topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday September 19, 2024, 11:46 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Setting up static blog (based on movable type) / vm / local development system  (Read 13144 times)

justice

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,898
    • View Profile
    • Donate to Member
I'm in the process of setting up a static blog, where all blogging takes place on a local development server running Movable Type, with the resulting static site being pushed to my shared hosting. This has all the benefits of a static blogging system (security, speed,), plus the benefits of Movable Type (robust, easier to theme than wordpress from my initial impresions, power of complete CMS, open source version available / pro version free for individuals).

I'm choosing to do this on a ubuntu 11.10 virtual machine running on VMware player. I thought it would be interesting to document the process and instructions so that it will be useful to others, and you can follow along / correct / improve this guide. Apart from a working static blogging system you will end up with a complete LAMP local development system for other web projects.

Feedback is welcome.

justice

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,898
    • View Profile
    • Donate to Member
Installing Ubuntu
« Reply #1 on: March 20, 2012, 07:32 AM »
INSTALLING UBUNTU

You will need:
Vmware player (http://www.vmware.com/products/player/ or if you don't want to register: http://filehippo.com...arch?q=vmware+player)
Ubuntu (http://www.ubuntu.co...load/ubuntu/download)
A Notetaker - I use Evernote - http://www.evernote.com/)

Install VMware player (VMP). Restart the pc if necessary.

I'm installing the virtual machine on my USB harddisk, this way I can take my whole development with me on the go (home/work) - this is great because you only have to set all this up once, instead of on every machine you plan to use it on.

Start VMP and "Create a New Virtual Machine" and browse to the downloaded .iso. As part of the Easy Install Information write down the login:

username:
password:

Store the VM on your removable drive.

On the Specify Disk Capacity screen you will want to go higher than the recommended disk size, I chose double (40GB). Make sure you have enough free space available, check this before continueing. I went for double the recommended amount as I want to avoid to repartition later. Accept the other defaults and Ubuntu will start. Keep waiting as Easy Install is installing Ubuntu on your behalf.

If you are a chmod 777 user (jackpot settings), this is a great time to read up on file system permissions by reading the article series starting with "Linux File Permission Concepts" (click next in the summary, there are 5 articles in total):
http://articles.slic...-permission-concepts

After a restart the login screen appear and after a successful login you will see the desktop. Because we are going to install a bunch of software let's make sure everything we already have is up to date. Start the update manager > Settings > Ubuntu Software > Other > Select Best Server. This will speed up downloads. Check again and install updates.

Time to read some more, btw have you created a new tag for all these bookmarks yet?
When you are finished reading the above articles, here are some really good resources to read later:

http://articles.slicehost.com/sitemap
http://library.linode.com/
http://askubuntu.com...questions?sort=votes

You should now have a running Ubuntu system.
« Last Edit: March 25, 2012, 07:48 AM by justice, Reason: missed click before select best server »

justice

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,898
    • View Profile
    • Donate to Member
Configuring The System A Bit
« Reply #2 on: March 20, 2012, 08:50 AM »
CONFIGURING THE SYSTEM A BIT

You will need the following software:
Putty (http://www.chiark.gr....uk/~sgtatham/putty/)

I noticed the clock was set incorrectly, so I searched for Time and opened the Time & Date settings, and selected the correct location.

Open a terminal. We will make a backup folder in your home directory where we will copy configuration files to before we edit them:
mkdir ~/backup

You will want to change the hostname  of the VM to something nicer, I choose 'devvy'
echo "devvy" | sudo tee /etc/hostname

You will also need to run the following command and change the hostname on the second line from ubuntu to your name.
cp /etc/hosts  ~/backup
sudo nano /etc/hosts

Apply the changes with the following command (you will see the change next time you open a terminal)
sudo hostname -F /etc/hostname

Now that is out of the way, we can setup openssh in order to connect via ssh from your windows pc.
sudo apt-get install openssh-server fail2ban byobu

Fail2ban bans people when they are trying to guess your logins, and does not need to be configured.
Byobu is a very helpful way to display system stats such as your ip in your terminal, and also improves on screen by allowing you to resume previous sessions.

