|
Posted on May 31, 2010 by Mikko Ohtamaa Filed Under apache, linux, technology, ubuntuTags: apache, email. chmod, install, installation, joomla, linux, mysql, permissions, shell, sudo, ubuntu, unix, virtualhost
This how to shorty explains how to set-up a Joomla! hosting on a shared hosting server you own to have basic security. This instructions apply for Debian/Ubuntu based systems, but can be generalized to any Linux based system like Fedora.
In this how to we use the following software versions
- Joomla 1.5
- Apache 2.2
- MySQL 5.1
- Ubuntu 8.04 Hardy Heron server edition
The instructions may apply for other versions too.
Prerequisitements
What you need to have in order to use this how to
- Basic UNIX file permissions knowledge
- Basic UNIX shell knowledge
- You have a Linux server (Ubuntu / Debian) for which you have root user access and you plan to use this server to host one or several Joomla! sites
- Apache and MySQL instaleld on your server
User setup
Set-up an UNIX user on a dedicated server for Joomla! hosting. The user can SSH in the box and write to his home folder, /tmp and /var/www site folder.
We create a user called “user” in this instructions. Replace it with the username you desire. We also use the example site name (www).yoursite.com.
Create new UNIX user and /home/user folder.
sudo adduser user # Asks for the password and created /home/user
Create corresponding /var/www/user folder.
sudo mkdir /var/www/user
sudo chmod -R user:user /var/www/user # Only user has writing access to this folder
Setup MySQL user account
Install MySQL as per Debian/Ubuntu instructions.
Login as MySQL admin user (may vary depending how your MySQL is configured). Note that first you will be asked for sudo password, then for MySQL administrative user password.
sudo mysql -u admin -p
Then create a new database with the same name as new as the UNIX user. Make sure that we use UTF-8 character encoding so we avoid irritating encoding problems in the future.
CREATE DATABASE user DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;
Create a MySQL user with the same name as the UNIX user. Use a random password and give it all rights for the database. Note that this password should differ from the UNIX username password as this must be stored as plain-text in Joomla PHP files. Also MySQL differs users whether they came from localhost or other IP address. Here we use localhost so that the database is connectable only from the same server as Apache is running.
GRANT ALL ON user.* TO 'user'@'localhost' identified by 'zxc123zxc';
Extract Joomla! installation files
Enter the folder which will contain web site PHP files.
sudo -i -u user # pose yourself as UNIX user who runs the site
cd /var/www/user
wget http://joomlacode.org/gf/download/frsrelease/12350/51111/Joomla_1.5.18-Stable-Full_Package.zip
Unzip it.
unzip Joomla_1.5.18-Stable-Full_Package.zip
Exit posing yourself as user UNIX user.
exit
Set file permission
In order to secure your server
- Configuration files and upload directory must be writable by Apache user (www-data for Ubuntu/Debian, httpd for Fedora/Red Hat)
- Other .php files should be read-only
Note that during Joomla’s browser based installation Apache’s www-data must have write access to folder in order to create configuration.php file. We will later remove this access right.
We will set Joomla! files under UNIX group group www-data so that Apache can read them. Certain files are set to be writable. This must be done as root user.
sudo chown -R user:www-data /var/www/user # Make user group to www-data
sudo chmod g+wrx /var/www/user # Read only access to www-data user. Write access for installation, will be later removed.
Now ls -l command in /var/www/user should give you something like this for fil masks:
drwxr-xr-x 11 user www-data 4096 2010-05-28 10:22 plugins
-rwxr--r-- 1 user www-data 304 2010-05-28 10:21 robots.txt
drwxr-xr-x 6 user www-data 4096 2010-05-28 10:22 templates
Creating Apache configuration
This allows serving Joomla! by Apache and starting the browser based configuration.
First create Apache configuration file under /etc/apache2/sites-enabled as root user. We assume nano terminal base text editor is installed on the server.
sudo nano /etc/apache2/sites-enabled/yoursite.conf
Below is a sample configuration file. You may need to match your server public IP in <virtualhost, so that Apache knows for which IP address sites are served. We use virtual hosting: every site on the server is identified by incoming HTTP request.
<VirtualHost *>
ServerName yoursite.com
ServerAlias www.yoursite.com
ServerAdmin info@yourcompany.com
LogFormat combined
TransferLog /var/log/apache2/yoursite.log
# Make sure this virtual host if capable of executing PHP5
Options +ExecCGI
AddType application/x-httpd-php .php .php5
# Point to www folder where Joomla! is extracted
DocumentRoot /var/www/yoursite
# Do not give illusion of safety
# as PHP safe_mode really is a crap
# and only causes problems
php_admin_flag safe_mode off
#
# This entry will redirect traffic www.yoursite.com -> yoursite.com
# Assume mod_rewrite is installed and enabled on Apache
# 301 is HTTP Permanent Redirect code
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.yoursite\.com [NC]
RewriteRule (.*) http://yoursite.com$1 [L,R=301]
</VirtualHost>
Faking the DNS entry
If you have not yet reserved a domain name for your site, but still want to get the virtual host working, you can add a DNS name entry into a hosts file on your local computer. The following assumes you are using Ubuntu desktop, but hosts file is available on Windows and OSX too. sudo gedit /etc/hosts
Then add the lines like the example below. Do not forget to remove this from hosts file when the actual DNS has been set up.
