Difference between revisions of "Web Server"

From MITNA
Jump to: navigation, search
(Accounts: - Info on how to add accounts)
 
(18 intermediate revisions by one user not shown)
Line 3: Line 3:
 
The Wiki began very late in the process, so it will be completed slowly over time.
 
The Wiki began very late in the process, so it will be completed slowly over time.
  
== PHP ==
+
== Volunteer Web Server Introduction ==
  
=== GD Library ===
+
Accounts are setup to try to use the same username and password as MIT Athena. To login to the server you need to point an SSH (secure telnet) client to:
Since I used a non-graphical utility to get weather data, I have to make my own graphics... so I wanted to use the GD library. While the default installation is supposed to have GD installed, something was not working.
+
  sailing.mit.edu
  
Patrick Lam helped me out by deleting the old library:
+
Users also have a local password, different than the Athena password, which is required to use "sudo".
  rm /usr/local/lib/libgd*
+
  
and then restarting apache. (He used "/etc/init.d/apache2 restart" instead of what I used: "apache2 -k restart", although both should work).
+
A general knowledge of both [http://www.w3.org/TR/html401/ HTML] and [http://www.php.net PHP] is expected.  
  
This entry helps me remember how to delete old libraries which may be 'corrupt' (the current guess is that when installing things for gallery2, the gd library was corrupted).
+
The web site is maintained in a git repository.
  
=== Data Warehouse (Oracle) Access ===
+
The main public website is at:
In order to get access to the data Warehouse, I had to install PHP support for Oracle.
+
  public_html
  
I installed the Oracle OCI interface, specifically the "Oracle 10 Instant Client" to
+
The secure parts of the site are at:
   /usr/local/pkgs/oracle/instantclient_10_2
+
   ssl_html
  
Needed both the Basic and SDK versions from:
+
Utility files (very important - they define the framework of the site) are at:
   http://www.oracle.com/technology/software/tech/oci/instantclient/htdocs/linuxsoft.html
+
   includes
  instantclient-basic-linux32-10.2.0.3-20061115.zip
+
  instantclient-sdk-linux32-10.2.0.3-20061115.zip
+
  
This part simply required to 'unzip' the files to the directory.
+
Always keep the general structure of the website as is; please do not create new directories unless you have consulted the webmaster.
  
The directions at http://ubuntuforums.org/archive/index.php/t-92528.html were very helpful.  The basic steps I did, I think, were:
+
== General Server Setup ==
  
  mkdir -p /usr/local/pkgs/oracle/instantclient_10_2
+
History of server updates since the site was established:
  cd /usr/local/pkgs/oracle/instantclient_10_2
+
* [[2009 - Dell Optiplex 760]]
  unzip instantclient-basic-linux32-10.2.0.1-20050713.zip
+
* [[2004 - Custom Build]]
  unzip instantclient-sdk-linux32-10.2.0.1-20050713.zip
+
  echo /usr/local/pkgs/oracle/instantclient_10_2 >> /etc/ld.so.conf
+
  ldconfig
+
  
Create symbolic links:
+
== SSL Server Certificates ==
 
+
  ln -s libclntsh.so.10.1 libclntsh.so
+
  ln -s libocci.so.10.1 libocci.so
+
  
Install OCI8:
+
When certificates expire (they are given for one year at a time), you need to send a new certificate request to
 +
  mitcert@mit.edu
  
  pecl install oci8 (don't remember if I had to install 'pear' before using pecl?)
+
Follow the directions at:
   Answer ORACLE_HOME = instantclient,/usr/local/pkgs/oracle/instantclient
+
   http://web.mit.edu/apache-ssl/www-rev11/README.certificate
  
Modify the /etc/php/apache2/php.ini file:
+
Do everything out of /home/mitna/CA (you don't need to do anything on Athena, all local on the server)
  
  Add:
+
The files you really need at the end are:
    extension=oci8.so
+
  
Add the environment variables to apache:
+
req.pem
 +
sailing.key (I like this name instead of https-key.pem)
  
  To: /etc/apache2/envvars
+
''(rename the old ones reqYY-YY.pem and sailingYY-YY.key, where YY-YY are the years the file is valid, e.g. 07-08 were the first ones)
  Add:
+
''
    LD_LIBRARY_PATH="/usr/local/apache2/lib:/usr/lib/oracle/10.2.0.3/client:$LD_LIBRARY_PATH"
+
    TNS_ADMIN="/usr/lib/oracle/10.2.0.3/client"
+
    LANG=en_US
+
   
+
    export LD_LIBRARY_PATH LANG TNS_ADMIN
+
  
(But I'm not sure if this did anything, I had to use "PutEnv" in the PHP code, see below).
+
Feel free to delete foo.  
  
