Diskussion:Server/Plone: Unterschied zwischen den Versionen
(13 dazwischenliegende Versionen von 2 Benutzern werden nicht angezeigt) | |||
Zeile 1.292: | Zeile 1.292: | ||
Theoretisch könnte/sollte auch [https://www.freebsd.org/doc/handbook/outgoing-only.html nur das Versendung (von Mails)] eingerichtet werden. | Theoretisch könnte/sollte auch [https://www.freebsd.org/doc/handbook/outgoing-only.html nur das Versendung (von Mails)] eingerichtet werden. | ||
--> | --> | ||
== Customizing vom Layout == | |||
* https://stackoverflow.com/questions/31781909/why-is-the-plonecustom-css-stylesheet-not-loaded#31787068 | |||
== Plone 5 TurnKey Linux == | |||
=== Plone 5 TurnKey Linux Buildout === | |||
Um Buildout in Turnkey-Linux auszuführen, muss man einen eigenen Nutzer verwenden: | |||
sudo -u plone_buildout bin/buildout | |||
---- | |||
Mutmaßlich gilt das für Plone 5. | |||
--[[Benutzer:PaulRiegel|Paul]] 11:48, 9. Nov. 2021 (CET) | |||
== Test von Plone 6 (als LXC Debian 11 auf PVE 7) == | |||
136 | |||
---- | |||
Was soll die Zahl sagen? | |||
[https://pro.stura.htw-dresden.de/issues/136 Aufgabe 136] ist es nicht. | |||
[https://10.1.0.31:8006/#v1:0:=lxc%2F136:4:5:::::: CT (oder VM) 136] ist es nicht. | |||
--[[Benutzer:PaulRiegel|Paul]] 11:42, 9. Nov. 2021 (CET) | |||
== Installation Plone 6 == | |||
=== Installation Plone 6 Vorbereitung === | |||
==== Installation Plone 6 Umgebung ==== | |||
; Host: PCT (LXC on Proxmox) Debian stable (11) | |||
==== Installation Plone 6 Aktualisierung bestehender Pakete ==== | |||
: <code>apt update</code> | |||
: <code>apt -y upgrade</code> | |||
=== Installation Plone 6 backend === | |||
==== Installation Plone 6 backend Installation benötigter Pakete ==== | |||
https://training.plone.org/5/mastering-plone/installation.html#prerequisites | |||
: <code>apt -y install python3.9-dev python3.9-tk python3.9-venv build-essential libssl-dev libxml2-dev libxslt1-dev libbz2-dev libjpeg62-turbo-dev</code> | |||
: <code>apt -y install libreadline-dev wv poppler-utils</code> | |||
: <code>apt -y install git</code> | |||
: <s><code>apt -y install python3-pip</code></s> | |||
==== Installation Plone 6 backend pip ==== | |||
https://plone.org/download/releases/6.0.0a2 | |||
---- | |||
{| class="wikitable" | |||
|- | |||
! buildout style | |||
! pip style | |||
|- | |||
| colspan=2 | | |||
: <code>mkdir plone</code> | |||
: <code>cd plone/</code> | |||
|- | |||
| colspan=2 | | |||
: <code>mkdir backend</code> | |||
: <code>cd backend/</code> | |||
|- | |||
| | |||
: <code>nano buildout.cfg</code> | |||
<pre> | |||
[buildout] | |||
extends = https://dist.plone.org/release/6.0.0a2/versions.cfg | |||
parts = instance | |||
[instance] | |||
recipe = plone.recipe.zope2instance | |||
eggs = | |||
Plone | |||
plone.volto | |||
user = admin:admin | |||
zodb-temporary-storage = off | |||
</pre> | |||
: <s><code>chmod +x buildout.cfg</code></s> | |||
| | |||
|- | |||
| colspan=2 | | |||
: <code>python3.9 -m venv .</code> | |||
|- | |||
| | |||
: <code>bin/pip install -r https://dist.plone.org/release/6.0.0a2/requirements.txt</code> | |||
: <code>bin/buildout</code> | |||
| | |||
: <code>bin/pip install -U pip setuptools wheel</code> | |||
: <code>bin/pip install Plone plone.volto -c https://dist.plone.org/release/6.0.0a2/constraints.txt --use-deprecated legacy-resolver</code> | |||
: <code>bin/mkwsgiinstance -u admin:admin -d .</code> | |||
|- | |||
| | |||
: <code>bin/instance fg</code> | |||
| | |||
: <code>bin/runwsgi -v etc/zope.ini</code> | |||
|- | |||
| | |||
| | |||
: <code>nano etc/zope.ini</code> | |||
<pre></pre> | |||
<pre> | |||
#host = 127.0.0.1 | |||
host = 0.0.0.0 | |||
</pre> | |||
<pre></pre> | |||
: <code>bin/runwsgi -v etc/zope.ini</code> | |||
|- | |||
|} | |||
=== Installation Plone 6 backend Nachbereitung === | |||
==== Installation Plone 6 backend Änderung Dienst starten ==== | |||
<!-- | |||
: <code>systemctl status plone</code> | |||
: <code>systemctl start plone</code> | |||
: <code>systemctl enable plone</code> | |||
!--> | |||
==== Installation Plone 6 backend Änderung vom Passwort bei Zope ==== | |||
Die standardmäßigen Zugangsdaten sind | |||
; Konto: admin | |||
; Passwort: admin | |||
. | |||
Bei | |||
: http://127.0.0.1:8080/acl_users/users/manage_users | |||
ist das (einzige) Konto ''admin'' zu finden. | |||
Bei | |||
: http://127.0.0.1:8080/acl_users/users/manage_users?user_id=admin&passwd=1 | |||
kann das Passwort geändert werden. | |||
==== Installation Plone 6 web server ==== | |||
===== Installation Plone 6 nginx ===== | |||
http://plone-6.test.domain.tld:8080/Plone | |||
---- | |||
: <code>apt -y install nginx</code> | |||
: <code>less /etc/nginx/sites-available/default</code> | |||
https://docs.plone.org/manage/deploying/front-end/nginx.html#minimal-nginx-front-end-configuration-for-plone-on-ubuntu-debian-linux | |||
: <code>nano /etc/nginx/sites-available/plone-6.test.domain.tld</code> | |||
<pre> | |||
add_header X-Frame-Options "SAMEORIGIN"; | |||
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains"; | |||
add_header X-XSS-Protection "1; mode=block"; | |||
add_header X-Content-Type-Options "nosniff"; | |||
#add_header Content-Security-Policy "default-src 'self'; img-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'"; | |||
add_header Content-Security-Policy-Report-Only "default-src 'self'; img-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'"; | |||
upstream plone { | |||
server 127.0.0.1:8080; | |||
} | |||
server { | |||
listen 80; | |||
server_name plone-6.test.domain.tld; | |||
access_log /var/log/nginx/plone-6.test.domain.tld.access.log; | |||
error_log /var/log/nginx/plone-6.test.domain.tld.error.log; | |||
location / { | |||
proxy_pass http://plone/VirtualHostBase/http/plone-6.test.domain.tld:80/Plone/VirtualHostRoot/; | |||
} | |||
} | |||
</pre> | |||
: <code>ln -s /etc/nginx/sites-available/plone-6.test.domain.tld /etc/nginx/sites-enabled/plone-6.test.domain.tld</code> | |||
: <code>apt -y install certbot</code> | |||
: <code>apt -y install python3-certbot-nginx</code> | |||
: <code>certbot --nginx</code> | |||
: <code>nano /etc/nginx/sites-enabled/plone-6.test.domain.tld</code> | |||
<pre> | |||
add_header X-Frame-Options "SAMEORIGIN"; | |||
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains"; | |||
add_header X-XSS-Protection "1; mode=block"; | |||
add_header X-Content-Type-Options "nosniff"; | |||
#add_header Content-Security-Policy "default-src 'self'; img-src *; style-src 'self' 'unsafe-inline'; script-src 'sel> | |||
add_header Content-Security-Policy-Report-Only "default-src 'self'; img-src *; style-src 'self' 'unsafe-inline'; scri> | |||
upstream plone { | |||
server 127.0.0.1:8080; | |||
} | |||
server { | |||
server_name plone-6.test.domain.tld; | |||
access_log /var/log/nginx/plone-6.test.domain.tld.access.log; | |||
error_log /var/log/nginx/plone-6.test.domain.tld.error.log; | |||
location / { | |||
# proxy_pass http://plone/VirtualHostBase/http/plone-6.test.domain.tld:80/Plone/VirtualHostRoot/; | |||
proxy_pass http://plone/VirtualHostBase/https/plone-6.test.domain.tld:443/VirtualHostRoot/; | |||
# proxy_pass http://plone/VirtualHostBase/https/plone-6.test.domain.tld:443/Plone/VirtualHostRoot/; | |||
} | |||
listen 443 ssl; # managed by Certbot | |||
ssl_certificate /etc/letsencrypt/live/plone-6.test.domain.tld/fullchain.pem; # managed by Certbot | |||
ssl_certificate_key /etc/letsencrypt/live/plone-6.test.domain.tld/privkey.pem; # managed by Certbot | |||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot | |||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot | |||
} | |||
server { | |||
if ($host = plone-6.test.domain.tld) { | |||
return 301 https://$host$request_uri; | |||
} # managed by Certbot | |||
listen 80; | |||
server_name plone-6.test.domain.tld; | |||
return 404; # managed by Certbot | |||
} | |||
</pre> | |||
: <code>systemctl reload nginx</code> | |||
---- | |||
https://plone-6.test.domain.tld/Plone | |||
---- | |||
: <code>nano etc/zope.ini</code> | |||
<pre></pre> | |||
<pre> | |||
host = 127.0.0.1 | |||
####host = 0.0.0.0 | |||
</pre> | |||
<pre></pre> | |||
: <code>bin/runwsgi -v etc/zope.ini</code> | |||
<pre></pre> | |||
<pre> | |||
2021-13-42 01:23:45 INFO [Zope:42][MainThread] Ready to handle requests | |||
Starting server in PID 126997. | |||
2021-13-42 01:23:45 INFO [waitress:485][MainThread] Serving on http://127.0.0.1:8080 | |||
</pre> | |||
===== Installation Plone 6 Apache ===== | |||
==== Installation Plone 6 frontend ==== | |||
https://training.plone.org/5/mastering-plone/installation.html#installing-plone-frontend | |||
== proxy web server == | |||
https://www.starzel.de/blog/securing-plone-sites-with-https-and-nginx |
Aktuelle Version vom 5. Dezember 2021, 16:23 Uhr
Plone 5 testen[Bearbeiten]
Ave PT!
Da du ja begonnen hattest Plone 5 "zu spielen": Bei Launchpad liegt die "roadmap" zu Plone 5, so tagesaktuell auch die 5.0a2, die du mit dem UnifiedInstaller, den du ja zu Plone 4 erfolgreich (nach dem "vorgegeben" Schema) verwendet hattest.
Kollaborative
--Paul 06:14, 13. Dez. 2014 (CET)
Plone 5 ist veröffentlicht!
--Paul 04:43, 22. Okt. 2015 (CEST)
Wer spielen mag kann, wenn auch nicht bequem aus den Ports (für FreeBSD), eine #Installation Plone 5 vornehmen und sich ausleben.
Wenn ich die Zeit finde, dann baue ich noch die Tage eine (derartige) Instanz für das Projekt Plone/Theming (website:stura/ref/verwaltung/web/plone-theming) als Jail auf srs1337.
--Paul 04:43, 22. Okt. 2015 (CEST)
Installation einer bestimmten (veralteten) Version von Plone mit UnifiedInstaller[Bearbeiten]
pkg update; pkg upgrade -y
pkg install -y wget
mkdir -p /usr/local/install/plone; cd /usr/local/install/plone
wget https://launchpad.net/plone/4.0/4.0.5/+download/Plone-4.0.5-UnifiedInstaller.tgz
tar -xvf Plone-4.0.5-UnifiedInstaller.tgz
cd Plone-4.0.5-UnifiedInstaller
./install.sh standalone
Username: admin Password: admin
cd /usr/local/Plone/zinstance
./bin/plonectl start
--Paul 01:33, 10. Aug. 2015 (CEST)
- Quelle zur Übersicht der verfügbaren Dateien für UnifiedInstaller am Beispiel Plone 4.0: https://launchpad.net/plone/4.0
- https://plone.org/products/plone/releases/ und dann die entsprechende Version auswählen
--Paul 02:02, 10. Aug. 2015 (CEST)
dump beschaffen und beispielsweise in /usr/local/install/plone/dump ablegen
mkdir /usr/local/install/plone/dump
- auf dem Hauptsystem den dump herüber kopieren
cp /mnt/zroot/jails/name-der-alten-jail/usr/local/dump-of-plone.tar.gz /mnt/zroot/jails/name-der-neuen-jail/usr/local/install/plone/dump/dump-of-plone.tar.gz
cd /usr/local/install/plone/dump
tar -xvf dump-of-plone.tar.gz
cp -pr /usr/local/Plone/zinstance/ /usr/local/Plone/zinstance.bak/
cp -pr /usr/local/install/plone/dump/Plone/zinstance/var/filestorage/Data.fs /usr/local/Plone/zinstance/var/filestorage/Data.fs
cp -pr /usr/local/install/plone/dump/Plone/zinstance/var/blobstorage/ /usr/local/Plone/zinstance/var/blobstorage/
cp -pr /usr/local/install/plone/dump/Plone/zinstance/*.conf /usr/local/Plone/zinstance/bak/
cp -pr /usr/local/install/plone/dump/Plone/zinstance/*.cfg /usr/local/Plone/zinstance/previous-zinstance
cp -pr /usr/local/install/plone/dump/Plone/zinstance/adminPassword.txt /usr/local/Plone/zinstance/previous-zinstance
cp -pr /usr/local/install/plone/dump/Plone/zinstance/src/ /usr/local/Plone/zinstance/src/
cd /usr/local/Plone/zinstance
./bin/plonectl start
- Plone 3
Im Übrigen müsste das auch so mit Plone 3 funktionieren.
Username: admin Password: admin
Falls wer übermotiviert ein Plone 3 zu Plone 4 aktualisieren mag: Updating a custom Plone 3 buildout for Plone 4
--Paul 01:33, 10. Aug. 2015 (CEST)
Tutorial:
--Paul 01:54, 10. Aug. 2015 (CEST)
Inhalte von Plone übertragen[Bearbeiten]
- http://docs.plone.org/develop/plone/content/importexport.html
- http://quintagroup.com/services/support/tutorials/import-export-plone
- …
wenn mit UnifiedInstaller die bisherige Version 4.0.5 installiert wird, dann werden folgende Versionen verwendet
Plone 4.0.5 Zope 2.12.23 Python 2.6.6
Plone 4 ist aber folgendes
Plone 4.0.5 Zope 2.12.23 Python 2.6.6 (r266:84292, Sep 25 2011, 12:20:08) [GCC 4.2.1 20070719 [FreeBSD]]
wenn mit UnifiedInstaller die bisherige Version 3.3.5 installiert wird, dann werden folgende Versionen verwendet
Plone 3.3.5 CMF 2.1.2 Zope (unreleased version, python 2.4.6, freebsd9) Python 2.4.6 (#1, Aug 10 2015, 00:11:06) [GCC 4.2.1 20070831 patched [FreeBSD]] PIL 1.1.6
Plone 3 ist aber folgendes
Plone 3.2.1 CMF 2.1.2 Zope (Zope 2.10.9-final, python 2.4.6, freebsd8) Python 2.4.6 (#1, Sep 25 2011, 15:33:29) [GCC 4.2.1 20070719 [FreeBSD]] PIL 1.1.6
- Versuch export/import Plone 4
- aus dem bisherigen Plone "einfach" exportieren lassen
- Das kann wohl was dauern!
- Jail neu aufsetzen
- Plone mit UnifiedInstaller in der gleichen Version 4.0.5 installieren
- export (dump) in die neue Jail kopieren
- builtout (vielleicht auch erst später)
- in das kommende Plone "einfach" importieren lassen
- Drecksarbeit abwarten!
weitere wohl benötigte Pakete[Bearbeiten]
- wv installieren
pkg install -y wv
- xpdf installieren
pkg install -y xpdf
ln -s /usr/local/libexec/xpdf/pdftotext /usr/local/bin/pdftotext
--Paul 01:52, 12. Aug. 2015 (CEST)
---
Bei der schrittweisen Aktualisierung nach der Installation von der veralteten Version (4.0.5) mit UnifiedInstaller fiel auf, dass wohl auch
- py27-lxml
pkg install -y lxml
- freetype
pkg install -y freetype
ln -s /usr/local/include/freetype2 /usr/local/include/freetype
- py27-graphviz
pkg install -y py27-graphviz
benötigt werden.
--Paul 00:08, 23. Aug. 2015 (CEST)
Vergleich zwischen aktuell installierten Paketen und darüber hinaus noch verfügbaren Paketen[Bearbeiten]
pkg info | grep plone | awk '{print $1}' > /tmp/pkg_info_plone ; pkg search plone > /tmp/pkg_search_plone ; diff /tmp/pkg_info_plone /tmp/pkg_search_plone
--Paul 03:34, 12. Aug. 2015 (CEST)
pkg info | grep zope | awk '{print $1}' > /tmp/pkg_info_zope ; pkg search zope > /tmp/pkg_search_zope ; diff /tmp/pkg_info_zope /tmp/pkg_search_zope
--Paul 11:02, 31. Aug. 2015 (CEST)
aktueller UnifiedInstaller ()[Bearbeiten]
pkg update; pkg upgrade -y
pkg install -y wget
mkdir -p /usr/local/install/plone; cd /usr/local/install/plone
wget https://launchpad.net/plone/4.3/4.3.2/+download/Plone-4.3.2-UnifiedInstaller.tgz
tar -xvf Plone-4.3.2-UnifiedInstaller
cd Plone-4.3.2-UnifiedInstaller
pkg install -y libxml2 libxslt
./install.sh standalone
Testing /usr/local/bin/python2.7 for Zope/Plone requirements.... /usr/local/bin/python2.7 looks OK. We'll try to use it. Root install method chosen. Will install for use by users: ZEO & Client Daemons: plone_daemon Code Resources & buildout: plone_buildout Detailed installation log being written to /usr/local/install/plone/Plone-4.3.2-UnifiedInstaller/install.log Installing Plone 4.3.2 at /usr/local/Plone Using pw to create users and groups Creating python virtual environment, no site packages. New python executable in /usr/local/Plone/Python-2.7/bin/python2.7 Also creating executable in /usr/local/Plone/Python-2.7/bin/python Installing Setuptools..............................................................................................................................................................................................................................done. Installing Pip.....................................................................................................................................................................................................................................................................................................................................done. Compiling and installing jpeg local libraries ... Unpacking buildout cache to /usr/local/Plone/buildout-cache Copying Plone-docs Setting /usr/local/Plone ownership to plone_buildout:plone_group Copying buildout skeleton Fixing up bin/buildout Building Zope/Plone; this takes a while... Buildout completed ##################################################################### ###################### Installation Complete ###################### Plone successfully installed at /usr/local/Plone See /usr/local/Plone/zinstance/README.html for startup instructions Use the account information below to log into the Zope Management Interface The account has full 'Manager' privileges. Username: admin Password: admin This account is created when the object database is initialized. If you change the password later (which you should!), you'll need to use the new password. Use this account only to create Plone sites and initial users. Do not use it for routine login or maintenance. - If you need help, ask the mailing lists or #plone on irc.freenode.net. - The live support channel also exists at http://plone.org/chat - You can read/post to the lists via http://plone.org/forums - Submit feedback and report errors at http://dev.plone.org/plone (For install problems, specify component "Installer (Unified)")
