Sysadmin:Web Servers

We use apache2 as our main web server. GitLab and Jupyter use nginx.

Hopper on cluster and Web on CS serve multiple websites. Traffic to their IP addresses on ports 80 and 443 are already allowed through the firewall. Several servers - e.g. Code, Bowie - host single websites that have more complex configurations.

You should spin up a VM if a website requires a long dependency chain that may clash with the exiting configuration on web. You will have to add them to the web servers alias in the firewall.

You should build a website in your own ~username webpage. The paths are listed below and do not require additional configuration to use.

You can find apache configs on most of our servers in /etc/apache2. The key files:

• apache2.conf - global configs
• conf.d - configurations for individual virtual hosts if not defined in the main apache file

User webpages (these can be edited from any server):

• ~/public_html - cluster.earlham.edu
• ~/www - cs.earlham.edu

In migrating from an older version of apache, you have to switch Allow from all to Require all granted in the list of rules for the directory of choice.

Run sudo apt-get install nginx.

Just installing and running nginx will display a message to visitors to the url that the site must still be configured.

To actually do that:

• We have a bunch of site files in tools:/etc/nginx/sites-available (plus symlinks in sites-enabled). Copy those over to the corresponding directories.
• We're currently using the same SSL certs as we use on web.

Examples are for apache but the paths are also valid for nginx.

SSL info for cluster:

SSLCertificateFile      /etc/ssl/certs/cluster.earlham.edu.crt
SSLCertificateKeyFile   /etc/ssl/private/cluster.earlham.edu.key
SSLCertificateChainFile /etc/ssl/certs/cluster.earlham.edu.ca-bundle

SSL info for CS:

SSLCertificateFile      /etc/ssl/certs/cs.earlham.edu.crt
SSLCertificateKeyFile /etc/ssl/private/cs.earlham.edu.key
SSLCertificateChainFile /etc/ssl/certs/cs.earlham.edu.ca-bundle

More info here.