The codebase for my website has become a big mess. There are includes everywhere, globals and functions and scripts and styles all over the place, and a huge case of code duplication.
Although not a huge problem at the moment, I have just looked at modifying something and that has meant having to paste over parts of previous files and, where applicable, re-coding each file by hand.
Therefore, I am going to start from scratch. After Googling things like refactoring messy code
, refactoring messy php
, and then searching Youtube for the same search strings, plus php avoid duplicating
I ended up searching for php multidimensional array
(since I believed that is partly what I'll need to get my head around) and watched Beginner PHP Tutorial - 40 - Multi-dimensional Arrays.
After a couple of related videos I stumbled upon CS75 (Summer 2012) Lecture 0 HTTP Harvard Web Development David Malan and, after skipping to the first PHP video in the series, decided to go back to lecture zero and watch through all of them (still working my way through).
So, there is a right and not-so-right way of doing things, and the best way of putting that into practise will be to start from scratch (sort of).
Old PC does not have a web server. So, that will be the first step: LAN test webserver, chrooted, with a much better directory structure than I'm currently using on my VPS, and to incorporate git into the development process.
Before setting up Lighttpd
I am going to be using Lighttpd again for this machine, just because that is what I'm using on my VPS so I can mostly use similar rules when I move things between the two "servers".
sudo mkdir -p /webroot/var/www/johncook.co.uk/live/html
sudo chown www-data /webroot/var/www/
sudo chgrp -R www-data /webroot/var/www/
sudo chown -R john /webroot/var/www/johncook.co.uk/
sudo chmod 755 /webroot/var/www/
sudo chmod -R 710 /webroot/var/www/johncook.co.uk/
sudo chmod 750 /webroot/var/www/johncook.co.uk/live/html
That should, if I have got the permissions correct, allow the webserver to get to the html directories, but not be able to access the files in the johncook.co.uk directory.
It will also currently require use of the sudo command to change the group a directory/file belongs to if going with file/directory permissions, but since new files/directories are created with 755 permissions the webserver will be able to read and execute new files (other=5=read/execute). I should just be able to change the "other" permissions to 0 and that will lock out the webserver from files/directories within that directory.
I should probably point out at this point that I am using some of the methods and naming structures used when I originally set-up my new VPS, so some of this content will be somewhat based upon the work of others including Lighttpd FasCGI PHP, MySQL chroot jail installation under Debian Linux.
Now to create the needed directories:
sudo su
mkdir -p /webroot/tmp /webroot/etc /webroot/var/log/lighttpd /webroot/var/cache/lighttpd/compress
chmod 1777 /webroot/tmp
chown www-data:www-data /webroot/var/log/lighttpd /webroot/var/cache/lighttpd/compress
exit
Installing Lighttpd, PHP, and MySQL
sudo apt-get update
dpkg -s openssl
dpkg -s perl
dpkg -s git
sudo apt-get install lighttpd php5-cgi php-apc php5-mysql mysql-server
The reason I am using the dpkg command: I want to make sure the version of openssl installed is >=1.0.1, and to double-check git and perl are already installed (which they are) - I could have added them to the install line, but then I'd be duplicating stuff done in my other article.
After setting up a "root" password for mysql, dpkg -s lighttpd just to double-check it has ssl support (it depends on libssl1.0.0 > 1.0.0) and dpkg -s libssl1.0.0 gives version 1.0.1e-2+deb7u4 installed. The problem with this method of file versioning - is this the lastest most secure version?
dpkg -S libssl1.0.0 gives a recent changes file, and zgrep CVE /usr/share/doc/libssl1.0.0/changelog.Debian.gz | head suggests this is most likely version 1.0.1f going by the OpenSSL 1.0.1 Branch Release notes (i.e. purely comparing fixes related to CVE numbers).
Now it is time to get the configuration files copied over to the /webroot/ area:
sudo cp -avr /etc/php5 /webroot/etc/
sudo cp -av /etc/hosts /etc/nsswitch.conf /etc/resolv.conf /etc/services /etc/localtime /webroot/etc/And to copy all possibly needed files over to the jail, hoping that the rsync commands I use on my VPS (Ubuntu) will work on Debian:
... which it didn't. Need to create some more directories and remove the /lib64/ line (Old PC has a 32-bit processor)...
sudo mkdir -p /webroot/bin /webroot/usr/bin /webroot/lib /webroot/usr/lib /webroot/usr/share/zoneinfo
sudo /usr/bin/rsync -r -t -p -l -g -o --delete --exclude '/udev/' /usr/share/zoneinfo/ /webroot/usr/share/zoneinfo/
sudo /usr/bin/rsync -r -t -p -l -g -o --delete --exclude '/udev/' /lib/ /webroot/lib/
sudo /usr/bin/rsync -r -t -p -l -g -o --delete --exclude '/udev/' /usr/lib/ /webroot/usr/lib/
sudo /usr/bin/rsync -r -t -p -l -g -o --delete --exclude '/udev/' /bin/bash /webroot/bin/bash
sudo /usr/bin/rsync -r -t -p -l -g -o --delete --exclude '/udev/' /bin/sh /webroot/bin/sh
sudo /usr/bin/rsync -r -t -p -l -g -o --delete --exclude '/udev/' /usr/bin/php5-cgi /webroot/usr/bin/php5-cgiI have deleted a further 2 lines from the above for binaries shtool and php5 - they don't exist on Old PC so I'll see if I actually need them before installing them and copying them across. So far, it appears I don't need php5 because I'm using php5-cgi via fastcgi.
Configure Lighttpd
sudo nano /etc/lighttpd/lighttpd.conf and add the following lines before server.document-root:
server.chroot = "/webroot"
server.bind = "192.168.1.34"Save, and then sudo service lighttpd restart - it started OK.
sudo apt-get install lynx
lynx http://192.168.1.34 - 404 Not Found.
That is good, now for some more configuratoin changes...
- Add
"mod_accesslog",to the server.modules = ( ... ) section of the lighttpd.conf file. - Add
accesslog.filename = "/var/log/lighttpd/access.log"to the lighttpd.conf config. service lighttpd restart
And after creating a test index.php file in /webroot/var/www/, I'm getting a 403 error, so:
sudo mkdir -p /etc/lighttpd/conf.d /etc/lighttpd/vhosts.dsudo nano /etc/lighttpd/conf.d/fastcgi.conf
fastcgi.server = ( ".php" => ((
"bin-path" => "/usr/bin/php5-cgi",
"socket" => "/tmp/php.socket",
"min-procs" => 1,
"max-procs" => 1,
"idle-timeout" => 20,
"bin-environment" => (
"PHP_FCGI_CHILDREN" => "2",
"PHP_FCGI_MAX_REQUESTS" => "500"
),
"bin-copy-environment" => (
"PATH", "SHELL", "USER"
),
"broken-scriptfilename" => "enable"
)))Note: The reason I am doing this, rather than doing it the old way (i.e. the way the current version of lighttpd on Debian does things) is because of the pain I had upgrading configuration files on Ubuntu after upgrading lighttpd. Therefore, I am going to copy as much of the new way of doing things as possible.
Move the entire server.modules section from lighttpd.conf into /etc/lighttpd/modules.conf, and at the top of lighttpd.conf add include "modules.conf".
Add the following to the bottom of modules.conf:
include "conf.d/fastcgi.conf"
And then, in lighttpd.conf, add the following to the bottom of the file under the include_shell lines (and comment the include_shell line that makes lighttpd listen on all IPv6 addresses):
## Variables
var.server_root = server.document-root
var.vhosts_dir = server_root
var.basedir = vhosts_dir
var.port = "(:" + server.port + ")?$"
## Virtual Hosts (vhosts)
#include "vhosts.d/johncook.co.uk"
Basically, my VPS previously used basedir and port as variables in the vhost configuration files, and then I moved to the new way of doing things without modifying all the files. Some of the variable names were taken from the Lighttpd configuration documentation.
And then run sudo lighty-enable-mod fastcgi and sudo service lighttpd restart
Still getting a 403 error, a quick modificiation of permissions of index.php to 750 and changing group to www-data, and the file loads.
index.php does, of course, have phpinfo() in there, and everything looks fine, so time to delete it.
