add notes

Makefile

@@ -1,6 +1,11 @@
 DOCKER ?= docker
 COMPOSE ?= docker compose
 PUBLIC_URL ?= https://askar.abbiamoundominio.org
+TMPDB_CONN = --host=127.0.0.1 --port=3307 --user=root --password=toor --ssl-verify-server-cert=FALSE
+DUMP_CONN = -h 127.0.0.1 -P 3306 --user root --password=toor --ssl-verify-server-cert=FALSE
+VERSIONED_DUMP = ./assets/db/dump.sql
+TMP_PROD_DUMP = ./out/db.tmp.sql
+PROD_DUMP = ./out/dump.sql
 
 dev-run:
 	$(COMPOSE) up
@@ -12,7 +17,7 @@ dev-clean:
 	$(COMPOSE) down --volumes
 
 dev-dump:
-	mariadb-dump --hex-blob -h 127.0.0.1 -P 3306 --user root --password=toor askar > ./assets/db/dump.sql
+	mariadb-dump $(DUMP_CONN) askar > $(VERSIONED_DUMP)
 
 ./out:
 	mkdir ./out
@@ -23,5 +28,45 @@ prepare-image:
 	$(DOCKER) build -t unit/askar-website .
 	$(DOCKER) image save -o out/image.tar unit/askar-website
 
-prepare-db:
-	cat ./assets/db/dump.sql | sed -e 's;http://localhost:8080;$(PUBLIC_URL);g' > ./out/db.sql
+tmpdb-start:
+	$(DOCKER) run -d --rm --name tmpdb \
+		-p 3307:3306 \
+		-e MYSQL_DATABASE=askar \
+		-e MYSQL_USER=askar \
+		-e MYSQL_PASSWORD=askar \
+		-e MYSQL_ROOT_PASSWORD=toor \
+		mysql:8
+	while ! mariadb-admin ping $(TMPDB_CONN); do sleep 1; done
+
+tmpdb-stop:
+	$(DOCKER) stop tmpdb
+
+tmpdb-do-dump:
+	cat $(VERSIONED_DUMP) | sed -e 's;http://localhost:8080;$(PUBLIC_URL);g' > $(TMP_PROD_DUMP)
+	cat $(TMP_PROD_DUMP) | grep -v -E '^/\*' | (echo "SET sql_mode = '';" && cat) | mariadb $(TMPDB_CONN) askar
+	mariadb-dump --default-character-set=binary --hex-blob $(TMPDB_CONN) askar |  grep -v -E '^/\*' > $(PROD_DUMP)
+
+prepare-db: tmpdb-start tmpdb-do-dump tmpdb-stop
+
+prepare-%:
+	tar czvf ./out/$*.tar.gz -C ./assets/wordpress/wp-content/$*
+
+prepare-data: prepare-uploads prepare-plugins
+
+prepare-export: prepare-db prepare-data
+
+push-db:
+	cat $(PROD_DUMP) | ssh $(REMOTE_DB_HOST) mysql --user $(REMOTE_DB_USER) --password $$(age -d ./assets/admin.pass.age) $(REMOTE_DB_DATABASE)
+
+_push-%:
+	cat ./out/$*.tar.gz | ssh $(REMOTE_WEB_HOST) tar zxvf -C $(REMOTE_WEB_ROOT) -
+
+push-website: _push-uploads _push-plugins
+
+pull-db:
+	ssh $(REMOTE_DB_HOST) mysqldump --user $(REMOTE_DB_USER) --password $$(age -d ./assets/admin.pass.age) $(REMOTE_DB_DATABASE) > ./out/remote.dump.sql
+
+_pull-%:
+	ssh $(REMOTE_WEB_HOST) tar czvf - -C $(REMOTE_WEB_ROOT) $* > ./out/remote.$*.tar.gz
+
+pull-website: _pull-uploads _pull-plugins

NOTES_ON_WORDPRESS.md

@@ -0,0 +1,33 @@
+# Notes on exporting/importing wordpress
+
+Wordpress is an extremely tricky CMS to move. The local configuration assumes
+the root url being at `http://localhost:8080`, but we want to publish the site
+on a public, TLS protected address.
+
+In order to do so, many steps have to be taken.
+
+### Export the db
+
+The database has to be exported, and all occurrences of `http://localhost:8080`
+have to be replaced with the public url, including the protocol.
+
+### Ensure that the wordpress installation knows its public url
+
+Using wordpress provided by docker, we need to set in the production container
+environment the variable
+
+```
+WORDPRESS_CONFIG_EXTRA="define( 'WP_SITEURL', '<PUBLIC_URL>' );"
+```
+
+### Configure the reverse proxy
+
+The reverse proxy where the TLS termination happens must pass the following
+header to the wordpress container
+
+```
+X-Forwarded-Proto: https
+```
+
+otherwise all the assets are served through an unencrypted connection and the
+browser (rightly so), refuses to load them.