Links

Indice

Problems

La lista delle persone e dei numeri telefonici

Home page

Controllo log

X500 disappeared for Dep. Univ. staff

Test of Apache server

Installing Apache with SSL and other problems connected to security and privacy

Adding a virtual directory in IIS

How to protect a directory

Starting Apache on cluster

Learning to manage a Web server

How to choose a server for your platform

Up to now I have installed:

Cern httpd on alpha Openvms
Cern httpd on Unix (alpha ofs)
Microsoft IIS on Nt (Pc pentium)
Website on Windows 95 (Pc Pentium)

Are they the best? Do I have to change? What are the alternatives?
The Apache server seems to be a good replacement for the Cern server on Unix machines.

To do

Upgrade to mod_ssl 2.8.7 or Apache_SSL 1.3.22+1.46 to avoid problems for security
Install the latest PHP version (4.2x) to avoid problems for security.
Create a cgi script which gives the daily agenda with informations about people on charge,seminars,etc
Do statistics on httpd log files
Make the italian version the default Bari home page
Put in the same page,in the "Cosa succede" section a space for cliccable news.
simplify name of sections
Create a navigational bar.
Put the same background on all sections.
Eliminate the buttons on bottom replacing them with some icon near the navigational bar.
Try to size better the menu on the left fo the six sections.
Put on all pages the same names.
Reinstall Perl on pcaleph after the disk failure. Remember also to associate perl scripts to the perl interpreter.

Problems

Found on alboot around 100 "zombies" from httpd proxy. httpd was not working properly(error 403 on the request of the Welcome page). Where the two things connected?
Solved by stopping and restarting both the server and the proxy server.
Ok,the real problem was that from mid October the restart from inetd at 24 hours Saturday is not working properly:speak with Gervasoni.
Problem solved!Quando si fa ripartire a mano httpd, bisogna usare il comando: /user/local/bin/httpd -r /user/www/httpd.conf cioe' con la specifica completa delle directories,altrimenti il restart da cron (fatto Sabato sera a mezzanotte) non riesce!
How do you check the situation on alboot?We need something like the topcpu display on Vax.
On axpba0 disk$server has disappeared:modify httpd.conf and other addresses in html.
Trying to understand the zombie creation problem by using a log file.
Need to do some cleaning on log file!
In algorithmic image gallery la figura data come risposta spesso non arriva in tempo.
Trovato proxy non funzionante:
dare : /user/local/bin/httpd -r /user/www/proxy.conf -p 8001
su alboot.
See if you can solve the zombies problem by putting a timelimit!
After change to gs3 scripts that require conversion of pictures from ps to gif (like the one that does a simulation of marbles falling on rows of nails) don't work anymore.
Sometime scripts on Unix machines seem to have problems.For example the counter for the second time in a year has zeroed its database.

La lista delle persone e dei numeri telefonici

La soluzione adottata non sembra ottimale. Ci sono una serie di problemi:

Aggiornamento non facile:(per la rubrica e' necessario usare edfor sul Vax).
La tabella e' enorme e difficile da caricare (70K).
Perche' non aggiungere anche i numeri telefonici e altre informazioni alla tabella?
Forse converrebbe spezzarla in tanti files quante sono le lettere dell'alfabeto?
Perche' non implementare il tutto con un data base?
Ad esempio, Giorgio Maggi potrebbe completare l'archivio INFN aggiungendo anche le persone che ora non compaiono e i campi homepage e indirizzo di posta elettronica.A partire da questo database potrebbe produrre ,a ogni modifica, una tabella aggiornata coi seguenti campi:
1. Nome con eventuale homepage attaccata.
2. Indicazioni se dip. INFN,docente,laureando,etc
3. Indirizzo di e-mail con link mailto:...
4. Num. tel. nel Dip.
5. Num. tel. casa?
6. Link con la scritta "ricerca altr informazioni" a uno script http://www.ba.infn.it/cgi-bin/nph-ricerca.pl? con attaccato dopo? il nome della persona con + come separatore tra cognome e nome. Questo script creerebbe una pagina con link a servizi di ricerca e altri elenchi telefonici online(es Cern,Infn,etc)

Home page

Introduced a test version of the home page with a Javascript that measures the loading time.
Possible ways to improve loading time:

Put size of images!
Group the seven buttons in a single image.

Controllo log

Possibili alternative:

wusage.Vedi qui
pgperl descritto su Computers in Physics
getstats + alter utilities descritto si Webtechniques
Java

Trying analog. Very fast! Produced in two minutes statistics on the last 11 months! The output is satisfactory. There are also a lot of alternative options to be explored. It is necessary now to set a schedule. How we handle old logs?What to do with error log? Install it also on axpba0 or simply transfer the file here and process it? Use it also for pcba10? And pcaleph?

