Difference between revisions of "Web Server"

From MITNA
Jump to: navigation, search
(added mysql section)
 
(13 intermediate revisions by one user not shown)
Line 3: Line 3:
 
The Wiki began very late in the process, so it will be completed slowly over time.
 
The Wiki began very late in the process, so it will be completed slowly over time.
  
== General Server Setup ==
+
== Volunteer Web Server Introduction ==
  
The web server runs Debian, etc. ~root/log contains a list of the things that I (plam) did to bring the system into its current configuration.  The server is physically located upstairs in the Sailing Pavilion in a locked black box.  It is set up to allow people to log in using their Athena passwords as long as they have a local account (the local password works, but is not mandatory).  The web space is located in ~mitna/public_html (configured in the Apache config files to be the root server for sailing.mit.edu).  I usually add people to group 'mitna', which has permission to write ~mitna/public_html.
+
Accounts are setup to try to use the same username and password as MIT Athena. To login to the server you need to point an SSH (secure telnet) client to:
 +
  sailing.mit.edu
  
The server is now backed up using TSM.  The username is 'sailing'.
+
Users also have a local password, different than the Athena password, which is required to use "sudo".
  
sailing.mit.edu has a static IP address and the DNS name is registered to Athletics. Carol Elder administers systems for Athletics but is not involved with actually running this computer.
+
A general knowledge of both [http://www.w3.org/TR/html401/ HTML] and [http://www.php.net PHP] is expected.  
  
== PHP ==
+
The web site is maintained in a git repository.
  
=== GD Library ===
+
The main public website is at:
Since I used a non-graphical utility to get weather data, I have to make my own graphics... so I wanted to use the GD library.  While the default installation is supposed to have GD installed, something was not working.
+
  public_html
  
Patrick Lam helped me out by deleting the old library:
+
The secure parts of the site are at:
   rm /usr/local/lib/libgd*
+
   ssl_html
  
and then restarting apache. (He used "/etc/init.d/apache2 restart" instead of what I used: "apache2 -k restart", although both should work).
+
Utility files (very important - they define the framework of the site) are at:
 +
  includes
  
This entry helps me remember how to delete old libraries which may be 'corrupt' (the current guess is that when installing things for gallery2, the gd library was corrupted).
+
Always keep the general structure of the website as is; please do not create new directories unless you have consulted the webmaster.
  
=== Data Warehouse (Oracle) Access ===
+
== General Server Setup ==
In order to get access to the data Warehouse, I had to install PHP support for Oracle.
+
 
+
I installed the Oracle OCI interface, specifically the "Oracle 10 Instant Client" to
+
  /usr/local/pkgs/oracle/instantclient_10_2
+
 
+
Needed both the Basic and SDK versions from:
+
  http://www.oracle.com/technology/software/tech/oci/instantclient/htdocs/linuxsoft.html
+
  instantclient-basic-linux32-10.2.0.3-20061115.zip
+
  instantclient-sdk-linux32-10.2.0.3-20061115.zip
+
 
+
This part simply required to 'unzip' the files to the directory.
+
 
+
The directions at http://ubuntuforums.org/archive/index.php/t-92528.html were very helpful.  The basic steps I did, I think, were:
+
 
+
  mkdir -p /usr/local/pkgs/oracle/instantclient_10_2
+
  cd /usr/local/pkgs/oracle/instantclient_10_2
+
  unzip instantclient-basic-linux32-10.2.0.1-20050713.zip
+
  unzip instantclient-sdk-linux32-10.2.0.1-20050713.zip
+
  echo /usr/local/pkgs/oracle/instantclient_10_2 >> /etc/ld.so.conf
+
  ldconfig
+
 
+
Create symbolic links:
+
 
+
  ln -s libclntsh.so.10.1 libclntsh.so
+
  ln -s libocci.so.10.1 libocci.so
+
 
+
Install OCI8:
+
 
+
  pecl install oci8 (don't remember if I had to install 'pear' before using pecl?)
+
  Answer ORACLE_HOME = instantclient,/usr/local/pkgs/oracle/instantclient
+
 
+
Modify the /etc/php/apache2/php.ini file:
+
 
+
  Add:
+
    extension=oci8.so
+
 
+
Add the environment variables to apache:
+
 
+
  To: /etc/apache2/envvars
+
  Add:
+
    LD_LIBRARY_PATH="/usr/local/apache2/lib:/usr/lib/oracle/10.2.0.3/client:$LD_LIBRARY_PATH"
+
    TNS_ADMIN="/usr/lib/oracle/10.2.0.3/client"
+
    LANG=en_US
+
   
+
    export LD_LIBRARY_PATH LANG TNS_ADMIN
+
 
+
(But I'm not sure if this did anything, I had to use "PutEnv" in the PHP code, see below).
+
 
+
Lastly, I had to modify the Oracle files to tell it where the MIT Data Warehouse is:
+
 
+
  Create /usr/local/pkgs/oracle/instantclient_10_2/tnsnames.ora
+
  With data:
+
 
+
  warehouse =
+
    (DESCRIPTION =
+
      (ADDRESS_LIST =
+
        (ADDRESS = (PROTOCOL = TCP)(HOST = warehouse.mit.edu)(PORT = 1521))
+
      )
+
      (CONNECT_DATA = (SID = DWRHS))
+
    )
+
 
+
and nothing else in it. THIS IS ESSENTIAL!
+
 
+
To connect to the DW in PHP, I created the interface file oracle.php, with the following basic elements:
+
 
+
  PutEnv("ORACLE_SID=DWRHS");
+
  PutEnv("ORACLE_HOME=/usr/lib/oracle/10.2.0.3/client/");
+
  PutEnv("TNS_ADMIN=/usr/lib/oracle/10.2.0.3/client/");
+
  PutEnv("LD_LIBRARY_PATH=/usr/lib/oracle/10.2.0.3/client/lib");
+
 
+
  function ora_query($sql,&$err)
+
  {
+
    $conn = oci_pconnect('sailuser','sail2WAREhouse','warehouse');
+
 
+
    if (!$conn)
+
    {
+
      $err = "No connection!";
+
      return false;
+
    }
+
 
+
    // empty the error
+
    $err = "";
+
 
+
    // parse the query string
+
    $stid = oci_parse($conn,$sql);
+
    if (!$stid)
+
    {
+
      $err = oci_error($conn);
+
      return false;
+
    }
+
 
+
    // execute the actual query
+
    $res = oci_execute($stid, OCI_DEFAULT);
+
    if (!$res)
+
    {
+
      $err = oci_error($stid);
+
      return false;
+
    }
+
 
+
    return $stid;
+
  }
+
 
+
  function ora_fetch_array($res)
+
  {
+
    return oci_fetch_assoc($res);
+
  }
+
 
+
These work mostly equivalent to the mysql 'query' and 'fetch' functions.
+
 
+
== MySQL ==
+
 
+
The MySQL configuration is at:
+
  /etc/mysql/my.cnf
+
 
+
The data is at
+
  /var/lib/mysql
+
 
+
Start/stop/restart
+
  sudo /etc/init.d/mysql [start|stop|restart]
+
 
+
== Accounts ==
+
The server links to the MIT kerberos server to authenticate users. However, when using "SUDO" you must use your local password (which can be the same as your kerberos password, but which would NOT be updated when you change it).
+
 
+
The link to the Kerberos was set to happen automatically by Patrick Lam (Commodore 05-06), so I have no detailed information on that.
+
 
+
To create new accounts:
+
  adduser <username>
+
  adduser <username> mitna  <-- to give access to website development
+
  
Using the standard adduser process will give the user access either via the local password (set by the admin when calling adduser) or the Kerberos password.
+
History of server updates since the site was established:
 +
* [[2009 - Dell Optiplex 760]]
 +
* [[2004 - Custom Build]]
  
 
== SSL Server Certificates ==
 
== SSL Server Certificates ==
Line 194: Line 70:
 
You're done. Check that the certificate has updated.
 
You're done. Check that the certificate has updated.
  
== Weather Station ==
+
*** UPDATE 2012-2013 ***
 +
MIT now uses "chain" certificates from a comercial authority (hopefully to prevent people from getting the "we don't know your Certificate Authority" warning/error in browsers. In order to make this work, when you get the Certificate:
  
The Weather Station is a '''[http://www.davisnet.com/weather/products/vantage2.asp Vantage Pro2]''' hard wired model.
+
*FIRST TIME ONLY*
 +
Update the configuration of Apache to use a "ChainFile":
 +
1 - Find ssl.conf
 +
2 - Uncomment SSLCertificateChainFile
 +
3 - Use value: /home/mitna/CA/chain.pem
 +
    e.g. SSLCertificateChainFile /home/mitna/CA/chain.pem
 +
4 - Create /home/mitna/CA/chain.pem by copying *only* the
 +
    contents of the "Intermediates/root only" part of the
 +
    certificate (first 2 parts)
 +
5 - Restart apache (or do it after updating sailing.pem)
  
=== NEW ===
+
*FUTURE YEARS*
W View did not make me happy (it could not give 'real-time' results, only show things about every minute or even more... plus I could not get it to save data to the database to interface easily with PHP.
+
1 - Update "sailing.pem" as before
 +
2 - Check if "chain.pen" needs updating
  
So, I looked more around, and found this super easy program to use:
+
== Weather Station ==
  
  http://www.joejaworski.com/weather/
+
The Weather Station is a '''[http://www.davisnet.com/weather/products/vantage2.asp Vantage Pro2]''' hard wired model.
 
+
Since our station is in USB and next to the computer, the ONLY software needed is:
+
  vproweather
+
  http://www.joejaworski.com/weather/vproweather-0.6.tgz
+
 
+
I downloaded/untared it to:
+
  /usr/local/pkgs/vproweather-0.6/
+
 
+
A simple 'make' (using sudo) was all that was needed to compile it. Then, running it with:
+
  /usr/local/pkgs/vproweather-0.6/vproweather -x /dev/ttyUSB0
+
 
+
Gives real time data, and using '-l' instead of '-x' gives low/high data.
+
 
+
I put this in a cron to run the real-time every 1 minute (fastes crontab can do) and update a table in the database, which is then used by the rest of the site (table: weather).  The low/high will run once a day.
+
 
+
Hopefully I'll be able to create a daemon which updates the table every 10 seconds or so... we'll see.
+
 
+
=== "Dynamic" Update ===
+
 
+
In order to update the weather information dynamically, I got the following packages online:
+
 
+
  ajax-dynamic-contant.js - from DHTMLGoodies.com (Alf Magne Kalleland)
+
  ajax.js - Simple AJAX Code Kit (SACK) - twilightuniverse.com (Gregory Wild-Smith)
+
 
+
I then modified '''vpro.php''' to create a file in
+
  html/inc/weather.txt
+
which updated every time the cron process runs and which is read by the ajax tools.
+
 
+
The header function in '''format.php''' now calls a set of javascript functions which load the weather.txt file, instead of using sql to obtain the information from the database.
+
 
+
Now the weather information updates dynamically, without having to reload a page.
+
 
+
=== OLD ===
+
The linux software is [http://www.wviewweather.com/ W View]. I followed the [http://www.wviewweather.com/release-notes/wview-User-Manual.html User Manual] detailed instructions.
+
 
+
Install (untar) to:
+
<ul><li>/usr/local/pkgs/wview-3.3.0</li></ul>
+
 
+
Commands (what should be done next time in order, I did not do it in this order):
+
<ul>
+
<li>Installed mysqlclient-dev: sudo apt-get install libmysqlclient-dev</li>
+
 
