How do I move ExpressionEngine (EE) to another server? - expressionengine

What are the best steps to take to prevent bugs and/or data loss in moving servers?
EDIT: Solved, but I should specify I mean in the typical shared hosting environment e.g. DreamHost or GoDaddy.

Bootstrap config is the smartest method (Newism has a free bootstrap config module). I think it works best on fresh installs myself, but ymmv.
If you've been given an existing EE system and need to move it, there are a few simple tools that can help:
REElocate: all the EE 2.x path and config options, in one place. Swap one URL for another in setup, check what's being set and push the button.
Greenery: Again, one module to rule them all. I've not used this but it's got a good rating.
So install, set permissions, move files and and DB, and then use either free module. If you find that not all the images or CSS instantly comes back online, check your template base paths (in template prefs) and permissions.
I'm also presuming you have access to the old DB. If not, and you can't add something simple like PHPMyAdmin to back it up, try:
Backup Pro(ish): A free backup module for files and db. Easy enough that you should introduce it to the site users (most never consider backups). All done through the EE CP. The zipped output can easily be moved to the new server.

The EE User Guide offers a reasonably extensive guide to Moving ExpressionEngine to Another Server and if you follow all of these steps then you will have everything you need to try again if any bugs or data loss occur.
Verify Server Compatibility
Synchronize Templates
Back-up Database and Files
Prepare the New Database
Copy Files and Folders
Verify File Permissions
Update database.php
Verify index.php and admin.php
Log In and Update Paths
Clear Caches
As suggested by Bitmanic, a dynamic config.php file helps with moving environments tremendously. Check out Leevi Graham's Config Bootstrap for a quick and simple solution. This is helpful for dev/staging/prod environments too!

I'd say the answer is the same as any other system -- export your entire database, and download all of your files (both system and anything uploaded by users - images, etc). Then, mirror this process by importing/uploading to the new server.
Before I run my export, I like to use the Deeploy Helper module to change all of my file paths in EE to the new server's settings.

Preventing data loss primarily revolves around the database and upload directories.
Does your website allow users to interact with the database? If so at some point you'll need to turn off EE to prevent DB changes. If not that you don't have too much to worry about as you can track and changes on the database end between the old and new servers.

Both Philip and Derek offer good advice for migrating EE. I've also found that having a bootstrap config file helps tremendously - especially since you can configure your file upload directories directly via config values now (as of EE2.4, I think).
For related information, please check out the answers to this similar Stack Overflow question.

Related

Trouble syncing file-based templates to database using MSM and config bootstrap

Had started my typical EE build (using a bootstrapped config) for a client when they announced they wanted another additional site using the MSM module (le sigh).
So added the MSM module, I commented out the $config['site_url'] and $config['cp_url'] and set those in index.php instead using $assign_to_config.
That's when I discovered this bug where MSM config file settings are not recognized, which is a pain but I can work around it. However, I noticed that when I created the secondary site, it wouldn't recognise my custom location for add-ons and so I had to add that to index.php as well to $assign_to_config['third_party_path'] = "../assets/third_party/";.
Then I discovered that when I create or modify a template file, it won't automatically sync and so I need to manually do that each time which is a real PITA.
Why would my templates not be syncing to the database? Is this related to the MSM config bug?
While I haven't tried bootstrapping the third party path yet, I've definitely been able to bootstrap the template path for MSM sites... What bootstrap method are you using?
Are your sites on subdomains or subfolders? I've only had experience with subfolders so perhaps that makes a difference (although it shouldn't).
Could you maybe walk through in a bit more detail what's happening? Your first site (site_id = 1) templates sync automatically from filesystem edits, but your second site does not? Yet if you go to CP > Design > Synchronize Templates, that works?
The $assign_to_config portion of MSM setup is definitely a weakspot when it comes to bootstrapping... I wonder if we need to work up an additional bootstrap for MSM+CP environment, where it looks at the cp cookie ($_COOKIE['exp_cp_last_site_id']), and sets values based on that.
It may be helpful if you let us know which bootstrap you are using. For example, if you look at this bootstrap the site_url and cp_url are set using the HTTP_HOST server variable, so this shouldn't clash with your MSM install (and multiple domains) at all.
Perhaps you could try using that boostrap file instead, and see if it fixes your issue with template syncing?
Finally, if you're going to use the EE template manager, you don't really need to store templates as files. Conversely, if you want to save templates as files, it's probably much easier editing them using Sublime Text or another editor, rather than the clunky built-in editor (which is really only useful for small/simple changes).

How to Setup Mercurial Security.. specifically the users

I have mercurial setup by following these instructions.
I'm trying to understand where or what file to setup the users in. Everything I've read seems kind of cryptic... it gives all these snippets of code saying use this but it seems to be leaving out steps of how it's all connected and what file to put the snippets of code in... can someone please de-mystify all this for the ID10T#TheKeyboard?
Keep in mind that the basic model of Mercurial cannot actually prevent anybody from checking something in. The only thing it can do is prevent those users from uploading something to the your copy of the repository.
IIS can set up authentication so that Mercurial knows which user is doing the uploading and so only certain users are even allowed to try to upload. If all you care about is limiting who has commit access to your repository you can stop right here. But if you want something finer grained, I think you are currently out of luck.
But, if it ever ends up working with web server authentication, you'll have to use the ACL extension if you want finer grained access control than simple who's allowed to send changesets to your repository.
The way the ACL extension works when changes are being sent over a network is as a pre-transaction hook on changegroups (a set of Mercurial revisions). It can look through these changegroups to make sure all the changes satisfy a given set of criteria. There are a wide variety of criteria that can be specified.
The ACL extension can be configured either in the global hgrc file, in which case it applies to all repositories, or the .hg/hgrc file of the repository you want to control access to. In my opinion the global option isn't terribly useful.
Check out the "Securing Mercurial" section here:
http://win1337ist.wordpress.com/tag/mercurial-iis7/
Also see this related question that has a lot of good info:
How to setup Mercurial and hgwebdir on IIS?

