Maltfield Log/2019 Q2

From Open Source Ecology
Jump to: navigation, search

My work log from the year 2019 Quarter 2. I intentionally made this verbose to make future admin's work easier when troubleshooting. The more keywords, error messages, etc that are listed in this log, the more helpful it will be for the future OSE Sysadmin.

See Also

  1. Maltfield_Log
  2. User:Maltfield
  3. Special:Contributions/Maltfield

Mon May 27, 2019

  1. did some research on the twitterverse for tweets & users who have been talking about the right to repair tractors. https://twitter.com/search?f=tweets&vertical=default&q=tractor%20OR%20deere%20OR%20tesla%20OR%20aterpillar%20OR%20bernie%20OR%20warren%20%23righttorepair&src=typd
  2. users/tweets worth mentioning:
* https://twitter.com/iFixit/status/1117412268826931200
* https://twitter.com/CRAdvocacy/status/1127981835588440069
* https://twitter.com/RestartProject/status/1125697814749679616
* https://twitter.com/GrahamHill/status/1126399051715489793
* https://twitter.com/uspirg/status/1131926575744724992
* https://twitter.com/RepairCoalition/status/1129497045742575617


Sat May 11, 2019

  1. phplist stats checks
  1. Researched free akismet alternatives
* https://wordpress.org/plugins/antispam-bee/
* https://wordpress.org/plugins/anti-spam/
  1. And there's a bunch more:
* https://wordpress.org/plugins/cleantalk-spam-protect/
* https://wordpress.org/plugins/stop-spammer-registrations-plugin/
* https://wordpress.org/plugins/goodbye-captcha/
* https://wordpress.org/plugins/spam-destroyer/
* https://wordpress.org/plugins/spam-master/
  1. of these, only the following plugins have been "tested up to (version) 5.2" = the latest version of wordpres
    1. https://wordpress.org/plugins/cleantalk-spam-protect/
    2. https://wordpress.org/plugins/spam-destroyer/
    3. of these, the first (cleantalk) has far more active installs)
    4. but cleantalk is not actually free, it's only a trial for a few days

Fri May 10, 2019

  1. Marcin had a modsec false-positive when attempting to add a ticket countdown to a post on osemain
<div data-type="countdown" data-id="1179705" class="tickcounter" style="width: 100%; position: relative; padding-bottom: 25%"><a href="www.tickcounter.com/countdown/1179705/open-source-microfactory-stem-camp" title="Open Source Microfactory STEM Camp">Open Source Microfactory STEM Camp</a><a href="www.tickcounter.com/" title="Countdown">Countdown</a></div><script>(function(d, s, id) { var js, pjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = "//www.tickcounter.com/static/js/loader.js"; pjs.parentNode.insertBefore(js, pjs); }(document, "script", "tickcounter-sdk"));</script>
  1. I whitelisted the id = 981250, sqli
  1. ...
  1. Marcin mentioned that AbeAndersion is missing from our AciveUsers page, which is valid
    1. https://en.wikipedia.org/wiki/Special:ActiveUsers
    2. Indeed, Abe has edits in the past 30 days https://wiki.opensourceecology.org/wiki/Special:Contributions/AbeAnderson
    3. Also interesting is that the Special:Statistics page clearly lists that we have 15 active users, but the SpecialActiveUsers page shows a list of 14 users (excluding Abe) https://wiki.opensourceecology.org/wiki/Special:Statistic

Wed May 08, 2019

  1. Catarina & Marcin responded to my inquiry about woocommerce gateways. They don't have strong opinions other than wishing to avoid fees and suggested paypal as probably the necessary option.
  2. I did furhter research: Paypal/stripe/etc is a modern "easy" solution at the cost of higher fees. Per the article above, If we have a merchant bank account, we can setup a payment gateway with one of the "classic" gateways like WorldPay or Authorize.net. But then we'd have to pay for plugins to integrate into woocommerce and monthly fees for the payment gateway
    1. For example, paypal/stripe/etc charge 2.9% + $0.30 per transaction but no monthly fees. Authorize.net has lower fees but at least $79 one-time fee + $25/mo fees. Worldpay charges 0.99% to 2.6% depending on the transaction, but costs $79 one-time + £20/month.
  3. this page shows all the free plugin options, including stripe, square, amazon, payfast, eway, or klarna https://woocommerce.com/product-category/woocommerce-extensions/payment-gateways/?min_price=0&max_price=0
  4. my googling suggested braintree (owned by paypal) would be one of the best payment gateway options, but its plugin on wordpress.org had pretty bad reviews https://wordpress.org/plugins/woocommerce-gateway-paypal-powered-by-braintree/
  5. Of the above options, the plugin for stripe has the best reviews, but one review stated that stripe required 3rd party cookies. not good. https://wordpress.org/plugins/woocommerce-gateway-stripe/

