Tags Archives: mariadb

How To Install MariaDB on Ubuntu 20.04 LTS

Notes for installing MariaDB on Ubuntu 20.04.

 

 

root@len:/var/www# apt update && sudo apt upgrade

 

root@len:/var/www# apt -y install software-properties-common
Reading package lists… Done
Building dependency tree
Reading state information… Done
software-properties-common is already the newest version (0.99.9.8).
0 to upgrade, 0 to newly install, 0 to remove and 0 not to upgrade.
root@len:/var/www#

 

 

apt-key adv –fetch-keys ‘https://mariadb.org/mariadb_release_signing_key.asc’

 

 

root@len:/var/www# apt-key adv –fetch-keys ‘https://mariadb.org/mariadb_release_signing_key.asc’
Executing: /tmp/apt-key-gpghome.J3PN2sGZod/gpg.1.sh –fetch-keys https://mariadb.org/mariadb_release_signing_key.asc
gpg: requesting key from ‘https://mariadb.org/mariadb_release_signing_key.asc’

 

gpg: key F1656F24C74CD1D8: public key “MariaDB Signing Key <signing-key@mariadb.org>” imported
gpg: Total number processed: 1
gpg: imported: 1
root@len:/var/www#
root@len:/var/www#

 

add-apt-repository ‘deb [arch=amd64] http://mariadb.mirror.globo.tech/repo/10.5/ubuntu focal main’

sudo apt update
sudo apt install mariadb-server mariadb-client

 

1 package can be upgraded. Run ‘apt list –upgradable’ to see it.
root@len:/var/www# apt list –upgradabale
E: Command line option –upgradabale is not understood in combination with the other options
root@len:/var/www# apt list –upgradabale
E: Command line option –upgradabale is not understood in combination with the other options
root@len:/var/www# apt list –upgradable
Listing… Done
mysql-common/unknown 1:10.5.15+maria~focal all [upgradable from: 5.8+1.0.5ubuntu2]
N: There are 3 additional versions. Please use the ‘-a’ switch to see them.
root@len:/var/www#

 

root@len:/var/www# apt list –upgradable -a
Listing… Done
mysql-common/unknown 1:10.5.15+maria~focal all [upgradable from: 5.8+1.0.5ubuntu2]
mysql-common/unknown 1:10.5.13+maria~focal all
mysql-common/unknown 1:10.5.12+maria~focal all
mysql-common/focal,focal,now 5.8+1.0.5ubuntu2 all [installed,upgradable to: 1:10.5.15+maria~focal]

root@len:/var/www#

 

apt install mariadb-server mariadb-client

 

 

root@len:/var/www# apt install mariadb-server mariadb-client
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following additional packages will be installed:
galera-4 gawk libaio1 libcgi-fast-perl libcgi-pm-perl libdbd-mariadb-perl libdbi-perl libfcgi-perl libhtml-template-perl libmariadb3
libreadline5 libsigsegv2 libterm-readkey-perl mariadb-client-10.5 mariadb-client-core-10.5 mariadb-common mariadb-server-10.5
mariadb-server-core-10.5 socat
Suggested packages:
gawk-doc libclone-perl libmldbm-perl libnet-daemon-perl libsql-statement-perl libipc-sharedcache-perl mailx mariadb-test
The following NEW packages will be installed
galera-4 gawk libaio1 libcgi-fast-perl libcgi-pm-perl libdbd-mariadb-perl libdbi-perl libfcgi-perl libhtml-template-perl libmariadb3
libreadline5 libsigsegv2 libterm-readkey-perl mariadb-client mariadb-client-10.5 mariadb-client-core-10.5 mariadb-common mariadb-server
mariadb-server-10.5 mariadb-server-core-10.5 socat
0 to upgrade, 21 to newly install, 0 to remove and 1 not to upgrade.
Need to get 28.8 MB of archives.
After this operation, 224 MB of additional disk space will be used.
Do you want to continue? [Y/n] y

… … ..

Setting up libreadline5:amd64 (5.2+dfsg-3build3) …
Setting up gawk (1:5.0.1+dfsg-1) …
Setting up libcgi-pm-perl (4.46-1) …
Setting up libhtml-template-perl (2.97-1) …
Setting up socat (1.7.3.3-2) …
Setting up libmariadb3:amd64 (1:10.5.15+maria~focal) …
Setting up libfcgi-perl (0.79-1) …
Setting up libterm-readkey-perl (2.38-1build1) …
Setting up libaio1:amd64 (0.3.112-5) …
Setting up libdbi-perl:amd64 (1.643-1ubuntu0.1) …
Setting up mariadb-server-core-10.5 (1:10.5.15+maria~focal) …
Setting up libcgi-fast-perl (1:2.15-1) …
Setting up libdbd-mariadb-perl (1.11-3ubuntu2) …
Setting up mariadb-client-core-10.5 (1:10.5.15+maria~focal) …
Setting up mariadb-client-10.5 (1:10.5.15+maria~focal) …
Setting up mariadb-client (1:10.5.15+maria~focal) …
Setting up mariadb-server-10.5 (1:10.5.15+maria~focal) …
Created symlink /etc/systemd/system/multi-user.target.wants/mariadb.service → /lib/systemd/system/mariadb.service.
Setting up mariadb-server (1:10.5.15+maria~focal) …
Processing triggers for libc-bin (2.31-0ubuntu9.7) …
Processing triggers for systemd (245.4-4ubuntu3.16) …
Processing triggers for man-db (2.9.1-1) …
Processing triggers for doc-base (0.10.9) …
Processing 1 added doc-base file…
root@len:/var/www#

 

next secure MariaDB Server by manually running the MySQL hardening script:

 

mysql_secure_installation

 

then check the mariadb database service is started automatically after installation:

 

 

root@len:~# systemctl status mysql

 

you can also use the command:

 

root@len:~# systemctl status mariadb

 

 

for same output:

 

● mariadb.service – MariaDB 10.5.15 database server
Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; vendor preset: enabled)
Drop-In: /etc/systemd/system/mariadb.service.d
└─migrated-from-my.cnf-settings.conf
Active: active (running) since Fri 2022-04-22 14:36:13 BST; 4min 16s ago
Docs: man:mariadbd(8)
https://mariadb.com/kb/en/library/systemd/
Main PID: 51723 (mariadbd)
Status: “Taking your SQL requests now…”
Tasks: 9 (limit: 9308)
Memory: 61.0M
CGroup: /system.slice/mariadb.service
└─51723 /usr/sbin/mariadbd

 

Apr 22 14:36:13 len mariadbd[51723]: 2022-04-22 14:36:13 0 [Note] /usr/sbin/mariadbd: ready for connections.
Apr 22 14:36:13 len mariadbd[51723]: Version: ‘10.5.15-MariaDB-1:10.5.15+maria~focal’ socket: ‘/run/mysqld/mysqld.sock’ port: 3306 mariadb.org>
Apr 22 14:36:13 len systemd[1]: Started MariaDB 10.5.15 database server.
Apr 22 14:36:13 len /etc/mysql/debian-start[51746]: Upgrading MySQL tables if necessary.
Apr 22 14:36:13 len /etc/mysql/debian-start[51749]: Looking for ‘mysql’ as: /usr/bin/mysql
Apr 22 14:36:13 len /etc/mysql/debian-start[51749]: Looking for ‘mysqlcheck’ as: /usr/bin/mysqlcheck
Apr 22 14:36:13 len /etc/mysql/debian-start[51749]: This installation of MariaDB is already upgraded to 10.5.15-MariaDB.
Apr 22 14:36:13 len /etc/mysql/debian-start[51749]: There is no need to run mysql_upgrade again for 10.5.15-MariaDB.
Apr 22 14:36:13 len /etc/mysql/debian-start[51749]: You can use –force if you still want to run mysql_upgrade
Apr 22 14:36:13 len /etc/mysql/debian-start[51757]: Checking for insecure root accounts.
~
~

 

 

Test your root login to MariaDB shell using the mysql client command:

 

mysql -u root -p

 

root@len:~# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 36
Server version: 10.5.15-MariaDB-1:10.5.15+maria~focal mariadb.org binary distribution

 

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

 

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.

 

MariaDB [(none)]>

 

 

you can check the version at any time by entering

 

MariaDB [(none)]> SELECT VERSION();
+—————————————+
| VERSION() |
+—————————————+
| 10.5.15-MariaDB-1:10.5.15+maria~focal |
+—————————————+
1 row in set (0.001 sec)

MariaDB [(none)]>

 

 

 

CREATE DATABASE wordpress DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;

 

CREATE USER ‘wordpressuser’@localhost IDENTIFIED BY ‘*********’;

 

 

MariaDB [(none)]> CREATE DATABASE wordpress DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;
Query OK, 1 row affected (0.001 sec)

 

NOTE! you have to use ” quote marks!!! for MariaDB – different quote marks to mysql!

 

 

MariaDB [(none)]> CREATE USER ‘wordpressuser’@localhost IDENTIFIED BY ‘****’;
Query OK, 0 rows affected (0.022 sec)

 

 

MariaDB [(none)]> GRANT ALL ON wordpress.* TO ‘wordpressuser’@’localhost’;
Query OK, 0 rows affected (0.021 sec)

 

MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.002 sec)

 

MariaDB [(none)]> CREATE DATABASE kevwells DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;
Query OK, 1 row affected (0.001 sec)

 

MariaDB [(none)]> GRANT ALL ON kevwells.* TO ‘wordpressuser’@’localhost’;
Query OK, 0 rows affected (0.021 sec)

 

MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.001 sec)

 

MariaDB [(none)]>

 

 

Continue Reading

How To Automate the Replication of a WordPress System from an Online Server to an Offline  Localhost Domain

 

This article documents the procedure involved in creating a local working offline replica of an online WordPress website and the automation of this process by means of a shell script.

 

This exercise involves a Ubuntu 20 server and laptop, both running Apache2 and MySQL/Mariadb 10.

