7,612
edits
Changes
Jump to navigation
Jump to search
Created page with "{{#set: Visible to=whitelist|Visible to group=team}} This page records some configuration changes to the research computing infrastructure that, for a variety of reasons, don..."
{{#set: Visible to=whitelist|Visible to group=team}}
This page records some configuration changes to the research computing infrastructure that, for a variety of reasons, don't belong on the public pages.
== Protect a page from public view ==
Use the following SemanticACL tags (https://www.edegan.com/wiki/Research_Computing_Configuration#SemanticACL):
To configure security on a page (https://www.mediawiki.org/wiki/Extension:Semantic_ACL#Example)
<nowiki>
[[Visible to::whitelist]]
[[Visible to group::team]]
[[Editable by::whitelist]]
[[Editable by user::User:whoever]]
</nowiki>
or equivalently (but silently):
<nowiki>{{#set: Visible to=whitelist|Visible to group=team}}</nowiki>
== Mounting an Apple FS drive ==
Use apfs-fuse (https://github.com/sgan81/apfs-fuse) to mount an Apple FS drive. Install apts-full by doing the following:
git clone https://github.com/sgan81/apfs-fuse.git
cd apfs-fuse
git submodule init
git submodule update
mkdir build
cd build
cmake ..
ccmake .
# Choose fuse3 off -> c -> g -> q
make
Note that you need to choose fuse3 off step using ccmake. The default built, available from https://gist.github.com/romdim/58b4ce14ef0517241abab4b9d8a33d32, won't work on our setup.
Then use apfs-fuse to mount a drive (as researcher, so it will be accessible):
sudo su
cd /home/ed/apfs-fuse/build
lsblk
#To get the device
id researcher
./apfs-fuse -o uid=1001,gid=1002,allow_other /dev/sde2 /media/backup/
Then create a simlink:
su researcher
ln -s /media/backup/root/Backup /bulk/extdrive
Delete the link with:
unlink /bulk/extdrive
And allow Samba to follow the simlink (https://unix.stackexchange.com/questions/5120/how-do-you-make-samba-follow-symlink-outside-the-shared-path):
vi /etc/samba/smb.conf
[global]
allow insecure wide links = yes
unix extensions = no
[bulk]
...
follow symlinks = yes
wide links = yes
== Multiple Virtual Hosts on Apache2 ==
To have multiple domain names served from the same Apache install, use virtual hosts:
Add a folder to the www directory:
sudo su
mkdir /var/www/newsite
Edit /etc/apache2/apache2.conf to include a new directory statement, as well as the NameVirtualHost statements (if not already included):
NameVirtualHost *:80
NameVirtualHost *:443
<Directory /var/www/newsite.com>
Options -Indexes +FollowSymLinks
AllowOverride All
Require all granted
</Directory>
Have a look in /etc/apache2/sites-available and /etc/apache2/sites-enabled to see the current set up.
Copy the template (000-default.conf) to the new sitename (newsite.com.com) in /etc/apache2/sites-available and edit it to set the ServerName, ServerAlias, DocumentRoot and any other setup. Note that the redirects are within the virtualhost, and if you aren't seeing some change it is probably because your browser has cached an old redirect. Apache will default back to the first site if nothing matches...
<VirtualHost *:80>
ServerName newsite.com
ServerAlias www.newsite.com
ServerAdmin ed@newsite.com
DocumentRoot /var/www/newsite.com
Redirect permanent / https://www.newsite.com/
</VirtualHost>
<VirtualHost *:443>
ServerName newsite.com
ServerAlias www.newsite.com
Protocols h2 http/1.1
DocumentRoot /var/www/newsite.com
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/newsite.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/newsite.com/privkey.pem
</VirtualHost>
Add the SSL keys (see https://certbot.eff.org/instructions and [[Research_Computing_Configuration#HTTPS]]):
lsb_release -a
...if you need the Ubuntu version
certbot certonly --agree-tos --email ed@edegan.com --webroot -w /var/lib/letsencrypt/ -d newsite.com -d www.newsite.com
Enable the site:
a2ensite newsite.com
note that you don't need the .conf...
systemctl reload apache2
Optionally disable the site:
a2dissite newsite.com
Check the setup:
a2query -s
apachectl -S
This page records some configuration changes to the research computing infrastructure that, for a variety of reasons, don't belong on the public pages.
