Bitnami WordPress Multisite – DNS spoofing

In an earlier post, I said I hope you have pointed your domain name at your static IP address. Well, what if you don’t want to?

The point being that the DNS entry for the domain name currently points to the production WordPress site, and really, I would like to set up this multisite WordPress installation without having to change the public DNS entry.

Also, setting up this, my personal blog, I was using No-IP DNS services. I could update the DNS entry for gerisch.org, and the DNS replicated out almost instantly. It was great. But the other web site I’m working on (the one that got me into WordPress at all), is using Network Solutions for their DNS. They take their good sweet time replicating DNS entries out to the world. I don’t really want to post an update to DNS, wait, dink around with the new site while the production site is down, decide to revert to production, post an update to DNS, wait again while Network Solutions gets around to pointing everyone back to the production web site.

It would just be better if the new web server machine never got away from it’s own self when doing lookups for the domain name it will eventually be.

So I can start the WordPress install from the IP address of the server out on the public Internet. However, WordPress during it’s install, is going to do a DNS lookup, and try to invoke code on the server where the DNS really does resolve. Which isn’t where I am. So I’m going to try to install a fake DNS server on the new server, and have it redirect all calls to the old domain to the new server.

Step the first: install dnsmasq

sudo apt-get install dnsmasq

Next, set up listening on the local host address:

sudo vim /etc/dnsmasq.conf

Find your way to the line #listen-address= and edit it thus:

listen-address=www.gerisch.org

And save and exit

sudo vim /etc/dhcp/dhclient.conf

Find your way to #prepend domain-name-servers www.gerisch.org; and uncomment this line. Save and exit.

And now it gets weird.

The Bitnami / AWS Lightsail images use something called cloud-init : https://cloudinit.readthedocs.io/en/latest/topics/modules.html

So if you were going to try to edit /etc/hosts or /etc/resolv.conf you get warned to not edit them by hand, because they will be replaced on next boot. But they sure as heck don’t tell you where to implement edits. Just don’t do it here.

Turns out there are template files in /etc/cloud/templates that hold the magic.

cd /etc/cloud/templates
sudo cp hosts.debian.tmpl hosts.debian.tmpl.original
sudo vim hosts.debian.tmpl

Now I’m going add a line below www.gerisch.org localhost which will be the IP address I want this machine to go to whenever it tries to resolve the domain name of the production web site

And indeed, if I use dig from an ssh session in the machine, dig reports back the local machine’s address, not the one out on the public Internet

WordPress super admin – three tables to update

I recently did a migration from a single site to a multisite here in WordPress. It was painful. But I did learn how to change the super admin login name.

The three tables are: wp_users, wp_usermeta, and wp_sitemeta

Upon creation of a brand-spanking-new WordPress multisite, wp_users has but one record in it. ID = 1, which is the super admin user. I changed the user_login field (and other fields) to the login name I wanted. WordPress “knew” that this did not qualify me to be a network admin, so it would present me with only the one site.

A little bit of searching told me that I needed to make sure that in table wp_usermeta, the field wp_capabilities was correct. Well, it was. But there were other parts of my login name that I wanted to update here. So I suppose that technically, only two fields must be updated, to swap out the super admin login name.

The last piece, that was not easy to find, was that the table wp_sitemeta has a field: site_admins which needs to have a PHP array entry in it. There was an entry in it already, but, it listed the default login ID, not the one I wanted to log in as. Because it’s an array, there is an index number, and a string length, that precede the actual data in quotes.

Once both wp_sitemeta:site_admins and wp_users:user_login both linked up, then I could log in with my preferred login ID and be super admin.

Bitnami WordPress multisite installation

Make an ssh connection in to your Bitnami server installation. I’m using AWS, and they had instructions for me to get the password / ssh private key. ssh bitnami@your-ip-address-here

cat bitnami_application_password

While logged in to the ssh session, execute the Bitnami configuration script that assigns a domain name to your WordPress multisite server.

cd /opt/bitnami/apps/wordpress

sudo ./bnconfig --machine_hostname your-domain-name-here.tld

sudo mv bnconfig bnconfig.disabled

First, we changed to the directory with the bnconfig script. Then we ran it, with the machine_hostname option. (I wanted to put a dash in there, between machine and hostname, but it’s an underscore). Lastly, we moved the bnconfig script out of the way. This is because if the server rebooted, and bnconfig did run, it would be as if it ran bnconfig –machine_hostname your-ip-address-here.xip.io

xip.io is a Bitnami thing, I guess.