Mon May 06, 2019

  1. Catarina has been having issues with the new Open Source Everything store wordpress site (oshine, woocommerce), but hasn't been able to reproduce the errors
  2. I imported the items she listed as problematic (product samples, the v4 shop, and the v37 winery), and it all succeeded without issues
  3. I noticed that the "store" page didn't display any products.
  4. I dug for some documentation for the oshine theme, but didn't find anything but a knowledge base
  5. I dug into the documentation for woocommerce, and I found some woocommerce shortcodes here https://docs.woocommerce.com/document/woocommerce-shortcodes/
  6. I edited the shop page (shop-3) using the Tatsu editor, and I was able to add a new block of type "shortcode editor"
  7. I added the "[products]" shotcode per the documentation above, and--after I saved--the page now listed all the products
  8. I emailed Catarina with these resultes
  1. ...
  1. when updating my work log, I encountered a mod security error. I fixed it by whitelisting id = 973309, xss
  1. ...
  1. I did some research on accepting crypto. I recently noticed that cheapair.com switched from coinbase's merchant platform (which was deprecated last year in 2018) to BTCPay https://www.cheapair.com/blog/a-letter-to-our-bitcoin-customers/
  2. I did some searching comparing coingate to BTCPay. Looks like BTCPay would require us to run a full node, which could be problematic due to the size of the blockchain. I think we'll stick to coingate

Tue Apr 10, 2019

  1. looks like varnishlog has some issues
[root@opensourceecology ~]# varnishlog -q "ReqHeader eq 'X-Forwarded-For: 209.208.216.133'"
Can't open VSM file (Cannot open /var/lib/varnish/opensourceecology.org/_.vsm: No such file or directory
)
[root@opensourceecology ~]#
  1. a quick listing shows two dirs here, which suggests that this is an issue because I changed the name of the server (when debugging phplist bounce issues) from 'hetzner2.opensourceecology.org' to 'opensourceecology.org'
[root@opensourceecology ~]# ls -lah /var/lib/varnish/
total 16K
drwxr-xr-x   4 root root 4.0K Apr  9 19:14 .
drwxr-xr-x. 40 root root 4.0K Aug  1  2018 ..
drwxr-xr-x   2 root root 4.0K Apr  9 19:14 hetzner2.opensourceecology.org
drwxr-xr-x   2 root root 4.0K Apr  9 19:14 opensourceecology.org
[root@opensourceecology ~]# ls -lah /var/lib/varnish/opensourceecology.org/*
ls: cannot access /var/lib/varnish/opensourceecology.org/*: No such file or directory
[root@opensourceecology ~]# ls -lah /var/lib/varnish/opensourceecology.org/
total 8.0K
drwxr-xr-x 2 root root 4.0K Apr  9 19:14 .
drwxr-xr-x 4 root root 4.0K Apr  9 19:14 ..
[root@opensourceecology ~]# ls -lah /var/lib/varnish/hetzner2.opensourceecology.org/
total 87M
drwxr-xr-x 2 root    root    4.0K Apr  9 19:14 .
drwxr-xr-x 4 root    root    4.0K Apr  9 19:14 ..
-rwxr-xr-x 1 varnish varnish 579K Aug 27  2018 vcl.2ptuZUvj.so
-rwxr-xr-x 1 varnish varnish 536K Aug 21  2018 vcl.2SghnXE3.so
-rwxr-xr-x 1 varnish varnish 536K Aug 21  2018 vcl.3Hap1TL8.so
-rwxr-xr-x 1 varnish varnish 621K Oct  4  2018 vcl.3Wwm1gwf.so
-rwxr-xr-x 1 varnish varnish 442K May 24  2018 vcl.5_1e_Fjz.so
-rwxr-xr-x 1 varnish varnish 530K Aug  8  2018 vcl.61eWMchl.so
-rwxr-xr-x 1 varnish varnish 486K Aug  7  2018 vcl.aC4NdvoR.so
-rwxr-xr-x 1 varnish varnish 577K Apr  9 19:14 vcl.Az0BBXRC.so
-rwxr-xr-x 1 varnish varnish 617K Sep 17  2018 vcl.EqOuPc72.so
-rwxr-xr-x 1 varnish varnish 443K Jun 25  2018 vcl.Jge8hahD.so
-rwxr-xr-x 1 varnish varnish 442K Jun 25  2018 vcl.SpnmZ22S.so
-rw-r--r-- 1 root    root     81M Apr 10 12:10 _.vsm
[root@opensourceecology ~]#
  1. doing a proper varnish service restart (not just reload) fixed the issue
  2. damn, checking our munin graphs show an absence of varnish data for the past 4 weeks probably since I renamed the host. I confirmed that data is flowing again.
  3. Catarina had some issues with a Permission Denied issue. Logs show mod_security returning a 403 error due to a false-positive sql-injection detected id = 981319
  4. there is also a huge warning in the Oshine theme's "Oshine Options" tab complaining about Oshine not being access its cdn
Redux Framework Warning
select2-css CDN unavailable. Some controls may not render properly. If you are developing offline, please download and install the Redux Vendor Support plugin/extension to bypass the our CDN and avoid this warning.