The default setup of openssh is not as secure as we would like however:

cp /etc/ssh/sshd_config ~/backup
sudo nano /etc/ssh/sshd_config

It's good practice to change the port number (line 5) to something higher like 2222 as this twarts some automated attacks, in case your VM is ever connected directly to the internet. Also we dont want the root user to login remotely:

Search (ctrl-w) for PermitRootLogin and set this to no:
PermitRootLogin no

We will revisit this file at a later date to setup passwordless login using ssh keys, but for now Restart ssh with:
sudo service ssh restart

Start Byobu and note your ip address (type exit to end it):
byobu

Press F9 and choose "Byobu currently launches at login (toggle on)" to enable this handy program for your remote connections. Press escape to exit.

Back in windows, start putty, type in that ip address and change the port to whatever you decided above. Under Connection > Data  you can enter the auto login username so you will only have to type the password. Navigate back to Session and type your hostname in the Saved Sessions box and press Save to save this session for reuse. Then click Open and login.
You will see your session again in byobu! Note that when you type in the putty session the characters show up on your ubuntu desktop.

That will do for now, next time we will setup apache, configure it for a multi-site setup, and setup other web software required for many websites.

Well done!
Snap 2012-03-20 at 13.53.03.pngSetting up static blog (based on movable type) / vm / local development system
« Last Edit: March 25, 2012, 07:51 AM by justice, Reason: corrected hostname editing call »

rgdot

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 2,193
    • View Profile
    • Donate to Member
+1 very very useful, thanks

TaoPhoenix

  • Supporting Member
  • Joined in 2011
  • **
  • Posts: 4,642
    • View Profile
    • Donate to Member
"I'm in the process of setting up a static blog, where all blogging takes place on a local development (machine), with the resulting static site being pushed to my shared hosting."

Although my backbone is much different, I am doing something like this too. Last I knew there were fewer points of attack against simple web pages. I also like having local control of my data.

justice

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,898
    • View Profile
    • Donate to Member
Tips / AMP / Virtual Sites
« Reply #5 on: March 21, 2012, 08:58 AM »
The following assumes that you have a working SSH connection (alternatively use the terminal app)

You will need the following software:
HostEditor7 or HostMan (https://www.donation...ex.php?topic=27355.0)


TIPS

First, a nice tip: create a place for future shell scripts and add it to your local path
mkdir ~/bin
sudo echo "export PATH=$PATH:~/bin" >> ~/.bashrc

I find it handy to install the following:
* support for unzipping archives
* lynx text browser for troubleshooting browsing via shell
sudo apt-get install  lynx unzip



INSTALL APACHE & PHP

Install the  Apache Webserver with documentation, and PHP including secure suhosin 'advanced protection system'
sudo apt-get install apache2 apache2-doc apache2-utils
sudo apt-get install libapache2-mod-php5 php5 php-pear php5-xcache php5-suhosin

MYSQL

Next up is mysql server and hooks for php
sudo apt-get install mysql-server php5-mysql

You will be prompted for a root password, make sure to note it.
Test the configuration, then exit, and ensure you can login:
mysql -u root -p

After installing MySQL, it's recommended that you run mysql_secure_installation in order to help secure MySQL. It is recommended that you accept the program's default answers. If you are prompted to reload privileges, select "yes." Run the following command to execute the program. After running mysql_secure_installation, MySQL is secure and can be restarted:
sudo mysql_secure_installation && sudo restart mysql


APACHE - SETUP VIRTUAL SITES FOR YOUR WEB PROJECTS

I've created the following script that will make it really easy to setup a new website:

