SCSVirtualWebConfig < CF

CF Web>Infrastructure>SCSVirtualWebConfig (2022-10-27, HarshRoghelia) (raw view)

---+ How to Set Up a Virtual Host on cs.uwaterloo.ca Web Server

   * Add nsbuild alias: https://nsbuild.uwaterloo.ca/ui/  
DNS search for haproxy.cs.uwaterloo.ca and add an alias to that record.

   * ssh to salt-204 and add site to the web servers:
<verbatim>
cd /srv/saltstack/pillar/cscf_apache
</verbatim>
Add vhost to ==cs.sls==  (alphabetically, please! In vim, you can select with V and :sort)

   * Run a test of the web server changes: 
<verbatim>
root@salt-204:/srv/saltstack/pillar/cscf_apache# salt -N www-154 state.apply --state-verbose=False cscf_apache test=True
</verbatim>
Ignore symlink warnings...

   * Actually implement changes: 
<verbatim>
root@salt-204:/srv/saltstack/pillar/cscf_apache# salt -N www-154 state.apply --state-verbose=False cscf_apache
</verbatim>
Test that cs.uwaterloo.ca is still functional.

   * ssh to ==salt-cscf-2004== 
   * Update the haproxy configuration so traffic gets to the backend servers with appropriate TLS certs:
<verbatim>
cd /srv/salt-master/pillar/haproxy_bionic/backends
</verbatim>
Add entry to ==www_cs.sls== under haproxy:backends:extra_vhosts (alphabetically, please).  Also add www and site aliases to haproxy:backends:alias_vhosts if it is appropriate these aliases should appear in the TLS cert

   * Test the changes to haproxy. One cannot run solely the haproxy_bionic state as certbot needs to run simultaneously
<verbatim>
root@salt-cscf-2004:/srv/salt-master/pillar/haproxy_bionic# salt -N haproxy-bionic state.apply --state-verbose=False test=True
</verbatim>

   * If no fails, apply changes to haproxy:
<verbatim>
root@salt-cscf-2004:/srv/salt-master/pillar/haproxy_bionic# salt -N haproxy-bionic state.apply --state-verbose=False
</verbatim>

   * ssh to linux.cs and add web root in the filespace
<verbatim>
roor@linux.cs:/var/www# mkdir booked.cs.uwaterloo.ca
</verbatim>

   * If you have an admin user group, you can set the SGUID:
<verbatim>
chown -R username:GID booked.cs.uwaterloo.ca
chmod 2775 booked.cs.uwaterloo.ca
</verbatim>

   * However: if the virtual host is going to be running CGIs, our use of suexec means that the GID *must* be the same as the default GID for the user. Otherwise, the CGI will fail with error 500 and suexec error logs will report:
<verbatim>
[2020-09-24 14:46:43]: uid: (33/username) gid: (33/username) cmd: index.php
[2020-09-24 14:46:45]: target uid/gid (4179/4189) mismatch with directory (4179/17110) or program (4179/17110)
</verbatim>

   * Add test content to the web site:
<verbatim>
root@linux.cs:/var/www# echo hi > booked.cs.uwaterloo.ca/index.html
</verbatim>

   * Return to salt-204 and restart all web servers
<verbatim>
root@salt-204:~# salt -N www-154 service.reload apache2
</verbatim>
A second restart may be required for LDAP services to catch up.

Test site... And cs.uwaterloo.ca to make sure no regressions.

   * Commit salt changes to git:
<verbatim>
root@salt-204:~# cd /srv/saltstack/pillar/cscf_apache
root@salt-204:/srv/saltstack/pillar/cscf_apache# git status

On branch master
Your branch is up-to-date with 'origin/master'.
Changes not staged for commit:
(use "git add ..." to update what will be committed)
(use "git checkout -- ..." to discard changes in working directory)

modified: cs.sls
modified: ../haproxy_bionic/haproxy/backends/www_cs.sls
modified: ../iaas/201/m3.sls

no changes added to commit (use "git add" and/or "git commit -a")
</verbatim>

   * Commit your changes to git for version control/backup:
<verbatim>
root@salt-204:/srv/saltstack/pillar/cscf_apache# git add cs.sls
root@salt-204:/srv/saltstack/pillar/cscf_apache# git add ../haproxy_bionic/haproxy/backends/www_cs.sls
root@salt-root@salt-204:/srv/saltstack/pillar/cscf_apache# git commit --author="Lori Paniak "
</verbatim>

Add a a commit message with details of changes  and RT # on third line eg.
<verbatim>
Changes to support addition of grec.cs virtual host

#RT1092612
</verbatim>

git push

Expect a commit email from git.uwaterloo.ca

-- %USERSIG{LoriPaniak - 2020-09-02}%
-- %USERSIG{NathanFish - 2020-09-02}%

Topic revision: r8 - 2022-10-27 - HarshRoghelia

Information in this area is meant for use by CSCF staff and is not official documentation, but anybody who is interested is welcome to use it if they find it useful.

Other Webs

My links
- People
- CERAS
- WatForm
- Tetherless lab
- Ubuntu Main.HowTo
- eDocs
- RGG NE notes
- RGG
- CS infrastructure
- Grad images

Edit