Redux Framework Warning
select2-js CDN unavailable. Some controls may not render properly. If you are developing offline, please download and install the Redux Vendor Support plugin/extension to bypass the our CDN and avoid this warning.

Redux Framework Warning
ace-editor-js CDN unavailable. Some controls may not render properly. If you are developing offline, please download and install the Redux Vendor Support plugin/extension to bypass the our CDN and avoid this warning.
  1. yeah, that's because our firewall prevents our server (by apache uid) from being able to initiate requests. It's a server; it only serves. Web servers initiating requests (calling home?) are signs of malware.
  2. fortunately, we can disable the cdn by editing '\wp-content\plugins\redux-framework\ReduxCore\framework.php' and setting 'use_cdn' to 'false'
    1. https://github.com/reduxframework/redux-vendor-support
    2. https://wordpress.org/support/topic/theme-options-and-redux-framework/
  3. err, for us, the issue is in the revslider theme, which apparently adopts the framework.php script, not the whole plugin
[root@opensourceecology plugins]# date
Wed Apr 10 13:36:51 UTC 2019
[root@opensourceecology plugins]# pwd
/var/www/html/store.opensourceecology.org/htdocs/wp-content/plugins
[root@opensourceecology plugins]# find . | grep -i framework.php
./revslider/includes/framework/include-framework.php
[root@opensourceecology plugins]#
  1. uh, what? that file doesn't have the option
[root@opensourceecology plugins]# cat revslider/includes/framework/include-framework.php 
<?php
/**
 * @author    ThemePunch <info@themepunch.com>
 * @link      http://www.themepunch.com/
 * @copyright 2015 ThemePunch
 */

if( !defined( 'ABSPATH') ) exit();

$folderIncludes = dirname(FILE)."/";

