- Create a new fresh wordpress install. Some basic instructions are here https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-on-ubuntu-14-04
NOTE: This tutorial assumes you will using the same MySQL database server and a MySQL database user that can access both databases. - Make a copy of all the plugins and themes that you need. If this on the same server it is easy. If not use rsync, scp or ftp.
cp -r /old/path/to/wordpress/mu/wp-content/plugins/* /new/single/site/wordpress/wp-content/plugins/.
cp -r /old/path/to/wordpress/mu/wp-content/themes/* /new/single/site/wordpress/wp-content/themes/. - Get the blog number of the old site. You can use the network admin and go to the Sites or /wp-admin/network/sites.php and the link to the blog will have ?id=#. This will be used to prefix the tables that are needed wp_#_tableName.
- Copy over the existing data from the old database to the new one
mysql -u root -p NewDb
mysql> INSERT INTO wp_commentmeta SELECT * FROM wpmu.wp_#_commentmeta;
mysql> INSERT INTO wp_comments SELECT * FROM wpmu.wp_#_comments;
mysql> INSERT INTO wp_links SELECT * FROM wpmu.wp_#_links;
mysql> INSERT INTO wp_posts SELECT * FROM wpmu.wp_posts;
mysql> INSERT INTO wp_term_relationships SELECT * FROM wpmu.wp_#_term_relationships; - Empty tables that have data in them already and then copy over old data.
mysql> TRUNCATE TABLE wp_options;
mysql> INSERT INTO wp_options SELECT * FROM wpmu.wp_#_options;
mysql> TRUNCATE TABLE wp_posts;
mysql> INSERT INTO wp_posts SELECT * FROM wpmu.wp_posts;
mysql> TRUNCATE TABLE wp_term_taxonomy;
mysql> INSERT INTO wp_term_taxonomy SELECT * FROM wpmu.wp_#_term_taxonomy;
mysql> TRUNCATE TABLE wp_terms;
mysql> INSERT INTO wp_terms SELECT * FROM wpmu.wp_#_terms;
mysql> TRUNCATE TABLE wp_usermeta;
mysql> INSERT INTO wp_usermeta SELECT * FROM wpmu.wp_usermeta;
mysql> TRUNCATE TABLE wp_users;
mysql> INSERT INTO wp_users
(`ID`,`user_login`,`user_pass`,`user_nicename`,`user_email`,`user_url`,`user_registered`,`user_activation_key`,`user_status`,`display_name`) SELECT `ID`,`user_login`,`user_pass`,`user_nicename`,`user_email`,`user_url`,`user_registered`,`user_activation_key`,`user_status`,`display_name` FROM wpmu.wp_users;
mysql> TRUNCATE TABLE wp_postmeta;
mysql> INSERT INTO wp_postmeta SELECT * FROM wpmu.wp_#_postmeta; - Create tables and copy data for plugins as necessary
mysql> CREATE TABLE wp_calendar LIKE wpmu.wp_#_calendar;
mysql> CREATE TABLE wp_calendar_categories LIKE wpmu.wp_#_calendar_categories;
mysql> CREATE TABLE wp_calendar_config LIKE wpmu.wp_#_calendar_config;
mysql> CREATE TABLE wp_contact_form_7 LIKE wpmu.wp_#_contact_form_7;
mysql> CREATE TABLE wp_duplicator LIKE wpmu.wp_#_duplicator;
mysql> CREATE TABLE wp_duplicator_packages LIKE wpmu.wp_#_duplicator_packages;
mysql> CREATE TABLE wp_eventscalendar_main LIKE wpmu.wp_#_eventscalendar_main;
mysql> CREATE TABLE wp_forum_forums LIKE wpmu.wp_#_forum_forums;
mysql> CREATE TABLE wp_forum_groups LIKE wpmu.wp_#_forum_groups;
mysql> CREATE TABLE wp_forum_posts LIKE wpmu.wp_#_forum_posts;
mysql> CREATE TABLE wp_forum_threads LIKE wpmu.wp_#_forum_threads;
mysql> CREATE TABLE wp_forum_usergroup2user LIKE wpmu.wp_#_forum_usergroup2user;
mysql> CREATE TABLE wp_forum_usergroups LIKE wpmu.wp_#_forum_usergroups;
mysql> CREATE TABLE wp_ngg_album LIKE wpmu.wp_#_ngg_album;
mysql> CREATE TABLE wp_ngg_gallery LIKE wpmu.wp_#_ngg_gallery;
mysql> CREATE TABLE wp_ngg_pictures LIKE wpmu.wp_#_ngg_pictures;
mysql> INSERT INTO wp_calendar SELECT * FROM wpmu.wp_#_calendar;
mysql> INSERT INTO wp_calendar_categories SELECT * FROM wpmu.wp_#_calendar_categories;
mysql> INSERT INTO wp_calendar_config SELECT * FROM wpmu.wp_#_calendar_config;
mysql> INSERT INTO wp_contact_form_7 SELECT * FROM wpmu.wp_#_contact_form_7;
mysql> INSERT INTO wp_duplicator SELECT * FROM wpmu.wp_#_duplicator;
mysql> INSERT INTO wp_duplicator_packages SELECT * FROM wpmu.wp_#_duplicator_packages;
mysql> INSERT INTO wp_eventscalendar_main SELECT * FROM wpmu.wp_#_eventscalendar_main;
mysql> INSERT INTO wp_forum_forums SELECT * FROM wpmu.wp_#_forum_forums;
