Differenze tra le versioni di "Framadate/Technical documentation"
(→Configuration: publish configuration) |
m (→Customize the homepage: cookie) |
||
(25 versioni intermedie di uno stesso utente non sono mostrate) | |||
Riga 1: | Riga 1: | ||
− | Brief documentation for system administrators of the [[Framadate]] instance in Wikimedia Italia. | + | {{Server|intreccio}} |
+ | |||
+ | Brief documentation for system administrators of the [[Framadate]] instance in [https://www.wikimedia.it/ Wikimedia Italia]. | ||
+ | |||
+ | == Access == | ||
+ | |||
+ | This is the public frontend access: | ||
+ | |||
+ | * https://framadate.wikimedia.it/ | ||
+ | |||
+ | At the moment everyone is able to use the service without limitations, at its best effort. | ||
+ | |||
+ | == Admin == | ||
+ | |||
+ | This is the private backend admin panel: | ||
+ | |||
+ | * https://framadate.wikimedia.it/admin/ | ||
+ | |||
+ | ; Credentials | ||
+ | |||
+ | The admin credentials are stored in this file:<ref>This file MUST be owned by root and 600 of permissions.</ref> | ||
+ | |||
+ | cat /var/www/framadate/secret/htpasswd.cleartext | ||
+ | |||
+ | ; Change password | ||
+ | |||
+ | The admin credentials can be changed with this command: | ||
+ | |||
+ | htpasswd -c /var/www/framadate/secret/htpasswd admin | ||
+ | |||
+ | ; Operations | ||
+ | |||
+ | From the admin panel you can: | ||
+ | |||
+ | * list polls | ||
+ | * purge data | ||
+ | * migrate | ||
+ | * install check | ||
== Server access == | == Server access == | ||
+ | |||
+ | Authorized people can access with SSH keys to the server {{Server link|intreccio}}: | ||
<pre> | <pre> | ||
− | ssh | + | ssh intreccio.wikimedia.it |
</pre> | </pre> | ||
− | == | + | To request access: |
+ | |||
+ | * [[Infrastruttura]] | ||
+ | |||
+ | == Filesystem == | ||
+ | |||
+ | The whole application is in read-only (writable only by <code>root</code>). It seems that only the <code>tpl_c/</code> directory needs to be writable. | ||
<pre> | <pre> | ||
− | + | # ls -l /var/www/framadate/production/ | |
− | + | total 484 | |
− | + | drwxrwxr-x 16 root root 4096 lug 19 08:23 . | |
− | + | drwxr-xr-x 8 root root 4096 lug 19 08:32 .. | |
− | + | drwxrwxr-x 2 root root 4096 mar 22 18:06 action | |
− | + | drwxrwxr-x 2 root root 4096 mar 22 18:06 admin | |
− | + | -rw-rw-r-- 1 root root 18091 mar 22 18:06 adminstuds.php | |
− | + | drwxrwxr-x 5 root root 4096 mar 22 18:06 app | |
− | + | -rw-rw-r-- 1 root root 637 mar 22 18:06 AUTHORS.md | |
− | + | -rw-rw-r-- 1 root root 3053 mar 22 18:06 bandeaux.php | |
− | + | -rw-rw-r-- 1 root root 1439 mar 22 18:06 buildlang.php | |
+ | -rw-rw-r-- 1 root root 13754 mar 22 18:06 CHANGELOG.md | ||
+ | -rw-rw-r-- 1 root root 1912 mar 22 18:06 compare.php | ||
+ | -rw-rw-r-- 1 root root 2206 giu 21 21:10 composer.json | ||
+ | -rw-rw-r-- 1 root root 169731 mar 22 18:06 composer.lock | ||
+ | -rw-rw-r-- 1 root root 14340 mar 22 18:06 create_classic_poll.php | ||
