Website
credentials for the new environment
ssh access for the server superuser/admin credentials: root / h4p9iLHnmBfD normal web doc access/management: insta /
these credentials work fine using putty on the 216 address
control panels
General Serverpoint Panel (colo/dedicated vps tab) This control panel is for updating the reverse dns (PTR records), and hard rebooting of the server. Basic billing info is included as well. http://my.serverpoint.com inst / h4p9iLHnmBfD
Server Management Panel (plesk-based) This control panel is for overall management of the software environment for the VPS. There’s a single “subscription” installed, which is basically like a management domain for a set of websites.
https://216.108.237.18:8443 admin / h4p9iLHnmBfD
FTP/SFTP/SSH access Credentials for updating content/files: insta / skdjwx##cg4cbne
Needs from Seth:
(from NVWebhosting.doc)
Here's what the environment looks like at the moment: -currently using about 12GB disk space for web content and product downloads -apache + php (and PHP cli for some cron-based tasks) -uses basic apache htpasswd files for product downloads, and a limited amount of redirect/rewrite rules -mysql (one DB, but its large (~900MB) most of it is in phpBB -no need for email (its handled via google apps) -dns hosting -need a SSL vhost for some admin web interfaces, but the rest of the site would live on a plain http webhost. self-signed/private CA cert is fine. -access to update files (sftp) looks like sftp may be there
Filesystem Layout for new webhost (from Filesystemlocationsfornewwebhost.doc)
/var/www/vhosts/ instantiations.com/ ←- conf/logs/etc
httpdocs/ <-- document root for main website downloads/ <-- engineering docs docs/ <-- product downloads forums.instantiations.com/ <-- docroot for forums licensing.instantiations.com/ <-- docroot for license management www.qualityeclipse.com/ <-- docroot for qualityeclipse pd/ <-- apache auth files for downloads phplib/ <-- shared libfiles for licensing/eval
conf/
vhost.conf <-- overrides basedir to share phplib forums.instantiations.com/ <-- conf/logs/etc for vhost licensing.instantiations.com/ <-- conf/logs/etc for vhost conf/ vhost.conf <-- overrides basedir to share phplib www.qualityeclipse.com/ <-- conf/logs/etc for vhost
Smalltalk Public Web Assets and Administration (from CopyofSmalltalkWebAssetsandAdministration.doc)
Introduction This document covers the details of the public web assets for the Instantiations smalltalk company, primarily the web hosting and operations.
Does NOT cover internal web resources, like fogbugz, google apps, etc. Webhosting Admin Webhosting is through ServerPoint.
We have an account with the ISP/provider itself. The web interface to login is:
http://my.serverpoint.com inst
We’re currently using a VPS, which is akin to a vmware OS installed under our control (without direct access to specific hardware). server management panel on our (virtual) server: https://216.108.237.18:8443/ admin
As a component of the overall management, there’s also a constrained account setup for dealing with the assets of instantiations website. That account exists as able to login to server panel, as well as a shell/file transfer account: insta r0ck4rt11
Our superuser account on the server: root
I’ll have the passwords tracked in another document. They’re largely synchronized, but the option exists to diverge if you want to scope who has access to specific levels of the technology stack. Virtual Hosts The old virtual hosts config was native to apache. Now that we’ve moved the configuration and management into a plesk control panel, the presentation is a little different.
