Apache
(→Virtual hosts) |
|||
| Line 1: | Line 1: | ||
UGCS uses Apache2 to do our webserving. However, we have a number of customizations to make it work nicely with AFS etc. | UGCS uses Apache2 to do our webserving. However, we have a number of customizations to make it work nicely with AFS etc. | ||
| + | |||
| + | =Customizations= | ||
| + | * Apache needs to start under k5start so everything has the right kerberos tokens (for www-data). This requires a minor modification to apache2ctl: on the line where it starts httpd, you need to prepend a ${KSTART_CMD} to the command | ||
| + | * You then need to edit the file /etc/apache2/envvars: | ||
| + | export APACHE_ARGUMENTS='-D NO_DETACH' | ||
| + | export KSTART_CMD='/usr/bin/k5start -b -K 10 -t -f /etc/apache2/www-data.keytab www-data@UGCS.CALTECH.EDU --' | ||
| + | |||
| + | This way apache won't background, which causes k5start to exit. k5start only really works right with AFS when it is running a command. | ||
=Basic info= | =Basic info= | ||
Revision as of 07:38, 27 May 2009
UGCS uses Apache2 to do our webserving. However, we have a number of customizations to make it work nicely with AFS etc.
Contents |
Customizations
- Apache needs to start under k5start so everything has the right kerberos tokens (for www-data). This requires a minor modification to apache2ctl: on the line where it starts httpd, you need to prepend a ${KSTART_CMD} to the command
- You then need to edit the file /etc/apache2/envvars:
export APACHE_ARGUMENTS='-D NO_DETACH' export KSTART_CMD='/usr/bin/k5start -b -K 10 -t -f /etc/apache2/www-data.keytab www-data@UGCS.CALTECH.EDU --'
This way apache won't background, which causes k5start to exit. k5start only really works right with AFS when it is running a command.
Basic info
- Currently www.ugcs.caltech.edu is a CNAME for poseidon. Poseidon runs apache2 and is the main webserver
- Dionysus also has a copy of the webserver and its config. Webserver config is generated on demeter and distributed through remctl and cfengine.
- Logs are sent to charon via syslog-ng. syslog:local1 (/var/log/ugcs/poseidon/local1.log) is used for errors, and syslog:local2 (/var/log/ugcs/poseidon/local2.log) is used for access logs. The messages go through wrapper scripts in /usr/local/sbin which also try to determine what user the message was for, and put it in their appropriate folder in /afs/.ugcs/apache-logs. See also Logging
Scripts
Scripting on UGCS is run through a series of wrappers and some apache configuration. The apache configuration re-writes requests for ~/cgi-bin and ~/*.php to the appropriate wrapper scripts. There is a bit of messiness in the configuration to make sure that the file exists (and is accessable) before it gets rewritten to avoid information leakage. See /etc/apache2/site-parts/ugcs-homedirs for the scripts
The wrapper scripts are /usr/local/lib/apache/(php,cgi)-wrapper. php-wrapper2 is for virtual hosts. They are perl scripts that get the correct tokens before running the scripts.
Virtual hosts
Virtual hosts are supported by a series of remctl scripts that automatically generate the configuration files, place them in the appropriate place, and reload apache as necessary. See Remctl and demeter:/usr/local/lib/remctl/vhost and demeter:/usr/local/lib/vhost
See `man vhost`, and also create_vhost (a wrapper to automate creating the files)