# Force this hostname to go to your server public IP address from your local computer
123.123.123 yoursite.com www.yoursite.com
Start Joomla! browser based installation
Then enter the URL of your site to the browser:
http://yoursite.com
Joomla! installation page should appear.
- Fill in MySQL database values as created before.
- If you plan to use SSH for file transfer do not enable FTP layer (unsecure).
- Use a random password as Joomla! administrator user and store it somewhere in safe.
- When Joomla! browser based installation goes to the point it asks you to remove the installation directory follow the instructions below.
Secure the configuration
Now remove extra permissions from Apache’s www-data user so that in the case there is a PHP / Joomla security hole, your site files cannot get compromised.
Some folders must remain writable as Joomla! will upload or write files in them.
sudo chmod -R g-w /var/www/user # Remote write permission
sudo rm -rf /var/www/user/installation # Remove installation directory
# Add write permission to folders which contain writable files
sudo chmod -R g+x /var/www/user/logs
sudo chmod -R g+x /var/www/user/images
sudo chmod -R g+x /var/www/user/tmp
sudo chmod -R g+x /var/www/user/images
Setting up htaccess files
Joomla! comes with a sample htaccess file which has some security measurements by having RewriteRules to prevent malformed URL access.
To install this file do the following
sudo -i
cd /var/www/user
cp htaccess.txt .htaccess
chmod user:www-data .htaccess # Set file permission to be readable by Apache and writable by the UNIX user
Then we create a .htaccess file which we will place in all folders with Joomla! write access to prevent execution of PHP files in these folders. First we create htaccess.limited file which we use as a template.
sudo -i
cd /var/www/user
nano htaccess.limited # Open text editor
Use the following htaccess.limited content
# secure directory by disabling script execution
AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi
Options -ExecCGI -Indexes
And put the master template htaccess.limited to proper places
cp htaccess.limited media/.htaccess
chown -R user:www-data media/.htaccess
cp htaccess.limited tmp/.htaccess
chown -R user:www-data tmp/.htaccess
cp htaccess.limited logs/.htaccess
chown -R user:www-data logs/.htaccess
cp htaccess.limited images/.htaccess
chown -R user:www-data images/.htaccess
Start using the site
Now go to your site with the browser again and Joomla! start page should come up.
Login as administration account you gave in Joomla! browser based installation.
Type URL http://yoursite.com in your browser.
Setting outgoing email
This is probably first thing you want to do as Joomla! administrator. You configure the SMTP server which will be used for outgoing email. The server is usually provided by network operator who provides the internet connection for your server.
Login as Joomla! administrator user.
Go to Site -> Global Configuration -> Server.
Choose SMTP mail mode.
Enter SMTP details.
Test outgoing email
Create a new user with an email address you control The user should receive New User Details email message from the site on the moment the user is created.
Maintaining file permission
If you modify or create any files (e.g. upload a new theme) to your server you need to set file permissions for it.
- UNIX user: user (your site username)
- UNIX group: www-data
To make it possible to set the group ownership with user user you first need to add it to www-data group.
sudo usermod -a -G www-data user # Add user to www-data group so that it can set group permissions
Then you can fix the permissions for uploaded files (templates and libraries folders assumed)
sudo -i -u user # Login as your UNIX user
chgrp -R www-data templates libraries # Fix group ownership
chmod -R g+rx libraries templates # Set read access for the group
This way secure file permissions are fixed after files have been changed. Alternatively, if your secure SFTP program supports setting permissions during the file upload, you can use that option
 Read our blog  Subscribe mFabrik blog in a reader  Follow us on Twitter  Mikko Ohtamaa on LinkedIn
Posted on March 28, 2010 by Mikko Ohtamaa Filed Under Wordpress, apache, cms, css, plone, python, technology, web development, xdv, zopeTags: apache, cms, css, deliverance, drupal, integration, joomla, locationmatch, nginx, php, plone, proxy, python, theming, virtualhost, Wordpress, xdv, xml, xsl, xslt
XDV is an external HTML theming engine, a.k.a. theming proxy, which allows you to mix and match HTML and CSS from internal and external sites by using simple XML rules. It separates the theme development from the site development, so that people with little HTML and CSS knowledge can create themes without need to know underlying Python, PHP or whatever. It also enables integration of different services and sites to one, unified, user experience. For example, XDV is used by plone.org <http://plone.org> to integrate Plone CMS and Trac issue tracker. XDV compiles theming rules to XSL templates, which has been a standard XML based templates language since 1999. XSL has good support in every programming language and web server out there. Example backends to perform XSL transformation include
- Python and lxml library
- Apache’s mod_transform
- nginx web server
- All XSL capable Java and .NET software out there
XDV theming can be used together with Plone where enhanced support is provided by collective.xdv package package. Technically, collective.xdv adds Plone settings panel and does XSL transformation in Zope’s post-publication hook using lxml library. XDV can be used standalone with XDV package to theme any web site, let it be WordPress, Joomla, Drupal or custom in-house PHP solution from year 2000. XDV is based on Deliverance specification The difference between XDV and Deliverance reference implementation is that XDV internally compiles themes to XSL templates, when Deliverance relies on processing HTML in Python. Currently XDV approach seems to be working better, as we had many problems trying to apply Deliverance for WordPress site (redirects didn’t work, HTTP posts didn’t work, etc.).