require_once($folderIncludes . 'functions.class.php');
require_once($folderIncludes . 'functions-wordpress.class.php');
require_once($folderIncludes . 'db.class.php');
require_once($folderIncludes . 'cssparser.class.php');
require_once($folderIncludes . 'wpml.class.php');
require_once($folderIncludes . 'woocommerce.class.php');
require_once($folderIncludes . 'em-integration.class.php');
require_once($folderIncludes . 'aq-resizer.class.php');
require_once($folderIncludes . 'plugin-update.class.php');
require_once($folderIncludes . 'addon-admin.class.php');
require_once($folderIncludes . 'colorpicker.class.php');
require_once($folderIncludes . 'loadbalancer.class.php');
?>[root@opensourceecology plugins]#
  1. and I find nothing with 'use_cdn'
[root@opensourceecology plugins]# grep -irl 'use_cdn' *
[root@opensourceecology plugins]#
  1. ah, right, it's in the theme folder!
[root@opensourceecology themes]# date
Wed Apr 10 13:48:11 UTC 2019
[root@opensourceecology themes]# pwd
/var/www/html/store.opensourceecology.org/htdocs/wp-content/themes
[root@opensourceecology themes]# grep -irl 'Redux Framework Warning' *
oshin/ReduxFramework/ReduxCore/inc/class.redux_cdn.php
[root@opensourceecology themes]#
  1. I updated the option
[root@opensourceecology themes]# date
Wed Apr 10 13:50:59 UTC 2019
[root@opensourceecology themes]# pwd
/var/www/html/store.opensourceecology.org/htdocs/wp-content/themes
[root@opensourceecology themes]# cd oshin/ReduxFramework/ReduxCore
[root@opensourceecology ReduxCore]# cp framework.php framework.20190410.php
[root@opensourceecology ReduxCore]# grep 'use_cdn' framework.
grep: framework.: No such file or directory
[root@opensourceecology ReduxCore]# grep 'use_cdn' framework.php 
					'use_cdn'                   => true,
							$this->args['use_cdn'] = false;
						$this->args['use_cdn'] = false;
[root@opensourceecology ReduxCore]# vim framework.php
[root@opensourceecology ReduxCore]# grep 'use_cdn' framework.php 
					'use_cdn'                   => false,
							$this->args['use_cdn'] = false;
						$this->args['use_cdn'] = false;
[root@opensourceecology ReduxCore]#
  1. that made the warnings go away when I refreshed the wp wui, but now I see a different error complaining that the "Vednor Support plugin" is not installed
The Vendor Support plugin (or extension) is either not installed or not activated and thus, some controls may not render properly. Please ensure that it is installed and activated.
  1. so I went ahead and installed the plugin; unfortunately it's only in git and therefore can't be installed via wp-cli
[root@opensourceecology plugins]# pwd
/var/www/html/store.opensourceecology.org/htdocs/wp-content/plugins
[root@opensourceecology plugins]# ls
akismet                   force-strong-passwords                          meta-box-conditional-logic  ssl-insecure-content-fixer
be-gdpr                   google-authenticator                            meta-box-show-hide          tatsu
be-portfolio-post         google-authenticator-encourage-user-activation  meta-box-tabs               typehub
classic-editor            hello.php                                       oshine-core                 vcaching
coingate-for-woocommerce  index.php                                       oshine-modules              woocommerce
colorhub                  masterslider                                    rename-wp-login
contact-form-7            meta-box                                        revslider
[root@opensourceecology plugins]# git clone https://github.com/reduxframework/redux-vendor-support redux-vendor-support
Cloning into 'redux-vendor-support'...
remote: Enumerating objects: 173, done.
remote: Total 173 (delta 0), reused 0 (delta 0), pack-reused 173
Receiving objects: 100% (173/173), 539.82 KiB | 0 bytes/s, done.
Resolving deltas: 100% (63/63), done.
[root@opensourceecology plugins]# ls
akismet                   force-strong-passwords                          meta-box-conditional-logic  revslider
be-gdpr                   google-authenticator                            meta-box-show-hide          ssl-insecure-content-fixer
be-portfolio-post         google-authenticator-encourage-user-activation  meta-box-tabs               tatsu
classic-editor            hello.php                                       oshine-core                 typehub
coingate-for-woocommerce  index.php                                       oshine-modules              vcaching
colorhub                  masterslider                                    redux-vendor-support        woocommerce
contact-form-7            meta-box                                        rename-wp-login
[root@opensourceecology plugins]# vhostDir="/var/www/html/store.opensourceecology.org"
[root@opensourceecology plugins]# wpDocroot="${vhostDir}/htdocs"
[root@opensourceecology plugins]# 
[root@opensourceecology plugins]# chown -R not-apache:apache "${vhostDir}"
[root@opensourceecology plugins]# find "${vhostDir}" -type d -exec chmod 0050 {} \;
[root@opensourceecology plugins]# find "${vhostDir}" -type f -exec chmod 0040 {} \;
[root@opensourceecology plugins]# 
[root@opensourceecology plugins]# chown not-apache:apache-admins "${vhostDir}/wp-config.php"
[root@opensourceecology plugins]# chmod 0040 "${vhostDir}/wp-config.php"
[root@opensourceecology plugins]# 
[root@opensourceecology plugins]# [ -d "${wpDocroot}/wp-content/uploads" ] || mkdir "${wpDocroot}/wp-content/uploads"
[root@opensourceecology plugins]# chown -R apache:apache "${wpDocroot}/wp-content/uploads"
[root@opensourceecology plugins]# find "${wpDocroot}/wp-content/uploads" -type f -exec chmod 0660 {} \;
[root@opensourceecology plugins]# find "${wpDocroot}/wp-content/uploads" -type d -exec chmod 0770 {} \;
[root@opensourceecology plugins]# 

