How to Set Up a Virtual Host on cs.uwaterloo.ca Web Server

DNS search for haproxy.cs.uwaterloo.ca and add an alias to that record.

  • ssh to salt-204 and add site to the web servers:
cd /srv/saltstack/pillar/cscf_apache
Add vhost to cs.sls (alphabetically, please! In vim, you can select with V and :sort)

  • Run a test of the web server changes:
root@salt-204:/srv/saltstack/pillar/cscf_apache# salt -N www-154 state.apply --state-verbose=False cscf_apache test=True
Ignore symlink warnings...

  • Actually implement changes:
root@salt-204:/srv/saltstack/pillar/cscf_apache# salt -N www-154 state.apply --state-verbose=False cscf_apache
Test that cs.uwaterloo.ca is still functional.

  • Update the haproxy configuration so traffic gets to the backend servers with appropriate TLS certs:
cd /srv/saltstack/pillar/haproxy_bionic/haproxy/backends
Add entry to www_cs.sls under haproxy:backends:extra_vhosts (alphabetically, please). Also add www and site aliases to haproxy:backends:alias_vhosts if it is appropriate these aliases should appear in the TLS cert

  • Test the changes to haproxy. One cannot run solely the haproxy_bionic state as certbot needs to run simultaneously
root@salt-204:/srv/saltstack/pillar/haproxy_bionic# salt -N haproxy-bionic state.apply --state-verbose=False test=True

  • If no fails, apply changes to haproxy:
root@salt-204:/srv/saltstack/pillar/haproxy_bionic# salt -N haproxy-bionic state.apply --state-verbose=False

  • ssh to linux.cs and add web root in the filespace
roor@linux.cs:/var/www# mkdir booked.cs.uwaterloo.ca

  • If you have an admin user group, you can set the SGUID:
chown -R username:GID booked.cs.uwaterloo.ca
chmod 2775 booked.cs.uwaterloo.ca

  • However: if the virtual host is going to be running CGIs, our use of suexec means that the GID must be the same as the default GID for the user. Otherwise, the CGI will fail with error 500 and suexec error logs will report:
[2020-09-24 14:46:43]: uid: (33/username) gid: (33/username) cmd: index.php
[2020-09-24 14:46:45]: target uid/gid (4179/4189) mismatch with directory (4179/17110) or program (4179/17110)

  • Add test content to the web site:
root@linux.cs:/var/www# echo hi > booked.cs.uwaterloo.ca/index.html

  • Return to salt-204 and restart all web servers
root@salt-204:~# salt -N www-154 service.reload apache2
A second restart may be required for LDAP services to catch up.

Test site... And cs.uwaterloo.ca to make sure no regressions.

  • Commit salt changes to git:
root@salt-204:~# cd /srv/saltstack/pillar/cscf_apache
root@salt-204:/srv/saltstack/pillar/cscf_apache# git status

On branch master
Your branch is up-to-date with 'origin/master'.
Changes not staged for commit:
(use "git add ..." to update what will be committed)
(use "git checkout -- ..." to discard changes in working directory)

modified: cs.sls
modified: ../haproxy_bionic/haproxy/backends/www_cs.sls
modified: ../iaas/201/m3.sls

no changes added to commit (use "git add" and/or "git commit -a")

  • Commit your changes to git for version control/backup:
root@salt-204:/srv/saltstack/pillar/cscf_apache# git add cs.sls
root@salt-204:/srv/saltstack/pillar/cscf_apache# git add ../haproxy_bionic/haproxy/backends/www_cs.sls
root@salt-root@salt-204:/srv/saltstack/pillar/cscf_apache# git commit --author="Lori Paniak "

Add a a commit message with details of changes and RT # on third line eg.

Changes to support addition of grec.cs virtual host

#RT1092612

git push

Expect a commit email from git.uwaterloo.ca

-- Lori Paniak - 2020-09-02 -- Nathan Fish - 2020-09-02

Edit | Attach | Watch | Print version | History: r7 < r6 < r5 < r4 < r3 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r7 - 2021-06-11 - LoriPaniak
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback