-
Notifications
You must be signed in to change notification settings - Fork 51
SFTP Publishing on Ubuntu 10.04 (Lucid Lynx)
This guide assumes the use of two Ubuntu 10.04 servers, both with the ssh package installed, which provides both the OpenSSH client and the OpenSSH server. An SFTP server is included as part of the OpenSSH server.
One server is the Bricolage server — the server on which Bricolage CMS is running. The other server is a remote server onto which the Bricolage content is to be published. The remote server hostname is shown as remote_server
, and the user with permissions to the remote directory structure is remote_user
.
It is assumed that libgmp3-dev libssh2, Net::SFTP, Net::SSH2 and Net::SSH::Perl have all been installed on the Bricolage server. See Installing Bricolage 2.0.1 on Ubuntu 10.04 LTS (Lucid Lynx) for more information. Note that it is recommended that the latest version of libssh2 be installed from source, rather than using the Ubuntu libssh2-1-dev package.
Create a separate user account for the website files on the remote server. A public_html
directory in the user’s home area will be used as the website’s document root.
sudo adduser \
--system \
--home /srv/www/website \
--group \
remote_user
Create a password for the remote user:
sudo passwd remote_user
Make directory for SSH keys:
sudo mkdir -m 0700 /usr/local/bricolage/.ssh
Create SSH keys — for added security, enter a password when prompted:
sudo ssh-keygen \
-t rsa \
-b 4096 \
-C "Bricolage" \
-f /usr/local/bricolage/.ssh/id_rsa
Set the appropriate permissions:
sudo chown -R www-data:www-data /usr/local/bricolage/.ssh
sudo chmod 0600 \
/usr/local/bricolage/.ssh/id_rsa \
/usr/local/bricolage/.ssh/id_rsa.pub
sudo ssh-copy-id \
-i /usr/local/bricolage/.ssh/id_rsa \
remote_user@remote_server
Check that you can login via SFTP:
sudo sftp \
-oIdentityFile=/usr/local/bricolage/.ssh/id_rsa \
remote_user@remote_server
If you are unable to connect, ensure that the file permissions for the SSH keys are correct, and that you are using the correct username and password.
Type quit
to exit the SFTP console.
This step prevents SSH connections from using password authentication (it does not prevent the use of password protected SSH keys):
sudo vim /etc/ssh/sshd_config
# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes
PasswordAuthentication no
Restart the SSH daemon:
sudo /etc/init.d/ssh restart
For more information about the configuration directives, see Distribution Configuration.
Edit bricolage.conf
:
sudo vim /usr/local/bricolage/conf/bricolage.conf
ENABLE_SFTP_MOVER = Yes
SFTP_MOVER_CIPHER = 0
SFTP_KEY_TYPE = ssh-rsa
SFTP_PRIVATE_KEY_FILE = /usr/local/bricolage/.ssh/id_rsa
SFTP_PUBLIC_KEY_FILE = /usr/local/bricolage/.ssh/id_rsa.pub
FTP_UNLINK_BEFORE_MOVE = Yes
Note: Enabling FTP_UNLINK_BEFORE_MOVE
is optional. However, if you receive the following error when attempting to publish updated files, enabling it should solve the problem:
An error occurred while processing your request:
Error renaming 'index.htm.tmp' to 'index.htm' on 'remote_server'
4 SSH_FX_FAILURE
Restart Bricolage:
sudo /etc/init.d/bric_apachectl restart
From the Bricolage GUI:
Distribution → Destinations → Add a New Destination
Name | Move Method | Copy Resources | Publishes | Previews |
---|---|---|---|---|
My Remote Server | SFTP | No | Yes | No |
In section 2, OUTPUT CHANNELS, add the required Output Channels.
Next →
Add a New Action (section 4, ACTIONS)
Type |
---|
Move |
Next →
Add A New Server (section 5, SERVERS)
Host Name | OS | Document Root | Login | Password |
---|---|---|---|---|
remote_server | Unix | /srv/www/website/public_html | remote_user | SSH key password |