[root@opensourceecology plugins]#

Tue Apr 09, 2019

  1. started to build wordpress site for Open Source Everything Store at https://store.opensourceecology.org
  2. used the guide here to creating a new wordpress vhost https://wiki.opensourceecology.org/wiki/Wordpress#Create_New_Wordpress_Vhost
  3. first, I went to create a dns entry. Unfortunately, I realized that we're missing IPv6 dns entries for all but our naked domain, so I added them for awstats, fef, forum, microfactory, munin, oswh, wiki, and www.
  4. I also added both A & AAAA entries for 'store'
  5. some cleanup: I deleted files for 'd3d.opensourceecology.org' and '3dp.opensourceecology.org' we ended up using 'microfactory.opensourceecology.org'
    1. I didn't delete; I actually just moved them to '/var/tmp/deleteMeIn2021'
[root@opensourceecology deleteMeIn2021]# date
Tue Apr  9 18:25:19 UTC 2019
[root@opensourceecology deleteMeIn2021]# pwd
/var/tmp/deleteMeIn2021
[root@opensourceecology deleteMeIn2021]# du -sh *
628K    2019-04-09_deleted-3dp-site
232K    2019-04-09_deleted-d3d-site
[root@opensourceecology deleteMeIn2021]# find . -maxdepth 3
.
./2019-04-09_deleted-d3d-site
./2019-04-09_deleted-d3d-site/nginxLogs
./2019-04-09_deleted-d3d-site/nginxLogs/d3d.opensourceecology.org
./2019-04-09_deleted-d3d-site/apacheLogs
./2019-04-09_deleted-d3d-site/apacheLogs/d3d.opensourceecology.org
./2019-04-09_deleted-d3d-site/nginx
./2019-04-09_deleted-d3d-site/nginx/d3d.opensourceecology.org
./2019-04-09_deleted-d3d-site/varnish
./2019-04-09_deleted-d3d-site/varnish/d3d.opensourceecology.org
./2019-04-09_deleted-d3d-site/apache
./2019-04-09_deleted-d3d-site/apache/00-d3d.opensourceecology.org.conf
./2019-04-09_deleted-3dp-site
./2019-04-09_deleted-3dp-site/nginxLogs
./2019-04-09_deleted-3dp-site/nginxLogs/3dp.opensourceecology.org
./2019-04-09_deleted-3dp-site/apacheLogs
./2019-04-09_deleted-3dp-site/apacheLogs/3dp.opensourceecology.org
./2019-04-09_deleted-3dp-site/nginx
./2019-04-09_deleted-3dp-site/nginx/3dp.opensourceecology.org.conf
./2019-04-09_deleted-3dp-site/varnish
./2019-04-09_deleted-3dp-site/varnish/3dp.opensourceecology.org
./2019-04-09_deleted-3dp-site/apache
./2019-04-09_deleted-3dp-site/apache/00-3dp.opensourceecology.org.conf
[root@opensourceecology deleteMeIn2021]#
  1. I created a password for the mysql user 'store_user' and saved it to the shared ose keepass
  2. I updated our wordpress article on the wiki to use relevant B2 commands for creating backups, since we're no longer using our dreamhost server for storing backups https://wiki.opensourceecology.org/index.php?title=Wordpress&type=revision&diff=189487&oldid=189063
  3. I removed 'd3d', 'd3p', and 'cacti' dirs from the 'open_basedir' var of /etc/php.ini
  4. I added the dir for 'store.opensourceecology.org' = /var/www/html/store.opensourceecology.org
open_basedir = "/home/wp/.wp-cli:/usr/share/pear:/var/lib/php/tmp_upload:/var/lib/php/session:/var/www/html/www.openbuildinginstitute.org:/var/www/html/staging.openbuildinginstitute.org/:/var/www/html/staging.opensourceecology.org/:/var/www/html/www.opensourceecology.org/:/var/www/html/fef.opensourceecology.org/:/var/www/html/seedhome.openbuildinginstitute.org:/var/www/html/oswh.opensourceecology.org/:/var/www/html/wiki.opensourceecology.org/:/var/www/html/cacti.opensourceecology.org/:/var/www/html/store.opensourceecology.org:/var/www/html/microfactory.opensourceecology.org:/var/www/html/phplist.opensourceecology.org"
  1. I updated the varnish config file, removing 'd3d' & '3dp', and adding 'store'
[root@opensourceecology varnish]# date
Tue Apr  9 19:10:34 UTC 2019
[root@opensourceecology varnish]# pwd
/etc/varnish
[root@opensourceecology varnish]# cat all-vhosts.vcl
################################################################################
# File:    all-hosts.vcl
# Version: 1.4
# Purpose: meta config file that simply imports the site-specific vcl files
#          stored in the 'sites-enabled' directory Please see this for more info
#            * https://www.getpagespeed.com/server-setup/varnish/varnish-virtual-hosts
# Author:  Michael Altfield <michael@opensourceecology.org>
# Created: 2017-11-12
# Updated: 2018-08-27
################################################################################