+ | -rw-rw-r-- 1 root root 9810 mar 22 18:06 create_date_poll.php | ||
+ | -rw-rw-r-- 1 root root 12910 mar 22 18:06 create_poll.php | ||
+ | drwxrwxr-x 3 root root 4096 mar 22 18:06 css | ||
+ | drwxrwxr-x 2 root root 4096 mar 22 18:06 doc | ||
+ | -rw-rw-r-- 1 root root 188 mar 22 18:06 .editorconfig | ||
+ | -rw-rw-r-- 1 root root 3948 mar 22 18:06 exportcsv.php | ||
+ | -rw-rw-r-- 1 root root 1150 mar 22 18:06 favicon.ico | ||
+ | -rw-rw-r-- 1 root root 2103 mar 22 18:06 find_polls.php | ||
+ | drwxrwxr-x 2 root root 4096 mar 22 18:06 fonts | ||
+ | -rw-rw-r-- 1 root root 242 mar 22 18:06 .gitignore | ||
+ | -rw-rw-r-- 1 root root 5318 mar 22 18:06 .gitlab-ci.yml | ||
+ | -rw-rw-r-- 1 root root 702 mar 22 18:06 htaccess.txt | ||
+ | drwxrwxr-x 2 root root 4096 mar 22 18:06 images | ||
+ | -rw-rw-r-- 1 root root 2068 lug 19 08:22 index.php | ||
+ | -rw-rw-r-- 1 root root 75 mar 22 18:06 INSTALL.md | ||
+ | drwxrwxr-x 4 root root 4096 mar 22 18:06 js | ||
+ | -rw-rw-r-- 1 root root 22400 mar 22 18:06 LICENCE.fr.txt | ||
+ | -rw-rw-r-- 1 root root 21396 mar 22 18:06 LICENSE.en.txt | ||
+ | drwxrwxr-x 2 root root 4096 mar 22 18:06 locale | ||
+ | -rw-rw-r-- 1 root root 317 mar 22 18:06 locale.bat | ||
+ | -rw-rw-r-- 1 root root 896 mar 22 18:06 maintenance.php | ||
+ | -rw-rw-r-- 1 root root 234 mar 22 18:06 Makefile | ||
+ | -rw-rw-r-- 1 root root 1172 mar 22 18:06 .php_cs | ||
+ | -rw-rw-r-- 1 root root 230 mar 22 18:06 php.ini | ||
+ | -rw-rw-r-- 1 root root 68 mar 22 18:06 phpunit.bat | ||
+ | -rwxrwxr-x 1 root root 85 mar 22 18:06 phpunit.sh | ||
+ | drwxrwxr-x 2 root root 4096 mar 22 18:06 po | ||
+ | -rwxrwxr-x 1 root root 275 mar 22 18:06 .po2json.sh | ||
+ | -rwxrwxr-x 1 root root 295 mar 22 18:06 push-trad-to-zanata.sh | ||
+ | -rw-rw-r-- 1 root root 2878 mar 22 18:06 README.md | ||
+ | -rwxrwxr-x 1 root root 815 mar 22 18:06 .renest_json.pl | ||
+ | -rw-rw-r-- 1 root root 77 mar 22 18:06 robots.txt | ||
+ | drwxrwxr-x 2 root root 4096 mar 22 18:06 scripts | ||
+ | -rw-rw-r-- 1 root root 10834 mar 22 18:06 studs.php | ||
+ | drwxrwxr-x 6 root root 4096 mar 22 18:06 tpl | ||
+ | drwxrwxr-x 2 www-data www-data 4096 lug 19 08:47 tpl_c | ||
+ | drwxr-xr-x 24 root root 4096 lug 19 07:59 vendor | ||
+ | -rw-rw-r-- 1 root root 333 mar 22 18:06 zanata.xml | ||
</pre> | </pre> | ||
− | + | Here an overview of the parent directory. | |
− | |||
− | |||
<pre> | <pre> | ||
# ls -l /var/www/framadate | # ls -l /var/www/framadate | ||
− | total | + | total 32 |
− | drwxr-xr-x | + | drwxr-xr-x 8 root root 4096 lug 19 08:32 . |
− | lrwxrwxrwx 1 | + | drwxr-xr-x 13 root root 4096 giu 21 21:08 .. |
− | - | + | drwxr-x--- 2 root www-data 4096 lug 19 08:43 config |
− | + | drwxrwxr-x 16 root root 4096 lug 19 08:23 framadate-1.1.16 | |
+ | drwxr-xr-x 2 root root 4096 lug 19 08:41 images-wmi | ||
+ | lrwxrwxrwx 1 root root 16 giu 21 21:17 production -> framadate-1.1.16 | ||
+ | drwxr-xr-x 2 root root 4096 lug 19 07:57 scripts | ||
