|
Size: 3609
Comment:
|
Size: 3624
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 18: | Line 18: |
| With the following .htaccess in your public_html directory applications under /public_html/secure are still accessible without moving them to public_html: | With the following [[attachment:.htaccess]] in your public_html directory applications under /public_html/secure are still accessible without moving them to public_html: |
People Webserver Migration
We intend to change the current people web server to a new platform at the end of May 2018. The actual physical server (atlan01) with debian wheezy will be replaced with an new virtual platform with debian stretch (webbi03). Here is a table with the different software versions on the two platforms:
|
atlan01 |
webbi03 |
||
Debian' |
7:wheezy |
9:stretch |
||
Apache |
2.2 |
2.4 |
||
PHP |
5.4 |
7.0 |
||
Python |
2.7 |
3.5 |
||
We also make two important configuration changes:
DocumentRoot is now /home/<account>/public_html for http and https access
Apache standard suexec : no global php wrapper script outside DocumentRoot as until now
You can test your existing applications by using the URL http(s)://people3.eethz.ch/~<account>/....
With the following .htaccess in your public_html directory applications under /public_html/secure are still accessible without moving them to public_html:
#
# IfVersion is needed because atlan01 doesn't recognize the If %{HTTP_HOST}
#
<IfVersion >= 2.3>
<If "%{HTTP_HOST} == 'people3\.ee\.ethz\.ch'">
FCGIWrapper /home/gfreudig/public_html/.fcgi/php-wrapper .php
# redirect http to https if:
# directory secure in user specific document must not exist
RewriteCond %{CONTEXT_DOCUMENT_ROOT}/secure !-d
# protocol must be http
RewriteCond %{HTTPS} off
# then internal rewrite to https
RewriteRule (.*) https://people3.ee.ethz.ch%{REQUEST_URI}
# Redirect https to secure path if:
# URI must not contain "/secure"
RewriteCond %{REQUEST_URI} "!/secure"
# protocol must be https
RewriteCond %{HTTPS} on
# directory secure in user specific document root must exist
RewriteCond %{CONTEXT_DOCUMENT_ROOT}/secure -d
# then internal rewrite with added secure/ in access path
RewriteRule (.*)/public_html/(.*) $1/public_html/secure/$2
</If>
</IfVersion>This .htaccess does the following:
- automatic redirect fron http to https if no secure directory exists
- insert secure into access path if secure directory exists and https access
Because this .htaccess is only executed on the test server people3 you can use it with no risque in your .htaccess.
RewriteEngine on
If you have a MoinMoin wiki under secure the following addition/replacement to the already existing .htaccess in your wiki root makes your wiki also running under the new server:
<IfVersion >= 2.3>
<If "%{HTTP_HOST} == 'people3\.ee\.ethz\.ch'">
# Redirect to path with moin.fcgi if:
# no file requested
RewriteCond %{REQUEST_FILENAME} !-f
# URI not already contains /moin.fcgi
RewriteCond %{REQUEST_URI} "!/moin.fcgi"
# Internal rewrite to path with moin.fcgi inserted
RewriteRule ^(.*)/secure/MyWiki/(.*)$ $1/secure/MyWiki/moin.fcgi/$2
</If>
<If "%{HTTP_HOST} == 'people2\.ee\.ethz\.ch'">
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)/MyWiki/(.*)$ /~gfreudig/MyWiki/moin.fcgi/$2
</If>
</IfVersion>
<IfVersion <= 2.3>
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ /~gfreudig/MyWiki/moin.fcgi/$1
</IfVersion>
In the near future we want to eliminate this special redirect rules which detect an existing secure directory of the user by a global unconditioned redirect from http to https. If you could move existing https apllications in secure with no problems to public_html please do it already now.