| Size: 1967 Comment: add a friendly hints, and links, to make common tasks described in the manual easily accessible | Size: 5223 Comment: Add DAV example | 
| Deletions are marked like this. | Additions are marked like this. | 
| Line 22: | Line 22: | 
| = Permissions Issues (403 Access Denied) = When you publish web content, it will probably live in your home directory. The web server will need permission to read your files, or it will return "403 Access Denied" errors. Since your home directory is in AFS, '''normal UNIX permissions are irrelevant'''. For instance, if you get a 403 error serving `~/public_html/otherdir/page.html`, you might run this to see what's up: {{{$ fs listacl ~/public_html/otherdir Access list for /afs/hcoop.net/user/y/yo/you/public_html/otherdir is Normal rights: system:administrators rlidwka system:anyuser l you rlidwka}}} Oops! Apache only matches the "system:anyuser" principal, so it only gets the "l" (= "list") permission and can only list your directory contents. Try this to fix it: {{{$ fs setacl ~/public_html/otherdir system:anyuser read $ fs setacl ~/public_html system:anyuser read $ fs setacl ~ system:anyuser l}}} The first two give full read permission on the mentioned directories. "l" permission is needed in every parent directory of a file to be able to access it, so the last line makes sure "l" is granted to system:anyuser on your home directory. When your web content is accessed through your own virtual host, you can also grant read access to `$USER.daemon` instead of the broader `system:anyuser`, where `$USER` is your username. This is your bizarro-world twin, which Apache runs as when serving your content. See [:MemberManual/GettingStarted:the Getting Started chapter] of the Member Manual, in particular the ''AFS'' section, for information on how to work with AFS's '''separate''' notion of permissions. = Getting HTTPS access working = In order to serve websites over HTTPS, you will need to request an IP address from us and generate an SSL certificate. 1. [https://members2.hcoop.net/portal/ip Request an IP address]. 2. Either generate an SSL certificate yourself, or buy one from somewhere (search for "ssl certificate" using your search engine of choice for a list of popular vendors). 3. [https://members2.hcoop.net/portal/cert Request permission to use your certificate for a domain]. 4. Add a stanza to your DomTool configuration file. An example follows. | |
| Line 24: | Line 56: | 
| * Accessing read-only site-wide DAV. Also, enabling site-specific DAV so that you can use it for writing. Link to "Using revision control -> DAV and Subversion example". | WebDAV is a set of extensions to the HTTP protocol which allows users to collaboratively edit and manage files on remote web servers. WebDAV is useful when working on a website using systems that cannot mount an AFS share. For details on how to setup WebDAV, take a look at [http://research.cs.berkeley.edu/doc/dav/]/ Read-only DAV access is available via [https://dav.hcoop.net/]. If you want to be able to write files to DAV, you will need to set up a subdomain which is served via HTTPS. The ''Getting HTTPS access working'' section above should be of help. Then, you will want to add a stanza to your DomTool configuration to serve DAV. An example follows. {{{ (* Redirect HTTP to HTTPS *) vhost "dav" with rewriteRule "^(.*)$" "https://dav.mwolson.org$1" [redirect]; end; (* Serving DAV over HTTPS *) vhost "dav" where DocumentRoot = (home "dav"); (* NOTE: Change this filename to be the location of your *) (* signed certificate. Otherwise you will get a type error. *) SSL = use_cert "/etc/apache2/ssl/apache.pem"; with addDefaultCharset "utf-8"; location "/" with davFilesystem; end; end; }}} | 
This is the chapter of the MemberManual that describes how to serve your website(s).
Static Web Sites
If you plan on having static websites without any CGI such as php or perl, then read on. In your home directory, there is a directory named public_html. By default, you can access this at http://deleuze.hcoop.net/~USER (which will soon become http://www.hcoop.net/~USER). You will never be able to execute server-side scripts when accessing webpages in that manner. If you're going to use a domain, please read the next section.
Dynamic Web Sites
If you plan on having a website that utilizes CGI such as php or perl, then you must either have a domain or an hcoop.net subdomain (i.e., USER.hcoop.net).
