Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
226 lines (159 sloc) 8.58 KB

www.p6c.org - Perl 6 community web server

www.p6c.org is a community server, with the hardware donated by the community, and the server generously hosted by noris network AG.

It hosts Perl 6-related web sites, including http://perl6.org and most of its subdomains (the sole exception being http://testers.perl6.org), as well as http://ecosystem-api.p6c.org.

The perl6.org subdomains are also available as subdomain.p6c.org. (This was mostly used for testing the sites before the perl6.org DNS pointed to the server, but can be (ab)used for other purposes, which require more control over the DNS).

Network

IPv4 address: 213.95.82.53

IPv6 addresses: 2001:780:101:ff00::80:1 to 2001:780:101:ff00::80:9.

(The complete block 2001:780:101:ff00::80:1 to 2001:780:101:ff00::80:ffff is available for this host, the addresses just aren't all bound to the interface yet).

perlcabal.org       2001:780:101:ff00::80:2
design.perl6.org    2001:780:101:ff00::80:3
rakudo.org          2001:780:101:ff00::80:A

Websites

Each (sub)domain that's hosted on www.p6c.org has its own UNIX user, with the same name as the domain. So for example for http://modules.perl6.org there's a user modules.perl6.org with home /home/modules.perl6.org. In the home directory there's typically a checkout of the git repository that contains the sources for the website, and often a script (typically update.sh) that generates or copies the actual site, e.g. /var/www/faq.perl6.org/.

Note that the content for several websites gets built on hack.p6c.org and then copied over to www.p6c.org.

The users's crontab contains a line that calls the script, typically once per hour:

root@www:~# sudo -iu faq.perl6.org crontab -l|grep -vE '^#'
*/15    *       *       *       *       cd ~/faq; git pull -qfn; perl generate-web.pl /var/www/faq.perl6.org/

In the case of http://doc.perl6.org/ and http://examples.perl6.org, the cron job runs on the host hack.p6c.org.

Administration

The following users have root/sudo access, and can potentially help you:

username      IRC nick
========      ========
moritz        moritz
timo          timotimo
froggs        FROGGS
coke          [Coke]      (has sudo privs)
zoffix        Zoffix      (has sudo privs and also the key in root user)

Selected files under /etc are under version control with git; if you change a file under /etc, please add and commit it:

cd /etc/
git add -f path/to/file
git commit --author='Your Name <email@example.com>' -m 'configured the flurb'

modules.perl6.org

Restarting the web app

The app gets started automatically on server reboot as well as after database is updated (a cronjob that takes ~1.5hr runs on 20th and 50th minute of the hour).

If it happens that you need to manually restart the web app, you can do so by running:

su - modules.perl6.org
cd ~/modules.perl6.org/
hypnotoad bin/ModulesPerl6.pl

A development server can be started to produce more output to debug some issues by running:

su - modules.perl6.org
cd ~/modules.perl6.org/
bin/morbo

rakudo.org

Site uses rakudo user and the repo's checkout lives in /var/www/rakudo.perl6.org/rakudo.org. A cronjob runs /var/www/rakudo.perl6.org/rakudo.org/update-rakudo.org.sh script every 5 minutes as well as after reboot. The script pulls changes from the repo and [re]starts the web app.

Restarting the web app

If for whatever reason cron doesn't start the app, you can start it by running ./hyp in /var/www/rakudo.perl6.org/rakudo.org. The web app listens on port 4242, with Apache reverse proxy setup in /etc/apache2/sites-available/rakudo.org-le-ssl.conf (note: there's a ton of URL rewrites there).

marketing.perl6.org

Site uses marketing user and the repo's checkout lives in /home/marketing/marketing. A cronjob runs /home/marketing/marketing/update-marketing.perl6.org.sh script every 5 minutes. On reboot, cron runs /home/marketing/marketing/start-marketing.perl6.org.sh

Restarting the web app

If for whatever reason cron doesn't start the app, you can start it by running ./hyp in /home/marketing/marketing/. The web app listens on port 4244, with Apache reverse proxy setup in /etc/apache2/sites-available/marketing.perl6.org.conf

SSL Certs

Existing certs get automatically updated with /root/letsencrypt/letsencrypt-auto; see crontab -l for exact command.