cd /usr/local/Plone/zinstance
./bin/plonectl start
--Paul 04:23, 12. Aug. 2015 (CEST)
"manuelles" backup erstellen[Bearbeiten]
tar -zcvf Plone-backup.tgz /usr/local/Plone
möglichst möge plone vorher gestoppt sein
--Paul 06:01, 12. Aug. 2015 (CEST)
Gehversuche zum Umherziehen[Bearbeiten]
Pauschales Aktualisieren
pkg upgrade -y
Installieren von Plone
pkg install -y plone
Erlauben des dauerhaften Startens von Zope (für Plone)
echo 'zope213_enable="YES"' >> /etc/rc.conf
Eintrag einer Zeile zur möglichen späteren Verortung der Instanz von Zope (wenn sie nicht dem voreinstellten Pfad entspricht)
echo '#zope213_instances="<INSTANCEDIR>"' >> /etc/rc.conf
- testweises Suchen des voreinstellten Pfades in den Skripten von rc.d
grep /usr/local/www/ /usr/local/etc/rc.d/ -r
Erstellen einer Instanz Zope im "empfohlenen" (vorgegebenen) Pfad /usr/local/www/Zope213/
mkzopeinstance --dir /usr/local/www/Zope213/
möglichst Rechte auf Account www beschränken (und root:wheel vermeinden)
grep effective-user /usr/local/www/Zope213/etc/zope.conf
# Directive: effective-user effective-user www
chown www:www /usr/local/www/Zope213/var
chown www:www /usr/local/www/Zope213/log
Neustarten der Jail (gleich über srs1337 als host)
ee /usr/local/www/Zope213/etc/zope.conf
<blobstorage> blob-dir $INSTANCE/var/blobstorage <filestorage> # See .../ZODB/component.xml for directives sectiontype # "filestorage"). path $INSTANCE/var/Data.fs </filestorage> </blobstorage>
cp <alte-instanz>/Plone/zinstance/var/filestorage/Data.fs /usr/local/www/Zope213/var/
cp -a <alte-instanz>/Plone/zinstance/var/blobstorage/ /usr/local/www/Zope213/var/
ee /usr/local/etc/rc.d/zope213
echo 'export PATH=/usr/local/bin:/usr/local/libexec/xpdf:$PATH' >> /usr/local/etc/rc.d/zope213 ### PATH variable von allen child prozessen ändern
pkg install -y wv xpdf py27-textile
ln -s /usr/local/libexec/xpdf/pdftotext /usr/local/bin/pdftotext
Instanz umziehen[Bearbeiten]
- auf der bisherigen Instanz mit ZFS Schnappschüsse (snapshots) erstellen
Namen vom snapshot (<NAME (of the volume)>) heraussuchen
zfs list
Erstellen von einem snapshot im laufenden Betrieb der Jail (Das ist nur pro-forma.)
- mit
date "+%Y-%m-%d-%H-%M-%S"
einfach die Bezeichnung für den Zeitpunkt vom snapshot generieren lassen zfs snapshot <NAME (of the volume)>@`date "+%Y-%m-%d-%H-%M-%S"`_running
ergänzendes Erstellen von einem rekursiven snapshot im laufenden Betrieb der Jail (Das ist nur pro-forma. Ein rekursiver ist eigentlich nur dann nötig, wenn unter dem volume mehrere weitere datasets liegen.)
zfs snapshot -r <NAME (of the volume)>@`date "+%Y-%m-%d-%H-%M-%S"`_running
Stoppen der Jail (srs1)
service jail stop srs1
Erneutes Erstellen von einem rekursiven snapshot und einem einfachen snapshot im angehalten Betrieb
zfs snapshot -r <NAME (of the volume)>@`date "+%Y-%m-%d-%H-%M-%S"`_stopped
zfs snapshot <NAME (of the volume)>@`date "+%Y-%m-%d-%H-%M-%S"`_stopped
prüfendes Auflisten lassen von snapshots mit der Bezeichnung der aktuellen und vorherigen Kalenderstunde
zfs list -t snapshot | grep -e `date "+%Y-%m-%d-%H"` -e `date -v-1H "+%Y-%m-%d-%H"`
Erneutes Starten der Jail (srs1)
- Damn! Plone sollte vielleicht sanfter als durch das herunterfahren der Jail gestoppt werden.
service jail start srs1
jexec <JID> sh
service plone stop
service apache22 stop
service bacula-fd stop
Stoppen der Jail (srs1)
service jail stop srs1
Erneutes Erstellen von einem rekursiven snapshot und einem einfachen snapshot im angehalten Betrieb
zfs snapshot -r <NAME (of the volume)>@`date "+%Y-%m-%d-%H-%M-%S"`_plone-stopped
zfs snapshot <NAME (of the volume)>@`date "+%Y-%m-%d-%H-%M-%S"`_plone-stopped
Erneutes Starten der Jail (srs1)
service jail start srs1
- Nun wird es ja langsam heiß! Der Index soll durch das alte Plone selbst und neu gebaut werden. (Das wurde seit Jahren nicht gemacht. Es ist ein alte Version von Plone auf einer altern Version von Zope und mit einer alten Version von Pythyon. Installieren können wir auch durch das Betriebssystem auch nichts mehr.)
jexec <JID> sh
service plone stop
service apache22 stop
service bacula-fd stop
Stoppen der Jail (srs1)
service jail stop srs1
Pauschales hässlich hartes Kopieren (für ganz schlimme Fälle)
- Im Übrigen kann vorher geschaut werden, ob noch eine Datei im Format zexp abgelegt ist. Diese Datei ist ein Datei zum kompletten Export der Instanz. (In unserem Fall kann sie gelöscht werden, da das Importieren nicht funktioniert. Diese so leider unnütze große Datei muss ja nicht unnütz kopiert werden.)
ls /usr/home/jails/srs1/usr/local/Plone/zinstance/var/instance/
scp -r -v -P <port-for-ssh-on-server> /usr/home/jails/srs1/usr/local/Plone root@<host>:/<path>
service jail start srs1
- Der Index soll durch das alte Plone selbst und neu gebaut werden. Das wurde, bezugnehmend auf /usr/local/Plone/zinstance/var/log/instance.log gleich dreimal gemacht.
- Es kamen häufig die "Kleinigkeit", dass pdftotext nicht in /sbin:/bin:/usr/sbin:/usr/bin gefunden werden kann.
- Das hätte ja mal installiert werden können! (In der veralteten Instanz kann aber nichts mehr nachträglich installiert werden.)