 

 

First I installed apache2, mariadb, php, and phpmyadmin on the laptop.

 

 

Copy the WordPress Directory

 

 

I then copied the current /var/www/wordpress directory to /home/kevin/DATA on the server.

 

This is then accessible via the NFS share DATA on the laptop.

Then on the laptop I copied this to /var/www/wordpress, having, first of all, renamed the existing wordpress directory instance.

 

then on laptop:

 

 

Create the Website MySQL Database and User

 

root@asus:~# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 90
Server version: 10.3.29-MariaDB-0ubuntu0.20.10.1 Ubuntu 20.10

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.

MariaDB [(none)]> show databases;
+——————–+
| Database |
+——————–+
| information_schema |
| mysql |
| performance_schema |
| phpmyadmin |
| wordpress |
+——————–+
5 rows in set (0.002 sec)

MariaDB [(none)]>

 

 

 

Our website WordPress database on the server is called kevwells, so we need to have a database with the same name present on our MariaDB on the laptop:

 

 

So create a database as follows on laptop with these parameters: 

 

MySQL settings – You can get this info from your web host ** //
/** The name of the database for WordPress */
define( ‘DB_NAME’, ‘kevwells’ );

/** MySQL database username */
define( ‘DB_USER’, ‘wordpressuser’ );

/** MySQL database password */
define( ‘DB_PASSWORD’, ‘**COMMENTED OUT***’ );

/** MySQL hostname */
define( ‘DB_HOST’, ‘localhost’ );

 

 

 MariaDB [(none)]> CREATE DATABASE kevwells DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;

Query OK, 1 row affected (0.001 sec)

MariaDB [(none)]>

 

 

 

MariaDB [(none)]> show databases;
+——————–+
| Database |
+——————–+
| information_schema |
| kevwells |
| mysql |
| performance_schema |
| phpmyadmin |
| wordpress |
+——————–+
6 rows in set (0.001 sec)

MariaDB [(none)]>

 

 

Next, create a user for the database:

 

 

CREATE USER ‘wordpressuser’@localhost IDENTIFIED BY ‘**COMMENTED OUT**’;

 

To list all existing users in your database server, you need to query the user table in your mysql database.

 

SELECT the user and host column from the table as follows:

 

SELECT user, host FROM mysql.user;

 

MariaDB [(none)]> SELECT user, host FROM mysql.user;
+——————+———–+
| user | host |
+——————+———–+
| phpmyadmin | localhost |
| root | localhost |
| wordpressuser | localhost |
| ‘phpmyadmin’ | localhost |
+——————+———–+
4 rows in set (0.000 sec)

 

Along the way, I noticed a wrongly entered username above for phpmyadmin, ie ‘phpmyadmin’ , so I deleted this:

 

MariaDB [(none)]> drop user ‘‘phpmyadmin’’@localhost ;
Query OK, 0 rows affected (0.001 sec)

MariaDB [(none)]>
MariaDB [(none)]> SELECT user, host FROM mysql.user;
+—————+———–+
| user | host |
+—————+———–+
| phpmyadmin | localhost |
| root | localhost |
| wordpressuser | localhost |
+—————+———–+
3 rows in set (0.000 sec)

MariaDB [(none)]>

 

we got rid of the ‘phpmyadmin’ as this was an error with the apostrophes as part of the user name.

 

We already have the wordpressuser existing.

 

So all is well. we just need to make sure the password for our user is the correct one.

 

 

SET PASSWORD FOR ‘exampleuser’@’localhost’ = PASSWORD(‘newpassword’);

 

 

MariaDB [(none)]> SET PASSWORD FOR ‘wordpressuser’@’localhost’ = PASSWORD(‘**COMMENTED OUT***’);
Query OK, 0 rows affected (0.001 sec)

MariaDB [(none)]>

 

 

Just to be certain, I also then went into http://localhost/phpmyadmin and changed the password for user wordpressuser to **COMMENTED OUT** as above.

 

It returned the message:

 

 

The password for ‘wordpressuser’@’localhost’ was changed successfully.

 

 

 

So on our laptop have created a kevwells database (as yet empty)  and a user called wordpressuser as on the online server.

 

 

I then made following changes to the wp-config.php:

/* define(‘FORCE_SSL_ADMIN’, true);
*/

 

/*
define( ‘WP_HOME’, ‘https://kevwells.com’ );
define( ‘WP_SITEURL’, ‘https://kevwells.com’ ); */

 

define(‘WP_HOME’,’http://localhost’);
define(‘WP_SITEURL’,’http://localhost’);

 

 

 

Had to give wordpressuser privilege to database kevwells because we are using the database name kevwells and not wordpress for our website wordpress database!

 

 

GRANT ALL ON kevwells.* TO ‘wordpressuser’@’localhost’;

 

MariaDB [(none)]> GRANT ALL ON kevwells.* TO ‘wordpressuser’@’localhost’;
Query OK, 0 rows affected (0.000 sec)

MariaDB [(none)]> flush privileges ;
Query OK, 0 rows affected (0.000 sec)

MariaDB [(none)]>

 

 

Note that the reply of mariadb says

 

Query OK, 0 rows affected (0.000 sec)

 

 

but it has processed and implemented the change when you do flush privileges.

 

 

User wordpressuser then has all privileges granted to kevwells database.

 

 

Launch the WordPress Duplicator Plugin

 

Next, start the Duplicator WordPress Plugin procedure on the server to prepare the copy of the site for download from the server to the laptop.

 

 

You need to download both the zip file and the installer.php for duplicator – you carry out both these actions from within the duplicator dashboard in the plugin on WordPress on the server.

 

 

Then, on localhost ie laptop, we activate the duplicator installer.php in the WordPress folder on laptop.

 

This installs the instance onto WordPress and apache on localhost.

 

 

Finally, then do the following:

 

Admin Login Login to the WordPress Admin to finalize this install.

 

Auto delete installer files after login (recommended)

IMPORTANT FINAL STEPS: Login into the WordPress Admin to remove all installation files and finalize the install process.

This install is NOT complete until all installer files have been completely removed. Leaving any of the installer files on this server can lead to security issues.

 

 

Review Install Report
The install report is designed to give you a synopsis of the possible errors and warnings that may exist after the installation is completed.

 

 

Test Site
After the install is complete run through your entire site and test all pages and posts.

 

 

Final Security Cleanup
When completed with the installation please delete all installation files. Leaving these files on your server can be a security risk! You can remove all these files by logging into your WordPress admin and following the remove notification links or by deleting these file manually. Be sure these files/directories are removed. Optionally it is also recommended to remove the archive.zip/daf file.

 

 

dup-installer
installer.php
installer-backup.php
dup-installer-bootlog__[HASH].txt
archive.zip/daf

 

 

 

I moved all the above out of /var/www/wordpress to a directory called /var/www/wordpress_duplicator_myfiles/

 

 

NOTE: wordpress admin dashboard username, password, authcode etc is the same on http://localhost/wp-admin as on https://kevwells.com/wp-admin

 

 

Assemble the MySQL Command To Modify the Website URL References

 

To execute statements from the command line without an interactive prompt, use the -e option:

 

 

mysql mydb -e ‘select * from foo’

 

 

 

We need the following command set:

 

 

UPDATE wp_options SET option_value = replace(option_value, ‘https://kevwells.com’, ‘http://localhost’) WHERE option_name = ‘home’ OR option_name = ‘siteurl’;
UPDATE wp_posts SET guid = replace(guid, ‘https://kevwells.com’,’http://localhost’);
UPDATE wp_posts SET post_content = replace(post_content, ‘https://kevwells.com’, ‘http://localhost’);
UPDATE wp_postmeta SET meta_value = replace(meta_value,’https://kevwells.com’,’http://localhost’);
FLUSH PRIVILEGES;

 

 

The mysql client utility can take a password on the command line with either the -p or –password= options.

 

 

If you use -p, there must not be any blank space after the option letter.

 

 

BUT: this is insecure because it means a user could view the password – either directly via /proc/$pid/cmdline or via the ps command.

 

 

The safest way to do this would be to create a new config file and pass it to mysql using either the –defaults-file= option.

 

 

to do this,  create a file ~/.my.cnf, make it only accessible by yourself, permission 600.

 

 

[client]
user=myuser
password=mypassword

 

Then you don’t need type password any more. Make sure that you secure this file.

 

 

nano /root/.my.cnf

 

 

[client]
user=root
password=<yourmysqlrootpassword>

 

 

 

chmod 640 /root/.my.cnf
chown root.root /root/.my.cnf

 

-rw-r—– 1 root root 38 Apr 19 18:44 .my.cnf

 

 

 

Then run:

 

mysql –defaults-file=

 

 

mysql –defaults-file=/root/.my.cnf -e “show databases ;”

 

root@asus:~# mysql –defaults-file=/root/.my.cnf -e “show databases ;”
+——————–+
| Database |
+——————–+
| information_schema |
| kevwells |
| mysql |
| performance_schema |
| phpmyadmin |
| wordpress |
+——————–+
root@asus:~#

 

It works. So, now let’s try the full command:

 

/usr/bin/mysql –defaults-file=/root/.my.cnf -e “USE kevwells ; UPDATE wp_options SET option_value = replace(option_value, ‘https://kevwells.com’, ‘http://localhost’) WHERE option_name = ‘home’ OR option_name = ‘siteurl’; UPDATE wp_posts SET guid = replace(guid, ‘https://kevwells.com’,’http://localhost’); UPDATE wp_posts SET post_content = replace(post_content, ‘https://kevwells.com’, ‘http://localhost’); UPDATE wp_postmeta SET meta_value = replace(meta_value,’https://kevwells.com’,’http://localhost’); FLUSH PRIVILEGES;”

 

 

Build a Shell Script to Automate the Replication Process

 

Next we want to put this and other commands in an executable script under /usr/local/bin as the second part of our backup script routine which downloads the databases from kevwells.com to localhost.

