I’m a fan of Tenets of IT
Number 15 of which is “Everyone has a test environment, not everyone is lucky enough to have a separate production environment.”
Heh.
This post will be how I copied a production web site to a test environment.
Prerequisites are:
- A virtual machine server
- A domain name
- A wildcard certificate for that domain name
In my case, for the virtual machine server, I bought a used Lenovo Tiny PC from Amazon, loaded it up with RAM and installed Proxmox on it.
I had bought a domain name, really for my Nextcloud instance, but I can also use it for my home lab.
I have a firewall, which can get SSL certificates from the EFF project Let’s Encrypt, via the certbot / acme protocol. I went through the trouble to get a wildcard certificate, so that any box in my domain name can be SSL protected.
The basic steps
- Prepare the new machine
- Install WordPress
- Export WordPress “production” and import to “test”
- .
- .
- .
- Profit!
Prepare new machine
- Install Debian
- Add vim and other configurations
- Change host name and domain
- Add ssh key login
- Install Apache and MariaDB
- Install WordPress
- Update Apache enabled sites to include SSL
- Update Apache default Debian setting
- Install one WordPress plugin to import the export
- A note about ASE (Admin Site Enhancements)
Install Debian
This was a Proxmox step, and I think I did it from a .ISO file
Add vim and other configurations
apt-get install vim
update-alternatives --config editor
vim ~/.bash_profile
export EDITOR=vim
[ -r $HOME/.bashrc ] && source $HOME/.bashrc
export PS1='\[\e[32;40m\]\u\[\e[37m\]@\[\e[32m\]\H:\w\[\e[30m\] \[\e[32m\]\$\[\e[30m\] \[\e[0m\]'
vim ~/.bashrc
Find the aliases I want and add them, uncomment them, etc. I always add:
alias ..='cd ..'
vim /etc/inputrc
Find # "\e[5~": history-search-backward and uncomment it
Change host name and domain
I should mention that in my home firewall, it is also my local DNS resolver. So inside there, I have server1.example.com mapped to the IP address Proxmox gave to my new virtual machine (Proxmox got it from my DHCP server).
hostnamectl set-hostname server1.example.com
vim /etc/hosts
In here, I added an entry for 127.0.1.1 which maps the fully qualified host and domain name to the host. So for example, 127.0.1.1 server1.example.com server1
The address 127.0.1.1 is specified because Apache will try to identify the site by name (later). Everything in the 127.x.x.x maps to the local machine, so they all go to the same place. But having it as 127.0.1.1 stops a duplication conflict with 127.0.0.1 for localhost
Add ssh key login
ssh-copy-id root@server1.example.com
Never, in production, would I be commonly logging in as root. But this is a test / play environment, and I find the process cumbersome to set up an alternative user, and then have to be constantly doing a su - (switch user) to root. Since this is in my home lab and not visible on the public Internet, this is not so much a risk. And … before I really try anything screwy, I can take a Proxmox snapshot.
Another thing I run into, is that because I can rip and replace virtual machines easily, I tend to have to delete old entries from the ./ssh/known_hosts file.
ssh-keygen -R "server1"
Install Apache and MariaDB
Essentially, I am following the instructions here at Rose Hosting
One change I make is that immediately after installing MySQL, I run the process to secure the MySQL installation:
mysql_secure_installation
Yes, I set the switch to unix_socket authentication. I have zero need for MySQL to authenticate across a network. This is overkill for a home lab, but since this is how production is going to be set, the machine in test should match it.
Install WordPress
I still follow the instructions at Rose Hosting
Update Apache enabled sites to include SSL
The Rose Hosting instructions don’t disable the 000-default.conf web site
a2dissite 000-default.conf
Now, how to make https:// work? Well, there is already a default-ssl.conf file, so all it really needs is a certificate and key, and for Apache to use SSL. The SSL certificate files mentioned there are /etc/ssl/certs/ssl-cert-snakeoil.pem and /etc/ssl/private/ssl-cert-snakeoil.key
I have exported my wild card certificate and key to my local machine, so now I upload them to those directories, and change the names in the default-ssl.conf file.
Update the ServerName setting in default-ssl.conf to server1.example.com
Update the DocumentRoot setting in default-ssl.conf to /var/www/html/wordpress
Add rewrite rules to the non-SSL site to redirect to the SSL site. In wordpress.conf add:
RewriteEngine On
RewriteCond %{REQUEST_URI} !.well-known/acme-challenge
RewriteRule ^(.*)$ https://%{SERVER_NAME}$1 [R=301,L]
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
apachectl -t
If this checks out well, that’s nice, but there is still one more thing to add:
a2enmod ssl
Update Apache default Debian setting
This one threw me for a loop – all my redirects were going to 404 error pages.
It turns out that the default setting on Debian has an Apache configuration file with rewrites not allowed.
vim /etc/apache2/apache2.conf
Find my way to the <Directory /var/www/> section. Change the AllowOveride setting from None to All.
The /var/www directory is of course higher up in the directory structure of what Apache is going to serve up. Because it is higher, the AllowOveride None directive overrides the lower level allow all. Whoops – for WordPress this is no bueno.
Finally, restart (not reload) Apache:
systemctl restart apache2
Install one WordPress plugin to import the export
For this, I am following the instructions by Ferdy Korpershoek on this YouTube video
(The YouTube front page has become politicized trash, but for technical videos, it still has good stuff one can find).
Essentially, I install the All-in-One WP Migration plugin on the production web site, do an export, and then install a fixed version of the All-in-One WP Migration plugin on the test web site.
Ferdy does clean up the new / fresh web site first, by deleting and emptying the default pages and posts. I also deleted the default plugins.
After the import is done, I need to log in again, because the database was replaced, which is where my login credentials are stored. After getting logged in, I need to save Permalinks twice.
A note about ASE (Admin and Site Enhancements)
I was almost at hooray! But, I have a small security enhancement via Admin and Site Enhancements (ASE) which threw a tiny wrench in the monkeyworks. Yes, in production, I’ve hidden the login URL to somewhere other than normal. So after the import, All-in-One WP Migration (100 GB version) provides a link to update the Permalinks, but because of ASE, that URL was not found. No biggie, I simply had to use the URL that was appropriate for the production web site.
Profit!
And now I get to bask in the glory of messing the heck out of the test (not production!) WordPress web site. Fun times. 🙂
I think I’ll take a Proxmox snapshot first.