To install a new cert for a new site, you can do the following (the instructions are for a web app that listens on a particular port):

Create two files in /etc/apache2/sites-available. One for port 80 and another for port 433. And use these examples; we'll use marketing.perl6.org as hostname for the site we're adding:

root@www:/etc/apache2/sites-available# cat marketing.perl6.org.conf
<VirtualHost *:80>
    ServerName  marketing.perl6.org
    ServerAdmin email@email.com
    ServerAlias www.marketing.perl6.org
    DocumentRoot /var/www/marketing.perl6.org/webroot-marketing.perl6.org/

    RewriteEngine On
    RewriteCond %{REQUEST_URI} !^.well-known/acme-challenge
    RewriteRule ^(.*) https://marketing.perl6.org$1 [R,L]
</VirtualHost>

And now a file for 433 port:

root@www:/etc/apache2/sites-available# cat marketing.perl6.org-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerName  marketing.perl6.org
    ServerAdmin email@email.com
    ServerAlias www.marketing.perl6.org
    DocumentRoot /var/www/marketing.perl6.org/webroot-marketing.perl6.org

    <Proxy *>
        Order deny,allow
        Allow from all
    </Proxy>
    ProxyRequests Off
    ProxyPreserveHost On
    ProxyPass / http://localhost:4244/ keepalive=On
    ProxyPassReverse / http://localhost:4244/
    RequestHeader set X-Forwarded-Proto "https"
    Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"

Include /etc/letsencrypt/options-ssl-apache.conf
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/marketing.perl6.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/marketing.perl6.org/privkey.pem
</VirtualHost>
</IfModule>

Particular things to note:

  • Change the email to the one morits uses. You can get it from root's crontab -l

  • Change all of the marketing.perl6.org occurences to your domain

  • Change the port your app listens to (examples use 4244)

  • You may wish to comment out Header always set line (put # before it) until we ensure all of our stuff works right.

  • Note that Apache will likely not yet be able to start with the 433 site enabled, because the SSLCertificateFile/SSLCertificateKeyFile files are currently missing.

Now that the files are set up, we'll set up a webroot for the letsencrypt stuff to find the things its looking for. This is the path in DocumentRoot directive in port 80 file.

These commands are run as root user.

mkdir -p /var/www/marketing.perl6.org/webroot-marketing.perl6.org
chown +R marketing:www-data /var/www/marketing.perl6.org/

Now, we'll enable the port 80 file and restart Apache:

a2ensite /etc/apache2/sites-available/marketing.perl6.org.conf
systemctl reload apache2

Now, we'll run certbot, again change email address to moritz's that you can see in crontab -l commands. The -d flag gets the domain we're setting up as well as its www. version

cd /root/letsencrypt
./certbot-auto certonly --webroot -m CHANGE@EMAIL.COM -d marketing.perl6.org,www.marketing.perl6.org

The script will ask you to enter the webroot path. Give it the DocumentRoot path, which is in our example is /var/www/marketing.perl6.org/webroot-marketing.perl6.org. Afterwards, it'll ask you to choose that path from the list by typing a number (2, probably), type it, press ENTER.

Hopefully, the script will now tell you it's done, and it'll also list the .../fullchain.pem and .../privkey.pem files we've added to our 443 file; ensure the filenames match.

Now, we'll enable the 433 site:

a2ensite /etc/apache2/sites-available/marketing.perl6.org-le-ssl.conf
systemctl reload apache2

And now we're done. The http version of the site should now redirect to https one and https ones should work fine. Uncomment Header always set if you temporarily commented it and restart the server again and we're done systemctl reload apache2.