 

Easiest way to do the downloading would be via the /home/kevin/DATA NFS Share, this also provides a regular database backup on the share.

 

Then call up the script using crontab.

 

Finally, make sure you have the two definitions to the wp-config.php and also the FORCE_SSL_ADMIN directive (we disable this as we are not using SSL on the laptop localhost apache2).

 

 

define(‘FORCE_SSL_ADMIN’, false);

define( ‘WP_HOME’, ‘http://localhost’ );
define( ‘WP_SITEURL’, ‘http://localhost’ );

 

We need a script to download the MySQL WordPress database from the online server at kevwells.com to the laptop, and then to make the necessary URL adjustments.

 

Do not simply copy database files from one machine to the other. This can lead to database inconsistencies. In any case with a dynamic online database with real-time changes this would be a recipe for disaster.

 

The correct way to export and import a mysql database between two machines is to use mysqldump and mysqlimport.

 

On an online machine with continual write actions, you would also need to pause the database while performing the export-import action. However as this is simply a database for a  WordPress website with few write actions taking place, we can ignore this and go straight to the export routine.

 

To do this, we use mysqldump.

 

Use mysqldump –help to see what options are available.

 

The basic structure of our command will be, on the server:

 

mysqldump –quick db_name | gzip > db_name.gz 

 

 

and to restore, ie import on the other machine:

 

mysqladmin create db_name 

 

gunzip < db_name.gz | mysql db_name

 

 

 

using the mysql cli client the command would be (but we will use mysqladmin in our case)

 

root@asus:/usr/local/bin# mysql -p -uwordpressuser kevwells < /home/kevin/DATA/KEVWELLS.COM/kevwells.sql
Enter password:
root@asus:/usr/local/bin#

 

on the server we use:

 

mysqldump –quick db_name | gzip > db_name.gz
mysqldump –defaults-file=/root/.my.cnf –quick kevwells | gzip > /home/kevin/DATA/KEVWELLS.COM/kevwells.sql.gz

 

So,

 

root@gemini:~#
root@gemini:~#
root@gemini:~# mysqldump –defaults-file=/root/.my.cnf –quick kevwells | gzip > /home/kevin/DATA/KEVWELLS.COM/kevwells.sql.gz
root@gemini:~# mysqldump –defaults-file=/root/.my.cnf –quick mysql | gzip > /home/kevin/DATA/KEVWELLS.COM/mysql.sql.gz
root@gemini:~#

 

then on laptop:

 

Transfer both .sql files with database contents to the target machine and run these commands there:

 

mysqladmin create db_name 

gunzip < db_name.gz | mysql db_name

 

You need to delete the old database .sql files first, else the mysqlimport command will fail:

 

root@asus:~# rm /home/kevin/DATA/KEVWELLS.COM/kevwells.sql
root@asus:~# rm /home/kevin/DATA/KEVWELLS.COM/mysql.sql
root@asus:~#

 

then perform the imports:

 

root@asus:~# mysqlimport kevwells | gunzip /home/kevin/DATA/KEVWELLS.COM/kevwells.sql.gz
root@asus:~#

root@asus:~# mysqlimport mysql | gunzip /home/kevin/DATA/KEVWELLS.COM/mysql.sql.gz
root@asus:~#

 

After you import the mysql database onto the laptop, execute mysqladmin flush-privileges so the laptop mysql server reloads the grant table info:

 

mysqladmin flush-privileges

 

root@asus:~# mysqladmin flush-privileges
root@asus:~#

 

Some other commands:

 

root@asus:/home/kevin/DATA/KEVWELLS.COM# mysqladmin status
Uptime: 32382 Threads: 7 Questions: 7651 Slow queries: 0 Opens: 155 Flush tables: 1 Open tables: 148 Queries per second avg: 0.236
root@asus:/home/kevin/DATA/KEVWELLS.COM#

 

We can implement the automation in various ways.

 

One way would be to have two scripts, one on server which executes first via crontab, and the other on the laptop which executes later via crontab.

 

The server script would perform the mysqldump, the laptop script would do the mysqlimport.

 

Another way would be remote ssh – but we would have to give root ssh key permission on the server from the laptop for this. Then we would do everything from the one script on the laptop.

 

We will use this method to keep things simpler and means there is just one script that controls the entire process.

 

Set up the SSH for Remote Login without Password Prompt

 

First, copy the ssh key for root to geminivpn

 

use geminivpn and not gemini as wifi routers do not always permit outgoing ssh connections!

 

on gemini:

 

In the /etc/ssh/sshd_config you must have the directive:

 

PermitRootLogin yes

 

then restart sshd:

 

systemctl restart sshd

 

Next, assemble the script on the laptop:

 

 

Check Mysql Server Command Functionality

 

 

First let’s check the functionality on the server:

 

root@gemini:/etc/ssh# mysqladmin status
Uptime: 1458129 Threads: 7 Questions: 4569013 Slow queries: 0 Opens: 358 Flush tables: 1 Open tables: 337 Queries per second avg: 3.133
root@gemini:/etc/ssh#

 

and let’s see if we have our ssh command set correctly and if it works for mysqladmin commands:

root@asus:/home/kevin# ssh root@geminivpn “mysqladmin status”
Uptime: 1458134 Threads: 7 Questions: 4569014 Slow queries: 0 Opens: 358 Flush tables: 1 Open tables: 337 Queries per second avg: 3.133
root@asus:/home/kevin#

 

everything good.

 

Check the Functions.php: 

there was also a problem with /var/www/wordpress# nano wp-content/themes/canvas/functions.php

 

This contained:

 

update_option( ‘siteurl’, ‘http://kevwells.com’ );
update_option( ‘home’, ‘http://kevwells.com’ );

 

These directives were changing the site name in the WordPress database back to kevwells.com from localhost.

 

So we have to make sure this is modified when we copied the WordPress files across. This is not dependent on the MySQL databases far as I can gather at this stage, it is solely in the functions.php of the canvas theme used for the site.

 

I have now commented this out on both kevwells.com and localhost.

 

Assemble the Script

 

So, next step is to assemble our script on the laptop:

 

root@asus:/usr/local/bin# cat kevwells.com_db_replication.sh

 

#!/bin/bash
# Script: /usr/local/bin/kevwells.com_db_replication.sh
# Date Created: 19.4.2022
# Last Modifled 19.04.2022
# Author: Kevin Wells
# Purpose: export wordpress database for kevwells.com website from NFS share on gemini to laptop
# and modify database domain url from http://kevwells.com to http://localhost
# How called: via crontab. Can also be called manually
# Requires: mysql/mariadb, mysqladmin, mysql client, ssh, ssh keys installed on server for passwordless remote command execution
# /root/.my.cnf containing mysql password for root, gzip/gunzip on both machines
# Location: asus laptop /usr/local/bin

 

set -x

 

# first, make sure the wordpress cache is flushed to disk:

 

ssh root@geminivpn “wp cache flush –path=/var/www/wordpress –allow-root “

 

# first delete the old .sql database file from last time:

 

rm /home/kevin/DATA/KEVWELLS.COM/all_databases.sql

 

# create the database export from server kevwells.com:

 

ssh root@geminivpn “mysqldump –all-databases > /home/kevin/DATA/KEVWELLS.COM/all_databases.sql”

 

# next import the databases into the laptop mysql:
# no username or password needed as this is defined in the /root/.my.cnf file:

 

 

mysql < /home/kevin/DATA/KEVWELLS.COM/all_databases.sql

 

# should not be necessary, but to be on safe side:
chown -R mysql.mysql /var/lib/mysql/kevwells

 

 

/usr/bin/mysql -e “USE kevwells ; UPDATE wp_options SET option_value = replace(option_value, ‘http://kevwells.com’, ‘http://localhost’) WHERE option_name = ‘home’ OR option_name = ‘siteurl’; UPDATE wp_posts SET guid = replace(guid, ‘http://kevwells.com’,’http://localhost’); UPDATE wp_posts SET post_content = replace(post_content, ‘http://kevwells.com’, ‘http://localhost’); UPDATE wp_postmeta SET meta_value = replace(meta_value,’http://kevwells.com’,’http://localhost’); FLUSH PRIVILEGES;”

 

wp cache flush –path=/var/www/wordpress –allow-root

 

 

# then execute mysqladmin flush-privileges so the laptop mysql server reloads the grant table info:

 

mysqladmin flush-privileges

 

# END OF SCRIPT

 

 

 

root@asus:/usr/local/bin#

 

Testing the script with bash option set -x:

 

root@asus:/usr/local/bin# ./kevwells.com_db_replication.sh
++ ssh root@geminivpn ‘wp cache flush –path=/var/www/wordpress –allow-root ‘
Success: The cache was flushed.
++ rm /home/kevin/DATA/KEVWELLS.COM/all_databases.sql
++ ssh root@geminivpn ‘mysqldump –all-databases > /home/kevin/DATA/KEVWELLS.COM/all_databases.sql’
++ mysql
++ chown -R mysql.mysql /var/lib/mysql/kevwells
++ /usr/bin/mysql -e ‘USE kevwells ; UPDATE wp_options SET option_value = replace(option_value, ‘\”http://kevwells.com’\”, ‘\”http://localhost’\”) WHERE option_name = ‘\”home’\” OR option_name = ‘\”siteurl’\”; UPDATE wp_posts SET guid = replace(guid, ‘\”http://kevwells.com’\”,’\”http://localhost’\”); UPDATE wp_posts SET post_content = replace(post_content, ‘\”http://kevwells.com’\”, ‘\”http://localhost’\”); UPDATE wp_postmeta SET meta_value = replace(meta_value,’\”http://kevwells.com’\”,’\”http://localhost’\”); FLUSH PRIVILEGES;’
++ wp cache flush –path=/var/www/wordpress –allow-root
Success: The cache was flushed.
++ mysqladmin flush-privileges
root@asus:/usr/local/bin#

 

 

root@asus:/usr/local/bin#

 

 

Make sure the script is executable!

root@asus:/usr/local/bin# chmod 750 kevwells.com_db_replication.sh
root@asus:/usr/local/bin# ls -l kevwells.com_db_replication.sh
-rwxr-x— 1 root root 2007 Apr 20 10:57 kevwells.com_db_replication.sh
root@asus:/usr/local/bin#

 

And finally, schedule the script to run using crontab on the laptop: 

 

eg

 

9 2 * * * /usr/local/bin/kevwells.com_db_replication.sh

 

 

Additional Notes on the Replication Process

 

Some WordPress plugins can interfere with the replication and correct rendition of the website from https://kevwells.com to http://localhost.