Code: Text [Select]
  1. #!/bin/bash
  2. # version 1.0.0 - 21 march 2012
  3. echo "Specify hostname:"
  4. read AVS_HOSTNAME
  5. echo
  6. echo "Specify webmaster email for '${AVS_HOSTNAME}':"
  7. read AVS_WEBMASTER
  8.  
  9. echo
  10. echo "Generating directories in ${HOME}/projects/${AVS_HOSTNAME}..."
  11. mkdir $HOME/projects/$AVS_HOSTNAME/public_html -p
  12. mkdir $HOME/projects/$AVS_HOSTNAME/logs
  13. echo "Hello World! Another site saved." | tee $HOME/projects/$AVS_HOSTNAME/public_html/index.html
  14.  
  15. echo
  16. echo "Generating virtual host file:"
  17. echo "
  18. <VirtualHost *:80>
  19.     ServerAdmin ${AVS_WEBMASTER}
  20.     ServerName ${AVS_HOSTNAME}
  21.     DocumentRoot ${HOME}/projects/${AVS_HOSTNAME}/public_html/
  22.     ErrorLog ${HOME}/projects/${AVS_HOSTNAME}/logs/error.log
  23.     CustomLog ${HOME}/projects/${AVS_HOSTNAME}/logs/access.log combined
  24. </VirtualHost>
  25. " | sudo tee /etc/apache2/sites-available/$AVS_HOSTNAME
  26. echo "Virtual Host file saved to /etc/apache2/sites-available/${AVS_HOSTNAME}"
  27.  
  28. echo "Enabling site and reloading apache..."
  29. sudo a2ensite $AVS_HOSTNAME
  30. sudo service apache2 reload

It performs the following tasks:
* asks you for the hostname and webmaster email
* creates the required directories in your home www folder
* generates a working basic virtual hosts file and saves it in the correct location
* enables the new site
* reloads apache with the configuration changes

open nano again and copy and paste the script into the file, then ctrl-x, y to save changes :
nano ~/bin/addvirtualsite.sh

You can now run the following command to setup a new site (mind the spacing and dot):
. ~/bin/addvirtualsite.sh

To make Windows aware of the new hostname add a line to your hosts file using HostEditor7. At the end of the file add the ip address of your VM followed by a space and the hostname/virtual site you created.

Open a browser and navigate to the hostname (http://test.devvy in my case). Congratulations!
Snap 2012-03-21 at 13.54.56.png
« Last Edit: March 23, 2012, 08:52 AM by justice, Reason: /www/ replaced with /projects/ »

justice

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,898
    • View Profile
    • Donate to Member
Changes to above posts:
I've corrected the backup location of sshd_config and changed references to ~/www to ~/projects as we want to keep all projects together but they might not be web related. If you have already created addvirtualsite.sh and virtualhostsites be sure to update them.

justice

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,898
    • View Profile
    • Donate to Member
PHP should be working as expected. Test this by creating a php file. Navigate to your test site's public_html directory and execute:
echo "<?php phpinfo(); ?>" > phpinfo.php

Load up the page /phpinfo.php on your testsite in your browser. Search the page for rewrite - Note that mod_rewrite is not enabled as it is not listed.

As there can be multiple php.ini's on your system, make a note of the location of php.ini (see 'Loaded configuration file').
 
Let's enable an apache module, mod_rewrite:
sudo a2enmod
rewrite
sudo service apache2 restart

You will have noticed the following warning when apache2 restarted:
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
By default Ubuntu doesn't specify a ServerName in the Apache configuration, because it doesn't know what the name of your server is. It tries a reverse lookup on your IP address, which returns nothing, so it just has to use the IP address as the name.
To fix it, either add a ServerName directive with the hostname of your VM outside of any virtual host - e.g. in /etc/apache2/httpd.conf

On my server (devvy) I executed the following:
echo "ServerName devvy" | sudo tee /etc/apache2/httpd.conf

On a development box, we want to see all php error details so we can do something about it. So lets display them:
cp /etc/php5/apache2/php.ini ~/backup/php.ini
sudo nano /etc/php5/apache2/php.ini

Search for display_errors = Off and change Off to On.