Public repository for a Drupal installation: What security risks?

I'm putting a Drupal project on an open source hosting site. What files do I have to not put up there so I don't compromise my site's security?
Various settings.php comes to mind. And obviously the database itself won't be in a repository. Anything else dangerous?
I'm running Drupal 6.
Also, it'd be nice to get the database itself under version control in some way. Any idea how to do that?
UPDATE: What if I were to dump the db data, encrypt it, and version that?
Make sure not to submit User Uploaded Files. I wouldn't upload your db dump, even if it is encrypted. I would also be careful of .htaccess files.
Committing settings.php would be the worst thing you could do, you could try doing a find in files for your mysql user/password to make sure it isn't duplicated.
If Drupal is under version control you could Diff it with Drupal's repo to see what files have changed. Something like TortiseSVN makes that process pretty easy.
I'd also be careful of Cache files, but as far as I know Drupal only has a sql based cache.
For SQL Version control it is most common to use a mysqldump. Another approch is using an scripted versioning strategy, with a PHP Implementation. It is unsafe to dump any of the cache_* tables, the Variable table and of course the user table.
Plugins would be the only thing I would hide. The reason is that plugins have their own security holes, and announcing to the world what version you are using could get you hacked. Drupal itself is pretty secure though

Is there a file-based equivalent to .htaccess in IIS6? (not config/plugin)

There are lots of similar questions to this, but they all seem to involve either configuring permissions or installing a plugin.
I'm looking for a solution that is "dumb" - i.e. to allow the code to be deployed from source control and automatically have access to certain paths blocked, without anyone needing to configure the server.
I only need directory & file blocking, none of the other abilities that .htaccess has.
Just to be clear, we are using ColdFusion, not .NET, and whilst CF has assorted ways to handle its own scripts, it doesn't do anything with non-CFML scripts. (It is possible to do, for example config.xml.cfm, but that is a messy solution that requires updating code, etc.)
(Of course, ideally these directories/files shouldn't even be in the webroot, and if I could switch to Apache or IIS7 I could simply use .htaccess, but those aren't options at the moment.)
My current solution is going to be a readme.deploy.txt that contains instructions on how to manually set the permissions on the relevant files & directories in IIS Manager, but obviously I'd much prefer to avoid human intervention for it - any suggestions?
You could create a script that would do this when you cycle through your deployment, like say a scheduled task where you use a PowerShell script or batch script that sets up the enviroment.
With IIS6 this is going to require mucking with the Metabase, which could solve your problem, but it will require scripts to have access to the system metabase and execute system commands or you going to have to learn how to use the ii6 metabase command files
see this This Article
If they have root access maybe it would be wise to just create a installation utility that can tweak the settings for them.
Good luck,
mike
Well, for ASP.net specifically you have the .config files which allow you to control some aspect of those web folders.
However, I'm not aware of anything like .htaccess for IIS.
.NET has Routing which allows you to 'rewrite' paths. The MVC framework has it built in... I'm not sure on how to configure/use it for 'normal' ASP.NET applications.
Update: didn't know you weren't on .NET.
Maybe you're just looking for File/Folder permission settings? Don't know anything about setting those by using a config file...

How do you handle code promotion in a Sharepoint environment?

In a typical enterprise scenario with in-house development, you might have dev, staging, and production environments. You might use SVN to contain ongoing development work in a trunk, with patches being stored in branches, and your released code going into appropriately named tags. Migrating binaries from one environment to the next may be as simple as copying them to middle-ware servers, GAC'ing things that need to be GAC'ed, etc. In coordination with new revisions of binaries, databases are updated, usually by adding stored procedures, views, and adding/adjusting table schema.
In a Sharepoint environment, you might use a similar version control scheme. Custom code (assemblies) ends up in features that get installed either manually or via various setup programs. However, some of what needs to be promoted from dev to staging, and then onto production might be database content that supports the custom code bits.
If you've managed an enterprise Sharepoint environment, please share thoughts on how you manage promotion of code and content changes between environments, while protecting your work and your users, and keeping your sanity.
I assume when you talk about database content you are referring to the actual contents contained in a site a or a list.
Probably the best way to do this is to use the stsadm import and export commands to export and import content from one environment to another. (Don't use backup/restore when going from one environment to another.)
For any file changes (assemblies, aspx) you can use Features and then keep track of the installers. You would install the feature and do an upgrade to push changes.
There's no easy way to sync the data...you can use stsadm import/export commands as John pointed out. But this may not be straight-forward, especially if the servers are configured differently.
There's also Data Sync Studio product (http://www.simego.net/DataSync_Studio.aspx) you can try.
Depending on what form the database content takes, I would keep the creation of it in code so it's all in one place (your Visual Studio project) and can also be managed via source control. Deployment of the content could either be via a console application or even better feature receiver.
You might also like to read this blog post and look at the tool mentioned there for another approach.
The best resource I can point you to is Eric's paper:
http://msdn.microsoft.com/en-us/library/bb428899.aspx
I was part of a team working to better the story around development of WSS and MOSS solutions with TFS, but I don't know where that stands.

Resources