Some history and context<br />First on-line presence way back in 1993<br />Evolution over 16 years:<br />Static HTML something a little more automated blogging<br />Also my extended family are in the UK/NZ – keeping the Grandparents up to date is important.<br />
Technology evolution<br />Way back - ftp upload of html/content to some Unix host<br />Since 2000 – static IP and self hosting<br />2000 – NetWare (!) + static content<br />2003 – SLES 8 + Apache + static content<br />2005 – SLES 9 + Apache + mysql + WordPress 1.5<br />2009 – virtualised web + mysql on SLES<br />
Why self-hosting<br />I’m a technology geek. <br />Self hosting means live servers, a great sandbox and a real learning environment.<br />(I also run the home infrastructure..)<br />I get ultimate flexibility and control.<br />Hosting elsewhere is cheaper – with the usual issues around security, platform, updates etc<br />
Hosting for friends and family<br />The ultimate scope creep.<br />Started with the ‘family blog’ – added my ‘personal blog’ …<br />… then added various additional blogs for family members; three blogs for friends and my sisters Cub Scout pack.<br />Now over a dozen in total.<br />
Understanding the ‘stack’.. And it all needs testing and patching<br />Gallery2<br />Themes<br />Plugins – ‘Core’ and ‘Per site’<br />WordPress Core<br />Database + data<br />Graphics helpers for Gallery2<br />Apache/PHP/mysql/libs<br />SLES<br />Hardware<br />
Old school patching<br />Check on a semi-regular basis for updates to WordPress (e.g. 1.5 1.6)<br />Download; unpack; test.<br />Check for Linux updates on a regular basis<br />Download; update; test.<br />
Patching today<br />Plugins seem to be updated on an almost daily basis.<br />WordPress at last has a more regular cadence for updates; expect the flurry of point releases after a major rev. <br />
The challenge<br />Each blog is built of a ‘core’ set of plugins – with some specific functionality added on top. There are a couple of hand-coded modifications in place (theme and php-exec plugin)<br />How to keep ‘secure’ and functional – without spending 20 hours a week patching..<br />
Change control is key<br />Discipline keeps things sane.<br />Consistent core blog structure<br />Document changes; test the changes; deploy the changes<br />Have a rollback/backup plan<br />Plan for major, grouped updates<br />My last one was to 2.8.3<br />Expect the short notice security fixes<br />2.8.4!<br />
Test, test – test again.<br />Something unexpected will always happen.<br />e.g. libxml2/PHP bug – trac 7771<br />http://core.trac.wordpress.org/ticket/7771<br />http://www.evilzenscientist.com/blog/2009/08/05/php-xml-parsing-bug-and-a-workaround/<br />
Backup and recovery<br />Backup is really important.<br />Understand everything that needs to be archived for recovery.<br />Mysql dump; filesystem dump<br />Configuration files from server<br />Documentation<br />
Backup<br />Weekly dump of mysql and configto offline disk.<br />Monthly dump of photos to offline disks.<br />Full archive every quarter.<br />Stored in a fire safe.<br />Looking at going back to tape to make this easier and faster.<br />
Restore<br />Fire/theft/hackers/malware/bad hardware.<br />Something will eat the data.<br />Since 2000 I have rebuilt the web servers over a dozen times – upgrade OS, moving OS, moving hardware, replacing failed hardware, upgrading hardware – all the usual reasons.<br />Practice your data rebuild before the emergency!<br />
Security<br />Having anything internet facing invites intruders. Everything from casual inquiries to more serious hacking and DOS attempts.<br />At some point someone will try and hack/attack you.<br />Be prepared.<br />
Security<br />The basics<br /><ul><li>Keep things up to date!
Have an edge firewall and intrusion detection.
Understand your normal traffic patterns in and out
Don’t run your web site on your laptop/games machine/home server</li></li></ul><li>Security<br />The basics<br /><ul><li>Minimise the attack profile – less is better. Turn off/don’t install unwanted modules and features.
Don’t use root; have separation of priviledges</li></li></ul><li>Summary<br />I love hosting my own WordPress – it’s been a great learning experience.<br />Keep on top of patching and updates!<br />Share your experiences – WordCamp and WordPress.org – the community needs us all<br />Enjoy!<br />