This is the command on alboot to refresh log and process it:

cd /user/www/logs
mv access_log access_log.old
kill -1 `cat httpd.pid`
/user/www/log/analog2.11/analog +C"COUNTHOSTS OFF" /user/www/logs/access_log.old > /user/www/data/test/outfile.html
rm access_log.old

X500 directory disappeared for University staff

Possible solutions:add to INFN phonebook. (Ask Mastrogiacomo help). See what is done in other Universities. Ask Giorgio. In caso di problemi indirizzare il mail a dsamanager@x500.infn.it

Test/installation of Apache server

Before replacing the Cern httpd server on our Unix machine, I am testing the Apache server (chosen for the replacement). For this purpose I have installed the version 1.2.4 temporarily on another Unix box.

Three configuration files + mime.types in a special directory conf instead of the unique file for Cern httpd.
New icons directory created
New logs directory created(replaces the old logdirectory)
Contains files access_log error_log and httpd.pid
Modified in /sbin/rc3.d file with commands to restart server after reboot

To know what are the modules included: httpd -l

To stop/start server:

 /user/local/bin/apache/httpd -f /user/www/conf/httpd.conf
 ps -eaf |grep httpd
 kill -TERM pidnumber

Asking the same page 100 times (only text, no images) I got the same time from both servers (45 seconds).
Asking a page with around ten small images is faster with Apache(900 ms instead of 1100 ms).
Scripts in cgi-bin directory : ok!
It seems that the old problem with Cern httpd: scripts execution sometime results in a Document contains no data , has disappeared. Scripts nph-(non parsed header) work ok with the same code. For the normal script I have to take away from the first line Print 200 OK\n
Scripts in other directories : ok!
For this:
- Add directive directory in access.conf
- Add directive Scriptalias in srm.conf
Test applet Java: Ok!

Using still the old htadm to manage passwords:it works fine but for one thing:it adds to user:password something like :username that MUST BE DELETED
Tested the protection of a directory with a list of allowed users by using a file .htaccess

Adding a virtual directory in IIS

Add a virtual directory by using the Windows NT 4 option pack,Internet Service Manager. After setting the virtual directory, use the file manager to set the appropriate protection for the involved directories. You must normally add the "everyone" user with "READ" privilege.

Security and Privacy protection with Apache

Time to install a new version of Apache with SSL.

Do we need to reinstall PHP?
Do we need to reinstall mysql?
Install also graphic extensions of PHP
What about Frontpage extensions?
Why CGI-bin don't return image in time?
What we have to do to conform to GARR UPC?

Installing :

Apache/1.3.12 (Unix) mod_ssl/2.6.4 OpenSSL/0.9.4
PHP/4.0.2
gd1.8.3 (requires libpng, jpeg-6b, zlib)optional freetype library

Installation procedure:

Use "Copy Link Location" with Netscape (clicking with mouse right button on link) to get URL of file to dowload. Then "wget URL" to copy file on alboot.

gunzip and Untar everything in the same temporary directory.

Install procedure used by almost all packages:

./configure --prefix=/user/local/lib (option necessary to change output directory)
make 
make install

Install gd following instructions here on user/local/

Install php4 with: (for me it was necessary to modify the script axps following php FAQ)

rm config.cache
./configure --with-mysql --with-apxs=/user/local/apache/bin/apxs --with-gd=/user/local --prefix=/user/local/apache/libexec/
make 
make install

Install OpenSSL following instructions in INSTALL file.
Install mod_ssl following the INSTALL file directives.Follow the b) set of directives (for real hackers) in order to be able to add later the PHP module. Note that these commands will install also Apache.

Test Apache with :

/user/local/apache/bin/apachectl start
/user/local/apache/bin/apachectl stop 
/user/local/apache/bin/apachectl startssl

Documentation of mod_ssl

Certificates and keys are in a subdirectory of conf. Use following command to check them:

/user/local/openssl/bin/openssl x509 -noout -text -in ca.crt 
/user/local/openssl/bin/openssl rsa -noout -text -in ca.key

To start/stop the server, use the commands:

/sbin/rc3.d/S96apache stop
/sbin/rc3.d/S96apache start

How to protect a directory

Let's say you want a protection like this on the directory protected.Here are the steps to achieve this:

Create a password file with the command:
```
/user/local/apache/bin/htpasswd 
```
the passwordfile must be accessible to user nobody but not from the Web.

Create the ASCII file .htaccess in the protected directory.


AuthType Basic
AuthName babar
AuthUserFile /user/www/conf/babar.pwd
require valid-user

Add the following lines to htppd.conf

<Directory /user/www/data/test/protected>
AllowOverride AuthConfig
<Directory>

Stop and restart the server with:
```
kill -USR1 pidnumber
```

Starting Apache on cluster

It should run on al1 using the following binary:

/user/local/apache1/bin/httpd -DSSL

Use program asemgr to start/stop

Maintained by Giuseppe Zito: Giuseppe.Zito@cern.ch
last update: