Last week I was boasting about “Bava Multi-Region Cause I Can”, but that didn’t last. I ran into issues with comments not syncing across database instances in the different regions. I originally blamed caching, but after checking the secondary databases the comments in the primary UK database were not being written over. This led me to reverting the site back to a stand-alone instance, which buys me some time.
I need to document a bit of what I did given I have not deleted the the multi-region environments, only stopped them for now with hopes of circling back.
First things first, getting Reclaim Cloud containers to communicate via ssh can be a pain in the ass. After setting up the multi-region instance using the one-click installer in Reclaim Cloud I needed to migrate content from the stand alone bavatuesdays to the new multi-region bava. I’m almost getting this down; the process is some version of the following.
Generate a SSH key using something like the following command (thank Chris Blankenship!):
ssh-keygen -t ed25519 -a 200 -C "jim_at_reclaimhosting.com" -f ~/.ssh/bava_ssh_key
Then add the contents of the file at
~/.ssh/bava_ssh_key.pub to the
~/.ssh/authorized keys file on the “remote” server, which in this case is the multi-region primary app server. I would also recommend clearing out any other shared keys and make sure you have granted root access to both the local and remote application containers using this guide. After that, change to root user and run the following rsync command to push files from the stand alone WordPress to the multi-region instances.
rsync --dry-run -e "ssh -i ~/.ssh/bava_ssh_key" -avzh /var/www/webroot/ROOT email@example.com:/var/www/webroot/ROOT
--dry-run command to ensure it worked without pushing or pulling files in the wrong direction. After confirming it is right I remove the
--dry-run and run the command again—this time for real.
The other step is exporting and importing the database, which is accomplished using phpMyAdmin if the database is small enough, or dropping the multi-region’s database in the Primary site and importing the stand-alone database.*
The migration was actually quite seamless after I got the containers communicating, the only issue I ran into was getting my embeds to work on this new setup given the Content Security Policy through Litespeed was set quite strict. It took me some time to hunt all that down, and I’m not sure I have it set ideally yet, but I was able to find the vhconf.xml file in
/var/www/conf and modify it to specify what URLs are allowed to be embedded. I imagine this is safer, but also wondering how many embeds that must have broken.
Here is the bit for the content-security-policy in virtualhost conf file that I added for frame-ancestors and frame-src:
Content-Security-Policy "frame-ancestors data:;frame-src https://bava.tv https://youtube.com https://twitter.com https://platform.twitter.com https://www.youtube.com https://bavatuesdays.com;";
That solved the issue for Youtube, Twitter and bava.tv embeds, but there are a ton of broken Vimeo and assorted other embeds for sure. When talking about my discoveries with the Reclaim team Chris mentioned it might be related to the brute force protection option I selected at install, so I’ll have to try that again and see if the settings in the Content Security Policy are set to self when that option is unchecked. The Content Security Policy was set to ‘self’ which basically forbids any embeds that are not from the site’s URL, or no third-party app embeds to prevent any possible cross-posting exploits.
I feel like I am getting closer, but a few issues remain:
- not able to access wp-admin area from secondary sites when primary site is offline
- comments not syncing across databases, posts seem to sync
- content security policy too strict issue, see if it happens when brute force attack protection is turned off
So that’s it for my notes for now, going to take a few of these questions to Jelastic and re-group for round three, that’s always a charm right?
*I wonder if my dropping all tables and importing the stand-alone WordPress database might be causing an issue with comment syncing across databases, wondering if I trashed some specific settings, etc.