Difference between revisions of "Web Hosting"

From CSCWiki
Jump to navigation Jump to search
Line 73: Line 73:
 
You can even include rewrite rules in an <tt>.htaccess</tt> file in your web directory.
 
You can even include rewrite rules in an <tt>.htaccess</tt> file in your web directory.
  
=== Using WSGI ===
+
=== Using WSGI ['''Deprecated'''] ===
  
 
We newly support <tt>mod_wsgi</tt> for dynamic frameworks you may not want to run through FCGI, such as Django. If you'd like to set up one of these sites, you'll need Systems Committee approval and assistance with the configuration. You will be responsible for setting up the site in your home directory and all the associated WSGI scripts.
 
We newly support <tt>mod_wsgi</tt> for dynamic frameworks you may not want to run through FCGI, such as Django. If you'd like to set up one of these sites, you'll need Systems Committee approval and assistance with the configuration. You will be responsible for setting up the site in your home directory and all the associated WSGI scripts.

Revision as of 19:38, 4 November 2015

The CSC offers web hosting for clubs and our members in accordance with our Machine Usage Agreement. This is a quick guide for the kinds of hosting we offer on our webserver, csclub.uwaterloo.ca, also known as caffeine.

We run an Apache httpd webserver and we offer you the use of a MySQL database.

What can I host on my website?

Web hosting is provided in accordance with the CSC Machine Usage Agreement. As a reminder, you are not permitted to host any of the following:

  • Ads. Advertisements are not permitted because using our machines for commercial purposes is forbidden by university policy.
  • Your start-up's website. Again, commercial use of our hosting is not permitted.
  • Unauthorized copyrighted materials. Violating the law is a violation of our Machine Usage Agreement.

Please note that this is not an exhaustive list. Websites may be taken down without notice at the discretion of the Systems Committee. (We will always let you know that we took your site down, but if it is breaking our shared environment, we can't provide an advance warning.)

Some great examples of things members host on our webserver:

DNS and Your Domain Name

You can serve files without any additional configuration by placing them in your www directory and accessing them at http://csclub.uwaterloo.ca/~userid, where userid is your CSC user ID. However, many of our members and clubs prefer to use a custom domain name.

uwaterloo.ca domain Names

If you represent a UWaterloo organization, you may be eligible for a custom uwaterloo.ca domain name, such as csclub.uwaterloo.ca. We can request this on your behalf.

In order to do so, we must have verified that the organization is a legitimate UWaterloo-affiliated group, and that you, the representative, are authorized to request a domain name on their behalf. This all takes place when you request club hosting with the Computer Science Club.

Once you register as a club representative of your particular organization, you can send an email from your official club account to syscom@csclub.uwaterloo.ca to request the domain yourdomain.uwaterloo.ca. Assuming it is available, we will file a ticket and request the domain in your name.

Your personal domain name

These virtual hosts must be approved by the Executive and Systems Committee. If interested, send syscom@csclub.uwaterloo.ca an email. If your request is approved, the Systems Committee will direct you to create a CNAME record for your domain and point it at csclub.uwaterloo.ca.

Static Sites

You can place all your static content into your web directory, /users/userid/www.

If you have been approved for a virtual host, you can access this content using your personal domain once the Systems Committee makes the appropriate configuration changes. Here is an example configuration file:

 <VirtualHost *:80>
 	ServerName foobar.uwaterloo.ca
 	ServerAlias *.foobar.uwaterloo.ca foobar
 	ServerAdmin your@email.here.tld
 
 	DocumentRoot /users/userid/www/
 
 	ErrorLog /var/log/apache2/luser-userid-error.log
 	CustomLog /var/log/apache2/luser-userid-access.log combined
 </VirtualHost>

Dynamic Sites

If you require use of a database, we offer you the sole choice of MySQL. See this guide for how to create your database and connect to MySQL.

***NOTICE***

 We STRONGLY discourage the use of content management systems such as
 WordPress. These packages are notorious for the number of security
 vulnerabilities they contain and pose a threat to our systems if they are not
 kept up to date. The Systems Committee WILL, at its discretion, disable
 any website using a package such as WordPress that is not updated to the latest
 version or that is found to contain exploitable security flaws. In such a case,
 the member or club serving that site will be notified of the termination; the
 site will not be re-enabled until the issues are addressed.

Using PHP

Because we use Apache, it's as simple as placing your index.php file in your /users/userid/www. That's it!

You can even include rewrite rules in an .htaccess file in your web directory.

Using WSGI [Deprecated]

We newly support mod_wsgi for dynamic frameworks you may not want to run through FCGI, such as Django. If you'd like to set up one of these sites, you'll need Systems Committee approval and assistance with the configuration. You will be responsible for setting up the site in your home directory and all the associated WSGI scripts.

Here is a sample configuration file for a Django site:

 <VirtualHost *:80>
   ServerName foobar.uwaterloo.ca
   ServerAlias *.foobar.uwaterloo.ca foobar
   ServerAdmin your@email.here.tld
 
   ErrorLog /var/log/apache2/luser-userid-error.log
   CustomLog /var/log/apache2/luser-userid-access.log combined
 
   WSGIDaemonProcess process_name python-path=your/path/here/:possibly:/users/userid/site:/users/userid/.env/...
   WSGIScriptAlias / /path/to/your/wsgi/script
   WSGIProcessGroup process_name
 
   Alias /robots.txt /path/if/necessary/robots.txt
   Alias /favicon.ico /path/if/necessary/favicon.ico
 
   <Directory /path/to/your/wsgi/script>
     <Files wsgi.py>
       Require all granted
     </Files>
   </Directory>
 </VirtualHost>

Syscom

Disabling insecure or infringing sites

To disable a webspace that has known security vulnerabilities add the following snippet to `/etc/apache2/conf-available/disable-vuln-site.conf`. This rewrites all accesses of the directory or its children to the given file. Note that our disable page uses PHP to always return HTTP status code 503. (TODO: move files to somewhere in /srv)

 <Directory /users/$BADUSER/www>
     AllowOverride None
     RewriteEngine On
     RewriteRule . /~sysadmin/insecure/index.php [L]
 </Directory>