WordPress-Corporate Intranet

Having explored wordpress on numerous occasions, it is only fair to make a case for wordpress as a suitable alternate to opensource and free corporate intranet. It is easy to install, manage and scale due to it’s strong & intuitive design. One of the most important feature about wordpress is it ability to improve its usability by adding new plugins. One needs to simply get into the search section and pour your thoughts on what you expect and a plugin would be available in some form or shape. Following is a set of useful tools that could be used to create a corporate intranet within minutes. It is important to note that while the platform and technology will be available quickly, more focus is required to enhance it’s adoption within the corporate given that there are enormous other distractions.

One of the striking features of wordpress is – Multisite. Earlier wordpress had two installations – WordPress for single sites and WordPress MU for Multiple Sites. Post 3.0 version, wordpress developers made lives easy of so many wordpress users. They merged the two versions and made multisite as feature in the standard wordpress installation which one needs to simply enable for converting a single site wordpress into a multisite wordpress installation. It is important to note that all hosting providers do not provide multisite capabilities as it is a resource hungry implementation. This article will not get into details of implementing multisite but just highlight the key feature of multisite. There is a lot written on multisite and when a multisite needs to be used on the internet and one should google it to determine what is the best strategy that suits you.

To start, with any corporate would like to have following in their intranets without major hassles. With respect to their needs, the wordpress implementation can be enriched to add more and more features.

  1. Infrastructure
    1. Software Licensing – WordPress works best on Linux which is open source and free. Some basic requirements are
      1. Operating system – Supports Linux and Windows. As usual my favorite is Ubuntu 12.04 server with 64 bit architecture. It is a fast, secure and one get lots of community help
      2. Web-server – Apache 2 – Simple to configure, canonical has made it easy to configure and works seamlessly
      3. Database – MySQL.
      4. Miscellaneous – Other dependencies such as php5, php5-ldap, php5-imap will be required to be installed before implementing wordpress
      5. WordPress – Freely downloadable from www.wordpress.org website
    2. Hardware
      1. Depending on the size and complexity the hardware needs to be sized. If you are going to expose the intranet to internet separate application and database servers are recommended with application server residing in the DMZ and database server and uploads folder residing behind the firewall.
      2. For a 100 people intranet – a standard desktop machine with 2 GB Ram is sufficient, however for more complex and more number of users – a enterprise class server with 8 GB or 16 GB RAM and quad core processor is recommended. If you have more videos and pictures, you may want to add storage
    3. Backups
      1. Backing up MySQL database and the wordpress folder is sufficient if you are not doing virtual hosting, else apache config files will be required to be configured.
      2. MySQL replication (read one of my blogs) is simple to configure and should be implemented to ensure the database is available at all times.
  2. Intranet functionality
    1. Authentication – expandable using a standard plugin
      1. There are several plugins available for LDAP and Activie directory integration. These plugins support SSO which means users may not be required to login
      2. SAML 2.0 Single Sign-On – This plug-in will allow users to login without the users requiring to enter the userid and password based on active directory authentication
      3. Standard LDAP authentication for Openldap are also available. Other providers like google, openid etc are easily available and can be installed through the plugins functionality
    2. Social Network – expandable through a standard plugin
      1. Buddy Press – This is my favorite one. This simply changes the way wordpress works. It converts a simple website into a social framework, something similar to a facebook and twitter. It allows people to build their profiles, networks and enhance collaboration. This is one of the best open source free applications I have come across. Another one which works good is ‘Status Net’. I will not talk about it here though.
      2. Private Messaging, groups and blogs are easy to create and will help corporates to enhance employee interactions and social quotient
    3. Training – expandable through a standard plugin
      1. WP Course Manager – manage various training courses and registrations
      2. teachpress – another plugin to manage courses and registrations
      3. JW Player – For embedding videos or playing training video streams within the course
      4. Watu – Create online exams, quizzes to test the training effectiveness
    4. Video & Picture galleries – expandable using plug-ins
      1. Ultimate Video Gallery – Play your own videos, corporate videos, youtube or vimeo videos
      2. Pinterest Gallery – works with native wordpress gallery.
      3. Envira Gallery Lite – Another plug -in for creating a picture gallery
    5. Blogs – Blogs is the strength of wordpress. It is born with blogs
    6. Wiki – Pencil Wiki is a feature rich plugin to enable users create and modify wikis
    7. Document Management – expandable using plug-ins
      1. SP Client Document & Project Manager
      2. WP Document Revisions
      3. BP Group Documents
    8. Help-desk – expandable trhough plug-ins
      1. WordPress Advanced Ticket System – Create and manage tickets with analytics
      2. Scebo Customer Support
      3. wpsc support tickets
    9. Job Boards
      1. WP- Job Manager – simplest and easy to use
      2. Jbo Manager by Smart Recruiters – Feature rich and provides variety of options, widgets, control
    10. Event Management
      1. Events – A simple plugin to display up-coming events in the sidebar
      2. WordPress Events Calendar – A full functional calendar with the ability to display events calendar for the month or specified period
      3. Event Organizer –  A full fledged event organizer with the ability to invite, integration with Google Maps and detailed view of agenda etc
    11. Project Management
      1. WP Project Manager
      2. Easy Project
      3. Flowboard- Kanbann

