Editing
Rodeo Four Production Server
Jump to navigation
Jump to search
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
{| class="infobox" style="float:right; border:1px solid #BBB;margin:.46em 0 0 .2em;font-size:86%;background-color:#f8f9fa" |- | colspan="2" style="font-size:125%;text-align:center;" |'''Web Production Server''' |- |'''IP Address'''||45.55.45.195 |- |'''Domain Name'''||ces.fas.harvard.edu |- |'''Droplet Name '''||ces.fas.harvard.edu-production |- |'''Operating System'''||Ubuntu 16.04 x64 |- |'''Host'''||DigitalOcean |- |'''Region'''||NYC3 |- |'''Public Launch Date'''||July 13, 2016 |} The '''Rodeo Four''' '''production server''' is a public-facing web application and database server that hosts the [[website]]. It was designed and developed by [[Mildly Geeky]], with additional features and bug fixes performed by [[Shotgun Flat]]. The server was provisioned by [[Peter Stevens]] using a DigitalOcean droplet. It features directory information for Center affiliates, a calendar of events, information about opportunities provided by the Center, news relating to the Center and its affiliates, and publications. ==Website updates== In July 2017, [[Gila Naderi]] began conversations with [[Mike McKenna]] on the [[2018 Website Update Pilot Project]]. ==Configurations== ===Web Root=== *<code>/srv/users/serverpilot/apps/cesproduction/craft/public</code> ===Logs=== *<code>/srv/users/serverpilot/apps/cesproduction/craft/storage/runtime/logs/</code> ===Cron jobs=== *Every Sunday at 8am, the server will execute <code>/etc/cron.d/certrenewal</code>. Note: the Let's Encrypt certificates may not be used by the web engine. They are stored as a standby in case of certificate lapses. ===Database root=== ServerPilot automatically generates a root account with a random password. The password is located in <code>/root/.my.cnf</code>. ===Password authentication=== Password authentication is temporarily turned on due to permission denied error messages. ===SSL=== The certificate is issued by Harvard InCommon, and is set to expire June of 2023. The following code blocks are old information, currently being kept as records. <code>The expired InCommon certificate and key are located at the following paths respectively: /etc/nginx-sp/certs/ces.fas.harvard.edu/ces1.unix.fas.harvard.edu.crt /etc/nginx-sp/certs/ces.fas.harvard.edu/ces1.unix.fas.harvard.edu.key The Let's Encrypt certificate and key are located at the following paths respectively: /etc/letsencrypt/live/ces.fas.harvard.edu/fullchain.pem /etc/letsencrypt/live/ces.fas.harvard.edu/privkey.pem The renewed InCommon certificate and key are inactive and located at the following paths respectively: /etc/ssl/certs/ces.fas.harvard.edu.cer /etc/ssl/private/ces.fas.harvard.edu.key</code> <code>====Cold standby==== In case of certificate lapse, uncomment the lines located in /etc/nginx-sp/vhosts.d/ssl.conf which point to the Let's Encrypt certificate and key.</code> ====Updating certificate==== [[Renew website certificate]] The following code blocks are old information, currently being kept as records. <code>See [https://www.robertwent.com/blog/using-letsencrypt-serverpilot/ here] for full instructions.</code> <code> Backup</code> mkdir ~/Backups/YYYY-MM-DD_certificates mkdir ~/Backups/YYYY-MM-DD_vhosts sudo cp /etc/letsencrypt/live/ces.fas.harvard.edu/chain.pem ~/Backups/YYYY-MM-DD_certificates/chain.pem sudo cp /etc/letsencrypt/live/ces.fas.harvard.edu/fullchain.pem ~/Backups/YYYY-MM-DD_certificates/fullchain.pem sudo cp /etc/letsencrypt/live/ces.fas.harvard.edu/privkey.pem ~/Backups/YYYY-MM-DD_certificates/privkey.pem sudo cp /etc/letsencrypt/live/ces.fas.harvard.edu/README ~/Backups/YYYY-MM-DD_certificates/README sudo cp /etc/nginx-sp/vhosts.d/cesproduction.conf ~/Backups/YYYY-MM-DD_vhosts/cesproduction.conf sudo cp /etc/nginx-sp/vhosts.d/cesproduction.d/main.conf ~/Backups/YYYY-MM-DD_vhosts/main.conf sudo cp /etc/nginx-sp/vhosts.d/ssl.conf ~/Backups/YYYY-MM-DD_vhosts/ssl.conf cd /opt/certbot ./certbot-auto certonly --webroot -w /srv/users/serverpilot/apps/cesproduction/public -d ces.fas.harvard.edu sudo service nginx-sp restart</code> <code> Rollback</code> sudo cp ~/Backups/YYYY-MM-DD_certificates/cert.pem /etc/letsencrypt/live/ces.fas.harvard.edu/cert.pem sudo cp ~/Backups/YYYY-MM-DD_certificates/chain.pem /etc/letsencrypt/live/ces.fas.harvard.edu/chain.pem sudo cp ~/Backups/YYYY-MM-DD_certificates/fullchain.pem /etc/letsencrypt/live/ces.fas.harvard.edu/fullchain.pem sudo cp ~/Backups/YYYY-MM-DD_certificates/privkey.pem /etc/letsencrypt/live/ces.fas.harvard.edu/privkey.pem sudo cp ~/Backups/YYYY-MM-DD_certificates/README /etc/letsencrypt/live/ces.fas.harvard.edu/README sudo cp ~/Backups/YYYY-MM-DD_vhosts/cesproduction.conf /etc/nginx-sp/vhosts.d/cesproduction.conf sudo cp ~/Backups/YYYY-MM-DD_vhosts/main.conf /etc/nginx-sp/vhosts.d/cesproduction.d/main.conf sudo cp ~/Backups/YYYY-MM-DD_vhosts/ssl.conf /etc/nginx-sp/vhosts.d/ssl.conf</code> <code>This will update the certificate without modifying any configuration files. Server Pilot is touchy about modified configurations. This is what happens behind the scenes: Lets Encrypt gives certbot a challenge. Certbot places a resource with the challenge in a subdirectory of the web root, making it publicly visible. Let's Encrypt verifies the resource. Certbot removes the resource. Let's encrypt issues the certificate.</code> ==Installed software== *Apache 2.4.34 *MySQL 14.14 Distrib 5.7.23 *nginx 1.15.2 *PHP 7.0.31 *ServerPilot *certbot ===Web applications=== *Craft CMS 2.6.2911 ===PHP modules=== *bcmath *bz2 *calendar *Core *ctype *curl *date *dom *exif *fileinfo *filter *ftp *gd *gettext *gmp *hash *iconv *imagick *imap *intl *json *ldap *libxml *mbstring *mcrypt *mysqli *mysqlnd *odbc *openssl *pcntl *pcre *PDO *pdo_dblib *pdo_mysql *PDO_ODBC *pdo_pgsql *pdo_sqlite *pgsql *Phar *posix *readline *Reflection *session *shmop *SimpleXML *snmp *soap *sockets *SPL *sqlite3 *standard *tidy *tokenizer *xml *xmlreader *xmlrpc *xmlwriter *xsl *Zend OPcache *zip *zlib
Summary:
Please note that all contributions to CES IT Wiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
CES IT:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Navigation menu
Personal tools
Not logged in
Talk
Contributions
Create account
Log in
Namespaces
Page
Discussion
English
Views
Read
Edit
Edit source
View history
More
Search
Main Page
How-to's
Add Users to Wiki
Renew certificate
Edit Event Request Form
Signage information
Automated Sign-in Sheet
Crimson Print Information
Event Recording setup
Updating CES listservs
Record new voicemail menus
Crimson Print Network Access
Tiles & Editing for recorded events
SharePoint sharing
Constant Contact Handling / Updates
Social Media sharing/Configuring Global & Content SEO
Zotero + Obsidian / citations plugin interaction with AI
Website How-to's
Editing the Directions Button on Events
Double Booking Notification
UAT Testing Site
Lists
Computers
Licenses and Accounts
Listservs
Monitors
Network devices
Offices
Phones
Printers
Rooms
Routines
CMS Website Update
Imarc website update
CMS Website updates
Service Contracts
Ricoh Service Contract
Server Management
Upgrade Older Ubuntu Versions
Add a New User to Digital Ocean SSH
Tools
What links here
Related changes
Page information
Navigation
Special pages