- Es kamen häufig die "Kleinigkeit", dass pdftotext nicht in /sbin:/bin:/usr/sbin:/usr/bin gefunden werden kann.
jexec <JID> sh
service plone stop
service apache22 stop
service bacula-fd stop
Stoppen der Jail (srs1)
service jail stop srs1
service jail start srs1
Nochmal kurz schauen, ob Plone noch startet
- Läuft!
service jail stop srs1
Erneutes Erstellen von einem rekursiven snapshot und einem einfachen snapshot im angehalten Betrieb
zfs snapshot -r <NAME (of the volume)>@`date "+%Y-%m-%d-%H-%M-%S"`_plone-stopped
zfs snapshot <NAME (of the volume)>@`date "+%Y-%m-%d-%H-%M-%S"`_plone-stopped
Erneutes pauschales hässlich hartes Kopieren (für ganz schlimme Fälle)
scp -r -v -P <port-for-ssh-on-server> /usr/home/jails/srs1/usr/local/Plone root@<host>:/<(other) path>
neue Instanz, in die umgezogen werden soll[Bearbeiten]
- Schaffen der neuen Instanz (Jail FreeNAS 9.3)
pkg upgrade -y
pkg install -y zsh zsh
pkg install -y plone /usr/local/bin/mkzopeinstance --dir /usr/local/www/Zope213/
chown -R www:www /usr/local/www/Zope213/var/ chown -R www:www /usr/local/www/Zope213/log/ echo 'zope213_enable="YES"' >> /etc/rc.conf echo '#zope213_instances="<INSTANCEDIR>"' >> /etc/rc.conf
Neustart!
Schauen, ob auf dem standardmäßigen Port 8080 Plone verfügbar wird.
service zope213 stop
pkg install -y wv xpdf py27-textile py27-lxml freetype py27-graphviz ln -s /usr/local/libexec/xpdf/pdftotext /usr/local/bin/pdftotext ln -s /usr/local/include/freetype2 /usr/local/include/freetype
- muss aber direkt zum starten
echo 'export PATH=/usr/local/bin:$PATH' >> /usr/local/etc/rc.d/zope213
(wegen i18n) pauschal
chown -R www:www /…/python
Schmerzen und Linderung[Bearbeiten]
blobstorage einbinden[Bearbeiten]
- Problem
- Lösung
$EDITOR /usr/local/www/Zope213/etc/zope.conf
<zodb_db main> # Main FileStorage database ###vb <blobstorage> blob-dir $INSTANCE/var/blobstorage ###ve <filestorage> # See .../ZODB/component.xml for directives (sectiontype # "filestorage"). path $INSTANCE/var/Data.fs </filestorage> ###vb </blobstorage> ###ve mount-point / </zodb_db>
TTWViewlet macht Faxen[Bearbeiten]
- Problem
TypeError('object.__new__(TTWViewlet) is not safe, use Persistence.Persistent.__new__()',) (Also, the following error occurred while attempting to render the standard error message, please see the event log for full details: object.__new__(TTWViewlet) is not safe, use Persistence.Persistent.__new__())
- Lösung
ERROR Zope.SiteErrorLog […]:8080/Plone/welcome/document_view Traceback (innermost last): Module ZPublisher.Publish, line 138, in publish Module ZPublisher.mapply, line 77, in mapply Module ZPublisher.Publish, line 48, in call_object Module Shared.DC.Scripts.Bindings, line 322, in __call__ Module Shared.DC.Scripts.Bindings, line 359, in _bindAndExec Module Products.CMFCore.FSPageTemplate, line 237, in _exec Module Products.CMFCore.FSPageTemplate, line 177, in pt_render Module Products.PageTemplates.PageTemplate, line 87, in pt_render Module zope.pagetemplate.pagetemplate, line 132, in pt_render Module zope.pagetemplate.pagetemplate, line 240, in __call__ Module zope.tal.talinterpreter, line 266, in __call__ Module zope.tal.talinterpreter, line 338, in interpret Module zope.tal.talinterpreter, line 883, in do_useMacro Module zope.tal.talinterpreter, line 338, in interpret Module zope.tal.talinterpreter, line 528, in do_optTag_tal Module zope.tal.talinterpreter, line 513, in do_optTag Module zope.tal.talinterpreter, line 508, in no_tag Module zope.tal.talinterpreter, line 338, in interpret Module zope.tal.talinterpreter, line 847, in do_condition Module zope.tal.talinterpreter, line 338, in interpret Module zope.tal.talinterpreter, line 528, in do_optTag_tal Module zope.tal.talinterpreter, line 513, in do_optTag Module zope.tal.talinterpreter, line 508, in no_tag Module zope.tal.talinterpreter, line 338, in interpret Module zope.tal.talinterpreter, line 526, in do_optTag_tal Module zope.tal.talinterpreter, line 508, in no_tag Module zope.tal.talinterpreter, line 338, in interpret Module zope.tal.talinterpreter, line 737, in do_insertStructure_tal Module Products.PageTemplates.Expressions, line 218, in evaluateStructure Module zope.tales.tales, line 696, in evaluate - URL: file:/usr/local/lib/python2.7/site-packages/plonetheme/sunburst/skins/sunburst_templates/main_template.pt - Line 32, Column 8 - Expression: <StringExpr u'plone.htmlhead.links'> - Names: {'container': <PloneSite at /Plone>, 'context': <ATDocument at /Plone/welcome>, 'default': <object object at 0x80069e540>, 'here': <ATDocument at /Plone/welcome>, 'loop': {}, 'nothing': None, 'options': {'args': ()}, 'repeat': <Products.PageTemplates.Expressions.SafeMapping object at 0x814ccd470>, 'request': <HTTPRequest, URL=http://141.56.50.71:8080/Plone/welcome/document_view>, 'root': <Application at >, 'template': <FSPageTemplate at /Plone/document_view used for /Plone/welcome>, 'traverse_subpath': [], 'user': <User 'administration'>} Module zope.contentprovider.tales, line 77, in __call__ Module zope.viewlet.manager, line 112, in update Module zope.viewlet.manager, line 118, in _updateViewlets Module five.customerize.zpt, line 135, in update Module five.customerize.zpt, line 167, in _getViewlet Module ZODB.broken, line 106, in __new__ TypeError: object.__new__(TTWViewlet) is not safe, use Persistence.Persistent.__new__()
ERROR root Exception while rendering an error message Traceback (most recent call last): File "/usr/local/lib/python2.7/site-packages/OFS/SimpleItem.py", line 242, in raise_standardErrorMessage v = s(**kwargs) File "/usr/local/lib/python2.7/site-packages/Products/CMFCore/FSPythonScript.py", line 127, in __call__ return Script.__call__(self, *args, **kw) File "/usr/local/lib/python2.7/site-packages/Shared/DC/Scripts/Bindings.py", line 322, in __call__ return self._bindAndExec(args, kw, None) File "/usr/local/lib/python2.7/site-packages/Shared/DC/Scripts/Bindings.py", line 359, in _bindAndExec return self._exec(bound_data, args, kw) File "/usr/local/lib/python2.7/site-packages/Products/PythonScripts/PythonScript.py", line 344, in _exec result = f(*args, **kw) File "Script (Python)", line 35, in standard_error_message File "/usr/local/lib/python2.7/site-packages/Shared/DC/Scripts/Bindings.py", line 322, in __call__ return self._bindAndExec(args, kw, None) File "/usr/local/lib/python2.7/site-packages/Shared/DC/Scripts/Bindings.py", line 359, in _bindAndExec return self._exec(bound_data, args, kw) File "/usr/local/lib/python2.7/site-packages/Products/CMFCore/FSPageTemplate.py", line 237, in _exec result = self.pt_render(extra_context=bound_names) File "/usr/local/lib/python2.7/site-packages/Products/CMFCore/FSPageTemplate.py", line 177, in pt_render self, source, extra_context File "/usr/local/lib/python2.7/site-packages/Products/PageTemplates/PageTemplate.py", line 87, in pt_render showtal=showtal) File "/usr/local/lib/python2.7/site-packages/zope/pagetemplate/pagetemplate.py", line 132, in pt_render strictinsert=0, sourceAnnotations=sourceAnnotations File "/usr/local/lib/python2.7/site-packages/zope/pagetemplate/pagetemplate.py", line 240, in __call__ interpreter() File "/usr/local/lib/python2.7/site-packages/zope/tal/talinterpreter.py", line 266, in __call__ self.interpret(self.program) File "/usr/local/lib/python2.7/site-packages/zope/tal/talinterpreter.py", line 338, in interpret handlers[opcode](self, args) File "/usr/local/lib/python2.7/site-packages/zope/tal/talinterpreter.py", line 883, in do_useMacro self.interpret(macro) File "/usr/local/lib/python2.7/site-packages/zope/tal/talinterpreter.py", line 338, in interpret handlers[opcode](self, args) File "/usr/local/lib/python2.7/site-packages/zope/tal/talinterpreter.py", line 528, in do_optTag_tal self.do_optTag(stuff) File "/usr/local/lib/python2.7/site-packages/zope/tal/talinterpreter.py", line 513, in do_optTag return self.no_tag(start, program) File "/usr/local/lib/python2.7/site-packages/zope/tal/talinterpreter.py", line 508, in no_tag self.interpret(program) File "/usr/local/lib/python2.7/site-packages/zope/tal/talinterpreter.py", line 338, in interpret handlers[opcode](self, args) File "/usr/local/lib/python2.7/site-packages/zope/tal/talinterpreter.py", line 847, in do_condition self.interpret(block) File "/usr/local/lib/python2.7/site-packages/zope/tal/talinterpreter.py", line 338, in interpret handlers[opcode](self, args) File "/usr/local/lib/python2.7/site-packages/zope/tal/talinterpreter.py", line 528, in do_optTag_tal self.do_optTag(stuff) File "/usr/local/lib/python2.7/site-packages/zope/tal/talinterpreter.py", line 513, in do_optTag return self.no_tag(start, program) File "/usr/local/lib/python2.7/site-packages/zope/tal/talinterpreter.py", line 508, in no_tag self.interpret(program) File "/usr/local/lib/python2.7/site-packages/zope/tal/talinterpreter.py", line 338, in interpret handlers[opcode](self, args) File "/usr/local/lib/python2.7/site-packages/zope/tal/talinterpreter.py", line 526, in do_optTag_tal self.no_tag(stuff[-2], stuff[-1]) File "/usr/local/lib/python2.7/site-packages/zope/tal/talinterpreter.py", line 508, in no_tag self.interpret(program) File "/usr/local/lib/python2.7/site-packages/zope/tal/talinterpreter.py", line 338, in interpret handlers[opcode](self, args) File "/usr/local/lib/python2.7/site-packages/zope/tal/talinterpreter.py", line 737, in do_insertStructure_tal structure = self.engine.evaluateStructure(expr) File "/usr/local/lib/python2.7/site-packages/Products/PageTemplates/Expressions.py", line 218, in evaluateStructure text = super(ZopeContext, self).evaluateStructure(expr) File "/usr/local/lib/python2.7/site-packages/zope/tales/tales.py", line 696, in evaluate return expression(self) File "/usr/local/lib/python2.7/site-packages/zope/contentprovider/tales.py", line 77, in __call__ provider.update() File "/usr/local/lib/python2.7/site-packages/zope/viewlet/manager.py", line 112, in update self._updateViewlets() File "/usr/local/lib/python2.7/site-packages/zope/viewlet/manager.py", line 118, in _updateViewlets viewlet.update() File "/usr/local/lib/python2.7/site-packages/five/customerize/zpt.py", line 135, in update self._getViewlet().update() File "/usr/local/lib/python2.7/site-packages/five/customerize/zpt.py", line 167, in _getViewlet self.viewlet = TTWViewlet(self.context, self.request, self.view, self.manager) File "/usr/local/lib/python2.7/site-packages/ZODB/broken.py", line 106, in __new__ result = object.__new__(class_) TypeError: object.__new__(TTWViewlet) is not safe, use Persistence.Persistent.__new__()
- Lösung (quick and dirty)
$EDITOR /usr/local/lib/python2.7/site-packages/plonetheme/sunburst/skins/sunburst_templates/main_template.pt
<!-- <link tal:replace="structure provider:plone.htmlhead.links" /> -->
Einziehen[Bearbeiten]
Neustarten der Jail (gleich via http)!
- oder notfalls
service jail onestart srs1
noch zu Renovieren[Bearbeiten]
WARNING OFS.Uninstalled Could not import class 'NavigationViewlet' from module 'plone.app.layout.links.viewlets'
Installation Plone 5[Bearbeiten]
- FreeNAS 9.3 (Jail)
pkg update
pkg upgrade -y
mkdir -p /usr/local/install/plone; cd /usr/local/install/plone
- oder anderswo (statt /usr/local/install/plone)
pkg install -y wget
wget http://launchpad.net/plone/5.0/5.0/+download/Plone-5.0-UnifiedInstaller.tgz
tar -xvf Plone-5.0-UnifiedInstaller.tgz
cd Plone-5.0-UnifiedInstaller
Plone benennt Anforderungen an Pakete (Bibliotheken).