With so many plugins and scalability, wordpress makes a competitive alternative to any commercial or complex CMS. More and more plugins keep getting added and existing plugins keep getting updated and that just keeps enhancing the functionality of the intranet.

Enjoy managing corporate intranet using wordpress.

Permalinks & WordPress

I have often found issues when installing wordpress on a personal server (for small or medium sized office intranets) because of permalinks and buddy press. If one wants to use buddy press a s a social network system within organizations, it cannot function using default permalinks. You need to change that to anything but default, only then Buddypress works.

Before you install buddypress and several other plugins, this is what you have to do ensure permalinks work and so does buddy press.

  1. Open terminal
  2. sudo a2enmod rewrite
  3. sudo service apache2 restart
  4. I am assuming you will use virtual hosting and below will be the scenario
    1. WordPress directory is copied in /var/www/
    2. Ownership of wordpress directory is changed by using the command from /var/www/ directory : sudo chown -R www-data:www-data wordpress/
    3. a database in is created in MySQL using phpmyadmin and grant rights provided to database user
    4. Apache settings
      1. cd /etc/apache2/sites-available
      2. sudo cp default testsite
      3. sudo nano testsite
      4. The following should be the file content
      5. <VirtualHost *:80>
        ServerAdmin webmaster@localhost
        ServerName www.test.com
        ServerAlias test
        DocumentRoot /var/www/wordpress
        <Directory />
        Options FollowSymLinks
        AllowOverride None
        </Directory>
        <Directory /var/www/wordpress/>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        allow from all
        </Directory>ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory “/usr/lib/cgi-bin”>
        AllowOverride None
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
        Order allow,deny
        Allow from all
        </Directory>ErrorLog ${APACHE_LOG_DIR}/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog ${APACHE_LOG_DIR}/access.log combined

        Alias /doc/ “/usr/share/doc/”
        <Directory “/usr/share/doc/”>
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
        </Directory>

        </VirtualHost>

      6. The red marked ‘All’ is the critical one. That has to be changed from default None to All
      7. ^O
      8. ^X
      9. sudo service apache2 restart
      10. Now your permalinks should work
      11. Install all the your plugins required

MySQL Replication for Moodle

Hope the earlier post for implementing Moodle was useful. To add backup to moodle would be ideal and what better than to use MySQL replication for ensuring database is getting backed up in real-time basis.

In this article we shall use two servers

  1. Master Server: 10.30.8.52 – Ubuntu with Moodle, My SQL 5.5, phpmyadmin
  2. Slave Server: 10.30.8.45 – Ubuntu, MySQL 5.5, phpmyadmin

Configuring the Master server –

This is the main MySQL database that Moodle will use in the production environment. This is the database in which Moodle will make entries

Master rep1

  • Selection Replication from the ‘More’ tab dropdown as shown above

Master rep2

  • Under Master replication – click on ‘configure’

Master rep3

  • Copy the 4 lines seen in the window and paste it in my.cnf file
    • sudo nano /etc/mysql/my.cnf

Master rep4

    • To allow slave server to connect to the master server, you will need to allow the IP address of the slave server in my.cnf file as shown above
    • It is observed that after entering these four lines in my.cnf of master server, Moodle application is unable to write to the database. To resolve that issue make an entry of the following line after binlog_do_db=moodle. The entry you need to make in the my.cnf file is binlog_format=ROW (below binlog_do_db=moodle)
    • Restart the mysql database and apache server by running the following commands
      • sudo service apache2 restart
      • sudo service mysql restart
    • Click on the Go button in your browser and your browser window should look like below

Master rep5

    • Click on ‘Add Slave User’

Master rep6

    • Add the details as mentioned above, you can enter a password or click on generate and then press ‘Go’

We have completed the Master Configuration

Configuring the Slave server –

This is the slave MySQL database in which the master database will be replicated in real time.

Master rep1

  • Selection Replication from the ‘More’ tab dropdown as shown above

Master rep2

  • Under Slave replication – click on ‘configure’

Master rep7

  • Make the above entries and enter the ‘server id’ details above the username section in slave server’s my.cnf in the [mysqld] section
  • Restart mysql server (sudo service mysql restart)
  • If the slave is able to connect to master it should show the below screen

Master rep8

  • Click on ‘See Slave Status Table’. The two parameters highlighted should be always ‘Yes’ in green colour indicating the slave database is replicating with the master database.

Master rep9

  • If either or both are in Red colour you should click on ‘ Control Slave’ and then ‘Full Start’

Master rep10

  • Once it is starts, click on See Slave Status Table’ and look for the ‘Slave_IO_State’ property (first line) – It should be – ‘waiting for master to send event’. This means the replication is successful.
  • Now go back to ‘Master Server’ and click on ‘More->Replication’. Under ‘Master Configuration’, click on ‘See connected Slaves’ and you should be able to see the server id of the slave server as shown below

Master rep11

You have successfully configured MySQL replication between two servers. You can have multiple slaves across various locations and repeat steps as demonstrated above.

Implementing Moodle on Ubuntu 12.04

Moodle (www.moodle.org), is one of the most popular open source Learning Management Systems and thousands of Universities and corporates use this system internally for managing various training programmes. This blog talks about one of the possible ways of implementing Moodle on Ubuntu 12.04.

Pre-requisites

  1. Ubuntu 12.04 LTS server
  2. Update & upgrade ( sudo apt-get install update && sudo apt-get upgrade)
  3. Basic Software
    • Apache Web server (sudo apt-get install apache2)
    • MY SQL Database (sudo apt-get install mysql-server-5.5)
    • PHP (sudo apt-get install php5 phpmyadmin php5-ldap)
    • Installing Moodle dependencies
      • sudo apt-get install php5-curl php5-intl php5-xmlrpc
  4. Internal IP: 192.168.65.18
  5. Machine hostname: moodle
  6. Site name: test.moodle.com

Downloading and Preparing the Moodle Server

  1. Download the installable (http://download.moodle.org/)
  2. Extract the installable and rename the folder as moodle in var/www
  3. The folder hierarchy should be : /var/www/moodle
  4. Create a folder moodledata. It could be /moodledata or /var/www/moodledata
  5. Change the ownership of moodledata folder to apache user (www-data): sudo chown –R www-data:www-data </path/of/moodledata/folder>

Configuring Apache for virtual hosting and using self signed certificate of apache for SSL

  1. cd /etc/apache2/sites-available
  2. sudo cp default-ssl test.moodle.com
  3. sudo nano /etc/apache2/sites-available/test.moodle.com
    1. Below is the excerpt of the test.moodle.com apache configuration file

    <IfModule mod_ssl.c>
    <VirtualHost _default_:443>
    ServerAdmin  webmaster@test.moodle.com
    ServerName      test.moodle.com
    ServerAlias       test
    DocumentRoot /var/www/moodle
    <Directory />
    Options FollowSymLinks
    AllowOverride None
    </Directory>
    <Directory /var/www/moodle/>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride None
    Order allow,deny
    allow from all
    </Directory>

  4. sudo a2ensite test.moodle.com
  5. sudo a2enmod ssl

Configuring MY SQL database

  1. Open a browser and type : http://192.168.65.18/phpmyadmin
  2. Use ‘root’ as uid and the password you kept while installing MySQL
  3. Click on ‘Privileges’
  4. Click on ‘Create User’ and add ‘moodle’ as a user
  5. Click on create a database with the name same as the user
  6. Add ‘Grant’ rights for ‘moodle’ on database ‘moodle’

Configuring Moodle

  1. Open a browser and type: https://test.moodle.com and accept the self signed certificate warning
  2. For the above link to work, you either need to
    • Make a host file entry on your local machine OR
    • NAT the server to a public IP and make a web dns entry pointing the A record to the public IP address of the server
  3. Follow on screen instructions to complete the moodle installation

Finalizing the installation

  1. Enable ufw (sudo ufw enable)
  2. sudo ufw allow ssh
  3. sudo ufw default deny
  4. sudo ufw allow 443

We have completed the installation of Moodle with https. Happy Moodling Smile

Openfire Chat Server on Ubuntu 12.04

Ever since Ubuntu stopped bundling sun java in it’s repositories, it has been a nightmare for installing openfire on Ubuntu. The openjdk, sort of works, but some still prefer oracle’s (ahem – sun Smile ) Java Run time.

Openfire is an open source jabber based Instant Messaging chat system with one of the strongest feature set and simplistic user interface (read as web based interface providing good integration with Microsoft environment). This post will essentially take you through the pain of installing sun java renamed as oracle java on an Ubuntu Server 12.04. I always choose Ubuntu 12.04 because it is the most stable version Ubuntu has released and a server because it is very light on resources without any graphical interface. The down side you need to rely on terminal, ssh and patience Smile

There is a fully functional debian installer which obviously works with Ubuntu for openfire and can be downloaded from http://www.igniterealtime.org/downloads/index.jsp

Following are the steps you need to follow to get openfire to work on Ubuntu 12.04

  1. Pre-requisites
    • Ubuntu 12.04 server or desktop. Server is preferred for obvious reasons
    • Follow it up with recent updates (sudo apt-get update && upgrade)
    • hostname : testim (you can have whatever you want)
    • Hardware – Generally for a user base of ~ 200, you should consider at least
      • 1 GB RAM
      • 1 core
      • 10 GB of hard disk space
    • Static IP: 192.168.1.25
    • Other Applications
      • Webserver – Apache
      • Database – MySQL – You can use openfire’s embedded database, but I prefer a more manageable and robust database
      • Java – Oracle Java
    • Internet and firewalls
      • Fast internet – Lots of downloads will happen
      • Firewall or UTM – In a corporate environment, ensure the Openfire server gets unrestricted internet without any content filtering or download limits – at least till the installation is completely done. It is a LAN to WAN traffic, so should be quite safe
  2. Installing Pre-requisite Applications
    • Webserver & Database with following commands
      • sudo apt-get install apache2 mysql-server-5.5 phpmyadmin php5 php5-ldap python-software-properties
      • php5-ldap is required if you want user authentication based on Microsoft Active Directory or LDAP servers such as openldap
      • You can install the database on a separate server – totally up to you. I am installing it on the same server. If you install it on a different server, you may need to comment out ‘bind address’ argument in /etc/mysql/my.cnf so that the mysql database can accept connections from any server.
    • Java
      • sudo add-apt-repository ppa:webupd8team/java
      • It will ask you to confirm importing a key –> Accept
      • sudo apt-get update
      • sudo apt-get remove –purge openjdk*
      • sudo apt-get install oracle-java7-installer
      • Several pop-ups to accept agreements etc. Accept them
      • java –version (once the installer has finished)
  3. Installing Openfire
    • Assuming you have downloaded the latest openfire debian installer, run the following command from the folder in which you have stored the installer – sudo dpkg –i <name of the file>
    • Openfire has been installed but not ready yet to start
    • sudo apt-get install rpl
    • sudo rpl ‘6-sun‘ ‘7-oracle‘ /etc/init.d/openfire
  4. Configuring Openfire
    • Use following steps to create a database using web GUI using phpmyadmin
      • Go to http://192.168.1.25/phpmyadmin in a browser
      • Use uid as root & password as whatever you kept while installing MySQL database in step 2 above
      • create a database, user and give grant privileges – You can use that suits you
        • database – openfire
        • user – openfire
        • password – password
    • Use following steps for creating a database in MySQL using terminal. I am assuming the database is on the same server as where you are installing openfire
      • sudo mysql -u root –p
      • mysql> CREATE DATABASE openfire CHARACTER SET=’utf8′;
      • mysql> CREATE USER ‘openfire’@’localhost’ IDENTIFIED BY ‘password‘;
      • mysql> GRANT ALL PRIVILEGES ON `openfire`.* TO ‘openfire’@’localhost’ WITH GRANT OPTION;
      • mysql> FLUSH PRIVILEGES;
      • mysql> quit
    • sudo service openfire start
    • Open a browser and http://192.168.1.25:9090/setup/index.jsp
    • Follow the instructions and you are all set to have a fully functional openfire
    • Once the server is up and running, to avoid java memory leak do the following
      • In the Openfire Admin console goto System Properties
      • In Add new Property ( You will have to scroll down alll the way), add
        • Property Name: xmpp.pep.enabled
        • Value: false
      • sudo service opefire restart
  5. Don’t Forget to
    • activate firewall on the server (see my blog on using UFW). Run following to ensure you are safe on the server
      • sudo ufw enable
      • sudo ufw allow ssh
      • sudo ufw default deny
      • sudo ufw allow 9090/tcp
      • sudo ufw allow 9091/tcp
      • sudo ufw allow 5222/tcp
      • sudo ufw allow 7777/tcp
      • sudo ufw allow 7443/tcp
      • sudo ufw allow 7070/tcp
      • sudo ufw allow 3478/tcp
      • sudo ufw allow 3479/tcp
    • Explore plethora of plugins in the openfire server.
  6. Enjoy your Instant Messaging Server

Squid with LDAP Authentication

Simple guide to install LDAP, SQUID

In this article, I will take you through a very simple but working configuration of openldap, phpldapadmin, squid proxy. The beauty of this guide is that it uses all software packages from Ubuntu repositories and uses almost all default configurations. This is not the only way of doing this or may not be the most secure way of doing this but this configuration can generally be used internally in an organization.

System Environment

  1. Ubuntu Server 12.04.03 LTS 64 bit fully patched
  2. hostname – gateway
  3. user id: test
  4. password: test123
  5. machine ip: 192.168.1.5
  6. Router ip: 192.168.1.1
  7. Default DNS: 8.8.8.8
  8. LDAP domain: ubuntu.in

Pre-requisites

  1. Ubuntu 12.04.03 LTS, fully patched
  2. sshd is installed and is working
  3. IP address is static and set to 192.168.1.5 / 255.255.255.0

Base installs

  1. sudo apt-get install apache2 php5 slapd ldap-utils php5-ldap squid phpldapadmin
  2. enter ldap admin password when prompted (we will re-configure slapd once again to make it work with phpldapadmin)
  3. LDAP Server & phpldapadmin configuration
    1. sudo nano /etc/ldap/ldap.conf
      1. BASE dc=ubuntu,dc=in
      2. URI ldap://192.168.1.5
      3. ^O
      4. ^X
    2. sudo dpkg-reconfigure slapd
      1. dns name: ubuntu.in
      2. Organization: Ubuntu India
      3. admin password: test123 and reconfirm
      4. keep all other options offered as default
    3. sudo nano /etc/phpldapadmin/config.php and make following changes in “ Define your LDAP Servers in this section” – it is quite below in the file and you need to scroll down a lot
      1. $servers->setValue(‘server’,’name’,’Ubuntu LDAP Server’);
      2. $servers->setValue(‘server’,’base’,array(‘dc=ubuntu,dc=in’));
      3. $servers->setValue(‘login’,’bind_id’,’cn=admin,dc=ubuntu,dc=in’);
      4. $servers->setValue(‘login’,’bind_pass’,’test123′);
      5. ^O
      6. ^X
    4. Restart all the services
      1. sudo service slapd restart
      2. sudo service apache2 restart
    5. Open the browser and
      1. type : http://192.168.1.5/phpldapadmin
      2. Click on login
      3. Enter the password: test123
    6. Done with installing LDAP Server and phpldapadmin
  4. Populating the LDAP server with objects
    1. Open the browser and type : http://192.168.1.5/phpldapadmin
    2. Click on Create an entry here and select
      1. Organization Unit and name it as “groups”
      2. Organization Unit and name it as “people”
    3. Under groups click on create an entry here and select ‘Posix Group’
      1. Create multiple posix groups if required as such as it, sales, marketing, finance, travel etc
      2. Under the Posix group, create multiple ‘Generic User Accounts’
  5. Squid Server & configuration
    1. sudo apt-get install squid3
    2. sudo nano /etc/squid3/squid.conf
      1. Uncomment this – acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
      2. Add the following
        1. auth_param basic program /usr/lib/squid3/squid_ldap_auth -b “dc=ubuntu,dc=in” -f “uid=%s” -h 192.168.1.5
        2. acl ldapauth proxy_auth REQUIRED
        3. http_access allow ldapauth
        4. ^o
        5. ^X
    3. sudo service squid3 restart