Systemwide changes made from a terminal (rather than thru plesk):
Modified /etc/php.ini to change the php include_path (aka library search path): include_path = “.:/var/www/vhosts/instantiations.com/phplib”
Installed the php-mysqli package, which was missing from the installation set: root# yum install php-mysqli
Plesk auto-manages the apache configuration. However, some of its defaults are incompatible with what we’re trying to do, so they provide a mechanism to submit overrides to the managed config. The overrides are per-vhost. We share library code between vhosts, so we needed to turn off the php open_basedir directives by providing the following files:
/var/www/vhosts/instantiations.com/conf/vhost.conf: <Directory /var/www/vhosts/instantiations.com/httpdocs> <IfModule sapi_apache2.c> php_admin_flag engine on php_admin_flag safe_mode off php_admin_value open_basedir none </IfModule> <IfModule mod_php5.c> php_admin_flag engine on php_admin_flag safe_mode off php_admin_value open_basedir none </IfModule> </Directory>
/var/www/vhosts/licensing.instantiations.com/conf/vhost.conf /var/www/vhosts/licensing.instantiations.com/conf/vhost_ssl.conf (same content): <Directory /var/www/vhosts/instantiations.com/licensing.instantiations.com> <IfModule sapi_apache2.c> php_admin_flag engine on php_admin_flag safe_mode off php_admin_value open_basedir none </IfModule> <IfModule mod_php5.c> php_admin_flag engine on php_admin_flag safe_mode off php_admin_value open_basedir none </IfModule> </Directory>
Settings permissions for the htpasswd files used by the download section of the website (done after configuring the password protected directorys in the plesk interface): root# chmod o+x /var/www/vhosts/instantiations.com/pd/ root# chown insta.apache /var/www/vhosts/instantiations.com/pd/* root# chmod u+rx,g+r,o+r /var/www/vhosts/instantiations.com/pd/*
vhost: instantiations.com document root: /var/www/vhosts/instantiations.com/httpdocs
The following .htaccess file exists at the document root: RewriteEngine On
# Canonical Hostname Fix (turned off for migration) #RewriteCond %{HTTP_HOST} !^www\.instantiations\.com [NC] #RewriteCond %{HTTP_HOST} !^$ #RewriteRule ^/?(.*) http://www.instantiations.com/$1 [L,R,NE]
############################################################################# # Java spinoff fixes ############################################################################# # fix mime type for static long-term license (old java releases) AddType application/octet-stream .license # redirect license requests to the appengine license fullfillment RewriteCond %{REQUEST_URI} ^/_private/activation_thanks.asp$ RewriteRule /_private/activation_thanks.asp /activation.xml [L]
############################################################################# # Redirects ############################################################################# # ensure oldoldold forum requests get pushed to forums.instantiations.com RedirectMatch permanent ^/forum/(.*) http://forums.instantiations.com/$1 #grab bag of SEO/old URL path redirects for VAST RedirectMatch permanent ^/VAST$ / RedirectMatch permanent ^/VAST/$ / RedirectMatch permanent ^/VAST/index.html$ / RedirectMatch permanent ^/VAST/prod/vast.html$ /vasmalltalk/index.html RedirectMatch permanent ^/VAST/download/$ /products/vasmalltalk/download.html RedirectMatch permanent ^/VAST/download/index.html$ /products/vasmalltalk/download.html RedirectMatch permanent ^/VAST/download/dl-addons.html$ /products/add-ons/download.html RedirectMatch permanent ^/VAST/more/goodies.html$ /resources/goodies.html RedirectMatch permanent ^/VAST/docs.html$ /support/documentation.html RedirectMatch permanent ^/VAST/purchase.html$ /products/purchase.html RedirectMatch permanent ^/VAST/more/st-news\+events.html$ /company/news-and-events.html
Product downloads are interesting. We use apache basic auth to restrict customer access to the download bits. Each product has its own auth file, which is periodically generated by the licensing system throughout the day, and each file only contains the customers for which downloads are currently allowed. As users licenses expire, they are removed from the file(s), and added as licenses are added. Due the hashing nature of http auth, even though we’re using multiple files for auth, the passwords are identical and thus the customer does not get re-prompted to authenticate when downloading multiple products.
Through plesk, setting up the password protected directories for each product download is simple. It creates stub htpasswd files in the directory /var/www/vhosts/instantiations.com/pd
The filename patterns are as follows: d..httpdocs@downloads@vaast d..httpdocs@downloads@vast-base d..httpdocs@downloads@vast-license d..httpdocs@downloads@wbtt d..httpdocs@downloads@wkbg d..httpdocs@downloads@wkctrl d..httpdocs@downloads@wbpro d..httpdocs@downloads@wkpro
I have updated the /var/www/vhosts/instantiations.com/phplib/cron_gen.php to generate these files properly, and scheduled it as a cronjob that runs every 10 minutes.
need to look at this ^^^^ Database Setup
Both the forum site and the licensing code require database backends, currently MySQL. The PHP environment also expects to be able to use the mysql modules. Forums
The phpBB-based forums are expecting a database named “phpBB”. The details of the login credentials should be in sync with the contents of the config.php file in the forums root.
As this is a third party software suite, I’m not going to detail the schema and table natures.