mysql> INSERT INTO wp_forum_groups SELECT * FROM wpmu.wp_#_forum_groups;
mysql> INSERT INTO wp_forum_posts SELECT * FROM wpmu.wp_#_forum_posts;
mysql> INSERT INTO wp_forum_threads SELECT * FROM wpmu.wp_#_forum_threads;
mysql> INSERT INTO wp_forum_usergroup2user SELECT * FROM wpmu.wp_#_forum_usergroup2user;
mysql> INSERT INTO wp_forum_usergroups SELECT * FROM wpmu.wp_#_forum_usergroups;
mysql> INSERT INTO wp_ngg_album SELECT * FROM wpmu.wp_#_ngg_album;
mysql> INSERT INTO wp_ngg_gallery SELECT * FROM wpmu.wp_#_ngg_gallery;
mysql> INSERT INTO wp_ngg_pictures SELECT * FROM wpmu.wp_#_ngg_pictures;
- To ensure that there is no wp_#_tableName in the data you may need to dump the DB and then search and replace that string then import it again.
mysqldump -u root -p database > database.sql
sed -i 's/wp_#_/wp_/g' database.sql
mysql -u root -p database < database.sql - This assumes you have a new apache or nginx setup pointing to the old domain and the domain name is not changing. If you want to change the domain you can edit the wp_options table
mysql> UPDATE wp_options SET option_value = 'http://new.domain.name/' where option_name=siteurl;
mysql> UPDATE wp_options SET option_value = 'http://new.domain.name/' where option_name=home;
Justin Hamade's Blog
Rambling about Django, Python, Ansible and sometimes PHP and Wordpress. I enjoy talking about all technologies, and offer help when I can.
Friday, October 10, 2014
Converting Wordpress Multisite to Single Site
Wow this is not easy. Here are some notes on the steps that I took.
Sunday, November 03, 2013
Client Certificate Authentication Issues with Apache and OS X Mavericks
Found some good tutorials online but took a few days of troubleshooting for me to figure out why they were not working. Still don't understand SSL and cryptography as much as I would like to. Posting this incase anyone else runs into similar issues.
The 3 tutorials I found via googling were:
# Create the CA Key and Certificate for signing Client Certs
openssl req -config ./openssl.cnf -newkey rsa:2048 -nodes -keyform PEM -keyout ca.key -x509 -days 3650 -extensions certauth -outform PEM -out ca.cer
# Create the Server Key, CSR, and Certificate
The 3 tutorials I found via googling were:
- Apache
- http://www.impetus.us/~rjmooney/projects/misc/clientcertauth.html
- http://linuxconfig.org/apache-web-server-ssl-authentication
- Nginx
- http://nategood.com/client-side-certificate-authentication-in-ngi
I will recap the commands here for additional info on how it works read either of those.
# Create the CA Key and Certificate for signing Client Certs
openssl req -config ./openssl.cnf -newkey rsa:2048 -nodes -keyform PEM -keyout ca.key -x509 -days 3650 -extensions certauth -outform PEM -out ca.cer
# Create the Server Key, CSR, and Certificate
openssl genrsa -out server.key 2048
openssl req -config ./openssl.cnf -new -key server.key -out server.req
# We're self signing our own server cert here. This is a no-no in production.
openssl x509 -req -in server.req -CA ca.cer -CAkey ca.key -set_serial 100 -extfile openssl.cnf -extensions server -days 365 -outform PEM -out server.cer
rm server.req
# Create the Client Key and CSR I made a client.cnf file for attributes to match the client
openssl genrsa -out client.key 2048
openssl req -config ./client.cnf -new -key client.key -out client.req
# Sign the client certificate with our CA cert. Unlike signing our own server cert, this is what we want to do.
openssl x509 -req -in client.req -CA ca.cer -CAkey ca.key -set_serial 101 -extfile openssl.cnf -extensions client -days 365 -outform PEM -out client.cer
openssl pkcs12 -export -inkey client.key -in client.cer -out client.p12
rm client.key client.cer client.req
This is where I ran into problems with some of the tutorials. Testing with CURL to connect to NGINX worked based on the tutorial at nategood.com worked.
curl -v -s -k --key client.key --cert client.cert https://example.com
But connecting following the first apache tutorial did not and the second one needed some additional steps.
