You are here: Home Tech Plone on Slicehost

Plone on Slicehost

by Reed O'Brien last modified Feb 01, 2011 01:05 PM
How to setup plone on slicehost

Setup is something like the following. YMMV.

Setup Slice

$ sudo adduser: myuser
$ edit /etc/group to add myuser to sudo
$ edit /etc/ssh/sshd_config and disable !PermitRootLogon
$ sudo /etc/init.d/ssh restart
$ sudo apt-get update
$ sudo apt-get upgrade
$ sudo apt-get install emacs-nox
$ sudo apt-get install gcc
$ sudo apt-get install libbz2-dev zlib1g-dev libreadline-dev libsqlite3-dev libssl-dev \
libjpeb62-dev libpng12-dev libxml2-dev  libxslt-dev libgdbm-dev
$ sudo apt-get install git
$ sudo apt-get install apache2-mpm-worker
$ sudo apt-get install git-core
$ sudo apt-get install postfix set as satellite server, name: example.com, blank relay host
$ edit /etc/hosts and /etc/hostname  then reboot
$ edit /etc/postfix/main.cf and remove the hostname setting so it gets it from /etc/mailname

Python

$ cd /usr/local
$ sudo mkdir python
$ sudo mkdir src
$ sudo chown -R myuser src
$ cd src
$ curl http://www.python.org/ftp/python/2.7.1/Python-2.7.1.tar.bz2|tar jxf -
$ cd Python-2.7.1
$ ./configure --prefix=/usr/local/python/2.7.1
$ make
$ make test
$ sudo make install
$ cd ..
$ curl -O http://python-distribute.org/distribute_setup.py
$ sudo /usr/local/python/2.7.1/bin/python distribute_setup.py
$ sudo /usr/local/python/2.7.1/bin/easy_install virtualenv

github

$ cd ~
$ ssh-keygen -t rsa -C "myuser@myhost" (I give mine password on client servers)

paste key into github account page so you can access

Plone

$ cd /usr/local/
$ sudo mkdir myplone_buildout
$ cd myplone_buildout
$ sudo git clone git@github.com:myuser/mylone_buildout.git .
$ sudo /usr/local/python/2.7.1/bin/virtualenv --no-site-packages --distribute
$ sudo ./bin/python bootstrap.py
$ sudo ./bin/buildout -v
$ sudo ln -s /usr/local/mylone_buildout/etc/init.d/supervisor.sh /etc/init.d
$ sudo chmod a+x /usr/local/mylone_buildout/etc/init.d/supervisor.sh
$ sudo update-rc.d supervisor.sh defaults

Firewall

$ sudo apt-get install ufw
$ sudo ufw allow 80
$ sudo ufw allow 8080
$ sudo ufw allow 443
$ sudo ufw default deny
$ sudo ufw allow from myip1 to any port 22
$ sudo ufw allow from myip2 to any port 22
$ sudo ufw allow from myip3 to any port 22
$ sudo ufw allow from myip4 to any port 22
$ sudo ufw enable
$ sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
80                         ALLOW       Anywhere
8080                       ALLOW       Anywhere
443                        ALLOW       Anywhere
22                         ALLOW       71.246.241.109
22                         ALLOW       71.246.241.106
22                         ALLOW       173.13.219.89
22                         ALLOW       70.90.70.89

Apache

$ a2enmod ssl proxy proxy_connect proxy_http file_cache mem_cache
$ a2ensite default-ssl
$ edit proxy.conf, default, and default-ssl
#proxy.conf
<IfModule mod_proxy.c>

        ProxyRequests Off

        <Proxy *>
                AddDefaultCharset off
                Order deny,allow
                Deny from all
                Allow from all ##<<<==== add this line to prevent 403 no access to / when rewriting
                #Allow from .example.com
        </Proxy>

        ProxyVia On
</IfModule>
#default
<VirtualHost *:80>
        ServerAdmin you @example.com
        RewriteEngine On
        RewriteRule ^(.*) https://%{SERVER_NAME}$1 [NE,L]

        DocumentRoot /var/www
...
# default-ssl
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
        ServerAdmin info@example.com
        ServerName  example.com
        RewriteEngine On
        RewriteRule ^/(.*) http://localhost:8080/VirtualHostBase/https/%{SERVER_NAME}:443/mysite/VirtualHostRoot/$1 [L,P]
        DocumentRoot /var/www
...
...
        #   SSL Engine Switch:
        #   Enable/Disable SSL for this virtual host.
        SSLEngine on
        SSLCertificateFile /usr/local/ssl/cert-mysite.crt
        SSLCertificateKeyFile /usr/local/ssl/mysite.key
        SSLCACertificateFile /usr/local/ssl/GandiStandardSSLCA.pem
        SSLVerifyClient None
...
Share this: