3609
Comment:
|
3624
|
Deletions are marked like this. | Additions are marked like this. |
Line 18: | Line 18: |
With the following .htaccess in your public_html directory applications under /public_html/secure are still accessible without moving them to public_html: | With the following [[attachment:.htaccess]] in your public_html directory applications under /public_html/secure are still accessible without moving them to public_html: |
People Webserver Migration
We intend to change the current people web server to a new platform at the end of May 2018. The actual physical server (atlan01) with debian wheezy will be replaced with an new virtual platform with debian stretch (webbi03). Here is a table with the different software versions on the two platforms:
|
atlan01 |
webbi03 |
||
Debian' |
7:wheezy |
9:stretch |
||
Apache |
2.2 |
2.4 |
||
PHP |
5.4 |
7.0 |
||
Python |
2.7 |
3.5 |
We also make two important configuration changes:
DocumentRoot is now /home/<account>/public_html for http and https access
Apache standard suexec : no global php wrapper script outside DocumentRoot as until now
You can test your existing applications by using the URL http(s)://people3.eethz.ch/~<account>/....
With the following .htaccess in your public_html directory applications under /public_html/secure are still accessible without moving them to public_html:
# # IfVersion is needed because atlan01 doesn't recognize the If %{HTTP_HOST} # <IfVersion >= 2.3> <If "%{HTTP_HOST} == 'people3\.ee\.ethz\.ch'"> FCGIWrapper /home/gfreudig/public_html/.fcgi/php-wrapper .php # redirect http to https if: # directory secure in user specific document must not exist RewriteCond %{CONTEXT_DOCUMENT_ROOT}/secure !-d # protocol must be http RewriteCond %{HTTPS} off # then internal rewrite to https RewriteRule (.*) https://people3.ee.ethz.ch%{REQUEST_URI} # Redirect https to secure path if: # URI must not contain "/secure" RewriteCond %{REQUEST_URI} "!/secure" # protocol must be https RewriteCond %{HTTPS} on # directory secure in user specific document root must exist RewriteCond %{CONTEXT_DOCUMENT_ROOT}/secure -d # then internal rewrite with added secure/ in access path RewriteRule (.*)/public_html/(.*) $1/public_html/secure/$2 </If> </IfVersion>
This .htaccess does the following:
- automatic redirect fron http to https if no secure directory exists
- insert secure into access path if secure directory exists and https access
Because this .htaccess is only executed on the test server people3 you can use it with no risque in your .htaccess.
RewriteEngine on
If you have a MoinMoin wiki under secure the following addition/replacement to the already existing .htaccess in your wiki root makes your wiki also running under the new server:
<IfVersion >= 2.3> <If "%{HTTP_HOST} == 'people3\.ee\.ethz\.ch'"> # Redirect to path with moin.fcgi if: # no file requested RewriteCond %{REQUEST_FILENAME} !-f # URI not already contains /moin.fcgi RewriteCond %{REQUEST_URI} "!/moin.fcgi" # Internal rewrite to path with moin.fcgi inserted RewriteRule ^(.*)/secure/MyWiki/(.*)$ $1/secure/MyWiki/moin.fcgi/$2 </If> <If "%{HTTP_HOST} == 'people2\.ee\.ethz\.ch'"> RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^(.*)/MyWiki/(.*)$ /~gfreudig/MyWiki/moin.fcgi/$2 </If> </IfVersion> <IfVersion <= 2.3> RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^(.*)$ /~gfreudig/MyWiki/moin.fcgi/$1 </IfVersion>
In the near future we want to eliminate this special redirect rules which detect an existing secure directory of the user by a global unconditioned redirect from http to https. If you could move existing https apllications in secure with no problems to public_html please do it already now.