maddo/Regalamiunsorriso
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions
Regalamiunsorriso/.github/instructions/regalamiunsorriso-83-149-164-4.instructions.md
MaddoScientisto 9bd7f19c8f docks and stacks
2026-04-18 10:57:58 +02:00

9.5 KiB
Raw Blame History

description applyTo
Use when: deploying, staging, copying, or promoting regalamiunsorriso site files on server 83.149.164.4, especially for sync/** and www/** changes. sync/**, www/**

Regalami Un Sorriso Server 83.149.164.4

Instructions in this file are specific to the regalamiunsorriso site hosted on server 83.149.164.4 over SSH port 410.

Server Access

  • SSH user: marco
  • SSH key: C:\Users\Maddo\.ssh\id_rsa
  • SSH port: 410
  • Direct SSH login works with the key above.
  • The login banner before authentication is expected.

Preferred SSH Workflow

Use an interactive TTY when a command may need sudo:

ssh -tt -i C:\Users\Maddo\.ssh\id_rsa -p 410 marco@83.149.164.4

For root access, use:

sudo tcsh

If you need a single elevated command:

ssh -tt -i C:\Users\Maddo\.ssh\id_rsa -p 410 marco@83.149.164.4 "sudo tcsh -c 'command here'"

Shell Behavior On This Host

  • The remote login shell behaves as tcsh.
  • POSIX shell constructs like for ...; do ...; done fail unless you explicitly run them through sh -c.
  • The server sh does not support -l, so use sh -c, not sh -lc.
  • tcsh treats redirection and pipelines differently from POSIX shells; commands like find ... 2>/dev/null | head can fail with Ambiguous output redirect unless the whole payload runs under sh -c.
  • Prefer one remote command per SSH invocation when doing reconnaissance. Complex commands with pipes, grouped expressions, or escaped parentheses are much more likely to break under PowerShell-to-SSH-to-tcsh quoting.
  • If PowerShell shows the continuation prompt ? >, the command was malformed locally before SSH executed it. Cancel it and rerun a simpler command instead of trying to answer the prompt.
  • If sudo reports that a terminal is required, reconnect with -tt.
  • When running remote commands from PowerShell, quoting can break if the command contains both nested quotes and file paths with spaces.
  • For read-only verification commands from PowerShell, prefer ssh ... --% <remote command> so the remote command is passed verbatim.
  • For promote-file.sh calls that target paths with spaces, prefer a local PowerShell loop that passes the full remote command as a single SSH argument instead of building one long nested quoted command.
  • If repeated SSH commands start cancelling or interleaving poorly in the same terminal, rerun them sequentially instead of in parallel.

Mail Template Runtime Notes

  • The server contains multiple mailMessage trees:
    • Live web root: /home/sites/regalamiunsorriso/www/mailMessage
    • Staging copy: /home/marco/regalamiunsorriso/incoming/www/mailMessage
    • Older duplicate trees: /home/sites/regalamiunsorriso/wwwLang/mailMessage and /home/sites/regalamiunsorriso/wwwOld/www/mailMessage
  • During the 2026-04-16 reconnaissance, representative checksums differed between www/mailMessage and wwwLang/mailMessage, so they are not interchangeable copies.
  • The Java application configuration lives under /home/sites/regalamiunsorriso/rus/WEB-INF.
  • web.xml defines the main application DB connection as dbDriver=3, database=//localhost/pg, user=root, password=root.
  • truckservice.properties defines a second DB connection as dbDriver=3, dbName=//localhost/truckservice, user=root, password=root.
  • In this codebase, dbDriver=3 maps to MySQL Connector/J, not to a legacy non-MySQL driver.
  • dbcomuni.properties, rus.properties, and truckservice.properties all set USE_PARM_HT=true, which means runtime values are expected to come from the application Parm store.
  • In code, DBAdapter.getDocBase() resolves to getParm("DOCBASE").getTesto(), and mail-template lookups use Parm values such as MAIL_REG, MAIL_NO_MORE, MAIL_NO_MORE_SCAD, and MAIL_MSG_PATH_MAILER.
  • In code, Parm.findByCodice() reads from PARM with select A.* from PARM AS A where A.codice='...', so the live PARM table is the authoritative lookup point for these values.
  • pg_src/com/ablia/pg/Users.java seeds defaults for MAIL_MSG_RINNOVO as mailMessage/rinnovoMsg.html and MAIL_MSG_COUPON_OMAGGIO as mailMessage/couponOmaggioMsg.html when the parameters are missing.
  • Because of that indirection, changing files under a mailMessage directory is not sufficient proof that outbound mail content will change. The effective DOCBASE and mail-template parameter values must also be checked in the live Parm data.
  • For mail-template reconnaissance, avoid recursing into /mnt/da1/foto via the RUS symlink unless the task explicitly concerns photo storage. It adds permission noise and did not help identify the email-template source.
  • Read-only DB access notes from 2026-04-16:
    • The host has PHP CLI at /usr/local/bin/php with both mysqli and pdo_mysql enabled.
    • A piped PHP script over SSH is a reliable way to run read-only DB probes without creating files on the server.
    • mysqli('localhost', ...) fails with No such file or directory, which indicates PHP tries a Unix socket path that is not present or not configured.
    • mysqli('127.0.0.1', ...) fails with Connection refused, and sockstat showed no listener on port 3306 and no visible MySQL Unix socket under /var/run, /tmp, or /usr/local/var.
    • No mysql or mariadb client binary was found in the shell path.
    • Result: the app configuration clearly points at MySQL, but direct DB access from the current shell remains unresolved and must be revalidated before relying on live SQL queries.

MCP Limitation

  • The MCP SSH tools have not been reliable for this host and previously failed authentication or transport checks.
  • Prefer direct terminal SSH commands for this server unless the MCP path is revalidated.

Site Paths

  • Incoming staging root: /home/marco/regalamiunsorriso/incoming/www
  • Live site root: /home/sites/regalamiunsorriso/www

Staging Workflow

When www/** files need deployment:

  1. Build the file list from git changes after the initial www import baseline.
  2. Include any required uncommitted working tree files explicitly if they must be deployed.
  3. Copy the selected files into /home/marco/regalamiunsorriso/incoming/www, preserving the www/... directory structure.
  4. Prefer a streamed tar transfer over SSH for batches of files.

Example staging command pattern:

tar -cf - -C K:\various\regalamiunsorriso <file-list-under-www> | ssh -i C:\Users\Maddo\.ssh\id_rsa -p 410 marco@83.149.164.4 "tar -xf - -C /home/marco/regalamiunsorriso/incoming"

Promotion Rules

  • Promotion to the live site must happen through sudo tcsh.
  • Do not copy directly as marco into /home/sites/regalamiunsorriso/www.
  • Before replacing an existing live file, capture its exact owner, group, and mode.
  • After copy, restore the same owner, group, and mode exactly.
  • For new files, use the permissions of surrounding live files of the same type in the same directory.
  • If same-extension files in the directory have mixed modes, choose an explicit metadata source file and reuse its owner, group, and mode.

Promotion Automation

Use these scripts for this site:

  • Local helper: sync/promote-file.sh
  • Local batch helper: sync/promote-www-remaining.sh
  • Remote helper: /home/marco/promote-file.sh
  • Remote batch helper: /home/marco/promote-www-remaining.sh

Single File Promotion

Run:

ssh -tt -i C:\Users\Maddo\.ssh\id_rsa -p 410 marco@83.149.164.4 "sudo tcsh -c '/home/marco/promote-file.sh <staged-path> <live-path> [metadata-source]'"

If the source or destination path contains spaces, prefer this PowerShell pattern so SSH receives the remote command as one argument:

$remote = "sudo tcsh -c \"/home/marco/promote-file.sh '<staged-path>' '<live-path>' [metadata-source]\""
& ssh -tt -i 'C:\Users\Maddo\.ssh\id_rsa' -p 410 'marco@83.149.164.4' $remote

Behavior of promote-file.sh:

  • If the destination already exists, it copies the file and restores that destination file's original owner, group, and mode.
  • If the destination does not exist, it can use an optional third argument as the metadata source file.
  • If no third argument is provided for a new file, it falls back to sampling sibling files in the destination directory.

New PHP Files In Live Root

Root-level PHP files on this site do not all share one mode.

  • /home/sites/regalamiunsorriso/www/_inc_footer.php is jenkins:www with mode 775
  • /home/sites/regalamiunsorriso/www/gallery1.php is jenkins:www with mode 775
  • /home/sites/regalamiunsorriso/www/test.php is jenkins:www with mode 644

For the faceai_*.php files, use /home/sites/regalamiunsorriso/www/_inc_footer.php as the explicit metadata source.

Verification

After staging or promotion, verify with:

  • ls -l for owner, group, and visible mode
  • stat -f for exact metadata
  • cksum to compare staged and live file contents
  • From PowerShell, prefer ssh ... --% ls -l ..., ssh ... --% stat -f ..., and ssh ... --% cksum ... for verification commands that include quoted paths.

Run verification commands separately if a parallel terminal run becomes unreliable.

Documentation Expectations

When performing deployments or promotions for this site:

  • Record the list of changed files being deployed.
  • Distinguish updated files from new files.
  • Note whether any deployed file came from the working tree instead of a commit.
  • Document every shell quirk or command failure encountered.
  • Document the metadata source used for any new live file.
  • Update sync/www-deploy-manifest.md when the deployment set or procedure changes.