Rodeo Four Production Server: Difference between revisions
Peterstevens (talk | contribs) Updated information regarding certificates. |
Peterstevens (talk | contribs) Added installed software and configurations sections. |
||
| Line 8: | Line 8: | ||
|- | |- | ||
| '''Droplet Name ''' || ces.fas.harvard.edu-production | | '''Droplet Name ''' || ces.fas.harvard.edu-production | ||
|- | |- | ||
| '''Operating System''' || Ubuntu 16.04 x64 | | '''Operating System''' || Ubuntu 16.04 x64 | ||
|- | |- | ||
| '''Host''' || DigitalOcean | | '''Host''' || DigitalOcean | ||
| Line 30: | Line 22: | ||
In July 2017, [[Gila Naderi]] began conversations with [[Mike McKenna]] on the [[2018 Website Update Pilot Project]]. | In July 2017, [[Gila Naderi]] began conversations with [[Mike McKenna]] on the [[2018 Website Update Pilot Project]]. | ||
==Cron jobs== | ==Configurations== | ||
===Cron jobs=== | |||
* Every Sunday at 8am, the server will execute <code>/etc/cron.d/certrenewal</code>. Note: the Let's Encrypt certificates may not be used by the web engine. They are stored as a standby in case of certificate lapses. | * Every Sunday at 8am, the server will execute <code>/etc/cron.d/certrenewal</code>. Note: the Let's Encrypt certificates may not be used by the web engine. They are stored as a standby in case of certificate lapses. | ||
== | ===Database root=== | ||
ServerPilot automatically generates a root account with a random password. The password is located in <code>/root/.my.cnf</code>. | |||
===Password authentication=== | ===Password authentication=== | ||
Password authentication is temporarily turned on due to permission denied error messages. | Password authentication is temporarily turned on due to permission denied error messages. | ||
| Line 55: | Line 50: | ||
====Cold standby==== | ====Cold standby==== | ||
In case of certificate lapse, uncomment the lines located in <code>/etc/nginx-sp/vhosts.d/ssl.conf</code> which point to the Let's Encrypt certificate and key. | In case of certificate lapse, uncomment the lines located in <code>/etc/nginx-sp/vhosts.d/ssl.conf</code> which point to the Let's Encrypt certificate and key. | ||
==Installed software== | |||
* Apache 2.4.34 | |||
* MySQL 14.14 Distrib 5.7.23 | |||
* nginx 1.15.2 | |||
* PHP 7.0.31 | |||
* ServerPilot | |||
===Web applications=== | |||
* Craft CMS 2.6.2911 | |||
===PHP modules=== | |||
* bcmath | |||
* bz2 | |||
* calendar | |||
* Core | |||
* ctype | |||
* curl | |||
* date | |||
* dom | |||
* exif | |||
* fileinfo | |||
* filter | |||
* ftp | |||
* gd | |||
* gettext | |||
* gmp | |||
* hash | |||
* iconv | |||
* imagick | |||
* imap | |||
* intl | |||
* json | |||
* ldap | |||
* libxml | |||
* mbstring | |||
* mcrypt | |||
* mysqli | |||
* mysqlnd | |||
* odbc | |||
* openssl | |||
* pcntl | |||
* pcre | |||
* PDO | |||
* pdo_dblib | |||
* pdo_mysql | |||
* PDO_ODBC | |||
* pdo_pgsql | |||
* pdo_sqlite | |||
* pgsql | |||
* Phar | |||
* posix | |||
* readline | |||
* Reflection | |||
* session | |||
* shmop | |||
* SimpleXML | |||
* snmp | |||
* soap | |||
* sockets | |||
* SPL | |||
* sqlite3 | |||
* standard | |||
* tidy | |||
* tokenizer | |||
* xml | |||
* xmlreader | |||
* xmlrpc | |||
* xmlwriter | |||
* xsl | |||
* Zend OPcache | |||
* zip | |||
* zlib | |||
Revision as of 17:55, 14 September 2018
| Web Production Server | |
| IP Address | 45.55.45.195 |
| Domain Name | ces.fas.harvard.edu |
| Droplet Name | ces.fas.harvard.edu-production |
| Operating System | Ubuntu 16.04 x64 |
| Host | DigitalOcean |
| Region | NYC3 |
| Public Launch Date | July 13, 2016 |
The web production server is a public-facing web application and database server that hosts the website. It was designed and developed by Mildly Geeky, with additional features and bug fixes performed by Shotgun Flat. The server was provisioned by Peter Stevens using a DigitalOcean droplet. It features directory information for Center affiliates, a calendar of events, information about opportunities provided by the Center, news relating to the Center and its affiliates, and publications.
Website updates
In July 2017, Gila Naderi began conversations with Mike McKenna on the 2018 Website Update Pilot Project.
Configurations
Cron jobs
- Every Sunday at 8am, the server will execute
/etc/cron.d/certrenewal. Note: the Let's Encrypt certificates may not be used by the web engine. They are stored as a standby in case of certificate lapses.
Database root
ServerPilot automatically generates a root account with a random password. The password is located in /root/.my.cnf.
Password authentication
Password authentication is temporarily turned on due to permission denied error messages.
SSL
Certificate is provided by InCommon. It has a term of two years. On September 11, 2018, the certificate expired without notification. It was replaced temporarily with a Let's Encrypt certificate, due to site inaccessibility. The renewal application was initially rejected because three-year certificates were no longer supported. A subsequent certificate – one listing ces-it@fas.harvard.edu as the email address – was applied for, approved, and installed on September 13. The expired InCommon certificate and key are located at the following paths respectively:
/etc/nginx-sp/certs/ces.fas.harvard.edu/ces1.unix.fas.harvard.edu.crt /etc/nginx-sp/certs/ces.fas.harvard.edu/ces1.unix.fas.harvard.edu.key
The Let's Encrypt certificate and key are located at the following paths respectively:
/etc/letsencrypt/live/ces.fas.harvard.edu/fullchain.pem /etc/letsencrypt/live/ces.fas.harvard.edu/privkey.pem
The new InCommon certificate and key are active and located at the following paths respectively:
/etc/ssl/certs/ces.fas.harvard.edu.cer /etc/ssl/private/ces.fas.harvard.edu.key
Cold standby
In case of certificate lapse, uncomment the lines located in /etc/nginx-sp/vhosts.d/ssl.conf which point to the Let's Encrypt certificate and key.
Installed software
- Apache 2.4.34
- MySQL 14.14 Distrib 5.7.23
- nginx 1.15.2
- PHP 7.0.31
- ServerPilot
Web applications
- Craft CMS 2.6.2911
PHP modules
- bcmath
- bz2
- calendar
- Core
- ctype
- curl
- date
- dom
- exif
- fileinfo
- filter
- ftp
- gd
- gettext
- gmp
- hash
- iconv
- imagick
- imap
- intl
- json
- ldap
- libxml
- mbstring
- mcrypt
- mysqli
- mysqlnd
- odbc
- openssl
- pcntl
- pcre
- PDO
- pdo_dblib
- pdo_mysql
- PDO_ODBC
- pdo_pgsql
- pdo_sqlite
- pgsql
- Phar
- posix
- readline
- Reflection
- session
- shmop
- SimpleXML
- snmp
- soap
- sockets
- SPL
- sqlite3
- standard
- tidy
- tokenizer
- xml
- xmlreader
- xmlrpc
- xmlwriter
- xsl
- Zend OPcache
- zip
- zlib