Differenze tra le versioni di "Framadate/Technical documentation"
(→Configuration: update) |
m (→Customize the homepage: cookie) |
||
(4 versioni intermedie di uno stesso utente non sono mostrate) | |||
Riga 1: | Riga 1: | ||
{{Server|intreccio}} | {{Server|intreccio}} | ||
− | Brief documentation for system administrators of the [[Framadate]] instance in Wikimedia Italia. | + | Brief documentation for system administrators of the [[Framadate]] instance in [https://www.wikimedia.it/ Wikimedia Italia]. |
− | == | + | == Access == |
− | + | This is the public frontend access: | |
− | |||
− | |||
− | + | * https://framadate.wikimedia.it/ | |
− | + | At the moment everyone is able to use the service without limitations, at its best effort. | |
== Admin == | == Admin == | ||
− | This is the admin panel: | + | This is the private backend admin panel: |
* https://framadate.wikimedia.it/admin/ | * https://framadate.wikimedia.it/admin/ | ||
+ | |||
+ | ; Credentials | ||
The admin credentials are stored in this file:<ref>This file MUST be owned by root and 600 of permissions.</ref> | The admin credentials are stored in this file:<ref>This file MUST be owned by root and 600 of permissions.</ref> | ||
cat /var/www/framadate/secret/htpasswd.cleartext | cat /var/www/framadate/secret/htpasswd.cleartext | ||
+ | |||
+ | ; Change password | ||
The admin credentials can be changed with this command: | The admin credentials can be changed with this command: | ||
htpasswd -c /var/www/framadate/secret/htpasswd admin | htpasswd -c /var/www/framadate/secret/htpasswd admin | ||
+ | |||
+ | ; Operations | ||
+ | |||
+ | From the admin panel you can: | ||
+ | |||
+ | * list polls | ||
+ | * purge data | ||
+ | * migrate | ||
+ | * install check | ||
+ | |||
+ | == Server access == | ||
+ | |||
+ | Authorized people can access with SSH keys to the server {{Server link|intreccio}}: | ||
+ | |||
+ | <pre> | ||
+ | ssh intreccio.wikimedia.it | ||
+ | </pre> | ||
+ | |||
+ | To request access: | ||
+ | |||
+ | * [[Infrastruttura]] | ||
== Filesystem == | == Filesystem == | ||
Riga 121: | Riga 144: | ||
Framadate configuration: | Framadate configuration: | ||
− | nano [[phabricator:diffusion/WIIN/browse/master/servers/fabula/projects/framadate/app/config.php|/var/www/framadate/ | + | nano [[phabricator:diffusion/WIIN/browse/master/servers/fabula/projects/framadate/app/config.php|/var/www/framadate/config/config.php]] |
− | nano /var/www/framadate/ | + | nano /var/www/framadate/config/config-secret.php |
Apache configuration: | Apache configuration: | ||
Riga 219: | Riga 242: | ||
See [[#Admin]] to access to the above page. | See [[#Admin]] to access to the above page. | ||
− | + | Eventually see [[#Customize the homepage]]. | |
− | Eventually see [[#Rollback]]. | + | If something does not work see [[#Log]]. Eventually see [[#Rollback]]. |
== Rollback == | == Rollback == | ||
Riga 232: | Riga 255: | ||
ln --force --symbolic /var/www/framadate/framadate-$YOURVERSION/ /var/www/framadate/production | ln --force --symbolic /var/www/framadate/framadate-$YOURVERSION/ /var/www/framadate/production | ||
</pre> | </pre> | ||
+ | |||
+ | == Customize the homepage == | ||
+ | |||
+ | To add a privacy policy in the homepage you can edit this file: | ||
+ | |||
+ | ./tpl/index.tpl | ||
+ | |||
+ | For example adding these lines somewhere: | ||
+ | |||
+ | <pre> | ||
+ | <ul> | ||
+ | <li><a href="https://www.wikimedia.it/privacy/">https://www.wikimedia.it/privacy/</a></li> | ||
+ | <li><a href="https://www.wikimedia.it/cookie-policy/">https://www.wikimedia.it/cookie-policy/</a></li> | ||
+ | </ul> | ||
+ | </pre> | ||
+ | |||
+ | And then clean the cache with: | ||
+ | |||
+ | rm ./tpl/*index.* | ||
== Phabricator == | == Phabricator == | ||
* [[phabricator:search/query/bg9usEJ4EmN./#R|phabricator:search]] - search recent activity | * [[phabricator:search/query/bg9usEJ4EmN./#R|phabricator:search]] - search recent activity | ||
− | * [[phabricator:diffusion/WIIN/browse/master/servers/ | + | * [[phabricator:diffusion/WIIN/browse/master/servers/intreccio/projects/framadate/]] - public configuration |
== Note == | == Note == |
Versione attuale delle 11:13, 20 mar 2022
Brief documentation for system administrators of the Framadate instance in Wikimedia Italia.