# Install CURL via Homebrew (assuems you have brew installed and up to date) openssl is not required but the OS X version is old
This is where I ran into problems with some of the tutorials. Testing with CURL to connect to NGINX worked based on the tutorial at nategood.com worked.
curl -v -s -k --key client.key --cert client.cert https://example.com
But connecting following the first apache tutorial did not and the second one needed some additional steps.
There seems to be 2 reasons why:
- OS X Mavericks hacked up CURL to not work with client certificates - http://curl.haxx.se/mail/archive-2013-10/0036.html
- CURL prefers certificates to be combined in PEM format with Data Bags included - http://honglus.blogspot.in/2012/03/fix-curl-client-certificate-error-curl.html
# Install CURL via Homebrew (assuems you have brew installed and up to date) openssl is not required but the OS X version is old
brew install openssl curl
# Convert the certificate to pkcs12 and back to pem
# Convert the certificate to pkcs12 and back to pem
openssl pkcs12 -in client.p12 -out client.pem -clcerts
Here is the apache config
Here is the apache config
...
SSLCACertificateFile /var/www/conf/ssl.crt/ca.crt
SSLCACertificateFile /var/www/conf/ssl.crt/ca.crt
...
SSLRequireSSL
SSLVerifyClient require
SSLVerifyDepth 10
...
Now I can connect with (NOTE: do not use the built in curl)
Now I can connect with (NOTE: do not use the built in curl)
/usr/local/Cellar/curl/7.33.0/bin/curl -v -s -k --key client.pem --cert client.pem https://example.com
Wednesday, October 23, 2013
OS X Maverick pkg_resources.DistributionNotFound: pip==1.1
Kept getting the following issue with PIP and easy_install
Ran the following to fix it:Traceback (most recent call last):File "/usr/local/bin/pip", line 5, infrom pkg_resources import load_entry_pointFile "/System/Library/Frameworks/Python.framework/Versions/2.6/Extras/lib/python/pkg_resources.py", line 2603, inworking_set.require(__requires__)File "/System/Library/Frameworks/Python.framework/Versions/2.6/Extras/lib/python/pkg_resources.py", line 666, in requireneeded = self.resolve(parse_requirements(requirements))File "/System/Library/Frameworks/Python.framework/Versions/2.6/Extras/lib/python/pkg_resources.py", line 565, in resolveraise DistributionNotFound(req) # XXX put more info herepkg_resources.DistributionNotFound: pip==1.1
wget https://bitbucket.org/pypa/setuptools/raw/bootstrap/ez_setup.py
sudo python ez_setup.py
sudo easy_install -U pip
Tuesday, April 23, 2013
Django Admin Filter OR queries
Django admin in 1.4+ support the query parameter __in for filtering on multiple values of the same field. Adding this to the admin took some work but is possible, I am not sure if this is the best way to do it but it does work.
Here is a snippet of my admin.py file
https://gist.github.com/justhamade/5447780
Here is a snippet of my admin.py file
https://gist.github.com/justhamade/5447780
Sunday, April 07, 2013
Securing LAMP for Ubuntu 12.04 LTS
This is a summary of this post http://www.thefanclub.co.za/how-to/how-secure-ubuntu-1204-lts-server-part-1-basics
Setup non root user
Setup non root user
ssh root@YOURSERVERIPInstall LAMP, Security and other useful stuff
adduser YOUNONROOTUSER
useradd -G sudo YOUNONROOTUSER
logout
ssh YOURNONROOTUSER@YOURSERVERIP
sudo -i
sudo apt-get install lamp-server^ ufw denyhosts fail2ban psad rkhunter chkrootkit nmap logwatch libdate-manip-perl apparmor apparmor-profiles tiger htop libxml2 libxml2-dev libxml2-utils libaprutil1 libaprutil1-dev libapache-mod-security -ySetup UFW
sudo ufw enableSecure shared mem (requires reboot)
ufw status verbose
sudo ufw allow ssh
sudo ufw allow http
echo 'tmpfs /dev/shm tmpfs defaults,noexec,nosuid 0 0' >> /etc/fstabDisallow root ssh logins (can also change SSH PORT)
sed -i 's/PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_configLimit su command to users that have sudo
sed -i 's/Port 22/Port 2222/g' /etc/ssh/sshd_config
sudo /etc/init.d/ssh restart
sudo dpkg-statoverride --update --add root sudo 4750 /bin/suHarden network with sysctl settings. This is what my /etc/sysctl.conf file ends up looking like with no comments