Lastly, I had to modify the Oracle files to tell it where the MIT Data Warehouse is:
+
  E-mail '''req.pem''' to mitcert@mit.edu
 +
  '''SAVE''' sailing.key, ''it is essential''
  
  Create /usr/local/pkgs/oracle/instantclient_10_2/tnsnames.ora
+
When you receive the Certificate:
  With data:
+
  
  warehouse =
+
Again in /home/mitna/CA
    (DESCRIPTION =
+
      (ADDRESS_LIST =
+
        (ADDRESS = (PROTOCOL = TCP)(HOST = warehouse.mit.edu)(PORT = 1521))
+
      )
+
      (CONNECT_DATA = (SID = DWRHS))
+
    )
+
  
and nothing else in it. THIS IS ESSENTIAL!
+
1 - Rename sailing.pem to sailingYY-YY.pem
 +
2 - Create a new sailing.pem
 +
3 - Put in it:
 +
  a) the contents of sailing.key
 +
  b) the exact e-mail with the certificate, starting with
 +
      Certificate:
 +
  then the rest.
 +
  '''Include all --- BEGIN --- and --- END --- lines'''
 +
4 - Restart apache (sudo apache2ctl restart)
  
To connect to the DW in PHP, I created the interface file oracle.php, with the following basic elements:
+
You're done. Check that the certificate has updated.
  
  PutEnv("ORACLE_SID=DWRHS");
+
*** UPDATE 2012-2013 ***
  PutEnv("ORACLE_HOME=/usr/lib/oracle/10.2.0.3/client/");
+
MIT now uses "chain" certificates from a comercial authority (hopefully to prevent people from getting the "we don't know your Certificate Authority" warning/error in browsers. In order to make this work, when you get the Certificate:
  PutEnv("TNS_ADMIN=/usr/lib/oracle/10.2.0.3/client/");
+
  PutEnv("LD_LIBRARY_PATH=/usr/lib/oracle/10.2.0.3/client/lib");
+
 
+
  function ora_query($sql,&$err)
+
  {
+
    $conn = oci_pconnect('sailuser','sail2WAREhouse','warehouse');
+
 
+
    if (!$conn)
+
    {
+
      $err = "No connection!";
+
      return false;
+
    }
+
 
+
    // empty the error
+
    $err = "";
+
 
+
    // parse the query string
+
    $stid = oci_parse($conn,$sql);
+
    if (!$stid)
+
    {
+
      $err = oci_error($conn);
+
      return false;
+
    }
+
 
+
    // execute the actual query
+
    $res = oci_execute($stid, OCI_DEFAULT);
+
    if (!$res)
+
    {
+
      $err = oci_error($stid);
+
      return false;
+
    }
+
 
+
    return $stid;
+
  }
+
  
  function ora_fetch_array($res)
+
*FIRST TIME ONLY*
  {
+
Update the configuration of Apache to use a "ChainFile":
    return oci_fetch_assoc($res);
+
1 - Find ssl.conf
  }
+
2 - Uncomment SSLCertificateChainFile
 +
3 - Use value: /home/mitna/CA/chain.pem
 +
    e.g. SSLCertificateChainFile /home/mitna/CA/chain.pem
 +
4 - Create /home/mitna/CA/chain.pem by copying *only* the
 +
    contents of the "Intermediates/root only" part of the
 +
    certificate (first 2 parts)
 +
5 - Restart apache (or do it after updating sailing.pem)
  
These work mostly equivalent to the mysql 'query' and 'fetch' functions.
+
*FUTURE YEARS*
 
+
1 - Update "sailing.pem" as before
== Accounts ==
+
  2 - Check if "chain.pen" needs updating
The server links to the MIT kerberos server to authenticate users. However, when using "SUDO" you must use your local password (which can be the same as your kerberos password, but which would NOT be updated when you change it).
+
 
+
The link to the Kerberos was set to happen automatically by Patrick Lam (Commodore 05-06), so I have no detailed information on that.
+
 
+
To create new accounts:
+
  adduser <username>
+
  adduser <username> mitna <-- to give access to website development
+
 
+
Using the standard adduser process will give the user access either via the local password (set by the admin when calling adduser) or the Kerberos password.
+
  
 
== Weather Station ==
 
== Weather Station ==
Line 140: Line 92:
 
The Weather Station is a '''[http://www.davisnet.com/weather/products/vantage2.asp Vantage Pro2]''' hard wired model.
 
The Weather Station is a '''[http://www.davisnet.com/weather/products/vantage2.asp Vantage Pro2]''' hard wired model.
  
=== NEW ===
+
The server uses WeeWX with various extensions to collect and publish the weather data from the station.
W View did not make me happy (it could not give 'real-time' results, only show things about every minute or even more... plus I could not get it to save data to the database to interface easily with PHP.
+
 
+
So, I looked more around, and found this super easy program to use:
+
 
+
  http://www.joejaworski.com/weather/
+
 
+
Since our station is in USB and next to the computer, the ONLY software needed is:
+
  vproweather
+
  http://www.joejaworski.com/weather/vproweather-0.6.tgz
+
 
+
I downloaded/untared it to:
+
  /usr/local/pkgs/vproweather-0.6/
+
 
+
A simple 'make' (using sudo) was all that was needed to compile it. Then, running it with:
+
  /usr/local/pkgs/vproweather-0.6/vproweather -x /dev/ttyUSB0
+
 
+
Gives real time data, and using '-l' instead of '-x' gives low/high data.
+
 
+
I put this in a cron to run the real-time every 1 minute (fastes crontab can do) and update a table in the database, which is then used by the rest of the site (table: weather). The low/high will run once a day.
+
 
+
Hopefully I'll be able to create a daemon which updates the table every 10 seconds or so... we'll see.
+
 
+
=== OLD ===
+
The linux software is [http://www.wviewweather.com/ W View]. I followed the [http://www.wviewweather.com/release-notes/wview-User-Manual.html User Manual] detailed instructions.
+
 
+
Install (untar) to:
+
<ul><li>/usr/local/pkgs/wview-3.3.0</li></ul>
+
 
+
Commands (what should be done next time in order, I did not do it in this order):
+
<ul>
+
<li>Installed mysqlclient-dev: sudo apt-get install libmysqlclient-dev</li>
+
 
+
<li>Installed libpng-dev: sudo apt-get install libpng12-dev</li>
+
 
+
<li>Install 'radlib':</li>
+
  <ul>
+
  <li>get .tar</li>
+
  <li>install to  /urs/local/pkgs/radlib-2.7.0</li>
+
  <li>./configure</li>
+
  <li>make</li>
+
  <li>sudo make install</li>
+
  <li>edit /etc/ld.so.conf --> add /usr/local/lib --> run ldconfig</li>
+
  </ul>
+
 
+
<li>Install 'libgd' (all with sudo):</li>
+
  <ul>
+
  <li>get .tar</li>
+
  <li>install to  /usr/local/pkgs/gd-2.0.35</li>
+
  <li>./configure</li>
+
  <li>make</li>
+
  <li>make install</li>
+
  </ul>
+
 
+
<li>./configure --enable-mysql</li>
+
<li>sudo make</li>
+
<li>sudo make install</li>
+
</ul>
+
 
+
<i>Not working! Will need to check USB drivers/connection</i>
+

Latest revision as of 14:49, 27 January 2016

This entry contains information on the packages installed in the web server and the process followed for their installation.

The Wiki began very late in the process, so it will be completed slowly over time.

Volunteer Web Server Introduction

Accounts are setup to try to use the same username and password as MIT Athena. To login to the server you need to point an SSH (secure telnet) client to:

 sailing.mit.edu

Users also have a local password, different than the Athena password, which is required to use "sudo".

A general knowledge of both HTML and PHP is expected.

The web site is maintained in a git repository.

The main public website is at:

 public_html

The secure parts of the site are at:

 ssl_html

Utility files (very important - they define the framework of the site) are at:

 includes

Always keep the general structure of the website as is; please do not create new directories unless you have consulted the webmaster.

General Server Setup

History of server updates since the site was established:

SSL Server Certificates

When certificates expire (they are given for one year at a time), you need to send a new certificate request to

 mitcert@mit.edu

Follow the directions at:

 http://web.mit.edu/apache-ssl/www-rev11/README.certificate

Do everything out of /home/mitna/CA (you don't need to do anything on Athena, all local on the server)

The files you really need at the end are:

req.pem sailing.key (I like this name instead of https-key.pem)

(rename the old ones reqYY-YY.pem and sailingYY-YY.key, where YY-YY are the years the file is valid, e.g. 07-08 were the first ones)

Feel free to delete foo.

 E-mail req.pem to mitcert@mit.edu
 SAVE sailing.key, it is essential

When you receive the Certificate:

Again in /home/mitna/CA

1 - Rename sailing.pem to sailingYY-YY.pem
2 - Create a new sailing.pem
3 - Put in it:
  a) the contents of sailing.key
  b) the exact e-mail with the certificate, starting with
     Certificate:
  then the rest.
  Include all --- BEGIN --- and --- END --- lines
4 - Restart apache (sudo apache2ctl restart)

You're done. Check that the certificate has updated.

      • UPDATE 2012-2013 ***

MIT now uses "chain" certificates from a comercial authority (hopefully to prevent people from getting the "we don't know your Certificate Authority" warning/error in browsers. In order to make this work, when you get the Certificate:

  • FIRST TIME ONLY*

Update the configuration of Apache to use a "ChainFile":

1 - Find ssl.conf
2 - Uncomment SSLCertificateChainFile
3 - Use value: /home/mitna/CA/chain.pem
    e.g. SSLCertificateChainFile /home/mitna/CA/chain.pem
4 - Create /home/mitna/CA/chain.pem by copying *only* the
    contents of the "Intermediates/root only" part of the
    certificate (first 2 parts)
5 - Restart apache (or do it after updating sailing.pem)
  • FUTURE YEARS*
1 - Update "sailing.pem" as before
2 - Check if "chain.pen" needs updating

Weather Station

The Weather Station is a Vantage Pro2 hard wired model.

The server uses WeeWX with various extensions to collect and publish the weather data from the station.