UGCS uses Apache2 to do our webserving. However, we have a number of customizations to make it work nicely with AFS etc.

Contents 1 Customizations 2 Basic info 3 Scripts 4 Virtual hosts

Customizations

• Apache needs to start under K5start so everything has the right kerberos tokens (for www-data). This requires a minor modification to apache2ctl: on the line where it starts httpd, you need to prepend a ${KSTART_CMD} to the command. Note that you will have to re-do this edit every time apache2 is updated.

• You then need to edit the file /etc/apache2/envvars:

export APACHE_ARGUMENTS='-D NO_DETACH'

# Set up a keytab that www-data can read as well
KRB_TKT=$(mktemp -p /tmp krb5cc_apache_XXXXX)
chown root:www-data $KRB_TKT
chmod 660 $KRB_TKT
export KSTART_CMD="/usr/bin/k5start -b -k $KRB_TKT -K 10 -t -f /etc/apache2/www-data.keytab www-data@UGCS.CALTECH.EDU --"

This way apache won't background, which causes k5start to exit. k5start only really works right with AFS when it is running a command.

Basic info

• Currently www.ugcs.caltech.edu is a CNAME for poseidon. Poseidon runs apache2 and is the main webserver
• Dionysus also has a copy of the webserver and its config. Webserver config is generated on demeter and distributed through remctl and cfengine.
• Logs are sent to charon via syslog-ng. syslog:local1 (/var/log/ugcs/poseidon/local1.log) is used for errors, and syslog:local2 (/var/log/ugcs/poseidon/local2.log) is used for access logs. The messages go through wrapper scripts in /usr/local/sbin which also try to determine what user the message was for, and put it in their appropriate folder in /afs/.ugcs/apache-logs. See also Logging

Scripts

Scripting on UGCS is run through a series of wrappers and some apache configuration. The apache configuration re-writes requests for ~/cgi-bin and ~/*.php to the appropriate wrapper scripts. There is a bit of messiness in the configuration to make sure that the file exists (and is accessable) before it gets rewritten to avoid information leakage. See /etc/apache2/site-parts/ugcs-homedirs for the scripts

The wrapper scripts are /usr/local/lib/apache/(php,cgi)-wrapper. php-wrapper2 is for virtual hosts. They are perl scripts that get the correct tokens before running the scripts.

Virtual hosts

Virtual hosts are supported by a series of remctl scripts that automatically generate the configuration files, place them in the appropriate place, and reload apache as necessary. See Remctl and demeter:/usr/local/lib/remctl/vhost and demeter:/usr/local/lib/vhost

See `man vhost`, and also create_vhost (a wrapper to automate creating the files)