+ | drwxr-x--- 2 root www-data 4096 lug 19 07:55 secret | ||
+ | drwxrwx--- 2 www-data www-data 4096 giu 21 21:16 tmp | ||
</pre> | </pre> | ||
− | == | + | == Hardening == |
− | + | Procedure to be executed after any update: | |
− | + | <pre> | |
+ | chown -R root: /var/www/framadate/production/ | ||
+ | chown -R www-data: /var/www/framadate/production/tpl_c | ||
+ | </pre> | ||
− | + | == Installation == | |
− | + | https://framagit.org/framasoft/framadate/framadate/-/wikis/Install/Database | |
− | |||
− | |||
− | |||
− | |||
== Configuration == | == Configuration == | ||
Riga 54: | Riga 144: | ||
Framadate configuration: | Framadate configuration: | ||
− | nano [[phabricator:diffusion/WIIN/browse/master/servers/fabula/projects/framadate/app/config.php|/var/www/framadate/ | + | nano [[phabricator:diffusion/WIIN/browse/master/servers/fabula/projects/framadate/app/config.php|/var/www/framadate/config/config.php]] |
+ | nano /var/www/framadate/config/config-secret.php | ||
Apache configuration: | Apache configuration: | ||
− | nano [[phabricator:diffusion/WIIN/browse/master/servers/ | + | nano [[phabricator:diffusion/WIIN/browse/master/servers/intreccio/projects/framadate/apache2/it-wikimedia-framadate-ssl.conf|/etc/apache2/sites-enabled/it-wikimedia-framadate-ssl.conf]] |
− | nano [[phabricator:diffusion/WIIN/browse/master/servers/ | + | nano [[phabricator:diffusion/WIIN/browse/master/servers/intreccio/projects/framadate/apache2/it-wikimedia-framadate-txt.conf|/etc/apache2/sites-enabled/it-wikimedia-framadate-txt.conf]] |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
== Log == | == Log == | ||
− | Log of the | + | Log of the application: |
− | tail -f /var/log/ | + | tail -f /var/log/framadate/stdout.log |
Generic Apache error log: | Generic Apache error log: | ||
− | tail -f /var/log/httpd/ | + | tail -f /var/log/httpd/error.log |
Generic Apache access log: | Generic Apache access log: | ||
− | tail -f /var/log/ | + | tail -f /var/log/apache2/other_vhosts_access.log |
== Service == | == Service == | ||
Riga 121: | Riga 202: | ||
== E-mail == | == E-mail == | ||
− | Matomo uses an SMTP account with username <code>noreply</code> | + | Matomo uses an SMTP account <code>@wikimedia.it</code> with username <code>noreply</code>. |
+ | |||
+ | See [[#Configuration]]. | ||
+ | |||
+ | See [[Associazione:Mail/Caselle tecniche|technical addresses]]. | ||
+ | |||
+ | == Update == | ||
+ | |||
+ | Before any update always backup [[#Database]] and [[#Filesystem]]. | ||
+ | |||
+ | To update Framadate, see the official documentation: | ||
+ | |||
+ | https://framagit.org/framasoft/framadate/framadate/-/wikis/Maintenance/Updating | ||
+ | |||
+ | In short, download Framadate and make sure you have a directory like: | ||
+ | |||
+ | <pre> | ||
+ | /var/www/framadate/framadate-$YOURVERSION/ | ||
+ | </pre> | ||
+ | |||
+ | Then update the configuration: | ||
+ | |||
+ | <pre> | ||
+ | ln --symbolic /var/www/framadate/config/config.php /var/www/framadate/framadate-$YOURVERSION/app/inc/config.php | ||