Configuring Virtual Hosts
As previously mentioned, I had massive trouble upgrading to the newer versions of lighttpd on my VPS due to big changes in the configuration files. I am therefore going to try and mimic the new way of doing things to make the configuration as future-proof as possible.
Now to set-up the two vhosts, sudo nano /etc/lighttpd/vhosts.d/johncook.co.uk
$SERVER["socket"] == "[2001:470:1f09:1aab::80:13]:80" {
var.servername = "/johncook.co.uk"
server.document-root = var.basedir + servername + "/live/html"
}
$SERVER["socket"] == "[fdd7:5938:e2e6:1::80:13]:80" {
var.servername = "/johncook.co.uk"
server.document-root = var.basedir + servername + "/develop/html"
}Then add the following to my /etc/init.d/ipv6-addresses file:
/bin/ip -6 addr add fdd7:5938:e2e6:1::80:13/128 dev eth0
/bin/ip -6 addr add 2001:470:1f09:1aab::80:13/128 dev eth0Run sudo /etc/init.d/ipv6-addresses start and then uncomment the include line for vhosts.d/johncook.co.uk in lighttpd.conf, and restart lighty.
Check I get a 404 - Not Found error in the browser on my networked laptop for both IPv6 addresses, which I do.
The benefit of using the above addresses are several:
- They follow the numbering convention I use on my VPS.
- The current version of johncook.co.uk is hosted at [2001:470:1f09:38d::80:13].
- It makes sense to use a similar IP address for development and live sites (different prefix, same suffix).
- The only way to access the development version of the site is to have access to my ULA network.
Final test: Create an index.php file in /live/ with <?php echo "test"; ?>, save, and test it is only visible on the public IPv6 address. It is - the IPv4 and IPv6 private addresses are still returning a 404. Delete the file.
Lighttpd Mostly Set-up
To summarise, Lighttpd is now mostly set-up and is its own chroot/jail.
Virtual hosts have been configured, albeit not using name-based addressing at present.
Everything I need to continue has been set-up and is, to my knowledge, working properly.
Setting Up Git Repository
I have never really used git much before, other than for cloning repositories and making a couple of pull requests. So this is going to involve a bit of learning.
- Make sure I am no longer root.
cd /webroot/var/www/johncook.co.uk/livegit initecho "johncook.co.uk" > READMEgit add READMEgit commit -m "Initial Commit"cd ..git clone live/ developcd develop/git branch developgit checkout develop
I'm not sure if this is the right way of doing things or not. I'll soon find out.
Install Ruby, Rubygems, Bower, and Grunt
sudo apt-get install ruby1.9.1 rubygems
sudo su
echo "deb http://ftp.us.debian.org/debian wheezy-backports main" >> /etc/apt/sources.list
apt-get update
apt-get install nodejs-legacy curl
curl --insecure https://www.npmjs.org/install.sh | bash
exit
sudo npm install -g bower grunt-cli
sudo gem install foundation
sudo gem install compass
foundation new johncook.co.uk --libsass
mkdir html
cd johncook.co.uk
nano Gruntfile.js
Change "css/app.css" to "../html/css/app.css", and then run grunt.
Double-check that http://[fdd7:5938:e2e6:1::80:13]/css/app.css contains the CSS file. It does.
cd ..
git add -A
git commit -m "Installed Zurb Foundation, changed where app.css is output to"
cd ../live
git pull ../develop
And a look at http://[2001:470:1f09:1aab::80:13]/css/app.css: it does all appear to be working.
The only issue now is that git changes file permissions. TODO: Decide what to do about file permissions.
cd develop/ and have a look at what can be moved.
git mv johncook.co.uk/js/ html/
rm -r johncook.co.uk/css/
git commit -a
Moved Foundation JavaScript to html directory
cd ../live
git pull ../develop
Finally, nano html/index.php
<!DOCTYPE html>
<html>
<head>
<title>Coming Soon</title>
</head>
<body>
<h1>Coming Soon</h1>
<p>The new websites johncook.co.uk and watfordjc.co.uk are in development.</p>
</body>
</html>And then a git add -A, git commit -a, and then a git pull ../develop from /live/.
Since both copies are now the same, I think I know the right way to do this now...
cd /live/
git branch develop
git branch release
cd ../develop
git pull
git branch --set-upstream develop origin/develop