Version 7 (modified by chris, 3 years ago) (diff) |
---|
Table of Contents
crin4.crin.org
The crin1.crin.org development / staging server, at 93.95.228.222 is a 512MB RAM, 4 CPU core, virtual server running 64 bit Debian 8.0, Jessie, which was configured in July 2015 on ticket:23.
dev.crin.org and stage.crin.org
The two main sites on the server are:
These sites use a CAcert certificate.
MySQL is running on Crin1 and that server also has phpMyAdmin available, users need a ~/.my.cnf file as follows for drush:
[client] host=crin1 ssl-cipher=DHE-RSA-AES256-SHA ssl-ca=/etc/ssl/cacert/cacert.pem ssl-cert=/etc/ssl/cacert/crin1_cert.pem ssl-key=/etc/ssl/cacert/crin1_yassl_privatekey.pem
If databases need to be copied best do this on Crin1 as the root user has root access to MySQL, there isn't (intentionally) root MySQL access to Crin1 the live MySQL server from Crin4, the dev server.
The key Nginx config differences from the live site are these env vars:
fastcgi_param SITE_ENV crin_dev; fastcgi_param SITE_ENV crin_stage;
That a different robots.txt file is served to prevent the sites form being indexed:
location = /robots.txt { root /var/www/html; }
And if files are not found locally in /sites/default/files then they are reverse proxied off the live server as there isn't room for a full copy of these files:
location /sites/default/files { try_files $uri @proxy_to_live; } location @proxy_to_live { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_redirect off; proxy_pass http://www.crin.org$uri; }
The live servers, Crin2 which runs nginx and php5-fpm and Crin1 which runs MySQL are both set up with root access to Crin4 so you can simply copy files between the servers, for example:
rsync -av /var/example/ crin4:/var/example/
There isn't ssh access from the Crin4, the dev server to the live servers, Crin1 and Crin2 -- it is intentionally set up so there is only access from live to dev.
ssh access
The server is set up to only allow access via ssh keys, to add a new user:
export NEWUSER="username" adduser --disabled-password $NEWUSER adduser $NEWUSER sudo mkdir /home/$NEWUSER/.ssh chmod 700 /home/$NEWUSER/.ssh chown -R $NEWUSER:$NEWUSER /home/$NEWUSER/.ssh vi /home/$NEWUSER/.ssh/authorized_keys