CiviCRM 2022/Technical documentation
This is the technical documentation of the server containing CiviCRM development serving these domains:
Production
- URL
- Document root
/var/www/crm/production
- Config
/etc/apache2/sites-available/it-wikimedia-crm-ssl.conf
Testing
- URL
- Document root
/var/www/crm/testing
- Config
/etc/apache2/sites-available/it-wikimedia-crmdev-ssl.conf
Unix users
Current enabled users:
- valerio-bozzolan (volunteer)
- emerald-stefano (
💼 eme
)
Password authentication is not allowed.
Add Unix user
sudo adduser foo-bar --disabled-password sudo adduser foo-bar sudo
Provision
From a Debian GNU/Linux bullseye (stable) 11:
WMI_SERVER=lessema # update and install stuff apt update apt upgrade --yes apt install --yes mariadb-server apache2 libapache2-mod-php certbot git pwgen git clone http://phabricator.wikimedia.org/diffusion/WIIN/wikimedia-it-wmit-infrastructure.git /etc/wmit-infrastructure # remove default empty stuff mv /etc/apache2/sites-available /etc/apache2/sites-available.legacy mv /etc/apache2/sites-enabled /etc/apache2/sites-enabled.legacy # if the above fail, Apache is not empty. # manually move your stuff in a versioned directory # attach the versioned configuration ln --symbolic /etc/wmit-infrastructure/servers/"$WMI_SERVER"/conf/apache2/sites-available /etc/apache2/sites-available ln --symbolic /etc/wmit-infrastructure/servers/"$WMI_SERVER"/conf/apache2/sites-enabled /etc/apache2/sites-enabled ln --symbolic /etc/wmit-infrastructure/servers/"$WMI_SERVER"/conf/apache2/include /etc/apache2/include # enable useful mods a2enmod ssl a2enmod rewrite a2enmod headers # enable some upstream configurations a2ensite 000-servername a2ensite it-wikimedia-crmdev-txt a2ensite it-wikimedia-crm-txt # reload configuration apachectl graceful # eventually deploy Let's Encrypt certificates certbot certonly --webroot --webroot-path /var/www/html --domain crmdev.wikimedia.it certbot certonly --webroot --webroot-path /var/www/html --domain crm.wikimedia.it # enable upstream SSL configurations a2ensite it-wikimedia-crmdev-ssl a2ensite it-wikimedia-crm-ssl # reload configuration apachectl graceful # create the pathname mkdir --parents /var/www/crm/{production,testing} # generate some DB password CIVI_DB_PROD_PWD=$(pwgen 20 --secure --symbols --remove-chars='$\#`\|"'"'") CIVI_DB_TEST_PWD=$(pwgen 20 --secure --symbols --remove-chars='$\#`\|"'"'") # create dedicated users mysql <<< "CREATE DATABASE civicrm_testing" mysql <<< "CREATE DATABASE civicrm_production" mysql <<< "CREATE USER civicrm_testing@localhost IDENTIFIED BY '$CIVI_DB_TEST_PWD'" mysql <<< "CREATE USER civicrm_production@localhost IDENTIFIED BY '$CIVI_DB_PROD_PWD'" mysql <<< "GRANT ALL PRIVILEGES ON civicrm_testing.* TO civicrm_testing@localhost" mysql <<< "GRANT ALL PRIVILEGES ON civicrm_production.* TO civicrm_production@localhost" # save credentials somewhere echo "civicrm_testing@localhost $CIVI_DB_TEST_PWD" >> /root/db-credentials.txt echo "civicrm_production@localhost $CIVI_DB_PROD_PWD" >> /root/db-credentials.txt
Configuration
Configuration on Phabricator: