smtp_tls_key_file=/etc/letsencrypt/live/«example.com»/privkey.pem
postconf -e smtp_tls_security_level=may postconf -e smtp_tls_security_level=may
postconf -e smtp_tls_note_starttls_offer=yes postconf -e smtp_tls_note_starttls_offer=yes
postconf -e smtp_tls_mandatory_protocols='!SSLv2, !SSLv3, !TLSv1, !TLSv1.1' postconf -e smtp_tls_mandatory_protocols='!SSLv2, !SSLv3, !TLSv1, !TLSv1.1'
@ -2453,20 +2456,20 @@ cat /var/log/mail.log |grep TLS
You should now see some TLS activity for those emails, and you should receive the emails. You should now see some TLS activity for those emails, and you should receive the emails.
OK, now we are all done, unless you want people to send you emails at OK, now we are all done, unless you want people to send you emails at
cherry@rhocoin.org, and to be actually able to usefully read those emails «username»@«example.com», and to be actually able to usefully read those emails
without setting up forwarding to another address. without setting up forwarding to another address.
Well, not quite done, for now that you can receive emails, need to add your email to to your DMARC policy.\ Well, not quite done, for now that you can receive emails, need to add your email to to your DMARC policy.\
`v=DMARC1; p=quarantine; rua=mailto:postmaster@rhocoin.org` `v=DMARC1; p=quarantine; rua=mailto:postmaster@«example.com»`
A dmarc record is a text record with the hostname `_dmarc`, and the policy is its text value. A dmarc record is a text record with the hostname `_dmarc`, and the policy is its text value.
### SASL ### SASL
At this point any random person on the internet can send mail to At this point any random person on the internet can send mail to
`root@rhocoin.org`, and you can automatically forward it to an actually `root@«example.com»`, and you can automatically forward it to an actually
usable email address, but you cannot access his email account at usable email address, but you cannot access his email account at
`root@rhocoin.org` from a laptop using thunderbird, and accessing it `root@«example.com»` from a laptop using thunderbird, and accessing it
through the command line using `mail` is not very useful. through the command line using `mail` is not very useful.
Because although Postfix by default accepts sasl authenticated mail Because although Postfix by default accepts sasl authenticated mail
@ -2479,11 +2482,11 @@ smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_una
It has yet as yet nothing configured to provide `sasl` authentication. It has yet as yet nothing configured to provide `sasl` authentication.
We don't want random spammer on the internet to send email as We don't want random spammer on the internet to send email as
`random@rhocoin.org`, but we do want authenticated users to be able to do `random@«example.com»`, but we do want authenticated users to be able to do
as they please. as they please.
So, need to install and configure Dovecot to provide sasl, to authenticate So, need to install and configure Dovecot to provide sasl, to authenticate
cherry to Postfix. And need to tell Postfix to accept Dovecot authentication. «username» to Postfix. And need to tell Postfix to accept Dovecot authentication.
However, before we do any of that, there is a very big problem, that all However, before we do any of that, there is a very big problem, that all
email systems that allow clients to send email are a bleeding security hole, email systems that allow clients to send email are a bleeding security hole,
@ -2582,19 +2585,19 @@ For each domain name that has an MX record pointing at this host add the
```bash ```bash
postconf virtual_alias_domains postconf virtual_alias_domains
postconf -e virtual_alias_domains=reaction.la,blog.reaction.la postconf -e virtual_alias_domains=«example.com»,«subdomain.example.com»
postconf -e virtual_alias_maps=hash:/etc/postfix/virtual postconf -e virtual_alias_maps=hash:/etc/postfix/virtual
``` ```
Now create the file `/etc/postfix/virtual` which will list all the email addresses of users with email addresses ending in those domain names. Now create the file `/etc/postfix/virtual` which will list all the email addresses of users with email addresses ending in those domain names.
```default ```default
ann@reaction.la ann ann@«example.com» ann
bob@reaction.la bob bob@«example.com» bob
carol@blog.reaction.la carol carol@«subdomain.example.com» carol
dan@blog.reaction.la dan dan@«subdomain.example.com» dan
@reaction.la blackhole @«example.com» blackhole
@blog.reaction.la blackhole @«subdomain.example.com» blackhole
# ann, bob, carol, dan, and blackhole have to be actual users # ann, bob, carol, dan, and blackhole have to be actual users
# on the actual host, or entries in its aliases file, even if there # on the actual host, or entries in its aliases file, even if there
# is no way for them to actually login except through an # is no way for them to actually login except through an
@ -2624,9 +2627,9 @@ We then enter the email address and password, and click on `configure manually`
Select SSL/TLS and normal password Select SSL/TLS and normal password
For the server, thunderbird will incorrectly propose `.blog.reaction.la` For the server, thunderbird will incorrectly propose `.«subdomain.example.com»`
Put in the correct value, `rhocoin.org`, then click on re-test. Thunderbird will then correctly set the port numbers itself, which are the standard port numbers. Put in the correct value, `«example.com»`, then click on re-test. Thunderbird will then correctly set the port numbers itself, which are the standard port numbers.
[tutorial](https://www.linux.com/training-tutorials/how-set-virtual-domains-and-virtual-users-postfix/) [tutorial](https://www.linux.com/training-tutorials/how-set-virtual-domains-and-virtual-users-postfix/)
@ -2952,7 +2955,7 @@ To set up Git on the cloud,
and to use git on the cloud and to use git on the cloud
[see](http://blog.davidecoppola.com/2016/12/how-to-set-up-a-git-repository-locally-and-on-a-remote-server/). [see](http://blog.davidecoppola.com/2016/12/how-to-set-up-a-git-repository-locally-and-on-a-remote-server/).
On my system, I ssh into the remote system `reaction.la` as the user On my system, I ssh into the remote system `«example.com»` as the user
`git` and then in the `git` home directory: `git` and then in the `git` home directory:
```bash ```bash
@ -2970,7 +2973,7 @@ git init
git add * git add *
git commit -m"this is a project to so and so" git commit -m"this is a project to so and so"
git remote -v git remote -v
git remote add origin git@reaction.la:~/MyProject git remote add origin git@«example.com»:~/MyProject
git remote -v git remote -v
git push -u origin --all # pushes up the repo and its refs for the first time git push -u origin --all # pushes up the repo and its refs for the first time
git push -u origin --tags git push -u origin --tags
@ -2990,8 +2993,8 @@ their public key with the putty key gen copy and paste public key.
Make sure the config file `~/.ssh/config` contains Make sure the config file `~/.ssh/config` contains
Host reaction.la Host «example.com»
HostName reaction.la HostName «example.com»
Port 22 Port 22
IdentityFile ~/.ssh/id_ed25519 IdentityFile ~/.ssh/id_ed25519
@ -3386,8 +3389,8 @@ to hppts governed by a lets encrypt certificate.
[GitLab [GitLab
Mattermost](https://docs.gitlab.com/omnibus/gitlab-mattermost/#getting-started) Mattermost](https://docs.gitlab.com/omnibus/gitlab-mattermost/#getting-started)
expects to run on its own virtual host. In your DNS you would then have expects to run on its own virtual host. In your DNS you would then have
two entries pointing to the same machine, e.g. gitlab.reaction.la and two entries pointing to the same machine, e.g. gitlab.«example.com» and
mattermost.reaction.la. GitLab Mattermost is disabled by default, to mattermost.«example.com». GitLab Mattermost is disabled by default, to
enable it just put the external url in the configuration file. enable it just put the external url in the configuration file.
Github, on the other hand, allows you to point [your own domain name to Github, on the other hand, allows you to point [your own domain name to
@ -3453,7 +3456,7 @@ Eight gig, two cores, which you will need to run gitlab for everyone, is
Also, [vpn on the cloud](https://github.com/Nyr/openvpn-install). Also, [vpn on the cloud](https://github.com/Nyr/openvpn-install).
Currency project should be [hosted on digital ocean at git.reaction.la, at Currency project should be [hosted on digital ocean at git.«example.com», at
\$20 per month (Four gig, two cores), using Gitlab free omnibus \$20 per month (Four gig, two cores), using Gitlab free omnibus
edition](ww.digitalocean.com/community/tutorials/how-to-use-the-gitlab-user-interface-to-manage-projects). edition](ww.digitalocean.com/community/tutorials/how-to-use-the-gitlab-user-interface-to-manage-projects).
They suggest configuring your own Postfix email server on the machine They suggest configuring your own Postfix email server on the machine
@ -3555,10 +3558,10 @@ $ cat ~/.local/share/applications/bitcoin.desktop
[Desktop Entry] [Desktop Entry]
Type=Application Type=Application
Name=Bitcoin Name=Bitcoin
Exec=/home/cherry/bitcoin-22.0/bin/bitcoin-qt -min -chain=main Exec=/home/«username»/bitcoin-22.0/bin/bitcoin-qt -min -chain=main
GenericName=Bitcoin core peer GenericName=Bitcoin core peer
Comment=Bitcoin core peer. Comment=Bitcoin core peer.
Icon=/home/cherry/bitcoin-22.0/bin/bitcoin-qt Icon=/home/«username»/bitcoin-22.0/bin/bitcoin-qt
Categories=Office;Finance Categories=Office;Finance
Terminal=false Terminal=false
Keywords=bitcoin;crypto;blockchain;qwe;asd; Keywords=bitcoin;crypto;blockchain;qwe;asd;
@ -3568,7 +3571,7 @@ cat ~/.config/autostart/bitcoin.desktop
[Desktop Entry] [Desktop Entry]
Type=Application Type=Application
Name=Bitcoin Name=Bitcoin
Exec=/home/cherry/bitcoin-22.0/bin/bitcoin-qt -min -chain=main Exec=/home/«username»/bitcoin-22.0/bin/bitcoin-qt -min -chain=main
Terminal=false Terminal=false
Hidden=false Hidden=false
``` ```