 

In particular, check that:

 

Really Simple SSL is “deactivated, but still using https” (select this option in the plugin settings in the WP Dashboard).

 

Also I have disabled Permalinks Moved Permanently plugin.

 

Provided these plugins are disabled and the replication script runs correctly with the MySQL DB Update URL commands executed to change siteurl links from https://kevwells.com to http://localhost then the replication should be error-free and there is no need for the permalinks to be saved in the WP Dashboard as is otherwise usually the case with WordPress site transfers and domain name changes.

 

 

 

 

 

  

 

Continue Reading

Problems Starting Mariadb/Mysql on Ubuntu 20.10 After Installing

After installing Mariadb/Mysql  on Linux Ubuntu 20.10 I had the following error when trying to start mariadb server:

 

root@asus:/home/kevin/Downloads# systemctl status mariadb

 

● mariadb.service – MariaDB 10.3.34 database server
Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; vendor preset: enabled)
Drop-In: /etc/systemd/system/mariadb.service.d
└─migrated-from-my.cnf-settings.conf
Active: failed (Result: exit-code) since Tue 2022-03-15 12:43:45 GMT; 5min ago
Docs: man:mysqld(8)

https://mariadb.com/kb/en/library/systemd/
Process: 57943 ExecStartPre=/usr/bin/install -m 755 -o mysql -g root -d /var/run/mysqld (code=exited, status=0/SUCCESS)
Process: 57944 ExecStartPre=/bin/sh -c systemctl unset-environment _WSREP_START_POSITION (code=exited, status=0/SUCCESS)
Process: 57946 ExecStartPre=/bin/sh -c [ ! -e /usr/bin/galera_recovery ] && VAR= || VAR=`cd /usr/bin/..; /usr/bin/galera_recovery`; [ $? -eq 0 ] && systemctl set-environment _WSREP_>
Process: 57975 ExecStart=/usr/sbin/mysqld $MYSQLD_OPTS $_WSREP_NEW_CLUSTER $_WSREP_START_POSITION (code=exited, status=7)
Main PID: 57975 (code=exited, status=7)
Status: “MariaDB server is down”

 

Mär 15 12:43:43 asus systemd[1]: Starting MariaDB 10.3.34 database server…
Mär 15 12:43:43 asus mysqld[57975]: 2022-03-15 12:43:43 0 [Note] /usr/sbin/mysqld (mysqld 10.3.34-MariaDB-0ubuntu0.20.04.1) starting as process 57975 …
Mär 15 12:43:45 asus systemd[1]: mariadb.service: Main process exited, code=exited, status=7/NOTRUNNING
Mär 15 12:43:45 asus systemd[1]: mariadb.service: Failed with result ‘exit-code’.
Mär 15 12:43:45 asus systemd[1]: Failed to start MariaDB 10.3.34 database server.
lines 5-19/19 (END)

 

 

This then leads to a ERROR 2002 (HY000): Can’t connect to local MySQL server through socket ‘/var/run/mysqld/mysqld.s

 

 

However, this latter error can have various potential causes, but its occurrance in this particular case is because the mysqld service has been unable to start.

 

This in turn was due to corruption of the Mysql server system and configuration due to earlier installs and deinstalls. The problems may also have been compounded by the fact that the system on which mysql was being installed was ubuntu version 20.10 and not 20.04 LTS. The latter is recommended, the former (20.10 is not).

 

The solution was to first do a comprehensive complete deinstall and cleanup of the mysql/mariadb configuration and then to start again from scratch with a fresh installation of mariadb-server.

 

However, before I resorted to this action as part of my troubleshooting activity, I tried out various other suggested solutions, some of these I have documented below.

 

Check error logs

 

Check that the mysql error log has been explicitly written to another location. This is often done by changing the datadir or log_error system variables in an option file.A quick way to get the values of these system variables is to do:

 

mysqld –help –verbose | grep ‘log-error’ | tail -1
mysqld –help –verbose | grep ‘datadir’ | tail -1

 

root@asus:/var/lib# mysqld –help –verbose | grep ‘log-error’ | tail -1
2022-03-15 18:53:51 0 [Note] Plugin ‘FEEDBACK’ is disabled.
2022-03-15 18:53:51 0 [Warning] Could not open mysql.plugin table. Some options may be missing from the help text
2022-03-15 18:53:51 0 [ERROR] mysqld: unknown variable ‘mysqlx-bind-address=127.0.0.1’
2022-03-15 18:53:51 0 [ERROR] Aborting

 

log-error /var/log/mysql/error.log
root@asus:/var/lib# mysqld
2022-03-15 18:54:06 0 [Note] mysqld (mysqld 10.3.34-MariaDB-0ubuntu0.20.04.1) starting as process 76968 …
^C
root@asus:/var/lib#

 

 

Check configuration variables

 

You can check which configuration options MariaDB server will use from its option files by doing:

 

mysqld –print-defaults
You can also check by executing the following command:

 

my_print_defaults –mysqld

 

 

root@asus:/var/lib# mysqld –print-defaults
mysqld would have been started with the following arguments:
–user=mysql –bind-address=127.0.0.1 –mysqlx-bind-address=127.0.0.1 –key_buffer_size=16M –myisam-recover-options=BACKUP –log_error=/var/log/mysql/error.log –max_binlog_size=100M
root@asus:/var/lib#

 

root@asus:~# my_print_defaults –mysqld
–user=mysql
–bind-address=127.0.0.1
–mysqlx-bind-address=127.0.0.1
–key_buffer_size=16M
–myisam-recover-options=BACKUP
–log_error=/var/log/mysql/error.log
–max_binlog_size=100M
root@asus:~#

 

It is possible to see errors similar to the following:

 

System error 1067 has occurred.
Fatal error: Can’t open privilege tables: Table ‘mysql.host’ doesn’t exist

 

If errors like this occur, then critical system tables are either missing or are in the wrong location.

 

The above error can occur after an upgrade if the option files set the basedir or datadir to a non-standard location, but the new server is using the default location.

 

 

So make sure that the basedir and datadir variables are correctly set.

 

 

root@asus:/var/lib#
root@asus:/var/lib# systemctl start mariadb
Job for mariadb.service failed because the control process exited with error code.
See “systemctl status mariadb.service” and “journalctl -xe” for details.

root@asus:/var/lib# systemctl status mariadb

● mariadb.service – MariaDB 10.3.34 database server
Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; vendor preset: enabled)
Drop-In: /etc/systemd/system/mariadb.service.d
└─migrated-from-my.cnf-settings.conf
Active: failed (Result: exit-code) since Tue 2022-03-15 18:50:37 GMT; 4s ago
Docs: man:mysqld(8)
https://mariadb.com/kb/en/library/systemd/
Process: 76564 ExecStartPre=/usr/bin/install -m 755 -o mysql -g root -d /var/run/mysqld (code=exited, status=0/SUCCESS)
Process: 76565 ExecStartPre=/bin/sh -c systemctl unset-environment _WSREP_START_POSITION (code=exited, status=0/SUCCESS)
Process: 76567 ExecStartPre=/bin/sh -c [ ! -e /usr/bin/galera_recovery ] && VAR= || VAR=`cd /usr/bin/..; /usr/bin/galera_recovery`; [ $? -e>
Process: 76596 ExecStart=/usr/sbin/mysqld $MYSQLD_OPTS $_WSREP_NEW_CLUSTER $_WSREP_START_POSITION (code=exited, status=7)
Main PID: 76596 (code=exited, status=7)
Status: “MariaDB server is down”

 

Mär 15 18:50:35 asus systemd[1]: Starting MariaDB 10.3.34 database server…
Mär 15 18:50:35 asus mysqld[76596]: 2022-03-15 18:50:35 0 [Note] /usr/sbin/mysqld (mysqld 10.3.34-MariaDB-0ubuntu0.20.04.1) starting as process 7>
Mär 15 18:50:37 asus systemd[1]: mariadb.service: Main process exited, code=exited, status=7/NOTRUNNING
Mär 15 18:50:37 asus systemd[1]: mariadb.service: Failed with result ‘exit-code’.
Mär 15 18:50:37 asus systemd[1]: Failed to start MariaDB 10.3.34 database server.
lines 3-19/19

 

 

Check the mysql user exists

 

Does the mysql user exist? yes…

 

root@asus:~# cat /etc/passwd | grep mysql
mysql:x:133:144:MySQL Server,,,:/nonexistent:/bin/false
root@asus:~#

 

 

Check the output of mysql_install_db

 

The error message “Installation of system tables failed” sent by mysql_install_db is revealing.

 

Examine the logs in /var/lib/mysql for more information.

 

See below.

 

 

root@asus:~# mysql_install_db
Installing MariaDB/MySQL system tables in ‘/var/lib/mysql’ …

 

Installation of system tables failed! Examine the logs in
/var/lib/mysql for more information.

 

The problem could be conflicting information in an external
my.cnf files. You can ignore these by doing:

 

shell> /usr/bin/mysql_install_db –defaults-file=~/.my.cnf

 

You can also try to start the mysqld daemon with:

 

shell> /usr/sbin/mysqld –skip-grant-tables –general-log &

 

and use the command line tool /usr/bin/mysql

to connect to the mysql database and look at the grant tables:

 

shell> /usr/bin/mysql -u root mysql
mysql> show tables;

 

Try ‘mysqld –help’ if you have problems with paths. Using
–general-log gives you a log in /var/lib/mysql that may be helpful.

