How to Set Up a Virtual Host on cs.uwaterloo.ca Web Server

• Add nsbuild alias: https://nsbuild.uwaterloo.ca/ui/

DNS search for haproxy.cs.uwaterloo.ca and add an alias to that record.

• ssh to salt-204 and add site to the web servers:

cd /srv/saltstack/pillar/cscf_apache

Add vhost to cs.sls (alphabetically, please! In vim, you can select with V and :sort)

• Run a test of the web server changes:

root@salt-204:/srv/saltstack/pillar/cscf_apache# salt -N www-154 state.apply --state-verbose=False cscf_apache test=True

Ignore symlink warnings...

• Actually implement changes:

root@salt-204:/srv/saltstack/pillar/cscf_apache# salt -N www-154 state.apply --state-verbose=False cscf_apache

Test that cs.uwaterloo.ca is still functional.

• ssh to salt-cscf-2004
• Update the haproxy configuration so traffic gets to the backend servers with appropriate TLS certs:

cd /srv/salt-master/pillar/haproxy_bionic/backends

Add entry to www_cs.sls under haproxy:backends:extra_vhosts (alphabetically, please). Also add www and site aliases to haproxy:backends:alias_vhosts if it is appropriate these aliases should appear in the TLS cert

• Test the changes to haproxy. One cannot run solely the haproxy_bionic state as certbot needs to run simultaneously

root@salt-cscf-2004:/srv/salt-master/pillar/haproxy_bionic# salt -N haproxy-bionic state.apply --state-verbose=False test=True

• If no fails, apply changes to haproxy:

root@salt-cscf-2004:/srv/salt-master/pillar/haproxy_bionic# salt -N haproxy-bionic state.apply --state-verbose=False

• ssh to linux.cs and add web root in the filespace

roor@linux.cs:/var/www# mkdir booked.cs.uwaterloo.ca

• If you have an admin user group, you can set the SGUID:

chown -R username:GID booked.cs.uwaterloo.ca
chmod 2775 booked.cs.uwaterloo.ca

• However: if the virtual host is going to be running CGIs, our use of suexec means that the GID must be the same as the default GID for the user. Otherwise, the CGI will fail with error 500 and suexec error logs will report:

[2020-09-24 14:46:43]: uid: (33/username) gid: (33/username) cmd: index.php
[2020-09-24 14:46:45]: target uid/gid (4179/4189) mismatch with directory (4179/17110) or program (4179/17110)

• Add test content to the web site:

root@linux.cs:/var/www# echo hi > booked.cs.uwaterloo.ca/index.html

• Return to salt-204 and restart all web servers

root@salt-204:~# salt -N www-154 service.reload apache2

A second restart may be required for LDAP services to catch up.

Test site... And cs.uwaterloo.ca to make sure no regressions.

• Commit salt changes to git:

root@salt-204:~# cd /srv/saltstack/pillar/cscf_apache
root@salt-204:/srv/saltstack/pillar/cscf_apache# git status

On branch master
Your branch is up-to-date with 'origin/master'.
Changes not staged for commit:
(use "git add ..." to update what will be committed)
(use "git checkout -- ..." to discard changes in working directory)

modified: cs.sls
modified: ../haproxy_bionic/haproxy/backends/www_cs.sls
modified: ../iaas/201/m3.sls

no changes added to commit (use "git add" and/or "git commit -a")

• Commit your changes to git for version control/backup:

root@salt-204:/srv/saltstack/pillar/cscf_apache# git add cs.sls
root@salt-204:/srv/saltstack/pillar/cscf_apache# git add ../haproxy_bionic/haproxy/backends/www_cs.sls
root@salt-root@salt-204:/srv/saltstack/pillar/cscf_apache# git commit --author="Lori Paniak "

Add a a commit message with details of changes and RT # on third line eg.

Changes to support addition of grec.cs virtual host

#RT1092612

git push

Expect a commit email from git.uwaterloo.ca

-- Lori Paniak - 2020-09-02 -- Nathan Fish - 2020-09-02