Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
226 lines (159 sloc) 8.58 KB - Perl 6 community web server is a community server, with the hardware donated by the community, and the server generously hosted by noris network AG.

It hosts Perl 6-related web sites, including and most of its subdomains (the sole exception being, as well as

The subdomains are also available as (This was mostly used for testing the sites before the DNS pointed to the server, but can be (ab)used for other purposes, which require more control over the DNS).


IPv4 address:

IPv6 addresses: 2001:780:101:ff00::80:1 to 2001:780:101:ff00::80:9.

(The complete block 2001:780:101:ff00::80:1 to 2001:780:101:ff00::80:ffff is available for this host, the addresses just aren't all bound to the interface yet).       2001:780:101:ff00::80:2    2001:780:101:ff00::80:3          2001:780:101:ff00::80:A


Each (sub)domain that's hosted on has its own UNIX user, with the same name as the domain. So for example for there's a user with home /home/ In the home directory there's typically a checkout of the git repository that contains the sources for the website, and often a script (typically that generates or copies the actual site, e.g. /var/www/

Note that the content for several websites gets built on and then copied over to

The users's crontab contains a line that calls the script, typically once per hour:

root@www:~# sudo -iu crontab -l|grep -vE '^#'
*/15    *       *       *       *       cd ~/faq; git pull -qfn; perl /var/www/

In the case of and, the cron job runs on the host


The following users have root/sudo access, and can potentially help you:

username      IRC nick
========      ========
moritz        moritz
timo          timotimo
froggs        FROGGS
coke          [Coke]      (has sudo privs)
zoffix        Zoffix      (has sudo privs and also the key in root user)

Selected files under /etc are under version control with git; if you change a file under /etc, please add and commit it:

cd /etc/
git add -f path/to/file
git commit --author='Your Name <>' -m 'configured the flurb'

Restarting the web app

The app gets started automatically on server reboot as well as after database is updated (a cronjob that takes ~1.5hr runs on 20th and 50th minute of the hour).

If it happens that you need to manually restart the web app, you can do so by running:

su -
cd ~/
hypnotoad bin/

A development server can be started to produce more output to debug some issues by running:

su -
cd ~/

Site uses rakudo user and the repo's checkout lives in /var/www/ A cronjob runs /var/www/ script every 5 minutes as well as after reboot. The script pulls changes from the repo and [re]starts the web app.

Restarting the web app

If for whatever reason cron doesn't start the app, you can start it by running ./hyp in /var/www/ The web app listens on port 4242, with Apache reverse proxy setup in /etc/apache2/sites-available/ (note: there's a ton of URL rewrites there).

Site uses marketing user and the repo's checkout lives in /home/marketing/marketing. A cronjob runs /home/marketing/marketing/ script every 5 minutes. On reboot, cron runs /home/marketing/marketing/

Restarting the web app

If for whatever reason cron doesn't start the app, you can start it by running ./hyp in /home/marketing/marketing/. The web app listens on port 4244, with Apache reverse proxy setup in /etc/apache2/sites-available/

SSL Certs

Existing certs get automatically updated with /root/letsencrypt/letsencrypt-auto; see crontab -l for exact command.

To install a new cert for a new site, you can do the following (the instructions are for a web app that listens on a particular port):

Create two files in /etc/apache2/sites-available. One for port 80 and another for port 433. And use these examples; we'll use as hostname for the site we're adding:

root@www:/etc/apache2/sites-available# cat
<VirtualHost *:80>
    DocumentRoot /var/www/

    RewriteEngine On
    RewriteCond %{REQUEST_URI} !^.well-known/acme-challenge
    RewriteRule ^(.*)$1 [R,L]

And now a file for 433 port:

root@www:/etc/apache2/sites-available# cat
<IfModule mod_ssl.c>
<VirtualHost *:443>
    DocumentRoot /var/www/

    <Proxy *>
        Order deny,allow
        Allow from all
    ProxyRequests Off
    ProxyPreserveHost On
    ProxyPass / http://localhost:4244/ keepalive=On
    ProxyPassReverse / http://localhost:4244/
    RequestHeader set X-Forwarded-Proto "https"
    Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"

Include /etc/letsencrypt/options-ssl-apache.conf
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/
SSLCertificateKeyFile /etc/letsencrypt/live/

Particular things to note:

  • Change the email to the one morits uses. You can get it from root's crontab -l

  • Change all of the occurences to your domain

  • Change the port your app listens to (examples use 4244)

  • You may wish to comment out Header always set line (put # before it) until we ensure all of our stuff works right.

  • Note that Apache will likely not yet be able to start with the 433 site enabled, because the SSLCertificateFile/SSLCertificateKeyFile files are currently missing.

Now that the files are set up, we'll set up a webroot for the letsencrypt stuff to find the things its looking for. This is the path in DocumentRoot directive in port 80 file.

These commands are run as root user.

mkdir -p /var/www/
chown +R marketing:www-data /var/www/

Now, we'll enable the port 80 file and restart Apache:

a2ensite /etc/apache2/sites-available/
systemctl reload apache2

Now, we'll run certbot, again change email address to moritz's that you can see in crontab -l commands. The -d flag gets the domain we're setting up as well as its www. version

cd /root/letsencrypt
./certbot-auto certonly --webroot -m CHANGE@EMAIL.COM -d,

The script will ask you to enter the webroot path. Give it the DocumentRoot path, which is in our example is /var/www/ Afterwards, it'll ask you to choose that path from the list by typing a number (2, probably), type it, press ENTER.

Hopefully, the script will now tell you it's done, and it'll also list the .../fullchain.pem and .../privkey.pem files we've added to our 443 file; ensure the filenames match.

Now, we'll enable the 433 site:

a2ensite /etc/apache2/sites-available/
systemctl reload apache2

And now we're done. The http version of the site should now redirect to https one and https ones should work fine. Uncomment Header always set if you temporarily commented it and restart the server again and we're done systemctl reload apache2.