 

The latest information about mysql_install_db is available at
https://mariadb.com/kb/en/installing-system-tables-mysql_install_db
You can find the latest source at https://downloads.mariadb.org and
the maria-discuss email list at https://launchpad.net/~maria-discuss

 

Please check all of the above before submitting a bug report
at http://mariadb.org/jira

 

root@asus:~#

 

 

I also tried the following, but result was the same:

 

root@asus:~# mysql_install_db –user=mysql –ldata=/var/lib/mysql/ –basedir=/usr
Installing MariaDB/MySQL system tables in ‘/var/lib/mysql/’ …

 

Installation of system tables failed! Examine the logs in
/var/lib/mysql/ for more information.

 

 

Deinstall Mariadb/Mysql

 

 

At this point I decided to do a complete deinstall and clean-up and then a fresh new reinstall of mariadb-server:

 

apt-get remove –purge mysql*
apt-get remove –purge mariadb*

 

 

then do:

 

apt-get remove –purge mysql*

 

root@asus:~# dpkg -l | grep mysql
ii libdbd-mysql-perl:amd64 4.050-3 amd64 Perl5 database interface to the MariaDB/MySQL database
ii libmysqlclient21:amd64 8.0.28-0ubuntu0.20.04.3 amd64 MySQL database client library
ii mysql-common 1:10.5.15+maria~focal all MariaDB database common files (e.g. /etc/mysql/my.cnf)
rc mysql-server-8.0 8.0.28-0ubuntu0.20.04.3 amd64 MySQL database server binaries and system database setup
ii php-mysql 2:7.4+76 all MySQL module for PHP [default]
ii php7.4-mysql 7.4.9-1ubuntu1.2 amd64 MySQL module for PHP
root@asus:~#

 

remove all these packages…

root@asus:~# apt-get remove –purge php-mysql

 

apt-get remove –purge mariadb*
apt-get remove –purge libdbd-mysql-perl:amd64
apt-get remove –purge mysql*
apt-get remove –purge php-mysql
apt-get remove –purge php7.4-mysql

 

then do a thorough clean up….

 

 

root@asus:~# rm -rf /etc/mysql /var/lib/mysql
root@asus:~# apt-get autoremove
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following packages will be REMOVED
dbconfig-common dbconfig-no-thanks galera-3 icc-profiles-free libcgi-fast-perl libcgi-pm-perl libconfig-inifiles-perl libdbi-perl libfcgi-perl
libhtml-template-perl libjs-openlayers libjs-sphinxdoc libjs-underscore libreadline5 libterm-readkey-perl php-bz2 php-google-recaptcha
php-phpmyadmin-motranslator php-phpmyadmin-shapefile php-phpmyadmin-sql-parser php-phpseclib php-psr-cache php-psr-container php-psr-log php-symfony-cache
php-symfony-cache-contracts php-symfony-expression-language php-symfony-service-contracts php-symfony-var-exporter php-tcpdf php-twig php-twig-extensions
php7.4-bz2
0 to upgrade, 0 to newly install, 33 to remove and 0 not to upgrade.
After this operation, 46,9 MB disk space will be freed.
Do you want to continue? [Y/n] y
(Reading database … 253422 files and directories currently installed.)
Removing dbconfig-no-thanks (2.0.14) …
Removing dbconfig-common (2.0.14) …
Removing galera-3 (25.3.30-1) …
Removing php-tcpdf (6.3.5+dfsg1-1) …
Removing icc-profiles-free (2.0.1+dfsg-1) …
Removing libcgi-fast-perl (1:2.15-1) …
Removing libhtml-template-perl (2.97-1) …
Removing libcgi-pm-perl (4.50-1) …
Removing libconfig-inifiles-perl (3.000003-1) …
Removing libdbi-perl:amd64 (1.643-2) …
Removing libfcgi-perl (0.79-1) …
Removing libjs-openlayers (2.13.1+ds2-8) …
Removing libjs-sphinxdoc (3.2.1-1) …
Removing libjs-underscore (1.9.1~dfsg-1ubuntu0.20.10.1) …
Removing libreadline5:amd64 (5.2+dfsg-3build3) …
Removing libterm-readkey-perl (2.38-1build1) …
Removing php-bz2 (2:7.4+76) …
Removing php-google-recaptcha (1.2.4-1) …
Removing php-phpmyadmin-motranslator (5.0.0-2) …
Removing php-phpmyadmin-shapefile (2.1-4) …
Removing php-phpmyadmin-sql-parser (4.6.1-2) …
Removing php-phpseclib (2.0.28-1) …
Removing php-symfony-expression-language (4.4.14+dfsg-1) …
Removing php-symfony-cache (4.4.14+dfsg-1) …
Removing php-symfony-cache-contracts (1.1.9-1) …
Removing php-psr-cache (1.0.1-2) …
Removing php-symfony-service-contracts (1.1.9-1) …
Removing php-psr-container (1.0.0-2) …
Removing php-psr-log (1.1.3-1) …
Removing php-symfony-var-exporter (4.4.14+dfsg-1) …
Removing php-twig-extensions (1.5.4-2) …
Removing php-twig (2.13.0-1) …
Removing php7.4-bz2 (7.4.9-1ubuntu1.2) …
Processing triggers for doc-base (0.10.9) …
Processing 3 removed doc-base files…
Processing triggers for libc-bin (2.32-0ubuntu3) …
Processing triggers for man-db (2.9.3-2) …
Processing triggers for libapache2-mod-php7.4 (7.4.9-1ubuntu1.2) …
root@asus:~# apt-get autoclean
Reading package lists… Done
Building dependency tree
Reading state information… Done
Del mysql-client-core-8.0 8.0.27-0ubuntu0.20.04.1 [4.423 kB]
Del libapache2-mod-php7.4 7.4.3-4ubuntu2.8 [1.364 kB]
Del python-setuptools 44.0.0-2 [330 kB]
Del libapache2-mod-php 2:7.4+75 [2.836 B]
Del php7.4-mysql 7.4.3-4ubuntu2.8 [121 kB]
Del chromium-codecs-ffmpeg-extra 1:85.0.4183.83-0ubuntu0.20.04.2 [2.968 B]
Del mysql-client-8.0 8.0.27-0ubuntu0.20.04.1 [22,0 kB]
Del python-pkg-resources 44.0.0-2 [129 kB]
Del php7.4-odbc 7.4.3-4ubuntu2.8 [30,6 kB]
Del dbconfig-no-thanks 2.0.13 [1.396 B]
root@asus:~#

 

Reinstall mariadb-server

 

 

Then we can start from scratch and reinstall mariadb-server:

 

 

root@asus:~# apt install mariadb-server
Reading package lists… Done
Building dependency tree
Reading state information… Done

The following additional packages will be installed:
galera-3 libcgi-fast-perl libcgi-pm-perl libconfig-inifiles-perl libdbd-mariadb-perl libdbi-perl libfcgi-perl libhtml-template-perl libmysqlclient21
libreadline5 libterm-readkey-perl mariadb-client-10.3 mariadb-client-core-10.3 mariadb-common mariadb-server-10.3 mariadb-server-core-10.3 mysql-common

Suggested packages:
libmldbm-perl libnet-daemon-perl libsql-statement-perl libipc-sharedcache-perl mailx mariadb-test tinyca
The following NEW packages will be installed
galera-3 libcgi-fast-perl libcgi-pm-perl libconfig-inifiles-perl libdbd-mariadb-perl libdbi-perl libfcgi-perl libhtml-template-perl libmysqlclient21
libreadline5 libterm-readkey-perl mariadb-client-10.3 mariadb-client-core-10.3 mariadb-common mariadb-server mariadb-server-10.3 mariadb-server-core-10.3
mysql-common
0 to upgrade, 18 to newly install, 0 to remove and 0 not to upgrade.
Need to get 20,4 MB of archives.
After this operation, 170 MB of additional disk space will be used.
Do you want to continue? [Y/n] y

 

 

then do…

 

root@asus:~# mysql_secure_installation

 

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!

 

In order to log into MariaDB to secure it, we’ll need the current
password for the root user. If you’ve just installed MariaDB, and
you haven’t set the root password yet, the password will be blank,
so you should just press enter here.

 

Enter current password for root (enter for none):
OK, successfully used password, moving on…

 

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

 

You already have a root password set, so you can safely answer ‘n’.

 

Change the root password? [Y/n]
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
… Success!

 

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.

 

Remove anonymous users? [Y/n]
… Success!

Normally, root should only be allowed to connect from ‘localhost’. This
ensures that someone cannot guess at the root password from the network.

 

Disallow root login remotely? [Y/n]
… Success!

 

By default, MariaDB comes with a database named ‘test’ that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.

 

Remove test database and access to it? [Y/n]
– Dropping test database…
… Success!
– Removing privileges on test database…
… Success!

 

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

 

Reload privilege tables now? [Y/n]
… Success!

 

Cleaning up…

 

All done! If you’ve completed all of the above steps, your MariaDB
installation should now be secure.

 

Thanks for using MariaDB!
root@asus:~#

 

 

mariadb is now working

 

root@asus:~# systemctl status mariadb
● mariadb.service – MariaDB 10.3.29 database server
Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; vendor preset: enabled)
Drop-In: /etc/systemd/system/mariadb.service.d
└─migrated-from-my.cnf-settings.conf
Active: active (running) since Tue 2022-03-15 19:14:01 GMT; 1min 59s ago
Docs: man:mysqld(8)
https://mariadb.com/kb/en/library/systemd/
Main PID: 84344 (mysqld)
Status: “Taking your SQL requests now…”
Tasks: 31 (limit: 21459)
Memory: 70.2M
CGroup: /system.slice/mariadb.service
└─84344 /usr/sbin/mysqld

 

Mär 15 19:14:02 asus /etc/mysql/debian-start[84384]: information_schema
Mär 15 19:14:02 asus /etc/mysql/debian-start[84384]: mysql
Mär 15 19:14:02 asus /etc/mysql/debian-start[84384]: performance_schema
Mär 15 19:14:02 asus /etc/mysql/debian-start[84384]: Phase 6/7: Checking and upgrading tables
Mär 15 19:14:02 asus /etc/mysql/debian-start[84384]: Processing databases
Mär 15 19:14:02 asus /etc/mysql/debian-start[84384]: information_schema
Mär 15 19:14:02 asus /etc/mysql/debian-start[84384]: performance_schema
Mär 15 19:14:02 asus /etc/mysql/debian-start[84384]: Phase 7/7: Running ‘FLUSH PRIVILEGES’
Mär 15 19:14:02 asus /etc/mysql/debian-start[84384]: OK
Mär 15 19:14:02 asus debian-start[84453]: WARNING: tempfile is deprecated; consider using mktemp instead.
root@asus:~#

 

 

 

Further Troubleshooting Advice at mariadb.com

 

 

See the official MariaDB Troubleshooting page at https://mariadb.com/kb/en/what-to-do-if-mariadb-doesnt-start/

 

 

mysql_install_db page at https://mariadb.com/kb/en/mysql_install_db/

 

 

Continue Reading

LAMP Server Migration

The following notes document the migration of a virtual Linux machine running LAMP – Linux Ubuntu, Apache webserver, MySql/MariaDB & PHP, from an existing machine to a new machine and the procedural steps involved.

 

Both old and new machines also run ssh, nfs-server shares, sslh port multiplexer, nextcloud, checkmk, wordpress, phpmyadmin, together with Linux shell script crontab-run backup routines to backup data to an external cloud provider.

 

The scripts and crontab entries had to be migrated, installed and reconfigured on the new server.

 

This is an overview of the steps involved. For more detailed discussion of the specific actions, for example covering mysql, apache, sslh multiplexer, SSL certificates, see the appropriate relevant subject sections of this IT Knowledge Base.

 

 

Initial Preparation

 

First task is to create the new virtual server with Linux Ubuntu OS. This has a new localhost name and new unique publicly accessible IP address.

 

After the migration, the old original server machine is then switched off and deleted from the virtual server provider environment. The new machine name is changed to the old machine name, taking the place of the old machine online.

 

After installing the basic operating system Linux Ubuntu version 20.04 LTS, we migrate existing /usr/local/bin scripts from the old to the new machine, together with any binaries and other files contained in this directory.

 

Later we will configure crontab on the new machine for backups and mysql nextcloud nightly database scan and updates for newly added data files (and deleted/modified data files).

 

We give the new machine the temporary localhost name of “gemininew”.

 

When the migration is complete we will change the name to “gemini”, taking the place of the old machine.

 

The /etc/hosts file entries on the server and on all connecting hosts will then need to be modified so that the entry for gemini points to the NEW IP address and no longer to the old one.

 

In the meantime, for ease of logging in, we have made an entry on the old gemini server /etc/hosts and on our connecting hosts as follows:

 

gemininew  <the new IP address for gemini>

 

while keeping the old gemini IP entry intact for now. Later on towards the end of the migration this old entry will be deleted from the file.

 

 

 

Modify DNS Record

 

We need to modify the DNS record for the domain kevwells.com for the new IP address of the new machine to replace the old one.

 

This is done on the DNS server of our virtual server provider.

 

 

Install Apache

 

Install apache2 on the new machine and define the virtual hosts that are required.

 

 

 

Next, for apache

 

To allow .htaccess files, we need to set the AllowOverride directive within a Directory block pointing to our document root. Add the following block of text inside the VirtualHost block in your configuration file, making sure to use the correct web root directory.

 

 

In my case it is:

 

root@gemininew:/etc/apache2/sites-available# nano 000-default.conf

add this under

<VirtualHost *:80>

 

<Directory /var/www/wordpress/>
AllowOverride All
</Directory>

 

By default the use of .htaccess files is disabled. WordPress and many WordPress plugins use these files extensively for in-directory tweaks to the web server’s behavior.

 

 

Next, we can enable mod_rewrite so that we can utilize the WordPress permalink feature:

 

a2enmod rewrite

 

 

root@gemininew:/etc/apache2/sites-available# a2enmod rewrite
Enabling module rewrite.
To activate the new configuration, you need to run:
systemctl restart apache2
root@gemininew:/etc/apache2/sites-available# systemctl restart apache2
root@gemininew:/etc/apache2/sites-available#

 

This allows you to have more human-readable permalinks to your posts, like the following two examples:

 

http://example.com/2012/post-name/
http://example.com/2012/12/30/post-name

 

The a2enmod command calls a script that enables the specified module within the Apache configuration.

 

next, check to make sure we haven’t made any syntax errors by running the following test.

 

apache2ctl configtest

 

 

root@gemininew:/etc/apache2/sites-available# apache2ctl configtest
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message
Syntax OK
root@gemininew:/etc/apache2/sites-available#

 

 

Ensure apache is running with

 

a2ensite <sites-enabled_configfile>

 

systemctl enable apache2
systemctl start apache2

 

Install Mysql/MariaDB

 

apt install mariadb-server

 

During the installation you’ll be requested to set a mysql server admin user password.

 

If the secure installation utility does not run automatically during the installation process, then you can run it explicitly:

 

mysql_secure_installation utility

 

Next install the php-mysql module:

 

root@gemininew:~# apt-get install php-mysql
Reading package lists… Done
Building dependency tree
Reading state information… Done
php-mysql is already the newest version (2:7.4+75).

 

 

Enable the mysql service and start it:

 

 

 

root@gemini:/var/lib/mysql# systemctl start mysql
root@gemini:/var/lib/mysql# systemctl status mysql
● mysql.service – LSB: Start and stop the mysql database server daemon
Loaded: loaded (/etc/init.d/mysql; generated)
Active: active (running) since Thu 2022-03-03 13:24:50 UTC; 4s ago
Docs: man:systemd-sysv-generator(8)
Process: 4328 ExecStart=/etc/init.d/mysql start (code=exited, status=0/SUCCESS)
Tasks: 33 (limit: 2274)
Memory: 64.0M
CGroup: /system.slice/mysql.service
├─4367 /bin/sh /usr/bin/mysqld_safe
├─4483 /usr/sbin/mysqld –basedir=/usr –datadir=/var/lib/mysql –plugin-dir=/usr/lib/x86_64-linux-gnu/mariadb19/plugin –user=mysql –skip-log-error –pid-file=/run/mysqld/mysqld.pid –socket=/var/run/mysqld/mysqld.sock
└─4484 logger -t mysqld -p daemon error

 

Mar 03 13:24:50 gemini /etc/mysql/debian-start[4538]: Upgrading MySQL tables if necessary.
Mar 03 13:24:50 gemini mysqld[4484]: 2022-03-03 13:24:50 10 [Warning] Access denied for user ‘debian-sys-maint’@’localhost’ (using password: YES)
Mar 03 13:24:50 gemini /etc/mysql/debian-start[4541]: Looking for ‘mysql’ as: /usr/bin/mysql
Mar 03 13:24:50 gemini /etc/mysql/debian-start[4541]: Reading datadir from the MariaDB server failed. Got the following error when executing the ‘mysql’ command line client
Mar 03 13:24:50 gemini /etc/mysql/debian-start[4541]: ERROR 1045 (28000): Access denied for user ‘debian-sys-maint’@’localhost’ (using password: YES)
Mar 03 13:24:50 gemini /etc/mysql/debian-start[4541]: FATAL ERROR: Upgrade failed
Mar 03 13:24:50 gemini /etc/mysql/debian-start[4546]: Checking for insecure root accounts.
Mar 03 13:24:50 gemini mysqld[4484]: 2022-03-03 13:24:50 11 [Warning] Access denied for user ‘debian-sys-maint’@’localhost’ (using password: YES)
Mar 03 13:24:50 gemini mysql[4549]: ERROR 1045 (28000): Access denied for user ‘debian-sys-maint’@’localhost’ (using password: YES)
Mar 03 13:24:51 gemini mysqld[4484]: 2022-03-03 13:24:51 12 [Warning] Access denied for user ‘wordpressuser’@’localhost’ (using password: YES)
lines 3-22/22 (END)

 

 

and we now have the socket for mysqld:

 

root@gemini:/run/mysqld# ls -lias
total 4
586 0 drwxr-xr-x 2 mysql root 80 Mar 3 13:24 .
2 0 drwxr-xr-x 29 root root 880 Mar 3 13:20 ..
678 4 -rw-rw—- 1 mysql mysql 5 Mar 3 13:24 mysqld.pid
677 0 srwxrwxrwx 1 mysql mysql 0 Mar 3 13:24 mysqld.sock
root@gemini:/run/mysqld#

 

 

Test the server:

 

root@gemininew:~#
root@gemininew:~#
root@gemininew:~#
root@gemininew:~# mysqladmin -p -u root version
Enter password:
mysqladmin Ver 8.0.28-0ubuntu0.20.04.3 for Linux on x86_64 ((Ubuntu))
Copyright (c) 2000, 2022, Oracle and/or its affiliates.

 

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

 

Server version 8.0.28-0ubuntu0.20.04.3
Protocol version 10
Connection Localhost via UNIX socket
UNIX socket /var/run/mysqld/mysqld.sock
Uptime: 6 min 48 sec

 

Threads: 2 Questions: 14 Slow queries: 0 Opens: 130 Flush tables: 3 Open tables: 49 Queries per second avg: 0.034
root@gemininew:~#

 

 

 

Run the mysql secure installation utility

 

 

 

/usr/bin/mysql_secure_installation

 

 

This will also set the root password for mysql

 

 

You have to set the root password here:

 

root@gemini:/run/mysqld# /usr/bin/mysql_secure_installation

 

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!