+ | </pre> | ||
+ | |||
+ | Then, make it online in production: | ||
+ | |||
+ | <pre> | ||
+ | ln --force --symbolic /var/www/framadate/framadate-$YOURVERSION/ /var/www/framadate/production | ||
+ | </pre> | ||
+ | |||
+ | Then run [[#Hardening]]. | ||
+ | |||
+ | Then visit: | ||
+ | |||
+ | https://framadate.wikimedia.it/admin/migration.php | ||
+ | |||
+ | See [[#Admin]] to access to the above page. | ||
+ | |||
+ | Eventually see [[#Customize the homepage]]. | ||
+ | |||
+ | If something does not work see [[#Log]]. Eventually see [[#Rollback]]. | ||
+ | |||
+ | == Rollback == | ||
+ | |||
+ | If you have any problem, you can revert your [[#Database]] from your backups. | ||
+ | |||
+ | You can also hot-change the production version to any previous version: | ||
+ | |||
+ | <pre> | ||
+ | ln --force --symbolic /var/www/framadate/framadate-$YOURVERSION/ /var/www/framadate/production | ||
+ | </pre> | ||
+ | |||
+ | == Customize the homepage == | ||
+ | |||
+ | To add a privacy policy in the homepage you can edit this file: | ||
+ | |||
+ | ./tpl/index.tpl | ||
− | + | For example adding these lines somewhere: | |
<pre> | <pre> | ||
− | + | <ul> | |
+ | <li><a href="https://www.wikimedia.it/privacy/">https://www.wikimedia.it/privacy/</a></li> | ||
+ | <li><a href="https://www.wikimedia.it/cookie-policy/">https://www.wikimedia.it/cookie-policy/</a></li> | ||
+ | </ul> | ||
</pre> | </pre> | ||
− | + | And then clean the cache with: | |
− | + | rm ./tpl/*index.* | |
== Phabricator == | == Phabricator == | ||
* [[phabricator:search/query/bg9usEJ4EmN./#R|phabricator:search]] - search recent activity | * [[phabricator:search/query/bg9usEJ4EmN./#R|phabricator:search]] - search recent activity | ||
− | * [[phabricator:diffusion/WIIN/browse/master/servers/ | + | * [[phabricator:diffusion/WIIN/browse/master/servers/intreccio/projects/framadate/]] - public configuration |
+ | |||
+ | == Note == | ||
+ | <references /> | ||
+ | |||
+ | [[Categoria:Documentazione tecnica]] |
Versione attuale delle 11:13, 20 mar 2022
Brief documentation for system administrators of the Framadate instance in Wikimedia Italia.
Access
This is the public frontend access:
At the moment everyone is able to use the service without limitations, at its best effort.
Admin
This is the private backend admin panel:
- Credentials
The admin credentials are stored in this file:[1]
cat /var/www/framadate/secret/htpasswd.cleartext
- Change password
The admin credentials can be changed with this command:
htpasswd -c /var/www/framadate/secret/htpasswd admin
- Operations
From the admin panel you can:
- list polls
- purge data
- migrate
- install check
Server access
Authorized people can access with SSH keys to the server ⚙️ intreccio
:
ssh intreccio.wikimedia.it
To request access:
Filesystem
The whole application is in read-only (writable only by root
). It seems that only the tpl_c/
directory needs to be writable.
# ls -l /var/www/framadate/production/ total 484 drwxrwxr-x 16 root root 4096 lug 19 08:23 . drwxr-xr-x 8 root root 4096 lug 19 08:32 .. drwxrwxr-x 2 root root 4096 mar 22 18:06 action drwxrwxr-x 2 root root 4096 mar 22 18:06 admin -rw-rw-r-- 1 root root 18091 mar 22 18:06 adminstuds.php drwxrwxr-x 5 root root 4096 mar 22 18:06 app -rw-rw-r-- 1 root root 637 mar 22 18:06 AUTHORS.md -rw-rw-r-- 1 root root 3053 mar 22 18:06 bandeaux.php -rw-rw-r-- 1 root root 1439 mar 22 18:06 buildlang.php -rw-rw-r-- 1 root root 13754 mar 22 18:06 CHANGELOG.md -rw-rw-r-- 1 root root 1912 mar 22 18:06 compare.php -rw-rw-r-- 1 root root 2206 giu 21 21:10 composer.json -rw-rw-r-- 1 root root 169731 mar 22 18:06 composer.lock -rw-rw-r-- 1 root root 14340 mar 22 18:06 create_classic_poll.php -rw-rw-r-- 1 root root 9810 mar 22 18:06 create_date_poll.php -rw-rw-r-- 1 root root 12910 mar 22 18:06 create_poll.php drwxrwxr-x 3 root root 4096 mar 22 18:06 css drwxrwxr-x 2 root root 4096 mar 22 18:06 doc -rw-rw-r-- 1 root root 188 mar 22 18:06 .editorconfig -rw-rw-r-- 1 root root 3948 mar 22 18:06 exportcsv.php -rw-rw-r-- 1 root root 1150 mar 22 18:06 favicon.ico -rw-rw-r-- 1 root root 2103 mar 22 18:06 find_polls.php drwxrwxr-x 2 root root 4096 mar 22 18:06 fonts -rw-rw-r-- 1 root root 242 mar 22 18:06 .gitignore -rw-rw-r-- 1 root root 5318 mar 22 18:06 .gitlab-ci.yml -rw-rw-r-- 1 root root 702 mar 22 18:06 htaccess.txt drwxrwxr-x 2 root root 4096 mar 22 18:06 images -rw-rw-r-- 1 root root 2068 lug 19 08:22 index.php -rw-rw-r-- 1 root root 75 mar 22 18:06 INSTALL.md drwxrwxr-x 4 root root 4096 mar 22 18:06 js -rw-rw-r-- 1 root root 22400 mar 22 18:06 LICENCE.fr.txt -rw-rw-r-- 1 root root 21396 mar 22 18:06 LICENSE.en.txt drwxrwxr-x 2 root root 4096 mar 22 18:06 locale -rw-rw-r-- 1 root root 317 mar 22 18:06 locale.bat -rw-rw-r-- 1 root root 896 mar 22 18:06 maintenance.php -rw-rw-r-- 1 root root 234 mar 22 18:06 Makefile -rw-rw-r-- 1 root root 1172 mar 22 18:06 .php_cs -rw-rw-r-- 1 root root 230 mar 22 18:06 php.ini -rw-rw-r-- 1 root root 68 mar 22 18:06 phpunit.bat -rwxrwxr-x 1 root root 85 mar 22 18:06 phpunit.sh drwxrwxr-x 2 root root 4096 mar 22 18:06 po -rwxrwxr-x 1 root root 275 mar 22 18:06 .po2json.sh -rwxrwxr-x 1 root root 295 mar 22 18:06 push-trad-to-zanata.sh -rw-rw-r-- 1 root root 2878 mar 22 18:06 README.md -rwxrwxr-x 1 root root 815 mar 22 18:06 .renest_json.pl -rw-rw-r-- 1 root root 77 mar 22 18:06 robots.txt drwxrwxr-x 2 root root 4096 mar 22 18:06 scripts -rw-rw-r-- 1 root root 10834 mar 22 18:06 studs.php drwxrwxr-x 6 root root 4096 mar 22 18:06 tpl drwxrwxr-x 2 www-data www-data 4096 lug 19 08:47 tpl_c drwxr-xr-x 24 root root 4096 lug 19 07:59 vendor -rw-rw-r-- 1 root root 333 mar 22 18:06 zanata.xml
Here an overview of the parent directory.
# ls -l /var/www/framadate total 32 drwxr-xr-x 8 root root 4096 lug 19 08:32 . drwxr-xr-x 13 root root 4096 giu 21 21:08 .. drwxr-x--- 2 root www-data 4096 lug 19 08:43 config drwxrwxr-x 16 root root 4096 lug 19 08:23 framadate-1.1.16 drwxr-xr-x 2 root root 4096 lug 19 08:41 images-wmi lrwxrwxrwx 1 root root 16 giu 21 21:17 production -> framadate-1.1.16 drwxr-xr-x 2 root root 4096 lug 19 07:57 scripts drwxr-x--- 2 root www-data 4096 lug 19 07:55 secret drwxrwx--- 2 www-data www-data 4096 giu 21 21:16 tmp
Hardening
Procedure to be executed after any update:
chown -R root: /var/www/framadate/production/ chown -R www-data: /var/www/framadate/production/tpl_c
Installation
https://framagit.org/framasoft/framadate/framadate/-/wikis/Install/Database
Configuration
Framadate configuration:
nano /var/www/framadate/config/config.php nano /var/www/framadate/config/config-secret.php
Apache configuration:
nano /etc/apache2/sites-enabled/it-wikimedia-framadate-ssl.conf nano /etc/apache2/sites-enabled/it-wikimedia-framadate-txt.conf
Log
Log of the application:
tail -f /var/log/framadate/stdout.log
Generic Apache error log:
tail -f /var/log/httpd/error.log
Generic Apache access log:
tail -f /var/log/apache2/other_vhosts_access.log
Service
To apply your changes you need to restart the services.
Service of the apache frontend webserver:
apache2ctl configtest apache2ctl graceful
Service of the PHP-FPM backend webserver:
systemctl status rh-php73-php-fpm systemctl restart rh-php73-php-fpm
Database
$ mysql framadate > SHOW TABLES; +------------------------+ | Tables_in_framadate | +------------------------+ | fd_comment | | fd_framadate_migration | | fd_poll | | fd_slot | | fd_vote | +------------------------+ 5 rows in set (0.00 sec)
Matomo uses an SMTP account @wikimedia.it
with username noreply
.
See #Configuration.
See technical addresses.
Update
Before any update always backup #Database and #Filesystem.
To update Framadate, see the official documentation:
https://framagit.org/framasoft/framadate/framadate/-/wikis/Maintenance/Updating
In short, download Framadate and make sure you have a directory like:
/var/www/framadate/framadate-$YOURVERSION/
Then update the configuration:
ln --symbolic /var/www/framadate/config/config.php /var/www/framadate/framadate-$YOURVERSION/app/inc/config.php
Then, make it online in production:
ln --force --symbolic /var/www/framadate/framadate-$YOURVERSION/ /var/www/framadate/production
Then run #Hardening.
Then visit:
https://framadate.wikimedia.it/admin/migration.php
See #Admin to access to the above page.
Eventually see #Customize the homepage.
If something does not work see #Log. Eventually see #Rollback.
Rollback
If you have any problem, you can revert your #Database from your backups.
You can also hot-change the production version to any previous version:
ln --force --symbolic /var/www/framadate/framadate-$YOURVERSION/ /var/www/framadate/production
Customize the homepage
To add a privacy policy in the homepage you can edit this file:
./tpl/index.tpl
For example adding these lines somewhere:
<ul> <li><a href="https://www.wikimedia.it/privacy/">https://www.wikimedia.it/privacy/</a></li> <li><a href="https://www.wikimedia.it/cookie-policy/">https://www.wikimedia.it/cookie-policy/</a></li> </ul>
And then clean the cache with:
rm ./tpl/*index.*
Phabricator
- phabricator:search - search recent activity
- phabricator:diffusion/WIIN/browse/master/servers/intreccio/projects/framadate/ - public configuration
Note
- ↑ This file MUST be owned by root and 600 of permissions.