XDV tools are deployed as Python eggs. You can use tools like buildout <http://www.buildout.org/> configuration and assembly tool or easy_install to get XDV on your development computer and the server. If you are working with Plone you can integrate XDV to your site existing buildout. If you are not working with Plone, XDV home page has instructions how to deploy XDV command standalone.
Rules (rules.xml) will tell how to fit content from external source to your theme HTML. It provides straightforward XML based syntax to manipulate HTML easily
- Append, replace and drop HTML pieces
- Insert HTML snippets
- CSS or XPath selectors can be used to identify HTML parts
- It is possible to mix and match content from more than two sites
- etc.
Rules XML syntax is documented at XDV homepage. Rules will be compiled to XSL template (theme.xsl) by xdvcompiler command. The actual theming is done by one of the XSL backends listed above, by taking HTML as input and applying XSL transformations on it. Note that currently rules without matching selectors are silently ignored and there is no bullet-proof way to debug what happens inside XSL transformation, except by looking into compiled theme.xsl.
Below are instructions how to integrate a WordPress site to your CMS. In this example CMS is Plone, but it could be any other system. We will create XDV theme which will theme WordPress site to match our CMS site in the fly.
WordPress theme using built with XDV and using a live Plone web page as a theme template. This way WordPress theme inherits “live data” from Plone site, like top tabs (portal sections), footer, CSS and other stuff which can be changed in-the-fly and reflecting changes to two separaet theming products would be cumbersome. Benefits using WordPress for blogging instead of main CMS
- WordPress post and comment management is easy
- WordPress does not need to be touched: the old public WordPress instance can keep happily running wherever it is during the whole process
- You do not need to migrate legacy WordPress installations to your CMS’s internal blogging tool
- WordPress comes with extensive blog spam filtering tools. We get 11000 spam comments a month.
- WordPress is designed for blogging and the user interface is good for that
- WordPress integrates well with blog pingback support services
- WordPress supports Gravatars and other blogging plug-ins
- ..and so on…
Benefits of using XDV theming instead of creating native WordPress theme are
- You need to maintain only one theming add-on product e.g. one for your main CMS and WordPress receives updates to this site and theme automatically
- WordPress does not need to be touched
- You can host your WordPress on a different server, even wordpress.com, and still integrate it to your main CMS
- The theme can be recycled not only for WordPress, but also other external services: Bugzilla, Trac, Webmail, phpBB, you-name-it
- Even though WordPress has slick UI, it is a well known fact that it is a can of worms internally. My developers do not like the idea of PHP development and would spit on my face if I ask them to go a develop a WordPress theme for us
The theme will consist of following pieces
- Deliverance rules XML file which defines how to combine Plone and WordPress HTML (rules.xml)
- Additional CSS definitions active only for WordPress (wordpress.css). Dependency to this CSS in injected to the <head> by rules XML
- Special Plone page template which will provide slots where WordPress can drop in the content (wordpress_listing.pt)
- A helper script which makes it easy for repeatable perform theming actions, like recompiling the theme (xdv.py)
This explains how to create a Plone page template where WordPress content will be dropped in. This step is not necessary, as we could do this without touching the Plone. However, it makes things more straightforward and explicit when we known that WordPress theme uses a certain template and we explicitly define slots for WordPress content there. Example:
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
xmlns:tal="http://xml.zope.org/namespaces/tal"
xmlns:metal="http://xml.zope.org/namespaces/metal"
xmlns:i18n="http://xml.zope.org/namespaces/i18n"
lang="en"
metal:use-macro="here/main_template/macros/master"
i18n:domain="plone">
<body>
<div metal:fill-slot="content">
<div id="wordpress-content">
<!-- Your WordPress "left column" will go there -->
</div>
</div>
</body>
</html>
Following are XDV rules (rules.xml) how we will fit WordPress site to Plone frame. It will integrate
- Content from WordPress
- Metadata from WordPress
- CSS from Plone
- Page basic structrure from Plone
rules.xml:
<?xml version="1.0" encoding="UTF-8"?>
<rules xmlns="http://namespaces.plone.org/xdv"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:css="http://namespaces.plone.org/xdv+css">
<!-- Remove WordPress CSS by filtering out <style> tags-->
<drop css:content="style" />
<!-- Make sure that WordPress metadata is present in <head> section -->
<append css:content="head link" css:theme="head" />
<!-- note: replace does not seem to handle multiple meta tags very well -->
<drop css:theme="meta" />
<append css:content="head meta" css:theme="head" />
<!-- Use blog title instead of Plone page title -->
<replace css:content="title" css:theme="title" />
<!-- Put WordPress sidebar to Plone's portlets section -->
<append css:content="#r_sidebar" css:theme="#portal-column-one .visualPadding" />
<!-- Place wordpress content into our theme content area -->
<copy css:content="#contentleft" css:theme="#wordpress-content" />
<!-- This mixes in WordPress specific CSS sheet which is applied for pages
served from WordPress only and does not concern Plone CMS.
