First attempt at using enonic - need some handholding please!

So a little background.

Back in the late 1990’s I ran a software development company, and I wrote a number of CMS platforms. I now work as a paralegal and as a freelance journalist.

We have been running our news publications hosted on a variety of wordpress platforms, and given that our journalistic “output” is rather “hot” to borrow a word from a certain climate change championing teenager, we have been the subject of a number of hacking attempts, which have taken down our news platforms repeatedly.

So, having had our news sites down for 8 weeks straight (thanks to being hacked by 3 different countries in a row - thanks guys - we love the fact that you love you … really we do). I decided that I had to bite the bullet and actually go and set up a proper, secure, well designed CMS, rather than resorting to a pile of excrement.

The purpose here is to set up (reasonably quickly) a blogging platform on a decent secure platform, find a way to import the thousands of articles we have already written, publish it, and then modify the platform as we go.

So the steps to date

  1. I have installed enonic on one of our hosted servers in Germany. The machine does not have a domain name, only an IP address.

  2. I installed the “superhero” application (actually, I installed lots of applications to play around) … but let’s start with that one.

  3. I duplicated the superhero application, and amended it.

  4. I now have a project space called (yep, I know, we’re offline …)

  5. I have a blog based on superhero in called news-cyprus.

  6. I have changed the su password and begun setting up some new users etc.

Now I notice that superhero will continue to reinstall itself…

So a few quick questions

  1. What is the public url ?
  2. What is the easiest way of amending the templates?

Enonic version: 7.5.0
OS: Linux

Hi Tom, thanks for reaching out!

First thing to notice is that “Superhero blog” is an example app, more than something one would put directly in production (hence the auto-importer).

Generally, you should make your own version of the application, meaning you can customise it to fit your needs.

To do this, follow the steps in setting up a developer environment as described here:

When you are ready to build your first app, you can use superhero as your baseline by running the following command:

enonic project create -r app-superhero-blog

From there you can start customising the app.

Also, to get a public url for the site you need to
a) publish the site
b) create a vhost mapping ( -> /site/projectname/master/sitename )

More details about vhosts are located here:

Looking forward to hear how things are working out…

So some minor fixes to post src/main/resources/site/parts/post-single/post.html

this allows the post to do a search correctly.


heme Admin

    <div class="entry-content" data-th-if="${pageTemplate}">
        <p>This is a sample of how a post might look when it is using this template.</p>
        <p>This text will be replaced with the content of your post.</p>

    <div class="entry-content" data-th-if="${}" data-th-utext="${portal.processHtml({'_value=' +})}">

    </div><!-- .entry-content -->

    <footer class="entry-meta">
        <span class="cat-links" data-th-if="${post.categories != null}">Posted in
            <div data-th-remove="tag" data-th-each="category,iterStat : ${post.categories}">
                <a href="#" data-th-href="${portal.pageUrl({'_path=' + searchPage, 'cat=' + category._id})}" rel="category" data-th-text="${}">category</a><span data-th-remove="tag" data-th-if="${!iterStat.last}">,</span>

You can fix code and provide pull requests directly to the project here:

NOTE: this is one of the rare GPL apps we have, most are Apache.

I have branched the code, and made my amendments and put it back up to github.
Hopefully they are useful to people…

Just a quick “off the wall” comment here … (and no, I will hold myself back from the temptation of one of my first interactions with the enonic community being me making snarky comments about the lack of commenting in the source code, so I used to be the CTO of a technology consultancy doing technical and legal compliance checks on government IT projects… ).

Having tried at least 20 different CMS platforms in the past 2 weeks (I know, I have been very busy (If I had not found Enonic, I would be writing a CMS platform from scratch in Object Rexx by now…)) it is really refreshing to see how well documented, and logically structured Enonic is.

I’d like to express my thanks to everyone who has worked on the development and architecture of this platform… and in light of my appreciation, I’ll be offering back to the community (without charge, warranty or support) the modules which we extend the platform with.

I am particularly impressed with the fact that I have been able, without having to invest a huge amount of effort and learning curve, to take the “rough demo” example code, amend it to my needs, make some minor fixes to it, and actually begin to deploy it (in a small scale fashion) and not find myself feeling that the platform in an “open source” state was so limited as to effectively be a bait and switch (not mentioning any names Magnolia … I mean, you’ve got a lovely product, and I’ve actually recommended it when I was consulting on a large project previously, but I am sure I wrote to you by email and on facebook over a week ago … and I haven’t had any response), or be spending my time looking at a code base where their are so many “layers of libraries over layers of libraries” (yes, I’m thinking of the vast majority of PHP based ones) that it is practically impossible to actually determine the dependencies, and security implications.

And with that said … thanks to the ease with which I have been able to get around the system

is back up serving a couple of test posts. OK, so the bulk of our content isn’t up yet, it will be imported back into the site once I have finished writing an ObjectRexx based layer to allow me to do it programmatically … as I’m a dinosaur at heart (an OO dinosaur, but anyone who uses rexx is a dinosaur), but it’s a start.

Oh and according to our logs we have now had at least 40 attempts to hack the server…


Hi Tom, and thanks for the positive feedback :grin:
A few tips however.

  1. Your site is missing a proper certificate, so it does not actually work yet? Normally you would setup Apache or similar in front of XP to handle certs.
  2. The “commenting system” in superhero (if you did not remove this yet) is mainly also a demo of how you can code and use XP to accept user-generated data. It is not production hardened in any way.

Found this link though:

The certificate was not valid for

It’s using apache at the front end (the server running enonic and the server running apache are in different locations in germany)

  1. thanks for the note regarding the certificate. I had just been going through and enabled the certificate for and somehow managed to disable it for all the other domain names :slight_smile: Fixed that :slight_smile:

  2. For a news publication, commenting is a “world of pain”, especially when run on your own servers, as it blurs the lines for a publishers liability, which given that our editors and other journalistic contributors already walk “close to the line”, is something which I don’t think I’ll be enabling.