Well done!
Now you can create multiple project sites for apache, configure mysql securely, and setup PHP! You're on your way to have a basic local development server!

Next we'll have to make your home directory available over a network share so you can manage the files from windows (using samba), we will setup passwordless SSH.
Any other suggestions are welcome. Apart from samba and passwordless login, I can't think what else to setup but I will revise previous posts if additional steps make more sense there.




« Last Edit: March 25, 2012, 08:05 AM by justice »

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,858
    • View Profile
    • Donate to Member
@justice - Just out of curiosity: why did you select MoveableType? :)

justice

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,898
    • View Profile
    • Donate to Member
Made another two minor edits, corrected the hostname edit call, and I noticed I missed out a 'click step' in selecting the best server for your updates.

@40hz I selected movable type (no e after mov btw) because most static blogging systems require you to know the language in which they have been written as they are not as polished (and if that is ruby for example then I'm stuck), as well as knowing that movable type can be used not just for blogs but complete websites and even code generation using its publishing tool - being able to generate the code for a php website might be something I'm interested in. Also using MT as a CMS might be useful for my dayjob :) So for me it would be learning learning to customize it.

It's one of the original blogging software that is still being updated, is well supported, supports markdown + smartypants for writing, has a straightforward admin interface (when you realise a website can have multiple blogs (news,events etc)) and in my experiments I was able to load up a published blog on a shared host by disabling search, comments, trackbacks and renaming the absolute urls. I'll get to this later.

Second Crack looks interesting and I might settle on that, however it's currently in alpha, developed as a personal project instead of as a platform for others, so there's no support. However it will be easier to install (no perl modules), 'admin interface' is playing with text files and is written specifically to address a static blog.

Hope that helps.

justice

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,898
    • View Profile
    • Donate to Member
Guys if you are thinking of following what I have done so far: including downloading, installing and using the instructions you can get to this point in about 1.5 hours (rough guessed based on my not too fast laptop).

I'm lookin at samba next and had to reinstall so used these instructions :D

justice

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,898
    • View Profile
    • Donate to Member
SAMBA

You will want to install the following software it:
* WinSCP - FTP / SSH file manager, to manage your files over SSH (http://winscp.net/eng/index.php)

Although it's convenient to use WinSCP to access your linux files, in other situations you will want to manipulate them as if they're just another windows network share, so you can use the context menu, edit files in your favourite editor etc. For this we need to setup a Samba File Server.

For a complete guide and more background information, bookmark the Ubuntu Documentation.
https://help.ubuntu....amba-fileserver.html

Tip:
I recommend that if at all possible, your windows username and password and ubuntu's user and password are identical. This will transparently authenticate you to samba. Otherwise you will have to enter your username and password once each session. Not a big problem.

Install Samba and libpam-smbpass. The latter will sync your linux login credentials with samba's (shares can have their own username and password):
sudo apt-get install samba libpam-smbpass

Let's create a stripped samba configuration and edit it:
cd /etc/samba
cp smb.conf ~/backup
sudo mv smb.conf smb.conf.master
testparm -s smb.conf.master | sudo tee smb.conf
sudo nano smb.conf && sudo restart smbd && sudo restart nmbd

Delete the [printers] and [print$] sections completely.

Then at the end of [global] add:
Code: Text [Select]
  1. security = user
  2.         encrypt passwords = true
  3.  
  4. [homes]
  5.         comment = Home Directories
  6.         browseable = yes
  7.         valid users = %S
  8.         read only = no

This exposes user's home directories and will let only those users access them.

The following might not be necessary, but I've had a bit of trouble with incorrect credentials being saved before, so just to be on the safe side we will turn off the VM:

sudo poweroff

Close the VM. Reboot your windows pc, and restart the VM again.