This stylesheet will theme WordPress specific tags,
like blog posts and comment fields.
We keep this file in Plone, but this could be served from elsewhere. -->
<append css:theme="head">
<style type="text/css">
@import url(http://mfabrik.com/++resource++plonetheme.mfabrik/wordpress.css);
</style>
</append>
<!-- This stylesheet is used by special spam protection plug-in NoSpamNX -->
<append css:theme="head">
<link rel="stylesheet" href="http://blog.mfabrik.com/wp-content/plugins/nospamnx/nospamnx.css" type="text/css" />
</append>
<!-- Remove Google Analytics script used for CMS site -->
<drop css:theme="#page-bottom script" />
<!-- Rebuild our Google Analytics code, using a different tracker id this time
which is a specific to our blog.
-->
<append css:theme="#page-bottom">
<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
</script>
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-8819100-2");
pageTracker._trackPageview();
} catch(err) {
}
</script>
</append>
</rules>
This CSS has styles which are applied only to WordPress pages. They are mainly corner case fixes where WordPress and CMS styles must match. The CSS file is loaded when rules.xml injects it to <head> section. wordpress.css:
/* Font and block style fixes */
#wordpress-content h1 {
border: 0;
}
#wordpress-content .post-end {
margin-bottom: 60px;
}
#wordpress-content pre {
width: 600px;
overflow: auto;
background: white;
border: 1px solid #888;
}
#wordpress-content ul {
margin-left: 20px;
}
#wordpress-content .post-info-date,
#wordpress-content .post-info-categories,
#wordpress-content .post-info-tags {
font-size: 80%;
color: #888;
}
/* Make sure that posts and comments look sane in our theme */
#wordpress-content .post {
margin-top: 15px;
}
#wordpress-content .commentlist li {
margin: 20px;
background: white;
padding: 10px;
}
#wordpress-content .commentlist li img {
float: left;
margin-right: 20px;
margin-bottom: 20px;
}
#wordpress-content #commentform {
margin: 20px;
}
#wordpress-content {
margin-left: 20px;
margin-right: 20px;
}
/* Make WordPress "sidebaar" look like Plone "portlets */
.template-wordpress_listing #portal-column-one ul {
list-style: none;
margin-bottom: 40px;
}
.template-wordpress_listing #portal-column-one ul#Recent li {
margin-bottom: 8px;
}
.template-wordpress_listing #portal-column-one ul#Categories a {
line-height: 120%;
}
.template-wordpress_listing #portal-column-one h2 {
background: transparent;
border: 0;
font-weight:normal;
line-height:1.6em;
padding:0;
text-transform:none;
font-size: 16px;
color: #9b9b9b;
border-bottom:4px solid #CDCDCD;
}
The following Python script (xdv.py) makes it easy for us
- Recompile the theme
- Test the theme applied on the site
- Preview the theme in our browser
- It is basically wrapped with default file locations around
- bin/xdvcompiler and bin/xdvrun commands with some webbrowser opening magic.
xdv.py:
"""
This command line Python script compiles your rules.xml to XDV XSL
Modify it for your own needs.
It assumes your buildout.cfg has xdv section and generated XDV
commands under bin/
To compile, execute in the buildout folder::
python src/plonetheme.mfabrik/xdv.py
To build test HTML::
python src/plonetheme.mfabrik/xdv.py --test
To build test HTML and preview it in browser, execute in buildout folder::
python src/plonetheme.mfabrik/xdv.py --preview
"""
import getopt, sys
import os
import webbrowser
# rules XML for theming
RULES_XML = "src/plonetheme.mfabrik/deliverance/etc/rules.xml"
# Which XSL file to generate for compiled XDV
OUTPUT_FILE = "theme.xsl"
# Which file to generate applied theme test runs
TEST_HTML_FILE = "test.html"
# Our "theme.html" is a remote template served for each request.
# Because we are doing live integrattion, this is a HTTP resource,
# not a local file.
THEME="http://mfabrik.com/news/wordpress_listing/"