Hopefully, you already have the domain name, and have pointed it at the static IP address of your server.

On to configuring WordPress the familiar way: point your favorite browser at the ip address and go to https://your-domain-name-here/wp-admin

This redirected me, but really it was the same as going to https://your-ip-address-here.xip.io/wp-login.php

Log in as user with the password from bitnami_application_password

Upon logging in, the administration page looks almost the same as a regular WordPress installation. However, in the upper left corner, there is now a menu named “My Sites”. Hanging off of it is “Network Admin”

Hanging off of “Network Admin” are a whole bunch more sub-menu items, but I’m going to ignore those for the moment.

Clicking on “Network Admin” actually takes me to the first sub-menu item: “Dashboard”

And here, I had made my life more complicated. I’m actually trying to move this site, gerisch.org to the multisite, under the same domain name. Tell me “good luck with that.” Part of the multisite login process is to redirect to the domain name – which is the production server on some other IP address.

I’m going to have to go into DNS, and point the gerisch.org at the multisite IP address, before I can successfully log in (and remain logged in) to the multisite server still being set up.

Of course, I’m going to have to export this (the production site) to a file, for importing later, prior to taking it’s presence off teh interwebs.

And I don’t know if there is going to be any weird http://www.gerisch.org versus http://gerisch.org versus https://

Yeah, “stuff” in the databases that will need to be cleaned out during export, for import later.

Super WordPress Day – Meetup Fresno – 2019-09-24

Phil Derksen: Plugins you should install on every WordPress site

Akismet Anti-Spam

Backups:

  • BackWPup
  • UpdraftPlus
  • VaultPress (JetPack)
  • BackupBuddy
  • BlogVault

SEO

  • Yoast SEO
  • All in One SEO Pack
  • The SEO Framework
  • Broken Link Checker (resource intensive; run manually after changes)

Forms

  • Gravity Forms (long history of the product)
  • Ninja Forms
  • WPForms
  • Formidable
  • Contact Form 7 (very popular and free, but older and takes more work / detailed to implement)

Email – don’t skip this step

  • WP Mail SMTP
  • Easy WP SMTP
  • Service-specific (Postmark, Mandrill, Sendgrid)

Site Migration

  • WP Migrate DB
  • Duplicator
  • (most backup plugins)

What do Phil’s co-workers say?

  • User Switching – see what logged in users see.
  • Regenerate Thumbnails – change your theme or thumbnail size? This does the work.
  • Public Post Preview
  • Duplicate Post
  • Plugin Toggle
  • Editorial Calendar – Calendar view of past and future posts 😉

Community says

  • Simple Links – will randomize a list of links
  • WP Simple Pay – uses Stripe and other payment processors
  • Woo Commerce – manage inventory for physical sales, among other things
  • Event Espresso – booking
  • Sugar Calendar – booking

Generate WP for plugin development – generatewp.com

Matt Reeves: WordPress Customizer

The customizer does do instant WYSIWYG – which is better than before.

While inside the customizer, you can change the device type: full PC web site, tablet, and smartphone.

Kirki Theme Customizer; but can be temperamental re: the themes it works with.

Elementor is a theme builder that Matt has started using, that he actually admires the power in it.

WordPress multisite and Let's Encrypt certificates for multiple sites

I’m using the Bitnami images for my WordPress installations, and am very happy with them. However, it got a little weird when I added a new site to my WordPress multisite instance.

The secret was to run a few commands by hand:

sudo /opt/bitnami/ctlscript.sh stop apache
sudo /opt/bitnami/letsencrypt/lego  --path="/opt/bitnami/letsencrypt/" --email="david@some-domain-name-i-am-not-publishing-here" --domains="gerisch.org" --domains="www.gerisch.org" --domains="test.gerisch.org" --http run
sudo /opt/bitnami/ctlscript.sh start apache

Earlier, I had run the Bitnami bncert-tool which wrangled my Apache configuration so that all attempts to go to an http:// address were re-written to go to an https:// address. This is very good. But when I added the test.gerisch.org web site, the certificate provided by Let’s Encrypt did not have a SAN (Subject Alternative Name) entry for “test”. So trying to visit that site got the ominous “this site is insecure – nothing provides for an SSL certificate for it”. True enough.

By running the /opt/bitnami/letsencrypt/lego script with multiple –domains arguments, I could update the requested certificate to have the additional SANs I wanted. Very nice. It was the Bitnami community support web site that gave me this information. The same page warns me that more than five requests for new certificates puts the certificate issuer into a time-out corner for one week. So that is something to be aware of.