- libz (dev)
- ls /usr/lib/libz.so
- libjpeg (dev)*
- pkg install jpeg
- ls /usr/local/lib/libjpeg.so
- vielleicht wäre libjpeg-turbo eine Alternative
- pkg install -y libjpeg-turbo
- vielleicht wäre libjpeg-turbo eine Alternative
- readline (dev)*
- pkg install -y readline
- ls /usr/local/lib/python2.7/lib-dynload/readline.so
- ls /usr/local/lib/libreadline.so
- libexpat (dev)
- ls /usr/local/lib/libexpat.so
- libssl or openssl (dev)
- ls /usr/lib/libssl.so
- ls /usr/local/lib/apr-util-1/apr_crypto_openssl.so
- libxml2 >= 2.7.8 (dev)*
- pkg install -y libxml2
- ls /usr/local/lib/libxml2.so
- libxslt >= 1.1.26 (dev)*
- pkg install -y libxslt
- ls /usr/local/lib/libxslt.so
Plone benennt darüber hinaus weiter Anforderungen an Pakete (Bibliotheken).
- wv
- pkg install -y wv
- ls /usr/local/lib/libwv.so
- poppler-utils
- pkg install -y poppler-utils
- ls /usr/local/lib/libpoppler.so
mkdir -p /usr/local/www/plone
- oder anderswo (statt /usr/local/www/plone)
- Die install.sh besteht, obwohl das eigentlich anders dokumentiert ist, auf
sudo
. Das liegt wohl daran, dass sich Plone darum kümmert, dass der Prozess nicht als Accountroot
privilegiert, sondern als Accountplone_deamon
betrieben wird und vielleicht mitsudo
versorgt werden muss.
- Die install.sh besteht, obwohl das eigentlich anders dokumentiert ist, auf
sudo utility is required to do a server-mode install.
pkg install -y sudo
./install.sh --target=/usr/local/www/plone standalone
Testing /usr/local/bin/python2.7 for Zope/Plone requirements.... /usr/local/bin/python2.7 looks OK. We will use it. Root install method chosen. Will install for use by users: ZEO & Client Daemons: plone_daemon Code Resources & buildout: plone_buildout Detailed installation log being written to /usr/local/install/plone/Plone-5.0-UnifiedInstaller/install.log Installing Plone 5.0 at /usr/local/www/plone Using pw to create users and groups Creating Python virtual environment. New python executable in /usr/local/www/plone/zinstance/bin/python2.7 Also creating executable in /usr/local/www/plone/zinstance/bin/python Installing setuptools, pip, wheel...done. Installing zc.buildout in virtual environment. Unpacking buildout cache to /usr/local/www/plone/buildout-cache Copying Plone-docs Copying buildout skeleton Building Zope/Plone; this takes a while... Buildout completed ##################################################################### ###################### Installation Complete ###################### Plone successfully installed at /usr/local/www/plone See /usr/local/www/plone/zinstance/README.html for startup instructions. Use the account information below to log into the Zope Management Interface The account has full 'Manager' privileges. Username: admin Password: pa1ss2wo3rd4 This account is created when the object database is initialized. If you change the password later (which you should!), you'll need to use the new password. Use this account only to create Plone sites and initial users. Do not use it for routine login or maintenance.- If you need help, ask in IRC channel #plone on irc.freenode.net. - The live support channel also exists at http://plone.org/chat - You can also ask for help on https://community.plone.org - Submit feedback and report errors at https://github.com/plone/Products.CMFPlone/issues (For install problems, https://github.com/plone/Installers-UnifiedInstaller/issues)
cd /usr/local/www/plone/zinstance
./bin/plonectl start
- Laden von notwendige Module für Apache prüfen oder konfigurieren
$EDITOR /usr/local/etc/apache24/httpd.conf
LoadModule headers_module libexec/apache24/mod_headers.so
#LoadModule proxy_module libexec/apache24/mod_proxy.so LoadModule proxy_module libexec/apache24/mod_proxy.so
#LoadModule proxy_http_module libexec/apache24/mod_proxy_http.so LoadModule proxy_http_module libexec/apache24/mod_proxy_http.so
#LoadModule rewrite_module libexec/apache24/mod_rewrite.so LoadModule rewrite_module libexec/apache24/mod_rewrite.so
service apache24 restart
$EDITOR /usr/local/etc/apache24/httpd.conf
#ServerAdmin you@example.com ### ServerAdmin beastie@space.bsd ###
#ServerName www.example.com:80 ### ServerName plone-5.space.bsd:80 ###
service apache24 restart
- in Anlehnung an Installing Apache front-end for Plone
- in Verbindung mit Apache Module mod_rewrite#RewriteRule Directive
$EDITOR /usr/local/etc/apache24/Includes/vhost-plone.conf
UseCanonicalName On #NameVirtualHost * <VirtualHost *> ServerAlias plone-5.space.bsd ServerSignature On Header set X-Frame-Options "SAMEORIGIN" Header set Strict-Transport-Security "max-age=15768000; includeSubDomains" Header set X-XSS-Protection "1; mode=block" Header set X-Content-Type-Options "nosniff" Header set Content-Security-Policy-Report-Only "default-src 'self'; img-src *; style-src 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval'" ProxyVia On <LocationMatch "^[^/]"> Deny from all </LocationMatch> <Proxy *> Order deny,allow Allow from all </Proxy> RewriteEngine on RewriteRule ^/(.*) http://localhost:8080/VirtualHostBase/http/plone-5.space.bsd:80/Plone/VirtualHostRoot/$1 [P,L] </VirtualHost> #<VirtualHost *> # ServerAlias * # ServerRoot /var/www # ServerRoot /usr/local/www # ServerSignature On #</VirtualHost>
$EDITOR /usr/local/etc/apache24/httpd.conf
#Include etc/apache24/extra/httpd-vhosts.conf Include etc/apache24/extra/httpd-vhost-plone.conf
service apache24 restart
Einrichtung von subdomains
- angenommen es gäbe eine bei Zope eine weitere Instanz Plone (für Puffy http://plone-5.space.bsd:8080/puffy) und soll bei der Domain puffy.plone-5.space.bsd erreichbar sein
Einrichtung von ssl
Einrichtung caching
- Varnish 4
pkg search -D varnish4
pkg install varnish4
Einrichtung Mail
$EDITOR /etc/rc.conf
sendmail_enable="NO" #sendmail_submit_enable="NO" sendmail_submit_enable="YES" sendmail_outbound_enable="NO" sendmail_msp_queue_enable="NO"
Theoretisch könnte/sollte auch nur das Versendung (von Mails) eingerichtet werden.
- rc.d scripting
$EDITOR /usr/local/etc/rc.d/plone
#!/bin/sh # PROVIDE: plone # REQUIRE: LOGIN # KEYWORD: shutdown . /etc/rc.subr name="plone" rcvar=plone_enable start_cmd="${name}_start" stop_cmd="${name}_stop" restart_cmd="${name}_restart" status_cmd="${name}_status" extra_commands="status" load_rc_config ${name} #: ${plone_enable:="NO"} plone_stop() { /usr/local/www/plone/zinstance/bin/plonectl stop } plone_status() { /usr/local/www/plone/zinstance/bin/plonectl status } plone_start() { /usr/local/www/plone/zinstance/bin/plonectl start } plone_restart() { /usr/local/www/plone/zinstance/bin/plonectl restart } run_rc_command "$1"
chmod 540 /usr/local/etc/rc.d/plone
service plone onestart
service plone status
service plone onestop
sysrc plone_enable="YES"
- oder
echo 'plone_enable="YES"' >> /etc/rc.conf
- oder
$EDITOR /etc/rc.conf
plone_enable="YES"
service plone start
service plone restart
service plone status
service plone stop
Installation Plone 3[Bearbeiten]
- FreeNAS 9.3 (Jail)
pkg upgrade -y
Customizing vom Layout[Bearbeiten]
Plone 5 TurnKey Linux[Bearbeiten]
Plone 5 TurnKey Linux Buildout[Bearbeiten]
Um Buildout in Turnkey-Linux auszuführen, muss man einen eigenen Nutzer verwenden:
sudo -u plone_buildout bin/buildout
Mutmaßlich gilt das für Plone 5.
--Paul 11:48, 9. Nov. 2021 (CET)
Test von Plone 6 (als LXC Debian 11 auf PVE 7)[Bearbeiten]
136
Was soll die Zahl sagen?
Aufgabe 136 ist es nicht.
CT (oder VM) 136 ist es nicht.
--Paul 11:42, 9. Nov. 2021 (CET)
Installation Plone 6[Bearbeiten]
Installation Plone 6 Vorbereitung[Bearbeiten]
Installation Plone 6 Umgebung[Bearbeiten]
- Host
- PCT (LXC on Proxmox) Debian stable (11)
Installation Plone 6 Aktualisierung bestehender Pakete[Bearbeiten]
apt update
apt -y upgrade
Installation Plone 6 backend[Bearbeiten]
Installation Plone 6 backend Installation benötigter Pakete[Bearbeiten]
https://training.plone.org/5/mastering-plone/installation.html#prerequisites
apt -y install python3.9-dev python3.9-tk python3.9-venv build-essential libssl-dev libxml2-dev libxslt1-dev libbz2-dev libjpeg62-turbo-dev
apt -y install libreadline-dev wv poppler-utils
apt -y install git
apt -y install python3-pip
Installation Plone 6 backend pip[Bearbeiten]
https://plone.org/download/releases/6.0.0a2
buildout style | pip style |
---|---|
| |
| |
[buildout] extends = https://dist.plone.org/release/6.0.0a2/versions.cfg parts = instance [instance] recipe = plone.recipe.zope2instance eggs = Plone plone.volto user = admin:admin zodb-temporary-storage = off
|
|
| |
|
|
|
|
#host = 127.0.0.1 host = 0.0.0.0
|
Installation Plone 6 backend Nachbereitung[Bearbeiten]
Installation Plone 6 backend Änderung Dienst starten[Bearbeiten]
Installation Plone 6 backend Änderung vom Passwort bei Zope[Bearbeiten]
Die standardmäßigen Zugangsdaten sind
- Konto
- admin
- Passwort
- admin
.
Bei
ist das (einzige) Konto admin zu finden.
Bei
kann das Passwort geändert werden.
Installation Plone 6 web server[Bearbeiten]
Installation Plone 6 nginx[Bearbeiten]
http://plone-6.test.domain.tld:8080/Plone
apt -y install nginx
less /etc/nginx/sites-available/default
nano /etc/nginx/sites-available/plone-6.test.domain.tld
add_header X-Frame-Options "SAMEORIGIN"; add_header Strict-Transport-Security "max-age=15768000; includeSubDomains"; add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options "nosniff"; #add_header Content-Security-Policy "default-src 'self'; img-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'"; add_header Content-Security-Policy-Report-Only "default-src 'self'; img-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'"; upstream plone { server 127.0.0.1:8080; } server { listen 80; server_name plone-6.test.domain.tld; access_log /var/log/nginx/plone-6.test.domain.tld.access.log; error_log /var/log/nginx/plone-6.test.domain.tld.error.log; location / { proxy_pass http://plone/VirtualHostBase/http/plone-6.test.domain.tld:80/Plone/VirtualHostRoot/; } }
ln -s /etc/nginx/sites-available/plone-6.test.domain.tld /etc/nginx/sites-enabled/plone-6.test.domain.tld
apt -y install certbot
apt -y install python3-certbot-nginx
certbot --nginx
nano /etc/nginx/sites-enabled/plone-6.test.domain.tld
add_header X-Frame-Options "SAMEORIGIN"; add_header Strict-Transport-Security "max-age=15768000; includeSubDomains"; add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options "nosniff"; #add_header Content-Security-Policy "default-src 'self'; img-src *; style-src 'self' 'unsafe-inline'; script-src 'sel> add_header Content-Security-Policy-Report-Only "default-src 'self'; img-src *; style-src 'self' 'unsafe-inline'; scri> upstream plone { server 127.0.0.1:8080; } server { server_name plone-6.test.domain.tld; access_log /var/log/nginx/plone-6.test.domain.tld.access.log; error_log /var/log/nginx/plone-6.test.domain.tld.error.log; location / { # proxy_pass http://plone/VirtualHostBase/http/plone-6.test.domain.tld:80/Plone/VirtualHostRoot/; proxy_pass http://plone/VirtualHostBase/https/plone-6.test.domain.tld:443/VirtualHostRoot/; # proxy_pass http://plone/VirtualHostBase/https/plone-6.test.domain.tld:443/Plone/VirtualHostRoot/; } listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/plone-6.test.domain.tld/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/plone-6.test.domain.tld/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server { if ($host = plone-6.test.domain.tld) { return 301 https://$host$request_uri; } # managed by Certbot listen 80; server_name plone-6.test.domain.tld; return 404; # managed by Certbot }
systemctl reload nginx
https://plone-6.test.domain.tld/Plone
nano etc/zope.ini
host = 127.0.0.1 ####host = 0.0.0.0
bin/runwsgi -v etc/zope.ini
2021-13-42 01:23:45 INFO [Zope:42][MainThread] Ready to handle requests Starting server in PID 126997. 2021-13-42 01:23:45 INFO [waitress:485][MainThread] Serving on http://127.0.0.1:8080
Installation Plone 6 Apache[Bearbeiten]
Installation Plone 6 frontend[Bearbeiten]
https://training.plone.org/5/mastering-plone/installation.html#installing-plone-frontend
proxy web server[Bearbeiten]
https://www.starzel.de/blog/securing-plone-sites-with-https-and-nginx