#
# External site you are theming.
# Note: must have ending slash (lxm cannot handle redirects)
#
SITE="http://blog.twinapex.fi/"
try:
opts, args = getopt.getopt(sys.argv[1:], "pt", ["preview", "test"])
except getopt.GetoptError, err:
# print help information and exit:
print str(err) # will print something like "option -a not recognized"
# Convert options to simple list
opts = [ opt for opt, value in opts ]
print "Compiling transformation"
value = os.system("bin/xdvcompiler -o " + OUTPUT_FILE + " " + RULES_XML +" " + THEME)
if value != 0:
print "Compilation failed"
sys.exit(1)
if "-p" in opts or "--preview" in opts or "-t" in opts or "--test" in opts:
print "Generating test HTML page"
value = os.system("bin/xdvrun -o " + TEST_HTML_FILE + " " + OUTPUT_FILE + " " + SITE)
if value != 0:
print "Page transformation failed"
sys.exit(1)
if "-p" in opts or "--preview" in opts:
# Preview the result in a browser
# NOTE: OSX needs Python >= 2.5 to make this work
# Make sure test run succeeded
url = "file://" + os.path.abspath(TEST_HTML_FILE)
print "Opening:" + url
# We prefer Firefox for preview for its superious
# Firebug HTML debugger and XPath rule generator
try:
browser = webbrowser.get("firefox")
except webbrowser.Error:
# No FF on the system, or OSX which can't find its browsers
browser = webbrowser.get()
browser.open_new_tab(url)
This will generate XSL templates to do theming transform. It will compile rules XML with some boilerplate XSL. Running our compile script:
python src/plonetheme.mfabrik/xdv.py
Since Plone usually does not use any relative paths or relative resources in HTML, we do not give the parameter “Absolute prefix” to the compilation stage. In Plone, everything is mapped through a virtual hosting aware resource locator: portal_url and VirtualHostMonster. For more information see
The following command will apply theme for an example external page:
bin/xdvrun -o theme.html theme.xsl http://blog.twinapex.fi
firefox theme.xhtml
… or we can use shortcut provided by our script …
python src/plonetheme.mfabrik/xdv.py --preview
These steps tell how to apply the integration theme for WordPress when WordPress is running under Apache virtualhost.
We use Apache and mod_transform. Instructions how to set up modules for Apache are available on XDV homepage. Some hand-build modules must be used, but instructions to set them up for Ubuntu / Debian are available. Apache 2 supports filter chains which allow you to perform magic on HTTP response before sending it out. This corresponds Python’s WSGI middleware. We’ll use special built of mod_transform and mod_depends which are known to working. These modules were forked from their orignal creations to make them XDV compatible, as the orignal has not been updated since 2004 (here you can nicely see how open source guarantees “won’t run out of support” freedom).
Example:
sudo -i
apt-get install libxslt1-dev libapache2-mod-apreq2 libapreq2-dev apache2-threaded-dev
wget http://html-xslt.googlecode.com/files/mod-transform-html-xslt.tgz
wget http://html-xslt.googlecode.com/files/mod-depends-html-xslt.tgz
tar -xzf mod-transform-html-xslt.tgz
tar -xzf mod-depends-html-xslt.tgz
cd mod-depends-html-xslt ; ./configure ; make ; make install ; cd ..
cd mod-transform-html-xslt ; ./configure ; make ; make install ; cd ..
Enable built-in Apache modules:
a2enmod filter
a2enmod ext_filter
For modules depends and transform you need to manually add them to the end of Apache configuration, as they do not provide a2enmod stubs for Debian. Edit /etc/apache2/apache.conf:
LoadModule depends_module /usr/lib/apache2/modules/mod_depends.so
LoadModule transform_module /usr/lib/apache2/modules/mod_transform.so
You need to hard reset Apache to make the new modules effective:
/etc/init.d/apache2 force-reload
Below is our virtualhost configuration which runs WordPress and PHP. Transformation filter chain has been added in. /etc/apache/sites-enabled/blog.mfabrik.com:
<VirtualHost *>
ServerName blog.mfabrik.com
ServerAdmin info@mfabrik.com
LogFormat combined
TransferLog /var/log/apache2/blog.mfabrik.com.log
# Basic WordPress setup
Options +Indexes FollowSymLinks +ExecCGI
DocumentRoot /srv/www/wordpress
<Directory /srv/www/wordpress>
Options FollowSymlinks
AllowOverride All
</Directory>
AddType application/x-httpd-php .php .php3 .php4 .php5
AddType application/x-httpd-php-source .phps
# Theming set-up
# This chain is used for public web pages
FilterDeclare THEME
FilterProvider THEME XSLT resp=Content-Type $text/html
TransformOptions +ApacheFS +HTML
# This is the location of compiled XSL theme transform
TransformSet /theme.xsl
# This will make Apache not to reload transformation every time
# it is performed. Instead, a compiled version is hold in the
# virtual URL declared above.
TransformCache /theme.xsl /srv/plone/twinapex.fi/theme.xsl
# We want to apply theme only for
# 1. public pages (otherwise WordPress administrative interface stops working)
<Location "/">
FilterChain THEME
</Location>
# 2. Admin interface and feeds should not receive any kind of theming
<LocationMatch "(wp-login|wp-admin|wp-includes)">
# The following resets the filter chain
# http://httpd.apache.org/docs/2.2/mod/mod_filter.html#filterchain
FilterChain !
