CSSRule: Relocating a Site to a New Server

Sunday, June 19, 2022

Relocating a Site to a New Server

I have a Linode server that I've been wanting to shut down for a long time. In preparation of that, yesterday, I copied the database and any files that are not part of a repository to an external drive. Here are some of the steps that I took when transferring the site to a Digital Ocean server:

Change DNS settings for xyz.com on GoDaddy so they point it to Digital Ocean.
It turns out my domain was registered with Namecheap so I changed two(2) records there. I copied the IP address of my e20 server at Digital Ocean and changed the value in host records for xyz.com at Namecheap.
Make DNS entries for "xyz" on Digital Ocean. (use the e20 server)
I did not have to do this because I just updated the DNS records that were already at Namecheap.
Make this entry in .ssh/config file for "xyz":
- Hostname xyz.com
- User root
- IdentityFile ~/ssh/id_rsa_e20
ssh into xyz.com server.
Possible Hiccups: If you get a "Remote host identification has changed" warning, it means that your ssh client is trying to tell you that the IP address is now different for this host which could be a security issue but in this case, I intentionally changed the IP address so it's not a problem. To get past this error, what I did was I deleted the "known_hosts" file from the .ssh directory. Best practice is to just remove the single offending entry with this command: ssh-keygen -R hostname
I keep project_1 under my htdocs directory so cd'ed into that directory and did a "git status" and a "git pull" to make sure that my repo is up to date. From within the same directory, I did a "cat .git/config" to find out the url of the repository. I'm going to clone the repository to the server using this url.
- From a terminal window, ssh into your server: ssh xyz
- Ubuntu already comes with this directory:
  cd /var/www/html
- Clone the Github repository (project_1) to /var/www/html.
  git clone git@github.com:your_github_acct_name/project_1.git
- Another hiccup: Got this error => Permission denied (publickey).

Update the project configs/ to match directory location. On my local machine, I added these two lines to
/Applications/MAMP/htdocs/project_1/CI3/ci/application/config/config.php file:
- $config['base_url'] = 'https://xyz.com';
- $config['site_path'] = "/var/wwww/html/project_1/CI3/public/";
Create an Apache config for the site in /etc/apache2/sites-available
- cd'ed into /etc/apache2/sites-available to look for a conf file. There wasn't one so copied another configuration file like this:
  cp minikit.eloquentcss.com.conf xyz.com.conf.
- Some of the edits in xyz.com.conf include:
  ServerName xyz.com
  ServerAlias www.xyz.com
  DocumentRoot /var/www/html/project_1/CI3/public
  ErrorLog /var/www/html/project_1/storage/logs/error.log
- I have /var/www/html/project_1 directory but missing storage and logs under it.
  In /var/www/html/project_1, created storage folder.
  In /var/www/html/project_1/storage, created logs folder.
- Check ownership of the directory that I'm going to store the logs in.
  /var/www/html/project_1/storage $ ls -l
  drwxr-xr-x 3 root root 4096 Jun 15 06:45 storage
- Ownership for "storage" is root so change that to Apache with this command:
  chown www-data storage
- Recheck ownership:
  drwxr-xr-x 3 www-data root 4096 Jun 15 06:45 storage

Enabling the xyz configuration in Apache. Can run it from anywhere on the server, the command knows where to find the config files:
/var/www/html $ a2ensite xyz.com
/var/www/html $ service apache2 reload

Setting up the SSL certificate: New approach using Electronic Frontier Foundation's certbot tool much easier than the old process. It's also free.
- I may already have installed certbot so check on that:
  /var/www/html $ which certbot
- I have it so I ran following command and answered a few questions:
  certbot --apache
- I want to check if the certbot renewal is active:
  /var/www/html $ systemctl status certbot.timer
- Checking certbot auto renewal to make sure that it will succeed when it tries to auto-renew:
  /var/www/html $ certbot renew --dry-run

