|
Size: 1588
Comment: whoops
|
Size: 1391
Comment: Updated to reflect current configuration: Apache on mooneye -> mussel, info about members.conf being auto-generated by zonemake
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 3: | Line 3: |
| == Reverse Proxy == Member domains (''username''.ucc.asn.au) and the main website resolve as CNAMEs to mooneye. |
== Web Serving == Member domains (''username''.ucc.asn.au) and the main website resolve as CNAMEs to [[Mussel|mussel]]. |
| Line 6: | Line 6: |
| The configuration for member VirtualHosts is on mooneye in {{{/etc/apache2/sites-available/members}}}. These VirtualHost entries simply proxy pass-through to {{{http://realwww.ucc.gu.uwa.edu.au/~username}}} (a CNAME to mussel). ProxyPassthroughReverse is also used so that HTTP headers don't come back to the user with the wrong domain name. For some reason this doesn't seem to work for URLs pointing to a directory without a trailing slash. == Web Serving == Most web-serving happens on mussel, and most of the configuration for this is stored in {{{/etc/apache2/sites-available/}}}. Most of the file names are fairly self-explanatory, but it is worth noting that both the main website and member webspace are configured in {{{default}}}. |
The configuration for member VirtualHosts is on mussel in {{{/etc/apache2/sites-enabled/members.conf}}}. These !VirtualHost entries simply set the !DocumentRoot to the {{{/public-html}}} folder in the user's home directory. The {{{members.conf}}} configuration file is automatically generated by {{{zonemake.py}}}, a Python script which manages DNS zones on [[Monnik|monnik]]. |
| Line 12: | Line 9: |
| Most HTTPS services are hosted under https://secure.ucc.asn.au, which also points to mussel (though it uses the interface listening on 130.95.13.28, not 130.95.13.18). Originally, this was because we didn't want to buy an SSL certificate for every machine. Now we have a wildcard certificate, so subdomains* can be accessed using HTTPS as well! | /* [CJN] - should probably add some info about how SSL is currently done rather than secure.ucc.asn.au since that isn't really used anymore */ |
| Line 14: | Line 11: |
| * SSL wildcards are not actually wildcards — they only support one level of subdomain, so {{{*.ucc.asn.au}}} won't match {{{something.weird.ucc.asn.au}}}. Have a look at {{{/etc/apache2/sites-available/secure}}} on mussel to see how it's configured (it's world-readable). |
Historically, HTTPS services were hosted under https://secure.ucc.asn.au, which also points to mussel (though it uses the interface listening on 130.95.13.28, not 130.95.13.18). Originally, this was because we didn't want to buy an SSL certificate for every machine. Now we have a wildcard certificate, so subdomains<<FootNote(SSL wildcards are not actually wildcards — they only support one level of subdomain, so {{{*.ucc.asn.au}}} won't match {{{something.weird.ucc.asn.au}}}.)>> can be accessed using HTTPS as well! Have a look at {{{/etc/apache2/sites-available/secure.conf}}} on mussel to see how it's configured (it's world-readable). |
UCC uses Apache 2 as a webserver for its website and member web-hosting services.
Web Serving
Member domains (username.ucc.asn.au) and the main website resolve as CNAMEs to mussel.
The configuration for member VirtualHosts is on mussel in /etc/apache2/sites-enabled/members.conf. These VirtualHost entries simply set the DocumentRoot to the /public-html folder in the user's home directory. The members.conf configuration file is automatically generated by zonemake.py, a Python script which manages DNS zones on monnik.
SSL
Historically, HTTPS services were hosted under https://secure.ucc.asn.au, which also points to mussel (though it uses the interface listening on 130.95.13.28, not 130.95.13.18). Originally, this was because we didn't want to buy an SSL certificate for every machine. Now we have a wildcard certificate, so subdomains1 can be accessed using HTTPS as well! Have a look at /etc/apache2/sites-available/secure.conf on mussel to see how it's configured (it's world-readable).
SSL wildcards are not actually wildcards — they only support one level of subdomain, so *.ucc.asn.au won't match something.weird.ucc.asn.au. (1)