Access
This is the public frontend access:
At the moment everyone is able to use the service without limitations, at its best effort.
Admin
This is the private backend admin panel:
- Credentials
The admin credentials are stored in this file:[1]
cat /var/www/framadate/secret/htpasswd.cleartext
- Change password
The admin credentials can be changed with this command:
htpasswd -c /var/www/framadate/secret/htpasswd admin
- Operations
From the admin panel you can:
- list polls
- purge data
- migrate
- install check
Server access
Authorized people can access with SSH keys to the server ⚙️ intreccio
:
ssh intreccio.wikimedia.it
To request access:
Filesystem
The whole application is in read-only (writable only by root
). It seems that only the tpl_c/
directory needs to be writable.
# ls -l /var/www/framadate/production/ total 484 drwxrwxr-x 16 root root 4096 lug 19 08:23 . drwxr-xr-x 8 root root 4096 lug 19 08:32 .. drwxrwxr-x 2 root root 4096 mar 22 18:06 action drwxrwxr-x 2 root root 4096 mar 22 18:06 admin -rw-rw-r-- 1 root root 18091 mar 22 18:06 adminstuds.php drwxrwxr-x 5 root root 4096 mar 22 18:06 app -rw-rw-r-- 1 root root 637 mar 22 18:06 AUTHORS.md -rw-rw-r-- 1 root root 3053 mar 22 18:06 bandeaux.php -rw-rw-r-- 1 root root 1439 mar 22 18:06 buildlang.php -rw-rw-r-- 1 root root 13754 mar 22 18:06 CHANGELOG.md -rw-rw-r-- 1 root root 1912 mar 22 18:06 compare.php -rw-rw-r-- 1 root root 2206 giu 21 21:10 composer.json -rw-rw-r-- 1 root root 169731 mar 22 18:06 composer.lock -rw-rw-r-- 1 root root 14340 mar 22 18:06 create_classic_poll.php -rw-rw-r-- 1 root root 9810 mar 22 18:06 create_date_poll.php -rw-rw-r-- 1 root root 12910 mar 22 18:06 create_poll.php drwxrwxr-x 3 root root 4096 mar 22 18:06 css drwxrwxr-x 2 root root 4096 mar 22 18:06 doc -rw-rw-r-- 1 root root 188 mar 22 18:06 .editorconfig -rw-rw-r-- 1 root root 3948 mar 22 18:06 exportcsv.php -rw-rw-r-- 1 root root 1150 mar 22 18:06 favicon.ico -rw-rw-r-- 1 root root 2103 mar 22 18:06 find_polls.php drwxrwxr-x 2 root root 4096 mar 22 18:06 fonts -rw-rw-r-- 1 root root 242 mar 22 18:06 .gitignore -rw-rw-r-- 1 root root 5318 mar 22 18:06 .gitlab-ci.yml -rw-rw-r-- 1 root root 702 mar 22 18:06 htaccess.txt drwxrwxr-x 2 root root 4096 mar 22 18:06 images -rw-rw-r-- 1 root root 2068 lug 19 08:22 index.php -rw-rw-r-- 1 root root 75 mar 22 18:06 INSTALL.md drwxrwxr-x 4 root root 4096 mar 22 18:06 js -rw-rw-r-- 1 root root 22400 mar 22 18:06 LICENCE.fr.txt -rw-rw-r-- 1 root root 21396 mar 22 18:06 LICENSE.en.txt drwxrwxr-x 2 root root 4096 mar 22 18:06 locale -rw-rw-r-- 1 root root 317 mar 22 18:06 locale.bat -rw-rw-r-- 1 root root 896 mar 22 18:06 maintenance.php -rw-rw-r-- 1 root root 234 mar 22 18:06 Makefile -rw-rw-r-- 1 root root 1172 mar 22 18:06 .php_cs -rw-rw-r-- 1 root root 230 mar 22 18:06 php.ini -rw-rw-r-- 1 root root 68 mar 22 18:06 phpunit.bat -rwxrwxr-x 1 root root 85 mar 22 18:06 phpunit.sh drwxrwxr-x 2 root root 4096 mar 22 18:06 po -rwxrwxr-x 1 root root 275 mar 22 18:06 .po2json.sh -rwxrwxr-x 1 root root 295 mar 22 18:06 push-trad-to-zanata.sh -rw-rw-r-- 1 root root 2878 mar 22 18:06 README.md -rwxrwxr-x 1 root root 815 mar 22 18:06 .renest_json.pl -rw-rw-r-- 1 root root 77 mar 22 18:06 robots.txt drwxrwxr-x 2 root root 4096 mar 22 18:06 scripts -rw-rw-r-- 1 root root 10834 mar 22 18:06 studs.php drwxrwxr-x 6 root root 4096 mar 22 18:06 tpl drwxrwxr-x 2 www-data www-data 4096 lug 19 08:47 tpl_c drwxr-xr-x 24 root root 4096 lug 19 07:59 vendor -rw-rw-r-- 1 root root 333 mar 22 18:06 zanata.xml
Here an overview of the parent directory.
