https://redmine.gc.cuny.edu/https://redmine.gc.cuny.edu/favicon.ico2017-04-20T15:34:51ZCUNY Graduate Center - Project Tracking SystemCUNY Academic Commons - Bug #7997: Transition from single cac-files.php file server to site-specific .htaccess directiveshttps://redmine.gc.cuny.edu/issues/7997?journal_id=315732017-04-20T15:34:51ZMatt Goldmattgold@gmail.com
<ul></ul><p>Thanks, Boone -- this seems like a great and well-advised move</p> CUNY Academic Commons - Bug #7997: Transition from single cac-files.php file server to site-specific .htaccess directiveshttps://redmine.gc.cuny.edu/issues/7997?journal_id=323102017-05-22T19:15:21ZBoone Gorgesboone@gorg.es
<ul><li><strong>Related to</strong> <i><a class="issue tracker-1 status-5 priority-4 priority-default closed" href="/issues/8183">Bug #8183</a>: Edit of Post creates notification emails</i> added</li></ul> CUNY Academic Commons - Bug #7997: Transition from single cac-files.php file server to site-specific .htaccess directiveshttps://redmine.gc.cuny.edu/issues/7997?journal_id=323122017-05-22T19:16:24ZBoone Gorgesboone@gorg.es
<ul><li><strong>Related to</strong> deleted (<i><a class="issue tracker-1 status-5 priority-4 priority-default closed" href="/issues/8183">Bug #8183</a>: Edit of Post creates notification emails</i>)</li></ul> CUNY Academic Commons - Bug #7997: Transition from single cac-files.php file server to site-specific .htaccess directiveshttps://redmine.gc.cuny.edu/issues/7997?journal_id=323142017-05-22T19:16:36ZBoone Gorgesboone@gorg.es
<ul><li><strong>Related to</strong> <i><a class="issue tracker-1 status-5 priority-4 priority-default closed" href="/issues/8184">Bug #8184</a>: HTTP Request Failure in FeedWordPress</i> added</li></ul> CUNY Academic Commons - Bug #7997: Transition from single cac-files.php file server to site-specific .htaccess directiveshttps://redmine.gc.cuny.edu/issues/7997?journal_id=323162017-05-22T19:16:50ZBoone Gorgesboone@gorg.es
<ul><li><strong>Related to</strong> deleted (<i><a class="issue tracker-1 status-5 priority-4 priority-default closed" href="/issues/8184">Bug #8184</a>: HTTP Request Failure in FeedWordPress</i>)</li></ul> CUNY Academic Commons - Bug #7997: Transition from single cac-files.php file server to site-specific .htaccess directiveshttps://redmine.gc.cuny.edu/issues/7997?journal_id=323182017-05-22T19:17:04ZBoone Gorgesboone@gorg.es
<ul><li><strong>Related to</strong> <i><a class="issue tracker-1 status-5 priority-4 priority-default closed" href="/issues/7985">Bug #7985</a>: Commons lagging/disconnecting when uploading/inserting images</i> added</li></ul> CUNY Academic Commons - Bug #7997: Transition from single cac-files.php file server to site-specific .htaccess directiveshttps://redmine.gc.cuny.edu/issues/7997?journal_id=334602017-08-29T15:53:58ZBoone Gorgesboone@gorg.es
<ul><li><strong>Related to</strong> <i><a class="issue tracker-3 status-8 priority-4 priority-default closed" href="/issues/8602">Support #8602</a>: Member not able to access Media tab on site</i> added</li></ul> CUNY Academic Commons - Bug #7997: Transition from single cac-files.php file server to site-specific .htaccess directiveshttps://redmine.gc.cuny.edu/issues/7997?journal_id=334642017-08-29T16:03:42ZBoone Gorgesboone@gorg.es
<ul></ul><p>After getting a report similar to <a class="issue tracker-1 status-5 priority-4 priority-default closed" title="Bug: Commons lagging/disconnecting when uploading/inserting images (Resolved)" href="https://redmine.gc.cuny.edu/issues/7985">#7985</a> this morning (<a class="issue tracker-3 status-8 priority-4 priority-default closed" title="Support: Member not able to access Media tab on site (Duplicate)" href="https://redmine.gc.cuny.edu/issues/8602">#8602</a>), I spent some time trying to understand our options a bit better. A full migration will be more complicated than I thought (we'd be inverting the default behavior of WordPress in a number of ways, with several layers of legacy content to deal with), but a partial mitigation of the problem is actually quite a bit easier.</p>
<p>I've made the following change, effective immediately on the production site: <a class="external" href="https://github.com/cuny-academic-commons/cac/commit/46d9b0de1e65ad80667c5b6b3a62b8acc5fd1e0b">https://github.com/cuny-academic-commons/cac/commit/46d9b0de1e65ad80667c5b6b3a62b8acc5fd1e0b</a> Here's what it does:</p>
<p>1. On private sites, do nothing.<br />2. On non-private sites (fully public or "discourage search engines"), do nothing on the front end. In the admin, filter WP's upload directory so that it points to /wp-content/blogs.dir/[blog-id]/files rather than /files/. The primary effect of this change is that dynamically-generated attachment URLs point directly to the files instead of to a WordPress endpoint. This means two things:<br /> a. Uploaded images displayed in the admin - especially in the Media Library - are served directly from Apache. This should basically solve the problem in <a class="issue tracker-1 status-5 priority-4 priority-default closed" title="Bug: Commons lagging/disconnecting when uploading/inserting images (Resolved)" href="https://redmine.gc.cuny.edu/issues/7985">#7985</a> for non-private sites.<br /> b. Images inserted into posts will have URLs that point directly to the file, so that loading them on the front end will not require bootstrapping WordPress a second (third, fourth...) time.</p>
<p>As noted, private sites are unaffected. Admins will still experience some slowness when loading their Media Libraries.</p>
<p>This solution is actually fairly robust and might constitute a "good enough" solution in the long run. There are some smaller remaining issues, which might fall outside the scope of this ticket:<br />a. While we do /files/ rewriting using cac-files.php to protect uploaded files, we don't actually have server-level protections against accessing these files directly. This doesn't have a practical effect in most cases, since the server URLs are never exposed, but it's something we should fix.<br />b. Related: When switching a site from private to non-private - or, more importantly, from non-private to private - we should have a cleanup routine that creates the necessary .htaccess file.</p>
<p>I'll leave the ticket open to address these latter issues. In the meantime, please keep a careful eye out for media-related support requests in the upcoming days.</p> CUNY Academic Commons - Bug #7997: Transition from single cac-files.php file server to site-specific .htaccess directiveshttps://redmine.gc.cuny.edu/issues/7997?journal_id=334662017-08-29T16:06:21ZMatt Goldmattgold@gmail.com
<ul></ul><p>Thanks so much for your work on this, Boone.</p> CUNY Academic Commons - Bug #7997: Transition from single cac-files.php file server to site-specific .htaccess directiveshttps://redmine.gc.cuny.edu/issues/7997?journal_id=338402017-09-28T19:36:23ZBoone Gorgesboone@gorg.es
<ul><li><strong>File</strong> <a href="/attachments/6452">cac-file-protection-backfill.php</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/6452/cac-file-protection-backfill.php">cac-file-protection-backfill.php</a> added</li><li><strong>Status</strong> changed from <i>New</i> to <i>Hold</i></li></ul><p>Here's a first pass at a tool that generates the necessary .htaccess file for non-public sites: <a class="external" href="https://github.com/cuny-academic-commons/cac/commit/5ce7e07d19f8ad8559a83fbcd68979a327efca5c">https://github.com/cuny-academic-commons/cac/commit/5ce7e07d19f8ad8559a83fbcd68979a327efca5c</a></p>
<p>I've also written a wp-cli-script that will backfill .htaccess for existing sites, which is attached to this ticket.</p>
<p>It won't be practical to do very wide testing (beyond what I've already done) until we're in production. I'm leaving the ticket open to account for post-release issues.</p> CUNY Academic Commons - Bug #7997: Transition from single cac-files.php file server to site-specific .htaccess directiveshttps://redmine.gc.cuny.edu/issues/7997?journal_id=342932017-10-30T14:03:05ZBoone Gorgesboone@gorg.es
<ul><li><strong>Status</strong> changed from <i>Hold</i> to <i>Resolved</i></li></ul> CUNY Academic Commons - Bug #7997: Transition from single cac-files.php file server to site-specific .htaccess directiveshttps://redmine.gc.cuny.edu/issues/7997?journal_id=375542018-06-18T19:24:37ZBoone Gorgesboone@gorg.es
<ul><li><strong>Related to</strong> <i><a class="issue tracker-1 status-5 priority-4 priority-default closed" href="/issues/9946">Bug #9946</a>: User and group avatars do not need to run through cac-files.php</i> added</li></ul>