 

In order to log into MariaDB to secure it, we’ll need the current
password for the root user. If you’ve just installed MariaDB, and
you haven’t set the root password yet, the password will be blank,
so you should just press enter here.

 

Enter current password for root (enter for none): ***NOTE**** if you try to enter the password for root here it gives an error at this stage:!!! see below
ERROR 1045 (28000): Access denied for user ‘root’@’localhost’ (using password: YES)
Enter current password for root (enter for none): ****PRESS ENTER***- you set the root password further below!***
OK, successfully used password, moving on…

 

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

 

Set root password? [Y/n] Y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
… Success!

 

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.

 

Remove anonymous users? [Y/n]
… Success!

 

Normally, root should only be allowed to connect from ‘localhost’. This
ensures that someone cannot guess at the root password from the network.

 

Disallow root login remotely? [Y/n]
… Success!

 

By default, MariaDB comes with a database named ‘test’ that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.

 

Remove test database and access to it? [Y/n]
– Dropping test database…
… Success!
– Removing privileges on test database…
… Success!

 

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

 

Reload privilege tables now? [Y/n]
… Success!

 

Cleaning up…

 

All done! If you’ve completed all of the above steps, your MariaDB
installation should now be secure.

 

Thanks for using MariaDB!
root@gemini:/run/mysqld#

 

 

 

root@gemini:~# mysqlshow -u root -p
Enter password:
+——————–+
| Databases |
+——————–+
| gitea |
| information_schema |
| kevwells |
| mysql |
| nextcloud |
| performance_schema |
| phpmyadmin |
| wordpress |
+——————–+

 

root@gemini:~# mysqldump -u root -p –all-databases > allgeminidatabases-backup.sql
Enter password:
root@gemini:~#

 

 

to restore

 

mysql -u root -p < allgeminidatabases-backup.sql

 

root@gemininew:~# mysql -u root -p < allgeminidatabases-backup.sql
Enter password:

 

root@gemininew:~# mysqlshow -u root -p
Enter password:
+——————–+
| Databases |
+——————–+
| gitea |
| information_schema |
| kevwells |
| mysql |
| performance_schema |
| sys |
+——————–+
root@gemininew:~#

 

 

Set up a Mysql Database for WordPress

 

Create an exclusive database for WordPress to control. This can have any name, but we will use the standard name wordpress for this example.

 

Enter the mysql admin client, using:

 

 

root@gemininew:~# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 319
Server version: 10.3.34-MariaDB-0ubuntu0.20.04.1 Ubuntu 20.04

 

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

 

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.

 

MariaDB [(none)]>

 

then do the following:

 

MariaDB [(none)]> CREATE DATABASE wordpress DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;
Query OK, 1 row affected (0.001 sec)

MariaDB [(none)]> use wordpress;
Database changed
MariaDB [wordpress]>

MariaDB [(none)]> CREATE USER ‘wordpressuser’@localhost IDENTIFIED BY ‘*********’;  
Query OK, 0 rows affected (0.000 sec)

 

MariaDB [(none)]> GRANT ALL ON wordpress.* TO ‘wordpressuser’@’localhost’;
Query OK, 0 rows affected (0.001 sec)

 

MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.001 sec)

 

MariaDB [(none)]>

 

 

you can now exit mariadb:

 

MariaDB [(none)]> exit
Bye
root@gemininew:/#

 

 

Install WordPress

 

next, download and install wordpress:

 

you can do a wget from https://wordpress.org/latest.tar.gz

 

and then unpack at /var/www/wordpress

 

you can then create a /var/www/html -> /var/www/wordpress link

 

and set permissions as follows:

 

chown -R www-data:www-data /var/www/wordpress

 

Next we’ll run two find commands to set the correct permissions on the WordPress directories and files:

 

root@gemininew:~# find /var/www/wordpress/ -type d -exec chmod 750 {} \;
root@gemininew:~# find /var/www/wordpress/ -type f -exec chmod 640 {} \;
root@gemininew:~#

 

Next, modify some of the database connection settings, adjusting database name, the database user, and the associated password you configured within MySQL.

 

Also set the method WordPress should use to write to the filesystem, set this filesystem method to “direct”.

 

If we dont do this it could mean WordPress prompting for FTP credentials for some actions:

 

/var/www/wordpress/wp-config.php

. . .

// ** MySQL settings – You can get this info from your web host ** //
/** The name of the database for WordPress */
define( ‘DB_NAME’, ‘wordpress’ );

 

/** MySQL database username */
define( ‘DB_USER’, ‘wordpressuser’ );

 

/** MySQL database password */
define( ‘DB_PASSWORD’, ‘***password commented out***’ );

 

/** MySQL hostname */
define( ‘DB_HOST’, ‘localhost’ );

 

/** Database Charset to use in creating database tables. */
define( ‘DB_CHARSET’, ‘utf8’ );

 

/** The Database Collate type. Don’t change this if in doubt. */
define( ‘DB_COLLATE’, ” );

 

. . .

define(‘FS_METHOD’, ‘direct’);

 

 

NOTE: we substitute the above with our own password as created for the wordpressuser in mariadb! (not shown here for security reasons)

 

next, in web-browser, open the http://servername/wp-admin link

 

and the wordpress admin dashboard initial setup page should appear.

 

 

 

Firewalling for apache

 

The following ports need to be opened, port 443 and 80.

 

root@gemini:/etc/apache2# ufw status
Status: active

 

To Action From
— —— —-
22 ALLOW Anywhere
80 ALLOW Anywhere
443 ALLOW Anywhere
3306 ALLOW Anywhere
9993 ALLOW Anywhere
2049 ALLOW Anywhere
22 (v6) ALLOW Anywhere (v6)
80 (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
3306 (v6) ALLOW Anywhere (v6)
9993 (v6) ALLOW Anywhere (v6)
2049 (v6) ALLOW Anywhere (v6)

root@gemini:/etc/apache2#

 

 

DO NOT open port 444!

 

NOTE that port 444 is NOT opened on the firewall – this is used internally by apache ie behind the firewall, between apache and sslh. It should not be accessible from outside.

 

 

MySql/MariaDB has to be installed and up and running.

 

Check it is enabled and running using

 

systemctl enable mysql
systemctl start mysql
systemctl status mysql

 

During installation, all being well, mysql/mariadb will start automatically, unless the port used by mysql is already in use.

 

 

 

 

 

Install SSL Certificates

 

SSL/TLS https certificates supplied by Lets Encrypt

 

The apache webserver needs to be running on port 80 to carry out registration to obtain the certificates for each virtual host.

 

Certificates are required for all virtual websites operating on the IP with https:

 

kevwells.com, nextcloud.kevwells.com

 

Use the certbot command-line utility to request the SSL certificates for the websites. You need to run certbot in turn for each virtual host website you are operating on https.

 

Make sure /etc/apache2/ports.conf is set to listen on port 80 and 443 initially for ssl.

 

After obtaining the certificates, and since we are using the sslh multiplexer, you need to change ports.conf all references to Listen 443 port to Listen 444 as this is the port used for sslh multiplexer.

 

The sslh multiplexer separates out incoming traffic on 443 to 444 for Apache and 22 for ssh.

 

Install wordpress under /var/www/wordpress

 

then create symbolic links as follows:

 

/var/www/html -> /var/www/kevwells.com

 

/var/www/kevwells.com -> /var/www/wordpress

 

Configure the wp-config.php file:

 

root@gemini:/var/www/wordpress#
root@gemini:/var/www/wordpress# cat wp-config.php
<?php
//Begin Really Simple SSL session cookie settings
@ini_set(‘session.cookie_httponly’, true);
@ini_set(‘session.cookie_secure’, true);
@ini_set(‘session.use_only_cookies’, true);
//END Really Simple SSL

 

/**
* The base configuration for WordPress
*
* The wp-config.php creation script uses this file during the installation.
* You don’t have to use the web site, you can copy this file to “wp-config.php”
* and fill in the values.
*
* This file contains the following configurations:
*
* * MySQL settings
* * Secret keys
* * Database table prefix
* * ABSPATH
*
* @link https://wordpress.org/support/article/editing-wp-config-php/
*
* @package WordPress
*/

 

 

!!!!! DB_NAME and other variables have been omitted here for security reasons!!!!

 

 

// ** MySQL settings – You can get this info from your web host ** //
/** The name of the database for WordPress */
define( ‘DB_NAME’, ‘***’ );

 

/** MySQL database username */
define( ‘DB_USER’, ‘***’ );

 

/** MySQL database password */
define( ‘DB_PASSWORD’, ‘***’ );

 

/** MySQL hostname */
define( ‘DB_HOST’, ‘localhost’ );

 

/** Database charset to use in creating database tables. */
define( ‘DB_CHARSET’, ‘utf8mb4’ );

 

/** The database collate type. Don’t change this if in doubt. */
define( ‘DB_COLLATE’, ” );

 

/**#@+
* Authentication unique keys and salts.
*
* Change these to different unique phrases! You can generate these using
* the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}.
*
* You can change these at any point in time to invalidate all existing cookies.
* This will force all users to have to log in again.
*
* @since 2.6.0
*/
define( ‘AUTH_KEY’, ‘;


!!!!!! NOT DISPLAYED HERE FOR SECURITY REASONS!!!!!!!!!!!!!!