include "sites-enabled/staging.openbuildinginstitute.org";
include "sites-enabled/staging.opensourceecology.org";
include "sites-enabled/awstats.openbuildinginstitute.org";
include "sites-enabled/awstats.opensourceecology.org";
include "sites-enabled/munin.opensourceecology.org";

include "sites-enabled/www.openbuildinginstitute.org";
include "sites-enabled/www.opensourceecology.org";
include "sites-enabled/seedhome.openbuildinginstitute.org";
include "sites-enabled/fef.opensourceecology.org";
include "sites-enabled/oswh.opensourceecology.org";
include "sites-enabled/forum.opensourceecology.org";
include "sites-enabled/wiki.opensourceecology.org";
include "sites-enabled/phplist.opensourceecology.org";
include "sites-enabled/microfactory.opensourceecology.org";
include "sites-enabled/store.opensourceecology.org";
[root@opensourceecology varnish]#
  1. I got the last-executed `certbot` command from my notes on 2018-08-27 https://wiki.opensourceecology.org/wiki/Maltfield_Log/2018_Q3#Mon_Aug_27.2C_2018
certbot -nv --expand --cert-name opensourceecology.org certonly -v --webroot -w /var/www/html/www.opensourceecology.org/htdocs/ -d opensourceecology.org  -w /var/www/html/www.opensourceecology.org/htdocs -d www.opensourceecology.org -w /var/www/html/fef.opensourceecology.org/htdocs/ -d fef.opensourceecology.org  -w /var/www/html/staging.opensourceecology.org/htdocs -d staging.opensourceecology.org -w /var/www/html/oswh.opensourceecology.org/htdocs/ -d oswh.opensourceecology.org -w /var/www/html/forum.opensourceecology.org/htdocs -d forum.opensourceecology.org -w /var/www/html/wiki.opensourceecology.org/htdocs -d wiki.opensourceecology.org -w /var/www/html/microfactory.opensourceecology.org/htdocs/ -d microfactory.opensourceecology.org -w /var/www/html/certbot/htdocs -d awstats.opensourceecology.org -d munin.opensourceecology.org -d phplist.opensourceecology.org
  1. I confirmed that this contains all the current domains listed with `certbot certificates`
[root@opensourceecology deleteMeIn2021]# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: opensourceecology.org
	Domains: opensourceecology.org 3dp.opensourceecology.org awstats.opensourceecology.org d3d.opensourceecology.org fef.opensourceecology.org forum.opensourceecology.org microfactory.opensourceecology.org munin.opensourceecology.org oswh.opensourceecology.org phplist.opensourceecology.org staging.opensourceecology.org wiki.opensourceecology.org www.opensourceecology.org
	Expiry Date: 2019-05-14 03:20:13+00:00 (VALID: 34 days)
	Certificate Path: /etc/letsencrypt/live/opensourceecology.org/fullchain.pem
	Private Key Path: /etc/letsencrypt/live/opensourceecology.org/privkey.pem
  Certificate Name: openbuildinginstitute.org
	Domains: www.openbuildinginstitute.org awstats.openbuildinginstitute.org openbuildinginstitute.org seedhome.openbuildinginstitute.org
	Expiry Date: 2019-05-14 03:20:22+00:00 (VALID: 34 days)
	Certificate Path: /etc/letsencrypt/live/openbuildinginstitute.org/fullchain.pem
	Private Key Path: /etc/letsencrypt/live/openbuildinginstitute.org/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
[root@opensourceecology deleteMeIn2021]#
  1. I updated the command
    1. I moved the phplist cert to the proper dir
    2. I removed d3d
    3. I removed 3dp
    4. I added 'store.opensourceecology.org'
certbot -nv --expand --cert-name opensourceecology.org certonly -v --webroot -w /var/www/html/www.opensourceecology.org/htdocs/ -d opensourceecology.org  -w /var/www/html/www.opensourceecology.org/htdocs -d www.opensourceecology.org -w /var/www/html/fef.opensourceecology.org/htdocs/ -d fef.opensourceecology.org  -w /var/www/html/staging.opensourceecology.org/htdocs -d staging.opensourceecology.org -w /var/www/html/oswh.opensourceecology.org/htdocs/ -d oswh.opensourceecology.org -w /var/www/html/forum.opensourceecology.org/htdocs -d forum.opensourceecology.org -w /var/www/html/wiki.opensourceecology.org/htdocs -d wiki.opensourceecology.org -w /var/www/html/microfactory.opensourceecology.org/htdocs/ -d microfactory.opensourceecology.org -w /var/www/html/phplist.opensourceecology.org/public_html/ -d phplist.opensourceecology.org -w /var/www/html/store.opensourceecology.org/htdocs/ -d store.opensourceecology.org -w /var/www/html/certbot/htdocs -d awstats.opensourceecology.org -d munin.opensourceecology.org
  1. fuck; that failed. I think it's because nginx isn't actually setup to listen on the ipv6 address.
  2. actually, the issue is "too many redirects"
  3. I confirmed that it's an infinite redirect in curl
[guttersnipe@super ~]$ curl -6 -siL 'https://www.opensourceecology.org' | tail -n 20
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 09 Apr 2019 19:34:44 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://www.opensourceecology.org/
Strict-Transport-Security: max-age=15552001
Public-Key-Pins: pin-sha256="UbSbHFsFhuCrSv9GNsqnGv4CbaVh5UV5/zzgjLgHh9c="; pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg="; pin-sha256="C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M="; pin-sha256="Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys="; pin-sha256="lCppFqbkrlJ3EcVFAkeip0+44VaoJUymbnOaEUk7tEU="; pin-sha256="K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q="; pin-sha256="Y9mvm0exBk1JoQ57f9Vm28jKo5lFm/woKcVxrYxu80o="; pin-sha256="EGn6R6CqT4z3ERscrqNl7q7RCzJmDe9uBhS/rnCHU="; pin-sha256="NIdnza073SiyuN1TUa7DDGjOxc1p0nbfOCfbxPWAZGQ="; pin-sha256="fNZ8JI9p2D/C+bsB3LH3rWejY9BGBDeW0JhMOiMfa7A="; pin-sha256="oyD01TTXvpfBro3QSZc1vIlcMjrdLTiL/M9mLCPX+Zo="; pin-sha256="0cRTd+vc1hjNFlHcLgLCHXUeWqn80bNDH/bs9qMTSPo="; pin-sha256="MDhNnV1cmaPdDDONbiVionUHH2QIf2aHJwq/lshMWfA="; pin-sha256="OIZP7FgTBf7hUpWHIA7OaPVO2WrsGzTl9vdOHLPZmJU="; max-age=3600; includeSubDomains; report-uri="http:opensourceecology.org/hpkp-report"