When you have chosen a domain to be hosted by HCoop, you then simply request control of that domain at the [http://members2.hcoop.net portal]. Once it is authorized by an administrator, you will be able to utilize DomTool. DomTool will let Apache and other services know about your domain. Please take a look at [:MemberManual/UsingDomtool: using DomTool], [:DomTool/UserGuide: DomTool user guide], and [:DomTool/Examples: DomTool examples] to learn how to do this.
As a hint, DomTool configurations are stored in ~/.domtool/. Some users have made their production configurations readable and so you may be able to learn from them. See the bottom of [:DomTool/Examples: DomTool examples] to find out who is showing off their DomTool configurations.
For database help, take a look at this manual's [:MemberManual/Databases: Databases] chapter.
To see how you can transfer files to HCoop, see the [:MemberManual/TransferringFiles: Transferring Files] chapter.
Permissions Issues (403 Access Denied)
When you publish web content, it will probably live in your home directory. The web server will need permission to read your files, or it will return "403 Access Denied" errors. Since your home directory is in AFS, normal UNIX permissions are irrelevant.
For instance, if you get a 403 error serving ~/public_html/otherdir/page.html, you might run this to see what's up:
{{{$ fs listacl ~/public_html/otherdir Access list for /afs/hcoop.net/user/y/yo/you/public_html/otherdir is Normal rights:
- system:administrators rlidwka system:anyuser l you rlidwka}}}
Oops! Apache only matches the "system:anyuser" principal, so it only gets the "l" (= "list") permission and can only list your directory contents. Try this to fix it:
{{{$ fs setacl ~/public_html/otherdir system:anyuser read $ fs setacl ~/public_html system:anyuser read $ fs setacl ~ system:anyuser l}}}
The first two give full read permission on the mentioned directories. "l" permission is needed in every parent directory of a file to be able to access it, so the last line makes sure "l" is granted to system:anyuser on your home directory.
When your web content is accessed through your own virtual host, you can also grant read access to $USER.daemon instead of the broader system:anyuser, where $USER is your username. This is your bizarro-world twin, which Apache runs as when serving your content.
See [:MemberManual/GettingStarted:the Getting Started chapter] of the Member Manual, in particular the AFS section, for information on how to work with AFS's separate notion of permissions.
Getting HTTPS access working
In order to serve websites over HTTPS, you will need to request an IP address from us and generate an SSL certificate.
- [https://members2.hcoop.net/portal/ip Request an IP address]. 
- Either generate an SSL certificate yourself, or buy one from somewhere (search for "ssl certificate" using your search engine of choice for a list of popular vendors).
- [https://members2.hcoop.net/portal/cert Request permission to use your certificate for a domain]. 
- Add a stanza to your DomTool configuration file. An example follows. 
WebDAV
WebDAV is a set of extensions to the HTTP protocol which allows users to collaboratively edit and manage files on remote web servers. WebDAV is useful when working on a website using systems that cannot mount an AFS share. For details on how to setup WebDAV, take a look at [http://research.cs.berkeley.edu/doc/dav/]/
Read-only DAV access is available via [https://dav.hcoop.net/].
If you want to be able to write files to DAV, you will need to set up a subdomain which is served via HTTPS. The Getting HTTPS access working section above should be of help. Then, you will want to add a stanza to your DomTool configuration to serve DAV. An example follows.
  (* Redirect HTTP to HTTPS *)
  vhost "dav" with
    rewriteRule "^(.*)$" "https://dav.mwolson.org$1" [redirect];
  end;
  (* Serving DAV over HTTPS *)
  vhost "dav" where
    DocumentRoot = (home "dav");
    (* NOTE: Change this filename to be the location of your *)
    (* signed certificate.  Otherwise you will get a type error. *)
    SSL = use_cert "/etc/apache2/ssl/apache.pem";
  with
    addDefaultCharset "utf-8";
    location "/" with
      davFilesystem;
    end;
  end;