+
<li>Installed libpng-dev: sudo apt-get install libpng12-dev</li>
+
 
+
<li>Install 'radlib':</li>
+
  <ul>
+
  <li>get .tar</li>
+
  <li>install to  /urs/local/pkgs/radlib-2.7.0</li>
+
  <li>./configure</li>
+
  <li>make</li>
+
  <li>sudo make install</li>
+
  <li>edit /etc/ld.so.conf --> add /usr/local/lib --> run ldconfig</li>
+
  </ul>
+
 
+
<li>Install 'libgd' (all with sudo):</li>
+
  <ul>
+
  <li>get .tar</li>
+
  <li>install to  /usr/local/pkgs/gd-2.0.35</li>
+
  <li>./configure</li>
+
  <li>make</li>
+
  <li>make install</li>
+
  </ul>
+
 
+
<li>./configure --enable-mysql</li>
+
<li>sudo make</li>
+
<li>sudo make install</li>
+
</ul>
+
  
<i>Not working! Will need to check USB drivers/connection</i>
+
The server uses WeeWX with various extensions to collect and publish the weather data from the station.

Latest revision as of 14:49, 27 January 2016

This entry contains information on the packages installed in the web server and the process followed for their installation.

The Wiki began very late in the process, so it will be completed slowly over time.

Volunteer Web Server Introduction

Accounts are setup to try to use the same username and password as MIT Athena. To login to the server you need to point an SSH (secure telnet) client to:

 sailing.mit.edu

Users also have a local password, different than the Athena password, which is required to use "sudo".

A general knowledge of both HTML and PHP is expected.

The web site is maintained in a git repository.

The main public website is at:

 public_html

The secure parts of the site are at:

 ssl_html

Utility files (very important - they define the framework of the site) are at:

 includes

Always keep the general structure of the website as is; please do not create new directories unless you have consulted the webmaster.

General Server Setup

History of server updates since the site was established:

SSL Server Certificates

When certificates expire (they are given for one year at a time), you need to send a new certificate request to

 mitcert@mit.edu

Follow the directions at:

 http://web.mit.edu/apache-ssl/www-rev11/README.certificate

Do everything out of /home/mitna/CA (you don't need to do anything on Athena, all local on the server)

The files you really need at the end are:

req.pem sailing.key (I like this name instead of https-key.pem)

(rename the old ones reqYY-YY.pem and sailingYY-YY.key, where YY-YY are the years the file is valid, e.g. 07-08 were the first ones)

Feel free to delete foo.

 E-mail req.pem to mitcert@mit.edu
 SAVE sailing.key, it is essential

When you receive the Certificate:

Again in /home/mitna/CA

1 - Rename sailing.pem to sailingYY-YY.pem
2 - Create a new sailing.pem
3 - Put in it:
  a) the contents of sailing.key
  b) the exact e-mail with the certificate, starting with
     Certificate:
  then the rest.
  Include all --- BEGIN --- and --- END --- lines
4 - Restart apache (sudo apache2ctl restart)

You're done. Check that the certificate has updated.

      • UPDATE 2012-2013 ***

MIT now uses "chain" certificates from a comercial authority (hopefully to prevent people from getting the "we don't know your Certificate Authority" warning/error in browsers. In order to make this work, when you get the Certificate:

  • FIRST TIME ONLY*

Update the configuration of Apache to use a "ChainFile":

1 - Find ssl.conf
2 - Uncomment SSLCertificateChainFile
3 - Use value: /home/mitna/CA/chain.pem
    e.g. SSLCertificateChainFile /home/mitna/CA/chain.pem
4 - Create /home/mitna/CA/chain.pem by copying *only* the
    contents of the "Intermediates/root only" part of the
    certificate (first 2 parts)
5 - Restart apache (or do it after updating sailing.pem)
  • FUTURE YEARS*
1 - Update "sailing.pem" as before
2 - Check if "chain.pen" needs updating

Weather Station

The Weather Station is a Vantage Pro2 hard wired model.

The server uses WeeWX with various extensions to collect and publish the weather data from the station.