Bitnami WordPress Multisite – DNS spoofing

In an earlier post, I said I hope you have pointed your domain name at your static IP address. Well, what if you don’t want to?

The point being that the DNS entry for the domain name currently points to the production WordPress site, and really, I would like to set up this multisite WordPress installation without having to change the public DNS entry.

Also, setting up this, my personal blog, I was using No-IP DNS services. I could update the DNS entry for gerisch.org, and the DNS replicated out almost instantly. It was great. But the other web site I’m working on (the one that got me into WordPress at all), is using Network Solutions for their DNS. They take their good sweet time replicating DNS entries out to the world. I don’t really want to post an update to DNS, wait, dink around with the new site while the production site is down, decide to revert to production, post an update to DNS, wait again while Network Solutions gets around to pointing everyone back to the production web site.

It would just be better if the new web server machine never got away from it’s own self when doing lookups for the domain name it will eventually be.

So I can start the WordPress install from the IP address of the server out on the public Internet. However, WordPress during it’s install, is going to do a DNS lookup, and try to invoke code on the server where the DNS really does resolve. Which isn’t where I am. So I’m going to try to install a fake DNS server on the new server, and have it redirect all calls to the old domain to the new server.

Step the first: install dnsmasq

sudo apt-get install dnsmasq

Next, set up listening on the local host address:

sudo vim /etc/dnsmasq.conf

Find your way to the line #listen-address= and edit it thus:

listen-address=www.gerisch.org

And save and exit

sudo vim /etc/dhcp/dhclient.conf

Find your way to #prepend domain-name-servers www.gerisch.org; and uncomment this line. Save and exit.

And now it gets weird.

The Bitnami / AWS Lightsail images use something called cloud-init : https://cloudinit.readthedocs.io/en/latest/topics/modules.html

So if you were going to try to edit /etc/hosts or /etc/resolv.conf you get warned to not edit them by hand, because they will be replaced on next boot. But they sure as heck don’t tell you where to implement edits. Just don’t do it here.

Turns out there are template files in /etc/cloud/templates that hold the magic.

cd /etc/cloud/templates
sudo cp hosts.debian.tmpl hosts.debian.tmpl.original
sudo vim hosts.debian.tmpl

Now I’m going add a line below www.gerisch.org localhost which will be the IP address I want this machine to go to whenever it tries to resolve the domain name of the production web site

And indeed, if I use dig from an ssh session in the machine, dig reports back the local machine’s address, not the one out on the public Internet

Bitnami WordPress multisite installation

Make an ssh connection in to your Bitnami server installation. I’m using AWS, and they had instructions for me to get the password / ssh private key. ssh bitnami@your-ip-address-here

cat bitnami_application_password

While logged in to the ssh session, execute the Bitnami configuration script that assigns a domain name to your WordPress multisite server.

cd /opt/bitnami/apps/wordpress

sudo ./bnconfig --machine_hostname your-domain-name-here.tld

sudo mv bnconfig bnconfig.disabled

First, we changed to the directory with the bnconfig script. Then we ran it, with the machine_hostname option. (I wanted to put a dash in there, between machine and hostname, but it’s an underscore). Lastly, we moved the bnconfig script out of the way. This is because if the server rebooted, and bnconfig did run, it would be as if it ran bnconfig –machine_hostname your-ip-address-here.xip.io

xip.io is a Bitnami thing, I guess.

Hopefully, you already have the domain name, and have pointed it at the static IP address of your server.

On to configuring WordPress the familiar way: point your favorite browser at the ip address and go to https://your-domain-name-here/wp-admin

This redirected me, but really it was the same as going to https://your-ip-address-here.xip.io/wp-login.php

Log in as user with the password from bitnami_application_password

Upon logging in, the administration page looks almost the same as a regular WordPress installation. However, in the upper left corner, there is now a menu named “My Sites”. Hanging off of it is “Network Admin”

Hanging off of “Network Admin” are a whole bunch more sub-menu items, but I’m going to ignore those for the moment.

Clicking on “Network Admin” actually takes me to the first sub-menu item: “Dashboard”

And here, I had made my life more complicated. I’m actually trying to move this site, gerisch.org to the multisite, under the same domain name. Tell me “good luck with that.” Part of the multisite login process is to redirect to the domain name – which is the production server on some other IP address.

I’m going to have to go into DNS, and point the gerisch.org at the multisite IP address, before I can successfully log in (and remain logged in) to the multisite server still being set up.

Of course, I’m going to have to export this (the production site) to a file, for importing later, prior to taking it’s presence off teh interwebs.

And I don’t know if there is going to be any weird http://www.gerisch.org versus http://gerisch.org versus https://

Yeah, “stuff” in the databases that will need to be cleaned out during export, for import later.

WordPress multisite and Let's Encrypt certificates for multiple sites

I’m using the Bitnami images for my WordPress installations, and am very happy with them. However, it got a little weird when I added a new site to my WordPress multisite instance.

The secret was to run a few commands by hand:

sudo /opt/bitnami/ctlscript.sh stop apache
sudo /opt/bitnami/letsencrypt/lego  --path="/opt/bitnami/letsencrypt/" --email="david@some-domain-name-i-am-not-publishing-here" --domains="gerisch.org" --domains="www.gerisch.org" --domains="test.gerisch.org" --http run
sudo /opt/bitnami/ctlscript.sh start apache

Earlier, I had run the Bitnami bncert-tool which wrangled my Apache configuration so that all attempts to go to an http:// address were re-written to go to an https:// address. This is very good. But when I added the test.gerisch.org web site, the certificate provided by Let’s Encrypt did not have a SAN (Subject Alternative Name) entry for “test”. So trying to visit that site got the ominous “this site is insecure – nothing provides for an SSL certificate for it”. True enough.

By running the /opt/bitnami/letsencrypt/lego script with multiple –domains arguments, I could update the requested certificate to have the additional SANs I wanted. Very nice. It was the Bitnami community support web site that gave me this information. The same page warns me that more than five requests for new certificates puts the certificate issuer into a time-out corner for one week. So that is something to be aware of.

How I moved a local development Bitnami WordPress to the root of the web server

What it took to move WordPress from /wordpress to just /

Turns out it was not as easy as I first thought.

First, let’s define the environment:

  • OpenSUSE 42.3 in a virtual machine
  • Downloaded and copied into the machine:
    • bitnami-wordpress-4.9.8-0-linux-x64-installer.run
  • KVM / QEMU with sudo virsh snapshot-create-as every step of the way.

I should point out that during the install, it asked me where to put the web site.  I told it /opt/bitnami

So actually, the WordPress code is in /opt/bitnami/apps/wordpress

Note that this is for the files on disk; it has nothing to do with the URL scheme.

The installer does it’s thing, and I get a WordPress site running on the URL scheme <ip address>/wordpress/

Irritation for me is, the production web site I’m wanting to experiment for is <ip address>/

Five changes are needed for the fix.

  • Search and replace the database
  • Edit the /opt/bitnami/apps/wordpress/conf/httpd-prefix.conf file
  • Edit the /opt/bitnami/apps/wordpress/htdocs/wp-config.php file
  • Edit the /opt/bitnami/apps/wordpress/conf/httpd-app.conf file
  • Settings –> Permalinks –> Save Changes

Search and replace the database

Before, I was using the All-In-One WP Migration plugin, because it came with the Bitnami image, and, at a WordPress meetup I went to, the people there said this was a great way of doing a development site.  And it was, for a while.

Problem is, the All-In-One WP Migration guy decided to change the rules, and the latest update refuses to work unless you pay up, for any site larger than 40MB.  I’ve never seen a site less than 200MB, so that’s a no-go for me.

I’ve been using UpdraftPlus for backups (for free), and decided that it wouldn’t hurt to pay them for some of their premium services, which were advertised as also being able to do migration.  Turns out that isn’t nearly as easy as it was with All-In-One WP Migration, but it can be wrestled to the ground and made to work, with a bit of effort.

Anyway: Settings –> UpdraftPlus Backup –> Advanced Tools –> Search / replace database.  Search for /wordpress and replace with /

Note that you do not want to restart services after the search-and-replace but before the file editing below.

Edit httpd-prefix.conf

The httpd-prefix.conf file is explained here: Move WordPress to a different URL path on the same domain

The change is that the Alias setting goes from /wordpress/ to simply /

Edit wp-config.php

The wp-config.php file gets edits, so that

define(‘WP_SITEURL’, ‘http://’ . $_SERVER[‘HTTP_HOST’] . ‘/wordpress/‘);
define(‘WP_HOME’, ‘http://’ . $_SERVER[‘HTTP_HOST’] . ‘/wordpress‘);

define(‘WP_SITEURL’, ‘http://’ . $_SERVER[‘HTTP_HOST’] . ‘/‘);
define(‘WP_HOME’, ‘http://’ . $_SERVER[‘HTTP_HOST’] . ‘/‘);

Edit httpd-app.conf

The httpd-app.conf file gets edits, so that

RewriteBase /wordpress/
RewriteRule . /wordpress/index.php [L]

RewriteBase /
RewriteRule . /index.php [L]

Save Permalinks

One thing I learned during this whole ordeal, is that the Save Permalinks action creates a new .htaccess file for you, which I needed before the root /wordpress/ URL would go away.

Gotcha’s

One thing that caused me quite a bit of trouble is that just doing the edits of the files was not enough; but I didn’t know that.  After doing the edits of the files (only), the WordPress Admin site worked fine.  But every attempt to go to any of the content resulted in a 500 internal server error.

By the way, the WordPress community and debugging tools truly suck to help one figure out what’s wrong here.  But that’s a rant for a different post.

So I thought my migrations were failing because I couldn’t get to my content after migration.  But really, because I had a default-out-of-the-box installation, I never tried to check the First Post comment or any of the other links.  I made the changes to httpd-prefix.conf and wp-config.php and the Admin site worked fine.  After the restore, I could log in to the Admin site (with the password from the production site), and that worked fine.

But my content was always broken, and I didn’t know it until I stripped down everything back to the most rudimentry snapshot I took before I edited anything.