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 09 Apr 2019 19:34:44 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://www.opensourceecology.org/
Strict-Transport-Security: max-age=15552001
Public-Key-Pins: pin-sha256="UbSbHFsFhuCrSv9GNsqnGv4CbaVh5UV5/zzgjLgHh9c="; pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg="; pin-sha256="C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M="; pin-sha256="Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys="; pin-sha256="lCppFqbkrlJ3EcVFAkeip0+44VaoJUymbnOaEUk7tEU="; pin-sha256="K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q="; pin-sha256="Y9mvm0exBk1JoQ57f9Vm28jKo5lFm/woKcVxrYxu80o="; pin-sha256="EGn6R6CqT4z3ERscrqNl7q7RCzJmDe9uBhS/rnCHU="; pin-sha256="NIdnza073SiyuN1TUa7DDGjOxc1p0nbfOCfbxPWAZGQ="; pin-sha256="fNZ8JI9p2D/C+bsB3LH3rWejY9BGBDeW0JhMOiMfa7A="; pin-sha256="oyD01TTXvpfBro3QSZc1vIlcMjrdLTiL/M9mLCPX+Zo="; pin-sha256="0cRTd+vc1hjNFlHcLgLCHXUeWqn80bNDH/bs9qMTSPo="; pin-sha256="MDhNnV1cmaPdDDONbiVionUHH2QIf2aHJwq/lshMWfA="; pin-sha256="OIZP7FgTBf7hUpWHIA7OaPVO2WrsGzTl9vdOHLPZmJU="; max-age=3600; includeSubDomains; report-uri="http:opensourceecology.org/hpkp-report"

[guttersnipe@super ~]$
  1. confirmed that this is not an issue on ipv4
[guttersnipe@super ~]$ curl -4 -siL 'https://www.opensourceecology.org' | tail
var mo_theme = {"name_required":"Please provide your name","name_format":"Your name must consist of at least 5 characters","email_required":"Please provide a valid email address","url_required":"Please provide a valid URL","phone_required":"Minimum 5 characters required","human_check_failed":"The input the correct value for the equation above","message_required":"Please input the message","message_format":"Your message must be at least 15 characters long","success_message":"Your message has been sent. Thanks!","blog_url":"https:\/\/www.opensourceecology.org","loading_portfolio":"Loading the next set of posts...","finished_loading":"No more items to load..."};
/* ]]> */
</script>
<script type='text/javascript' src='https://www.opensourceecology.org/wp-content/themes/enigmatic/js/main.js?ver=1.6'></script>
<script type='text/javascript' src='https://www.opensourceecology.org/wp-includes/js/wp-embed.min.js?ver=4.9.4'></script>

</body>
</html>


[guttersnipe@super ~]$
  1. ah, duh, there's 2x server blocks in the nginx www.opensourceecology.org config file. I had to add the listen block for ipv6 to both the server block for redirecting the naked domain to www.opensourcecology.org *AND* the next server block for www.opensourceecology.org
  2. I re-ran the cerbot command above, and this time it listed all the doamins _except_ www.opensourcecology.org. So now I'll add the ipv6 listen line to the other nginx files = oswh, store, munin, forum, microfactory, wiki, fef, & awstats
  3. that worked!
[root@opensourceecology conf.d]# certbot -nv --expand --cert-name opensourceecology.org certonly -v --webroot -w /var/www/html/www.opensourceecology.org/htdocs/ -d opensourceecology.org  -w /var/www/html/www.opensourceecology.org/htdocs -d www.opensourceecology.org -w /var/www/html/fef.opensourceecology.org/htdocs/ -d fef.opensourceecology.org  -w /var/www/html/staging.opensourceecology.org/htdocs -d staging.opensourceecology.org -w /var/www/html/oswh.opensourceecology.org/htdocs/ -d oswh.opensourceecology.org -w /var/www/html/forum.opensourceecology.org/htdocs -d forum.opensourceecology.org -w /var/www/html/wiki.opensourceecology.org/htdocs -d wiki.opensourceecology.org -w /var/www/html/microfactory.opensourceecology.org/htdocs/ -d microfactory.opensourceecology.org -w /var/www/html/phplist.opensourceecology.org/public_html/ -d phplist.opensourceecology.org -w /var/www/html/store.opensourceecology.org/htdocs/ -d store.opensourceecology.org -w /var/www/html/certbot/htdocs -d awstats.opensourceecology.org -d munin.opensourceecology.org
...
IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/opensourceecology.org/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/opensourceecology.org/privkey.pem
   Your cert will expire on 2019-07-08. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

[root@opensourceecology conf.d]#
  1. updated the documentation to better cover how to create the awstats file & update the cooreponding cron job https://wiki.opensourceecology.org/index.php?title=Wordpress&type=revision&diff=189490&oldid=189488
  2. I also installed the 'storefront' theme by woocommerce
  3. and I installed & activated the 'woocommerce' plugin v3.5.7
  4. I also installed the plugin 'coingate-for-wocommerce' so we can accept crypto payments https://wordpress.org/plugins/coingate-for-woocommerce/
  5. and I installed all the plugins that Oshine claimed to be required = BE Portfolio Post Type, Colorhub, Meta Box Conditional Logic, Meta Box Show Hide, Meta Box Tabs, Oshine Core, Oshine Modules, Tatsu and Typehub.
  6. I created users for marcin & Catarina
  7. I sent an email to Catarina about the new site
  8. added section to our documentation about adding new sites to statuscake https://wiki.opensourceecology.org/index.php?title=Wordpress&diff=189497&oldid=189496
  9. added the 'microfactory' & 'store' sites to our statuscake account.
    1. http://status.opensourceecology.org

...

  1. Catarina got back to me & asked to install the classic editor (I mentioned how shitty the block editor is), so I did.
  2. back-and-forth, and I installed many more plugins too

Fri Apr 05, 2019

  1. removed an orphaned test echo from lists/admin/languages.php that was leaving a 'test' at the top of every page on phplist.opensourceecology.org
  2. updated server with catarina's new ssh key
  3. emails
  4. recorded time & logs to wiki
Retrieved from "https://wiki.opensourceecology.org/index.php?title=Maltfield_Log/2019_Q2&oldid=195383"