net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.all.rp_filter=1
net.ipv4.tcp_syncookies=1
net.ipv4.conf.all.accept_redirects = 0
net.ipv6.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv6.conf.all.accept_source_route = 0
net.ipv4.conf.all.log_martians = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.tcp_max_syn_backlog = 2048
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 5
net.ipv4.icmp_echo_ignore_all = 1
sudo sysctl -pPrevent IP Spoofing
# The "order" line is only used by old versions of the C library.Secure PHP (assumes that exec, system, shell_exec, passthru are not already there)
order bing,hosts
nospoof on
multi on
Secure Apache
sed -i 's/expose_php = On/expose_php = Off/g' /etc/php5/apache2/php.ini
sed '/^disable_functions/ s/$/,exec,system,shell_exec,passthru/' /etc/php5/apache2/php.ini > /etc/php5/apache2/php.ini
sed -i 's/ServerTokens OS/ServerTokens Prod/g' /etc/apache2/conf.d/security
sed -i 's/ServerSignature On/ServerSignature Off/g' /etc/apache2/conf.d/security
echo 'Header unset ETag' >> /etc/apache2/conf.d/security
echo 'FileETag None' >> /etc/apache2/conf.d/security
a2enmod headersUpdate fail2ban
/etc/init.d/apache2 restart
sed -s 'action = %(action_)s/action = %(action_mwl)s/g' s//etc/fail2ban/jail.conf
Monday, February 25, 2013
Vagrant on Cygwin
Not fully tested taken from memory and history so if anything is missing please comment.
Taken mostly from a good post here http://www.enrise.com/2012/12/git-and-vagrant-in-a-windows-environment/ Assumes you have latest cygwin and virtualbox installed.
Cygwin need svn and bash Install other deps
Get Vagrant 1.1.0 dev from git (once this is stable then this step is not needed).
Update pull request for cygwin fix from here https://github.com/mitchellh/vagrant/pull/1366
Install gem so deps are install then rake install to update to dev version with patches applied
Add VBOX_USER_HOME
Add symlink to VBoxManage
Use vagrant
Taken mostly from a good post here http://www.enrise.com/2012/12/git-and-vagrant-in-a-windows-environment/ Assumes you have latest cygwin and virtualbox installed.
Cygwin need svn and bash Install other deps
svn --force export http://apt-cyg.googlecode.com/svn/trunk/ /bin/ chmod +x /bin/apt-cyg apt-cyg install make ruby curl git bsdtar ssh
Get Vagrant 1.1.0 dev from git (once this is stable then this step is not needed).
git clone https://github.com/mitchellh/vagrant.git cd vagrant
Update pull request for cygwin fix from here https://github.com/mitchellh/vagrant/pull/1366
curl https://github.com/mitchellh/vagrant/pull/1366.patch | git am
Install gem so deps are install then rake install to update to dev version with patches applied
gem install vagrant rake install
Add VBOX_USER_HOME
export VBOX_USER_HOME=`pwd`/.VirtualBox/
Add symlink to VBoxManage
ln '/cygdrive/c/Program\ Files/Oracle/VirtualBox/VBoxManage.exe' /usr/local/bin/VBoxManage
Use vagrant
vagrant box add lucid32 http://files.vagrantup.com/lucid32.box vagrant init lucid32 vagrant upYou May get an error when starting up. This is because the Virtual box guest additions need to be installed so the directory can be mounted
vagrant ssh sudo apt-get install virtualbox-guest-addition
Tuesday, November 06, 2012
Stackato
wget http://downloads.activestate.com/stackato/vm/v2.4.3/stackato-vm-vbox-v2.4.3.zip unzip stackato-vm-vbox-v2.4.3.zip cd Stackato-VM VBoxManage import Stackato-v2.4.3.ovf VBoxManage modifyvm Stackato-v2.4.3 --nic1 bridged --bridgeadapter1 eth0 VBoxManage startvm Stackato-v2.4.3 --type headlessTo figure out the ip
# scan port 22 nmap -p 22 --open -sV 192.168.X.0/24 VBoxManage showvminfo Stackato-v2.4.3 | grep MAC # OUTPUT IS: NIC 1: MAC: 080027656420, Attachment: Bridged Interface 'eth0', Cable connected: on, Trace: off (file: none), Type: 82540EM, Reported speed: 0 Mbps, Boot priority: 0, Promisc Policy: deny arp -an | grep -i 08:00:27:65:64:20Install stackato client
wget http://downloads.activestate.com/stackato/client/v1.5/stackato-1.5-linux-glibc2.3-x86_64.zip unzip stackato-1.5-linux-glibc2.3-x86_64.zip cd stackato-1.5-linux-glibc2.3-x86_64/ sudo mv stackato /usr/local/bin/. stackato
Subscribe to:
Posts (Atom)