  6. Confguring the browser to use the proxy
    1. For Ubuntu – search for network in the dash and click on proxy
    2. Add 192.168.1.5 and 3128 as the port and click on ‘apply system wide’
    3. Fireup the browser and the system should ask you for a uid and password if you open an internet website
    4. Enter the UID and password of the LDAP object you created
    5. You should be able to access the internet with Proxy and LDAP authentication

Dont forget to click on ‘Like’ if this works for you. Leave a comment and I will respond.

Good Luck

Userdir Module – Per user directory for apache

In a development environment, one has often struggled with giving appropriate permissions to users for developing websites on a shared Apache & MYSQL environment. Below is a quick way to let people develop sites in their own home directories and carry their permissions into their folders. The below process also allows users to FTP into their home directories using their own credentials. The configuration steps are applicable to the following development environment.

  1. Development Environment
    1. Operating System – Ubuntu 12.04 LTS (Recommendation – update and upgrade to 12.04.02)
    2. Apache 2.2
    3. Proftpd
    4. hostname: test
    5. IP address: 10.1.5.5
    6. Local username: infraadvisory
  2. Configuration
    1. Basic installation of required software
      1. sudo apt-get update && upgrade
      2. sudo apt-get install apache2 proftpd
      3. sudo service apache2 restart
      4. Open a browser and check if apache is installed by typing : http://10.1.5.5. It should show ‘ It Works’
      5. If you also want to install MySQL run the following commands
        1. sudo apt-get install mysql-server-5.5 php5 phpmyadmin
        2. Enter relevant password for root for MySQL and select no for configuring a database.
        3. You can configure a data base by typing: http://10.1.5.5/phpmyadmin and
        4. Entering user id – root & pwd – whatever you kept while installing MySQL
    2. Enabling ‘userdir’ module
      1. sudo a2enmod userdir
      2. The above command will enable the per user functionality for publishing sites
    3. Creating public_html folder and assigning permissions
      1. mkdir ~/public_html && chmod 0755 ~/public_html
      2. The above command will create a public_html folder in the user’s home directory
      3. In single command above we have created a folder and given permissions
      4. Now html files will be served through this directory by typing the following url: http://10.1.5.5/~infraadvisory
    4. Serving PHP files
      1. sudo nano /etc/apache2/mods-available/php5.conf
      2. Comment out by putting a # in the 4th last line in the file (php_admin_value  engine Off – should be commented out)
      3. Press Cntl O and then Cntl X to exit nano
      4. sudo service apache2 restart
  3. Test
    1. Fireup Filezilla and enter hostname as :10.1.5.5, Username as: infraadvisory & relevant password, port 22 and click on Quick Connect
    2. You should be able to connect to the FTP server and see public_html folder.
    3. Copy your website in public_html
    4. Fire up a browser and enter the url: http://10.1.5.5/~infraadvisory. You should get the index.php or default.php in the browser.