Latest News

  

Popular
New Web Servers
Written by Todd Green   
Thursday, 11 June 2009 11:51 
=======
Summary:
=======

Our web servers were aging, getting hacked, and needed both hardware and 
software updates.  If you are simply serving html files, nothing has 
changed that requires your intervention.  If you are using cgi, php, 
etc. Please the scripting section below.

=============================
Hardware and Software Updates:
=============================

The servers are now running dual-core Athlons with 8GB of memory each. 
They are on Ubuntu-9.04 running the x86_64 server version (in order to 
match shell.cs's architecture.)  We are now on NFSv3 with Apache 2.2. 
This means we can finally serve files > 2GB.

=======
Scripts:
=======

PHP:

Due to the ever-increasing number of attacks on our systems, we have 
moved to suphp.  This operates much like suexec does for cgi's.  All php 
scripts will now be run as you in your public_html.  (Technically as the 
owner of the file.)  All directories in the path must be owned by you 
and files and dirs cannot be world writable.  Please look at the error 
messages (/uusoc/sys/logs/www) if you are having issues with your php 
files.  More details on suphp can be found here:

http://www.suphp.org/

Any files that were in your public_html directories that were owned by 
the web server have been changed to be owned by you.

Perl:

In order to try to be able to do quicker updates we are now using the 
Ubuntu packages where possible.  Please use /usr/bin/perl for any CGI's 
and/or perl scripts on the web servers.  We will not be compiling a 
/uusoc/opt tree for them.

=========
SSL/HTTPS:
=========

As mentioned in a previous email, new certificates have been generated 
for the new servers.  Please add them to your exception list if you are 
using a browser such as FireFox.  If you've already added the 
University's Root Cert as a trusted cert for browsers like IE, you 
shouldn't need to do anything.  Details on installing the cert can be 
found here:

http://support.cs.utah.edu/index.php?option=com_content&view=article&id=55&Itemid=2

====
Misc:
====

The old uid of the www server was conflicting with system ids which are 
shipped with modern OSes.  It has been moved to a new uid (998) and a 
new group www-data (gid 998) has been created to match.  Anyone who was 
in the old www group has been migrated to the www-data group.

- Support Group
  		 

Sections

Archive