DB: phpBB user: forumuser pass: psas#Xce
Licensing DB
The licensing system has a simple 2 table system, one representing the license holders and the other representing the actual licenses in a one-to-many association. Here are the schema dumps:
CREATE TABLE `account` (
`id` int(11) NOT NULL auto_increment, `username` varchar(100) collate utf8_unicode_ci NOT NULL, `email` varchar(100) collate utf8_unicode_ci default NULL, `company` varchar(100) collate utf8_unicode_ci default NULL, `password` varchar(100) collate utf8_unicode_ci default NULL, `fullname` varchar(100) collate utf8_unicode_ci default NULL, `source` varchar(100) collate utf8_unicode_ci default NULL, PRIMARY KEY (`id`), UNIQUE KEY `username` (`username`), KEY `email` (`email`), KEY `company` (`company`), KEY `fullname` (`fullname`), KEY `source` (`source`)
) ENGINE=MyISAM AUTO_INCREMENT=4209 DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
CREATE TABLE `license` (
`id` int(11) NOT NULL auto_increment, `acct_id` int(11) NOT NULL, `productcode` varchar(100) collate utf8_unicode_ci default NULL, `startdate` datetime default NULL, `enddate` datetime default NULL, `source` varchar(100) collate utf8_unicode_ci default NULL, PRIMARY KEY (`id`), KEY `acct_id` (`acct_id`), KEY `productcode` (`productcode`), KEY `startdate` (`startdate`), KEY `enddate` (`enddate`), KEY `source` (`source`)
) ENGINE=MyISAM AUTO_INCREMENT=12024 DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
Effort is made to ensure all input coming into and out of the system is UTF-8 format. Nothing sucks more that a database that gets cross-charset contamination (and as there’s a large international interest in the smalltalk products, its fairly common to see requests from most regions).
There are also three tables containing information from a legacy system (download_oldcontrol, purchase_oldcontrol, and registration_oldcontrol). Details are not provided as they are read-only and only used in the license management system for looking up data/information from a previous licensing system.
NOTE: The DB credentials are baked into the DBLayer.php library. If you change the credentials, you need to update this file.
DB: vastlicense user: vastlicense pass: xbr34xjT!!
The db vastlicense may be all we need to backup. Need root password for mysqlbackup. mysqldump -u root -ppassword vastlicense > someTimeStampedFileName.dmp Implementation Details
Dreamweaver Template and setup Drew can fill this in, or we can break it out into an independent document. The basic idea is that dreamweaver has a concept of a templating library, and the dreamweaver publish process is akin to a giant source merge tool that gathers these snippets and generates static resources (html, etc) that’s pushed to the live site. License System The components of the licensing system: ● licensing library ● evaluation form ● management interface ● crontask that generates apache auth files ● old control lookup
Licensing Library: PHP library code that uses a simple ORM system. There are two domain objects modelled, Account and License. There’s a DB layer that you pass domain objects into and out of, with some special functionality for specific use-cases (like
Evaluation Form: PHP form used by potential customers to request software evaluations. Tries to do a decent job of sanitation, talks to DB through the ORM layer.
Management Interface Primitive templating system. Uses the ORM layer. Uses the magic of redirects to hide DB actions from the browser history stack. Simple, not particularly elegant.
Crontask schedule job that runs every ~10 minutes and regenerates the htpasswd files used by apache to restrict access to the downloads. In other words we avoid the concurrent access problem by having only a single writer process. Has the side benefit that download traffic is not gated on DB access/performance (downloads can happen while DB is offline for updates/maintenance).
not sure what this ^^^ means Old control lookup There are several tables and one part of the management interface dedicated to the searching and presentiation of data from what’s commonly referred to as the “old control system”. This was a system used by both the smalltalk and java software for licensing, though they had different models of access control. Left in to provide historical lookup functionality for the sales staff.
Forums The forums site is currently a phpBB-based forum site. It has a short transition lifetime left, and the main topic areas will be pushing their discussions into other services (such as public google groups) as appropriate. Once this is done, the forum software will be replaced with the static content equivalent of the historical discussions and posts (with some rewrite rule magic to keep all the urls the same)
DMM comments I have contacted Google Groups about converting phpBB to the new va-smalltalk group.
Questions for Seth: What is the mysql root password?