Try browsing to \\<server>\<username> (in my case: \\devvy\sander) . In your home directory, create a new text document with a few words. Now in the SSH session list the contents of the folder it is in:

ls -al ~

If everything is working correctly the username that owns the textfile is your linux user. This means you will not have any strange permission issues later on.

Congrats you can now read and write to your home directory.


justice

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,898
    • View Profile
    • Donate to Member
passwordless logon (PART 7)
« Reply #12 on: March 25, 2012, 10:43 AM »
Passwordless logon

In windows, start PuttyGen, click Generate.
Enter a Key Passphrase and remember it - otherwise you won't be able to login.
If you plan on storing it on Dropbox so that you can use it from another location, please install BoxCryptor first. It will create a new driveletter for an encrypted dropbox folder that only you can read. You can securely store private keys there.

Save the public key as hostname.pub and your private key as hostname.ppk (never allow anyone to copy this).
Double click on your hostname.ppk and enter the passphrase to import the private key.
Copy your public key into your ubuntu home directory (that's why we have setup samba!).

create the folder holding your ssh keys:
mkdir ~/.ssh
ssh-keygen -i -f hostname.pub > ~/.ssh/authorized_keys

Now. close any putty sessions.
Load up your connection and navigate to Connection > SSH > Auth > Browse (under Authentication parameters) and select your private key.
Under Connection > Data > "Auto login username" you can enter your username to completely automate login.

Don't forget to go back to Session and save the changes. Now login. If everything works you should not have to enter your password.

Optionally, we can now disable logging in via password. You can still login to your system using the Ubuntu login screen if you ever lose your keys.

cp /etc/ssh/sshd_config ~/backup
sudo /etc/ssh/sshd_config && sudo service ssh restart

Search for PasswordAuthentication and change it from yes to no
Search for UsePAM and change it from yes to no

Verify you cannot login without a key, using the windows command prompt:

ssh <user>@<hostname> -p 2222

Accept the host certificate.
enter a password, you should receive:

Permission denied (publickey).

Congratulations, your logins are now secure and more convenient.

justice

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,898
    • View Profile
    • Donate to Member
Simple outgoing email system PART8
« Reply #13 on: March 26, 2012, 06:05 AM »
Let's get a working outgoing email system working next.
If you want to set it up like me you will require a gmail.com mail account, but you should be able to adapt this to any existing email setup pretty easily.

We will setup a simple satellite system using postfix and then send an email using mutt. Let's install mutt (which installs postfix)

sudo apt-get install mutt

Now the postfix setup wizard starts. If you want to reconfigure postfix at a later date you can run sudo dpkg-reconfigure postfix

Type of mail server : Satellite System
Mail Name : example.org (the name you want on your outbound mail)
SMTP relay host : smtp.gmail.com
Postmaster : blank
Other destinations : blank
Synchronous Queues : no
Network blocks to allow relay : default
Mailbox size : default
Local address : default
Listen Address : all

We will need to enable TLS and passwords out outgoing connections next:

cp /etc/postfix/main.cf ~/backup
sudo nano /etc/postfix/main.cf

Add the following lines at the end of the file:
Code: Text [Select]
  1. smtp_use_tls = yes
  2. smtp_sasl_auth_enable = yes
  3. smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
  4. smtp_sasl_security_options = noanonymous
  5. smtp_sasl_tls_security_options = noanonymous

Create the sasl_password file by running the following (substitute username and password)
echo "smtp.gmail.com [email protected]:password" | sudo tee /etc/postfix/sasl_passwd

Apply the configuration:
sudo postmap /etc/postfix/sasl_passwd && sudo service postfix restart

Send a test email using mutt and press m for a new mail. Follow the wizard then press y to send. You should receive the mail momentarily.

That's everything I can imagine up and running, so you can now install whatever system you want :) I'll be playing about with a few projects and post more when I have settled on a system. Feedback is always welcome.