</LocationMatch>
</VirtualHost>
After Apache has all modules enabled and your virtualhost configuration is ok, you should see WordPress through your new theme by visiting at the site served through Apache:
The theme should be recompiled every time
- Plone is restarted: CSS references change in <head> as CSS cache is rebuilt
- CSS is modified: CSS references change in <head> as CSS cache is rebuilt
- Plone content is changed and changes reflect back to WordPress theme (e.g. a new top level site section is being added)
This is because the compilation will hard-link resources and template snippets to resulting the theme.xsl file. If hard-linked resources change on the Plone site, the transformation XSL file does not automatically reflect back the changes. It could be possible to use Plone events automatically to rerun theme compilation when concerned resources change. However, the would be quite complex. For now, we are satisfied with a scheduled task which will recompile the theme now and then. Alternatively, mod_transforms could be run in non-cached mode with some performance implications. Here is a shell script, update-wordpress-theme.sh, which will perform the recompilation and make Apache’s transformation cache aware of changes:
#!/bin/sh
#
# Periodically update WordPress theme to reflect changes on CMS site
#
# Recompile theme
sudo -H -u twinapex /bin/sh -c cd /srv/plone/twinapex.fi ; python src/plonetheme.mfabrik/xdv.py
# Make Apache aware of theme changes
sudo apache2ctl graceful
Then we call it periodically in cron job, every 15 minutes in /etc/cron.d/update-wordpress:
# Make WordPress XDV theme to reflect changes on CMS
0,15,30,45 * * * * /srv/plone/twinapex.fi/update-wordpress-theme.sh
No changes on WordPress needed if the domain name is not changed in the theme transformation process.
Unlike Plone, WordPress does not have decent virtual hosting machinery. It knowns only one URL which is uses to refer to the site in the external context (e.g. RSS feeds). This setting can be overridden in
- WordPress administrative interface
- wp-config.php
Here is an example how we override this in our wp-config.php:
// http://codex.wordpress.org/Editing_wp-config.php#WordPress_address_.28URL.29
define('WP_HOME','http://blog.mfabrik.com');
define('WP_SITEURL','http://blog.mfabrik.com');
Http 404 Not Found responses are not themed by Apache filter chain. This is not possible due to order of pipeline in Apache. As a workaround you can set up a custom HTTP 404 page in WordPress which does not expose the old theme.
- Go to WordPress admin interface, Theme editor
- Edit 404.php and modify it so that it does not pull in the WordPress theme:
<html>
<head>
<title>Not found</title>
</head>
<body>
<h1>Not Found, Error 404</h1>
<p>Aaaaw, snap! The page you are looking for no longer exists. It must be our hamster who ate it.</p>
<a href="<?php bloginfo('url'); ?>">Go to blog homepage</a>
<a href="http://mfabrik.com">mFabrik business site</a>
</body>
</html>
For more information see
Below is a checklist you need to go to through to confirm that the theme integration works on your production site
- WordPress public pages are loaded with the new theme
- WordPress login works
- WordPress administrative interface works
- RSS feed from WordPress works and contain correct URLs
- HTTP 404 not found is handled correctly
- HTTP 302 redirect is handled correctly (i.e. missing / at the end of blog post URL)
- Changes on CMS site are reflected to WordPress theme within the update delay
- Old blog site is redirected to new site using HTTP 301 (if applies)
Posted on September 30, 2009 by Mikko Ohtamaa Filed Under Business, django, iphone, linux, mobile, pys60, python, technologyTags: analytics, apache, apex vertex, augmented reality, bicycling, bilingual, browser, browsercontrol, capabilities, darwin, django, django-cms, extjs, google maps, gps, handset, html5, iphone, lbs, linux, localhost, location based, map, media, mobile, mobile profile, mod_python, multichannel, multilingual, nokia, oulu, phonegap, premium, print, publishing, python, rtsp, series 40, series 60, sniffing, streaming, symbiansigned, tourism, traffic statistics, twinapex, ubuntu, upnorth, user agent, webkit, xhtml
Recently we created a mobile site for an interactive bicycle tour. oulugo.mobi (you need to use mobile browser to access the site or you’ll get a redirect) is a multimedia enriched bicycle tour through the historic parts of the city of Oulu. All content is provided by OnGo.
The route, which you can bicycle through is drawn on Google Maps. There are nine action points where the user can listen to streaming audio clips, with still images, in his/her mobile phone. This is sort of augmented reality experience: The user sees the real world (where he/she is now bicycling) combined with the historic events (audio playback narrative). For example, at Linnansaari (a location on the route) you’ll see the actual 17th century castle ruins and the narrator tells how the castle exploded when fire, caused by a lighting, reached gunpowder warehouse… boom. The explosion caused stones fly over 400 meters.
Alternatively, the clips are available as podcasts from Oulu Tourism pages. You can download them into your iPod for offline listening and use in conjuction with a paper map. This demostrates interesting mix of multichannel publishing: paper, web, mobile and podcasts.
The tour is bilingual in Finnish and English.
There exists unreleased iPhone application, based on PhoneGap, which allows the user to track his/her location real-time on the web page. We didn’t see it worth of trouble to go through Apple iPhone application review process. When location based service support comes for the browser this feature is indended to be included as the standard HTML5 feature of the service.
There also exists Nokia Series 60 mobile application, based on PyS60 and Series 60 BrowserControl API, which allows the user to track his/her location in real-time. The application provides wrapper around Series 60 WebKit control and allows Javascript to access phone native functions (GPS) over localhost socket communication. Like with Apple, we didn’t see real-time tracking feature interesting enough to go through Symbian Signed process to get our application released. Also, BrowserControl had seriousquality problems and we didn’t consider it stable enough for the end users. Some work is available in PyS60 Community Edition repository.
The service is hosted on Python specific virtual server on Twinapex services server farm.
Features
- Premium content tailored for audio listening
- Dubbed in English and Finnish by a professional voice actor
- Bilingual: English/Finnish
- Adapts for smartphones (WebKit based browsers) and low end phones (XHTML mobile profile browsers)
- Streaming video and audio (RTSP / progressive HTTP download forv iPhone). Different audio quality is provided on depending on the handset features.
- Screen resolution detection based on user agent sniffing. Three different version of images are used.
- Custom Google Maps component for mobile is used. The component adapts for different mobile phones based on sniffing. Features include zoom, show action point, show the current location, search street address name. This component can be published on a request.
- Management interface features include video upload, video transcoding different mobile versions and editing bilingual content
- Apex Vertex handset database is used to detect the user’s mobile phone capabilities
- Apex Vertex logging and traffic analytics capabilities are used for the site statistics
Software stack
Development effort
Development time: Around 100 hours. Three different developers where involved. Used development tools: Eclipse, PyDev, Subclipse, Subversion. There were around five meetings between the content provider and the technology provider. Few beta testing rounds using iPhone application were performed by bicycling in -10 celcius degrees weather (north and so on…). No polar bears were harmed during the creation of this mobile service.
The service is linked in from Oulu Tourism pages and thousands of paper brochures printed for Oulu summer season 2009.
About the author Mikko Ohtamaa
Posted on July 7, 2008 by Tuukka Mustonen Filed Under Plone (old), Red innovation, apache, database, linux, performance, ubuntu, zopeTags: apache, cms, comparison, database, linux, load balancer, performance, Plone (old), review, server, ubuntu, zope
We do some Plone development here at Redi. As known, Plone is a powerful, but unfortunately quite a heavy CMS which is best suited for Intranets. Thus, we are always looking for speed increase.
Enter Zeo cluster – a feature that nowadays comes bundled with Zope and allows one database (practically Data.fs) to be used by multiple Zope instances, or more accurately Zeo clients. In standalone installation only one CPU / CPU core can be used for processing requests (as Zope / Python implementation is single-threaded AFAIK). So if there are any concurrent requests the database (ZODB, the Zope Object Database) usually has to wait for the request processing before it is asked for the data and only part of the processing power is used as requests are queued. Using Zeo server-client architecture however, each Zeo client can do the processing on their own CPU/core (thus efficiently using the whole CPU prosessing power available) and also minimize the hard disk idle time by asking for data in an ~asynchronous manner (in separate queues). Actually ZODB even serves the same object simultaneously to different client processes for performance reasons. This might raise database ConflictErrors, which are nothing to fear of, however, as noted some paragraphs below.
Similarly, you could also deploy Zeo clients on different computers in local network (or wherever you want), but that’s not the scope of this article. Having clients running on different machines is a similar case with the same performance basis, but there are connection lags, bandwith limits and such that decrease performance.
Theory vs. practice
Deploying a Zeo cluster instead of standalone Zope instance should theoretically increase the performance by factor of extra available CPUs / CPU cores. There might be some overheads from this setup though, so we tested it out using ApacheBenchmark – the benchmarking module that comes bundled with Apache nowadays. But first something about…
Setting up Zeo & converting from standalone mode
In the easiest scenario, setting Zeo up is rather easy: the unified installer supports Zeo-server setup out of the box (=there is a recipe for it). Just run the unified installer like:
$ ./install.sh zeo
Luckily, the unified installer uses buildout from Plone 3.1 onwards. Thus, converting your current buildout instances to Zeo cluster is nothing but change of buildout configuration. Where you would normally need ‘instance’ section in your buildout.cfg you will now need the following:
[zeoserver]
recipe = plone.recipe.zope2zeoserver
zope2-location = ${zope2:location}
zeo-address = 127.0.0.1:12000
#effective-user = __EFFECTIVE_USER__
[client1]
recipe = plone.recipe.zope2instance
zope2-location = ${zope2:location}
zeo-client = true
zeo-address = ${zeoserver:zeo-address}
# The line below sets only the initial password. It will not change an
# existing password.
user = admin:mysecretpassword
http-address = 12001
#effective-user = __EFFECTIVE_USER__
#debug-mode = on
#verbose-security = on
# If you want Zope to know about any additional eggs, list them here.
# This should include any development eggs you listed in develop-eggs above,
# e.g. eggs = ${buildout:eggs} ${plone:eggs} my.package
eggs =
${buildout:eggs}
${plone:eggs}
# If you want to register ZCML slugs for any packages, list them here.
# e.g. zcml = my.package my.other.package
zcml =
products =
${buildout:directory}/products
${productdistros:location}
${plone:products}
To add more clients (which is quite the point here), append as many times the extra client sections like this:
[client2]
recipe = plone.recipe.zope2instance
zope2-location = ${zope2:location}
zeo-client = true
zeo-address = ${zeoserver:zeo-address}
user = ${client1:user}
http-address = 12002
#effective-user = __EFFECTIVE_USER__
#debug-mode = on
#verbose-security = on
eggs = ${client1:eggs}
zcml = ${client1:zcml}
products = ${client1:products}
That minimizes the need for retyping user names, password etc. These examples were taken from Plone unified installer buildout.cfg with ports changed.
Starting, stopping & restarting
Now, to start your Zeo-powered Plon clients you could type:
bin/zeoserver start
bin/client1 start
bin/client2 start
...same for all the clients...
