Difference between revisions of "Web Server"
m |
|||
(20 intermediate revisions by one user not shown) | |||
Line 3: | Line 3: | ||
The Wiki began very late in the process, so it will be completed slowly over time. | The Wiki began very late in the process, so it will be completed slowly over time. | ||
− | == | + | == Volunteer Web Server Introduction == |
− | + | Accounts are setup to try to use the same username and password as MIT Athena. To login to the server you need to point an SSH (secure telnet) client to: | |
− | + | sailing.mit.edu | |
− | + | Users also have a local password, different than the Athena password, which is required to use "sudo". | |
− | + | ||
− | + | A general knowledge of both [http://www.w3.org/TR/html401/ HTML] and [http://www.php.net PHP] is expected. | |
− | + | The web site is maintained in a git repository. | |
− | + | The main public website is at: | |
− | + | public_html | |
− | + | The secure parts of the site are at: | |
− | + | ssl_html | |
− | + | Utility files (very important - they define the framework of the site) are at: | |
− | + | includes | |
− | + | ||
− | + | ||
− | + | Always keep the general structure of the website as is; please do not create new directories unless you have consulted the webmaster. | |
− | + | == General Server Setup == | |
− | + | History of server updates since the site was established: | |
− | + | * [[2009 - Dell Optiplex 760]] | |
− | + | * [[2004 - Custom Build]] | |
− | + | ||
− | + | ||
− | + | ||
− | + | == SSL Server Certificates == | |
− | + | ||
− | + | ||
− | + | ||
− | + | When certificates expire (they are given for one year at a time), you need to send a new certificate request to | |
+ | mitcert@mit.edu | ||
− | + | Follow the directions at: | |
− | + | http://web.mit.edu/apache-ssl/www-rev11/README.certificate | |
− | + | Do everything out of /home/mitna/CA (you don't need to do anything on Athena, all local on the server) | |
− | + | The files you really need at the end are: | |
− | + | ||
− | + | req.pem | |
+ | sailing.key (I like this name instead of https-key.pem) | ||
− | + | ''(rename the old ones reqYY-YY.pem and sailingYY-YY.key, where YY-YY are the years the file is valid, e.g. 07-08 were the first ones) | |
− | + | '' | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | Feel free to delete foo. | |
− | + | E-mail '''req.pem''' to mitcert@mit.edu | |
+ | '''SAVE''' sailing.key, ''it is essential'' | ||
− | + | When you receive the Certificate: | |
− | + | ||
− | + | Again in /home/mitna/CA | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | 1 - Rename sailing.pem to sailingYY-YY.pem | |
+ | 2 - Create a new sailing.pem | ||
+ | 3 - Put in it: | ||
+ | a) the contents of sailing.key | ||
+ | b) the exact e-mail with the certificate, starting with | ||
+ | Certificate: | ||
+ | then the rest. | ||
+ | '''Include all --- BEGIN --- and --- END --- lines''' | ||
+ | 4 - Restart apache (sudo apache2ctl restart) | ||
− | + | You're done. Check that the certificate has updated. | |
− | + | *** UPDATE 2012-2013 *** | |
− | + | MIT now uses "chain" certificates from a comercial authority (hopefully to prevent people from getting the "we don't know your Certificate Authority" warning/error in browsers. In order to make this work, when you get the Certificate: | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | *FIRST TIME ONLY* | |
− | + | Update the configuration of Apache to use a "ChainFile": | |
− | + | 1 - Find ssl.conf | |
− | + | 2 - Uncomment SSLCertificateChainFile | |
+ | 3 - Use value: /home/mitna/CA/chain.pem | ||
+ | e.g. SSLCertificateChainFile /home/mitna/CA/chain.pem | ||
+ | 4 - Create /home/mitna/CA/chain.pem by copying *only* the | ||
+ | contents of the "Intermediates/root only" part of the | ||
+ | certificate (first 2 parts) | ||
+ | 5 - Restart apache (or do it after updating sailing.pem) | ||
− | + | *FUTURE YEARS* | |
+ | 1 - Update "sailing.pem" as before | ||
+ | 2 - Check if "chain.pen" needs updating | ||
== Weather Station == | == Weather Station == | ||
Line 129: | Line 92: | ||
The Weather Station is a '''[http://www.davisnet.com/weather/products/vantage2.asp Vantage Pro2]''' hard wired model. | The Weather Station is a '''[http://www.davisnet.com/weather/products/vantage2.asp Vantage Pro2]''' hard wired model. | ||
− | + | The server uses WeeWX with various extensions to collect and publish the weather data from the station. | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + |
Latest revision as of 14:49, 27 January 2016
This entry contains information on the packages installed in the web server and the process followed for their installation.
The Wiki began very late in the process, so it will be completed slowly over time.
Contents
[hide]Volunteer Web Server Introduction
Accounts are setup to try to use the same username and password as MIT Athena. To login to the server you need to point an SSH (secure telnet) client to:
sailing.mit.edu
Users also have a local password, different than the Athena password, which is required to use "sudo".
A general knowledge of both HTML and PHP is expected.
The web site is maintained in a git repository.
The main public website is at:
public_html
The secure parts of the site are at:
ssl_html
Utility files (very important - they define the framework of the site) are at:
includes
Always keep the general structure of the website as is; please do not create new directories unless you have consulted the webmaster.
General Server Setup
History of server updates since the site was established:
SSL Server Certificates
When certificates expire (they are given for one year at a time), you need to send a new certificate request to
mitcert@mit.edu
Follow the directions at:
http://web.mit.edu/apache-ssl/www-rev11/README.certificate
Do everything out of /home/mitna/CA (you don't need to do anything on Athena, all local on the server)
The files you really need at the end are:
req.pem sailing.key (I like this name instead of https-key.pem)
(rename the old ones reqYY-YY.pem and sailingYY-YY.key, where YY-YY are the years the file is valid, e.g. 07-08 were the first ones)
Feel free to delete foo.
E-mail req.pem to mitcert@mit.edu SAVE sailing.key, it is essential
When you receive the Certificate:
Again in /home/mitna/CA
1 - Rename sailing.pem to sailingYY-YY.pem 2 - Create a new sailing.pem 3 - Put in it: a) the contents of sailing.key b) the exact e-mail with the certificate, starting with Certificate: then the rest. Include all --- BEGIN --- and --- END --- lines 4 - Restart apache (sudo apache2ctl restart)
You're done. Check that the certificate has updated.
- UPDATE 2012-2013 ***
MIT now uses "chain" certificates from a comercial authority (hopefully to prevent people from getting the "we don't know your Certificate Authority" warning/error in browsers. In order to make this work, when you get the Certificate:
- FIRST TIME ONLY*
Update the configuration of Apache to use a "ChainFile":
1 - Find ssl.conf 2 - Uncomment SSLCertificateChainFile 3 - Use value: /home/mitna/CA/chain.pem e.g. SSLCertificateChainFile /home/mitna/CA/chain.pem 4 - Create /home/mitna/CA/chain.pem by copying *only* the contents of the "Intermediates/root only" part of the certificate (first 2 parts) 5 - Restart apache (or do it after updating sailing.pem)
- FUTURE YEARS*
1 - Update "sailing.pem" as before 2 - Check if "chain.pen" needs updating
Weather Station
The Weather Station is a Vantage Pro2 hard wired model.
The server uses WeeWX with various extensions to collect and publish the weather data from the station.