== Protect a page from public view ==
Use the following SemanticACL tags (https://www.edegan.com/wiki/Research_Computing_Configuration#SemanticACL):
To configure security on a page (https://www.mediawiki.org/wiki/Extension:Semantic_ACL#Example)
<nowiki>
[[Visible to::whitelist]]
[[Visible to group::team]]
[[Editable by::whitelist]]
[[Editable by user::User:whoever]]
</nowiki>
or equivalently (but silently):
<nowiki>{{#set: Visible to=whitelist|Visible to group=team}}</nowiki>
== Mounting an Apple FS drive ==
Use apfs-fuse (https://github.com/sgan81/apfs-fuse) to mount an Apple FS drive. Install apts-full by doing the following:
git clone https://github.com/sgan81/apfs-fuse.git
cd apfs-fuse
git submodule init
git submodule update
mkdir build
cd build
cmake ..
ccmake .
# Choose fuse3 off -> c -> g -> q
make
Note that you need to choose fuse3 off step using ccmake. The default built, available from https://gist.github.com/romdim/58b4ce14ef0517241abab4b9d8a33d32, won't work on our setup.
Then use apfs-fuse to mount a drive (as researcher, so it will be accessible):
sudo su
cd /home/ed/apfs-fuse/build
lsblk
#To get the device
id researcher
./apfs-fuse -o uid=1001,gid=1002,allow_other /dev/sde2 /media/backup/
Then create a simlink:
su researcher
ln -s /media/backup/root/Backup /bulk/extdrive
Delete the link with:
unlink /bulk/extdrive
And allow Samba to follow the simlink (https://unix.stackexchange.com/questions/5120/how-do-you-make-samba-follow-symlink-outside-the-shared-path):
vi /etc/samba/smb.conf
[global]
allow insecure wide links = yes
unix extensions = no
[bulk]
...
follow symlinks = yes
wide links = yes
== Multiple Virtual Hosts on Apache2 ==
To have multiple domain names served from the same Apache install, use virtual hosts:
Add a folder to the www directory:
sudo su
mkdir /var/www/newsite
Edit /etc/apache2/apache2.conf to include a new directory statement, as well as the NameVirtualHost statements (if not already included):
NameVirtualHost *:80
NameVirtualHost *:443
<Directory /var/www/newsite.com>
Options -Indexes +FollowSymLinks
AllowOverride All
Require all granted
</Directory>
Have a look in /etc/apache2/sites-available and /etc/apache2/sites-enabled to see the current set up.
Copy the template (000-default.conf) to the new sitename (newsite.com.com) in /etc/apache2/sites-available and edit it to set the ServerName, ServerAlias, DocumentRoot and any other setup. Note that the redirects are within the virtualhost, and if you aren't seeing some change it is probably because your browser has cached an old redirect. Apache will default back to the first site if nothing matches...
<VirtualHost *:80>
ServerName newsite.com
ServerAlias www.newsite.com
ServerAdmin ed@newsite.com
DocumentRoot /var/www/newsite.com
Redirect permanent / https://www.newsite.com/
</VirtualHost>
<VirtualHost *:443>
ServerName newsite.com
ServerAlias www.newsite.com
Protocols h2 http/1.1
DocumentRoot /var/www/newsite.com
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/newsite.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/newsite.com/privkey.pem
</VirtualHost>
Add the SSL keys (see https://certbot.eff.org/instructions and [[Research_Computing_Configuration#HTTPS]]):
lsb_release -a
...if you need the Ubuntu version
certbot certonly --agree-tos --email ed@edegan.com --webroot -w /var/lib/letsencrypt/ -d newsite.com -d www.newsite.com
Enable the site:
a2ensite newsite.com
note that you don't need the .conf...
systemctl reload apache2
Optionally disable the site:
a2dissite newsite.com
Check the setup:
a2query -s
apachectl -S