 

 

/**
* WordPress database table prefix.
*
* You can have multiple installations in one database if you give each
* a unique prefix. Only numbers, letters, and underscores please!
*/
$table_prefix = ‘wp_’;

 

/**
* For developers: WordPress debugging mode.
*
* Change this to true to enable the display of notices during development.
* It is strongly recommended that plugin and theme developers use WP_DEBUG
* in their development environments.
*
* For information on other constants that can be used for debugging,
* visit the documentation.
*
* @link https://wordpress.org/support/article/debugging-in-wordpress/
*/
define( ‘WP_DEBUG’, false );

 

/* define( ‘WP_DEBUG’, false ); */

 

/* Add any custom values between this line and the “stop editing” line. */

 

 

/* That’s all, stop editing! Happy publishing. */

 

/** Absolute path to the WordPress directory. */
if ( ! defined( ‘ABSPATH’ ) ) {
define( ‘ABSPATH’, __DIR__ . ‘/’ );
}

 

/** Sets up WordPress vars and included files. */
require_once ABSPATH . ‘wp-settings.php’;

 

/* define(‘WP_ALLOW_REPAIR’, true); */

 

define(‘FS_METHOD’, ‘direct’);

 

@ini_set( ‘upload_max_filesize’ , ‘12800M’ );
@ini_set( ‘post_max_size’, ‘12800M’);
@ini_set( ‘memory_limit’, ‘256M’ );
@ini_set( ‘max_execution_time’, ‘300’ );
@ini_set( ‘max_input_time’, ‘300’ );

 

define(‘FORCE_SSL_ADMIN’, true);

 

define( ‘WP_HOME’, ‘https://kevwells.com’ );
define( ‘WP_SITEURL’, ‘https://kevwells.com’ );

 

 

root@gemini:/var/www/wordpress#

 

 

 

 

Install Nextcloud

 

How to configure Nextcloud

 

Nextcloud has to be downloaded and installed under /var/www/nextcloud

 

enter a database name for nextcloud – usually “nextcloud”

 

port is localhost:3306

 

a database username and a password.

 

this gets saved in the nextcloud config file under /var/www/nextcloud/config/config.php

 

Create a virtual host for nextcloud in /etc/apache2/sites-available/<apacheconfigfile>.conf

 

You will also need to define the virtual host ie nextcloud for http port 80 in order to obtain the SSL/TLS certificate from Lets Encrypt.

 

Once this is obtained and installed, you can then delete this port 80 http virtual host for nextcloud.

 

 

 

Switch WordPress from http to https

 

Once you have obtained and installed the SSL certificates for the virtual hosts, you can switch wordpress to https.

 

In practice, the switch from http to https for wordpress was complicated.

 

There are two aspects to this: apache, and wordpress.

 

The apache virtual host definitions are relatively straightforward. See the apache section above.

 

WordPress is a little more involved and complicated.

 

First, you need to install the wordpress plugin Really Simple SSL (if only it were “really simple” in practice).

 

It was difficult trying to switch the wordpress site name in the wordpress dashboard from http to https.

 

Also you need to save permalinks twice, using the Permalinks plugin which must first be installed.

 

Trying to change the wordpress site definitions in the wordpress dashboard under settings – general, did not work, wordpress kept changing them back.

 

I also tried changing the site names using the mysql admin client and sql commands, but these too would get changed back!

 

Finally, I had to add the two definitions to the wp-config.php and also the FORCE_SSL_ADMIN directive:

 

define(‘FORCE_SSL_ADMIN’, true);

 

define( ‘WP_HOME’, ‘https://kevwells.com’ );
define( ‘WP_SITEURL’, ‘https://kevwells.com’ );

 

 

Then after numerous attempts, it finally accepted the change from http to https.

 

You also have to save the links again in WordPress Permalinks plugin after changing from http to https:

 

select plain, then back to custom, then plain, then finally set to custom.

 

The links should then function correctly.

 

 

Also in this case, don’t forget we are using sslh multiplexer, so the virtual host definitions for the ports need to be 444 for https and not 443.

 

Make sure these are set in the sites-enabled config file as well as in the apache ports.conf file! (Lets Encrypt changes then to 443 – you have to change them back manually!).

 

Then make sure sslh is running correctly, listening on 443, and passing ssh traffic to 22 sshd, and https traffic on to 444 apache.

 

 

Firewalling – Portmapper

 

Make sure port 111 for nfs portmapper is closed.

 

Portmapper is a service usually used with NFS. When this is not properly firewalled, it can be abused to conduct DDOS attacks.

 

All portmapper services should therefore be behind a firewall and restricted to IPs that need to contact them.

 

For Linux machines, add firewall rules to block port 111 on both UDP and TCP as follows:

 

iptables -I INPUT 1 -m tcp -p tcp –dport 111 -j DROP
iptables -I INPUT 1 -m udp -p udp –dport 111 -j DROP

 

Alternatively, set using the ufw firewall utility in ubuntu with:

 

root@gemini:# ufw deny 111
Rule updated
Rule updated (v6)
root@gemini:#
root@gemini:~# ufw status
Status: active

 

To Action From
— —— —-
22 ALLOW Anywhere
80 ALLOW Anywhere
443 ALLOW Anywhere
3306 ALLOW Anywhere
9993 ALLOW Anywhere
111 DENY Anywhere
2049 ALLOW Anywhere
22 (v6) ALLOW Anywhere (v6)
80 (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
3306 (v6) ALLOW Anywhere (v6)
9993 (v6) ALLOW Anywhere (v6)
111 (v6) DENY Anywhere (v6)
2049 (v6) ALLOW Anywhere (v6)

 

root@gemini:~#

 

 

Modify hosts files

 

The hosts file on the new server and all connecting clients must be updated to point the server name to the new IP address.

 

The new server machine name is changed from gemininew to gemini.

 

Modify /etc/hosts files to define the new machine IP with the server localhost name ie gemini

 

Distribute the new /etc/hosts to all connecting clients. This can be done using scp.

 

 

 

Switch off old virtual machine

 

The final task is to switch off and delete the old virtual machine.

 

This does not actually have to be switched off in order to delete, but to keep things clean in the event of having to request a special restore from the server provider we will switch off correctly first and then delete.

 

Login on the OLD machine,

 

Check the ip address of the machine to make absolutely sure you are logged in on the OLD machine:

 

ifconfig

 

then at the command line, do a:

 

shutdown -h now

 

Then switch off the old machine on the virtual server provider account dashboard.

 

Next you can delete the old virtual server.

 

Make absolutely sure first that you are clicking on and deleting the correct machine!

 

 

Finally, delete any associated snapshot backups associated with the old machine.

 

With that the server migration is now complete. You’ve earned a good cup of coffee!

 

 

 

 

 

 

 

 

 

 

Continue Reading

How To Install Mysql/Mariadb

I refer here to mysql and mariadb interchangeably.

 

Mariadb is a fork of a later version of mysql and is largely compatible with mysql. To all intents and purposes for this installation and configuration instance they are the same.

 

 

apt install mysql-server

 

during the installation you’ll be requested to set a mysql server admin user password.

 

If the secure installation utility does not run automatically during the installation process, then you can run it explicitly:

 

mysql_secure_installation utility

 

This prompts you to set the mysql root password and some other security options, such as disabling remote access for the root user.

 

Next, install the mysql php module:

 

apt-get install php-mysql

 

then start the server:

 

systemctl enable mysql
systemctl start mysql

 

Check that mysql is running with:

 

root@gemini:/etc/apache2/sites-enabled# systemctl status mysql
● mariadb.service – MariaDB 10.3.22 database server
Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2020-06-28 18:19:05 BST; 24h ago
Docs: man:mysqld(8)
https://mariadb.com/kb/en/library/systemd/
Process: 586 ExecStartPre=/usr/bin/install -m 755 -o mysql -g root -d /var/run/mysqld (code=exited, status=0/SUCCESS)
Process: 619 ExecStartPre=/bin/sh -c systemctl unset-environment _WSREP_START_POSITION (code=exited, status=0/SUCCESS)
Process: 631 ExecStartPre=/bin/sh -c [ ! -e /usr/bin/galera_recovery ] && VAR= || VAR=`/usr/bin/galera_recovery`; [ $? -eq 0 ] && systemctl set-environment _WSREP_START_POSITION=$VAR>
Process: 738 ExecStartPost=/bin/sh -c systemctl unset-environment _WSREP_START_POSITION (code=exited, status=0/SUCCESS)
Process: 740 ExecStartPost=/etc/mysql/debian-start (code=exited, status=0/SUCCESS)
Main PID: 694 (mysqld)
Status: “Taking your SQL requests now…”
Tasks: 30 (limit: 2282)
Memory: 382.1M
CGroup: /system.slice/mariadb.service
└─694 /usr/sbin/mysqld

 

You can also test the system with:

 

mysqladmin -p -u root version

 

This will return the mysql or mariadb server version information.

 

root@gemini:~#mysqladmin -p -u root version
Enter password:

 

mysqladmin Ver 9.1 Distrib 10.3.22-MariaDB, for debian-linux-gnu on x86_64
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

 

Server version 10.3.22-MariaDB-1ubuntu1
Protocol version 10
Connection Localhost via UNIX socket
UNIX socket /var/run/mysqld/mysqld.sock
Uptime: 1 day 15 hours 16 min 7 sec

 

Threads: 10 Questions: 1333249 Slow queries: 0 Opens: 127 Flush tables: 1 Open tables: 120 Queries per second avg: 9.431
root@gemini:~#

 

 

Next, you can create an admin user and an initial database:

 

If you have problems with the root password, you can reset it using the mysql command line tool:

 

mysql -u root -p

 

you can display the users which are defined with:

 

SELECT User, Host, authentication_string FROM mysql.user;

 

To change the root password enter:

 

UPDATE mysql.user SET authentication_string = PASSWORD(‘password’) WHERE User = ‘root’;

 

and then:

 

FLUSH PRIVILEGES:

 

exit

Again in the mysql command line tool, you can create a database with:

 

CREATE DATABASE demodb;

display all existing databases with:

 

SHOW DATABASES;

 

 

To work with a database:

 

USE <databasename>;

 

and delete permanently a database with:

 

DROP DATABASE <databasename>;

 

NOTE: you cannot retrieve a database once you have deleted it with DROP!

 

With that the basic installation of mysql server is complete.

 

Continue Reading