# ls -l /var/www/framadate total 32 drwxr-xr-x 8 root root 4096 lug 19 08:32 . drwxr-xr-x 13 root root 4096 giu 21 21:08 .. drwxr-x--- 2 root www-data 4096 lug 19 08:43 config drwxrwxr-x 16 root root 4096 lug 19 08:23 framadate-1.1.16 drwxr-xr-x 2 root root 4096 lug 19 08:41 images-wmi lrwxrwxrwx 1 root root 16 giu 21 21:17 production -> framadate-1.1.16 drwxr-xr-x 2 root root 4096 lug 19 07:57 scripts drwxr-x--- 2 root www-data 4096 lug 19 07:55 secret drwxrwx--- 2 www-data www-data 4096 giu 21 21:16 tmp
Hardening
Procedure to be executed after any update:
chown -R root: /var/www/framadate/production/ chown -R www-data: /var/www/framadate/production/tpl_c
Installation
https://framagit.org/framasoft/framadate/framadate/-/wikis/Install/Database
Configuration
Framadate configuration:
nano /var/www/framadate/config/config.php nano /var/www/framadate/config/config-secret.php
Apache configuration:
nano /etc/apache2/sites-enabled/it-wikimedia-framadate-ssl.conf nano /etc/apache2/sites-enabled/it-wikimedia-framadate-txt.conf
Log
Log of the application:
tail -f /var/log/framadate/stdout.log
Generic Apache error log:
tail -f /var/log/httpd/error.log
Generic Apache access log:
tail -f /var/log/apache2/other_vhosts_access.log
Service
To apply your changes you need to restart the services.
Service of the apache frontend webserver:
apache2ctl configtest apache2ctl graceful
Service of the PHP-FPM backend webserver:
systemctl status rh-php73-php-fpm systemctl restart rh-php73-php-fpm
Database
$ mysql framadate > SHOW TABLES; +------------------------+ | Tables_in_framadate | +------------------------+ | fd_comment | | fd_framadate_migration | | fd_poll | | fd_slot | | fd_vote | +------------------------+ 5 rows in set (0.00 sec)
Matomo uses an SMTP account @wikimedia.it
with username noreply
.
See #Configuration.
See technical addresses.
Update
Before any update always backup #Database and #Filesystem.
To update Framadate, see the official documentation:
https://framagit.org/framasoft/framadate/framadate/-/wikis/Maintenance/Updating
In short, download Framadate and make sure you have a directory like:
/var/www/framadate/framadate-$YOURVERSION/
Then update the configuration:
ln --symbolic /var/www/framadate/config/config.php /var/www/framadate/framadate-$YOURVERSION/app/inc/config.php
Then, make it online in production:
ln --force --symbolic /var/www/framadate/framadate-$YOURVERSION/ /var/www/framadate/production
Then run #Hardening.
Then visit:
https://framadate.wikimedia.it/admin/migration.php
See #Admin to access to the above page.
Eventually see #Customize the homepage.
If something does not work see #Log. Eventually see #Rollback.
Rollback
If you have any problem, you can revert your #Database from your backups.
You can also hot-change the production version to any previous version:
ln --force --symbolic /var/www/framadate/framadate-$YOURVERSION/ /var/www/framadate/production
Customize the homepage
To add a privacy policy in the homepage you can edit this file:
./tpl/index.tpl
For example adding these lines somewhere:
<ul> <li><a href="https://www.wikimedia.it/privacy/">https://www.wikimedia.it/privacy/</a></li> <li><a href="https://www.wikimedia.it/cookie-policy/">https://www.wikimedia.it/cookie-policy/</a></li> </ul>
And then clean the cache with:
rm ./tpl/*index.*
Phabricator
- phabricator:search - search recent activity
- phabricator:diffusion/WIIN/browse/master/servers/intreccio/projects/framadate/ - public configuration
Note
- ↑ This file MUST be owned by root and 600 of permissions.