However, the unified installer has a recipe which automatically generates nice and simple shell scripts to control your cluster. In the end of your buildout.cfg, add:
[unifiedinstaller]
recipe = plone.recipe.unifiedinstaller
user = ${client1:user}
primary-port = ${client1:http-address}
That should generate the scripts. In fact, it propably does also something else, something which I’m not aware of. However, I didn’t bump into any problems, yet  Anyway, to start the whole cluster (server & clients), type:
bin/startcluster.sh
And that does it (it start server and the clients). Shut it down via:
bin/shutdowncluster.sh
And restart:
bin/restartcluster.sh
ConflictErrors – not that errerous
As noted before, in Zeo mode the ZODB might serve the same objects to two more clients at the same time. If one client manipulates the object before others (ie. edits values and saves changes) the other requests will propably fail. This raises ConflicError which looks like this:
ConflictError: database conflict error (oid 0x0f39, class HelpSys.HelpSys.ProductHelp)
In this case ZODB tries to reprocess the failed requests. This should be common database approach and thus a feature, not a bug (although Zope might want to tell that in error message!). For more accurate explanation see Plone discussion.
Parsing it together with web server
The Zeo components (server and clients) talk to each other via standard Internet protocols (TCP or UDP, not sure). In the default setup, the Zeo server listens to port 8100 and Zeo clients to 8080, 8081, etc. Thus, to access the separate clients as ‘one site’ we need to serve the requests to multiple clients. This can be achieved with load balancers. Apache has at least one: mod_proxy_balancer which should do exactly what we need. Apache isn’t the best choice for achieving high requests per second values, but it will do for our tests (compare to more lightweight but also more limited lighttpd). Just remember that there are other alternatives/methods available, like using squid as load balancer.
Our configuration is as follows (inside VirtualHost-directive):
<Proxy balancer://lb>
BalancerMember http://127.0.0.1:12001/
BalancerMember http://127.0.0.1:12002/
BalancerMember http://127.0.0.1:12003/
BalancerMember http://127.0.0.1:12004/
</Proxy>
<Location /balancer-manager>
SetHandler balancer-manager
Order Deny,Allow
Allow from all
</Location>
ProxyPass /balancer-manager !
ProxyPass / balancer://lb/http://localhost/VirtualHostBase/http/www.mydomain.com:80/plonesite/VirtualHostRoot/
ProxyPassReverse / balancer://lb/http://localhost/VirtualHostBase/http/www.mydomain.com:80/plonesite/VirtualHostRoot/
This setup also allows us to use the balancer-manager (accessible at /balancer-manager) that comes with mod_proxy_balancer. It’s useful for checking if the configuration is working and balancer is dividing the requests equally. In my setup the balancer is using the default Request Counting -algorithm which divides the requests numerically equally between the instances, but you might want to also try Weighted Traffic Counting, which should be for actual use. In our test only the frontpage is accessed however, so each request’s data transfer is equal and the weighted traffic counting isn’t of use.
The test
The server machine
- Ubuntu 8.04 virtual server
- Intel Xeon 2.0Ghz (4 cores)
- 2 GB of RAM
- Hard disk drive (7200rpm?)
The setup
- Standalone Plone instance
- Plone via Zeo server with 4 clients (as many clients as cores in processor)
- Plone via Zeo server with 6 clients (for curiosity)
The tests where run locally in development environment to minimize the network lag (was 0-1ms).
The test commands
ApacheBenchmark commands:
$ ab -n N -c C myurl
where N was either 1000 or 9000 (requests) and C 1, 10, 100 or 1000 (concurrent requests).
The results
You can download the more in-depth test sheet Plone Standalone vs. Zeo installation (PDF).
To put it simple: theory and practise meet well – Zeo server is a lot more powerful with concurrent requests. On non-concurrent requests the results are about the same.
Having as many Zeo clients as CPUs / CPU cores can boost the performance up to number of extra CPUs/cores. For example, in our quad-core server with Zeo setup we gained nearly 4 times the requests per second of standalone installation (~370% to be accurate). Increasing Zeo clients to 6 didn’t help any as there’s no processing power left from 4 heavily stressed client processes. Also to be noted is that the waiting times for clients nearly tripled (median jumped from 126 to 305 ms) when raising concurrency from 1 to 10. This isn’t bad though – those are still low figures compared to standalone’s median of 1215 ms! Only when raising concurrency to 100 we began to see some 3,6 seconds waiting times (6 seconds for standalone). Increasing concurrency didn’t bring down the requests/second rates much (less than 5%) as expected.
Overall, the results were expected, but now we have evidence of it: under concurrent request load Zeo server is a good option to multiply the performance of your site. With very low traffic sites which rarely get more than 1 request at time this doesn’t matter.
One bad word about the resource requirements though: The used RAM increase for 6 client Zeo setup (standard Plone 3.1.2 + 12 additional Products) was whopping 621 MB (1132 MB -> 1753 MB). That means about 100 MB per Zeo client as the Zeo server memory intake was only about 12-15 MB. Thus, only use as many Zeo clients as absolutely necessary or you might find your beloved server machine under very serious Zope flu!
|
