Web Server

From MITNA
Revision as of 15:49, 27 January 2016 by Mwall (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

This entry contains information on the packages installed in the web server and the process followed for their installation.

The Wiki began very late in the process, so it will be completed slowly over time.

Volunteer Web Server Introduction

Accounts are setup to try to use the same username and password as MIT Athena. To login to the server you need to point an SSH (secure telnet) client to:

 sailing.mit.edu

Users also have a local password, different than the Athena password, which is required to use "sudo".

A general knowledge of both HTML and PHP is expected.

The web site is maintained in a git repository.

The main public website is at:

 public_html

The secure parts of the site are at:

 ssl_html

Utility files (very important - they define the framework of the site) are at:

 includes

Always keep the general structure of the website as is; please do not create new directories unless you have consulted the webmaster.

General Server Setup

History of server updates since the site was established:

SSL Server Certificates

When certificates expire (they are given for one year at a time), you need to send a new certificate request to

 mitcert@mit.edu

Follow the directions at:

 http://web.mit.edu/apache-ssl/www-rev11/README.certificate

Do everything out of /home/mitna/CA (you don't need to do anything on Athena, all local on the server)

The files you really need at the end are:

req.pem sailing.key (I like this name instead of https-key.pem)

(rename the old ones reqYY-YY.pem and sailingYY-YY.key, where YY-YY are the years the file is valid, e.g. 07-08 were the first ones)

Feel free to delete foo.

 E-mail req.pem to mitcert@mit.edu
 SAVE sailing.key, it is essential

When you receive the Certificate:

Again in /home/mitna/CA

1 - Rename sailing.pem to sailingYY-YY.pem
2 - Create a new sailing.pem
3 - Put in it:
  a) the contents of sailing.key
  b) the exact e-mail with the certificate, starting with
     Certificate:
  then the rest.
  Include all --- BEGIN --- and --- END --- lines
4 - Restart apache (sudo apache2ctl restart)

You're done. Check that the certificate has updated.

      • UPDATE 2012-2013 ***

MIT now uses "chain" certificates from a comercial authority (hopefully to prevent people from getting the "we don't know your Certificate Authority" warning/error in browsers. In order to make this work, when you get the Certificate:

  • FIRST TIME ONLY*

Update the configuration of Apache to use a "ChainFile":

1 - Find ssl.conf
2 - Uncomment SSLCertificateChainFile
3 - Use value: /home/mitna/CA/chain.pem
    e.g. SSLCertificateChainFile /home/mitna/CA/chain.pem
4 - Create /home/mitna/CA/chain.pem by copying *only* the
    contents of the "Intermediates/root only" part of the
    certificate (first 2 parts)
5 - Restart apache (or do it after updating sailing.pem)
  • FUTURE YEARS*
1 - Update "sailing.pem" as before
2 - Check if "chain.pen" needs updating

Weather Station

The Weather Station is a Vantage Pro2 hard wired model.

The server uses WeeWX with various extensions to collect and publish the weather data from the station.