Create additional directories the site uses (e.g. uploads). Some of these I already had. I changed ownership for all of them. Check with a "ls -l" to see that Apache has ownership of the directories.
/var/www/html/project_1/CI3/public $ chown www-data captcha
/var/www/html/project_1/CI3/public $ mkdir img
/var/www/html/project_1/CI3/public $ mkdir imgs2
/var/www/html/project_1/CI3/public $ mkdir pimg
/var/www/html/project_1/CI3/public $ mkdir scrape
/var/www/html/project_1/CI3/public $ chown www-data img pimg scrape uploads

Create the database in MySQL: I have the backup of the database on my disk so I copied that over to the new server. This is just the data and the schema which I will load into the MySQL database.
- Get password for the database:
- Digital Ocean saves the passwords for MySQL to:
  /root/.digitalocean_password
- ~ $ cat /root/.digitalocean_password
  root_mysql_pass="c5dce......."
- Get your sql file and name of the database:
- ~ $ ls *.gz
- ~ $ gunzip m2017-1000.sql.gz
- The name of my database is in this file: CI3/ci/application/config/database.php
- Go into MySQL from the terminal
- username is root, -p to prompt for password
  Enter the DO password I have cat'ed above.
  ~ $ mysql -u root -p
- mysql> create database m2017;
- mysql> show databases;
- mysql> use m2017;
  Database changed
- Load data into database
- mysql>source m2017-1000.sql;
- Creating a user and giving it privileges
- username and password come from CI3/ci/application/config/database.php for the following two commands
- CREATE USER 'username'@'localhost'IDENTIFIED WITH mysql_native_password BY 'password'
- GRANT ALL PRIVILEGES ON *.* TO 'username'@'localhost' WITH GRANT OPTION;
I forgot a big one!.. Install and configure Solr. It's a lot of pain to install and configure Solr especially if there are version mismatches between your operating system and the version of Solr that you are using. To make this easier, I use Docker which insulates us from version mismatch problems.
- I'm going to add a subdomain for Solr so go to Namecheap, Advanced DNS, Add New Record, "A" Record (Host: solr, value: same IP address www)
- nslookup solr.xyz.com
- Run Solr in a Docker Container:
  - docker login docker_username (and enter password)
  - docker run -d --name solr --restart always --net="host" docker_username/solr-image:v2
- Log in to Solr docker container and configure:
  - docker exec -it solr /bin/bash
  - export COLLECTION=masc
  - solr create_core -c $COLLECTION -d server/solr/configsets/xyz/conf
  - cd /opt/solr/server/solr/xyz/conf
  - cat db-data-config.xml | sed 's/mysql-mariadb/localhost/' > new_db_config
  - cp new_db_config db-data-config.xml
- Setup secure Apache Virtual Host to Proxy access to Solr:
  - Create a password for solr: htpasswd /etc/apache2/.htpasswd solr
  - vim /etc/apache2/sites-available/solr.xyz.com.conf
  - Contents:
```
<VirtualHost *:80>
    ProxyPreserveHost On
    ProxyPass / http://localhost:8983/
    ProxyPassReverse / http://localhost:8983/
    Timeout 5400
    ProxyTimeout 5400
    ServerName solr.xyz.com
    <Proxy *>
        Order deny,allow
        Allow from all
        Authtype Basic
        Authname "Password Required"
        AuthUserFile /etc/apache2/.htpasswd
        Require valid-user
    </Proxy>
</virtualhost>
```
  - Enable the site: a2ensite solr.xyz.com
  - Reload Apache: service apache2 reload
  - Bring up Solr UI: http://solr.xyz.com
- Install PHP Extension for Solr:
  - apt-get install php-dev libxml2-dev libcurl4-gnutls-dev libcurl
  - cd /usr/local/include
  - ln -s /usr/include/x86_64-linux-gnu/curl curl
  - apt-get install php-pear
  - pear install pecl/solr
  - vim /etc/php/7.0/apache2/php.ini (and add line: extension=solr.so)
  - service apache2 reload
Bring up site.