215 lines
4.5 KiB
Markdown
215 lines
4.5 KiB
Markdown
[](https://hub.docker.com/r/pengbai/docker-mkdocs/)
|
|
|
|
|
|
# RUG WEBHOSTING
|
|
|
|
* Kubernetes domain hosting
|
|
* 5+ GB website space ( fair use policy )
|
|
* PHP support (Linux/Apache variant)
|
|
* ASP support (Windows/IIS variant)
|
|
* All container based services.
|
|
|
|
The following options are available at an extra charge:
|
|
|
|
* expansion of web space (in consultation with CIT)
|
|
* e-mail addresses
|
|
* domain registration (.nl, .com, .org, .eu, etc.).
|
|
|
|
|
|
Since 2017 every new hosting domain is automatically a docker environment.
|
|
There's still a active connection between the old shared environment and the new one.
|
|
|
|
|
|
|
|
|
|
|
|
## HTTPS
|
|
|
|
The whole webhosting environment is behind several loadbalancers, force ssl does not work out of the box.
|
|
Because the internal communication between the loadbalancers (lb) and webservers are plain http.
|
|
|
|
If you force a website without the correct headers, the application will stay in a loop and fail.
|
|
The answer is simple , the webserver doesn't know that the request is secure! only the loadbalancer knows.
|
|
|
|
If we do a htaccess override, actually were telling the webserver , redirect once, if the Header HTTP:X-SSL-Enabled is true, don't do anything! otherwise redirect to https.
|
|
|
|
### Examples
|
|
|
|
standard
|
|
```
|
|
client http (80) <-> http (80) -> http (80) -> website (80)
|
|
```
|
|
|
|
or both
|
|
```
|
|
client https (443) <--> (443) -> http (80) -> website(80)
|
|
```
|
|
|
|
force https
|
|
```
|
|
client http (80) <-> force redirect https (443) -> http (80) -> website (80)
|
|
```
|
|
|
|
htaccess Override
|
|
```
|
|
# auto redirect to ssl, only for webhosting.rug.nl domains or with own certificates
|
|
<IfModule mod_rewrite.c>
|
|
RewriteEngine On
|
|
RequestHeader set HTTP:X-SSL-Enabled "true"
|
|
RewriteCond %{HTTP:X-SSL-Enabled} !true
|
|
RewriteRule (.*) https://domain.webhosting.rug.nl/$1 [R,L]
|
|
</IfModule>
|
|
|
|
|
|
```
|
|
wordpress https
|
|
```
|
|
Add the following to the wp-config.php
|
|
|
|
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'X-SSL-Enabled') != 'true') {
|
|
$_SERVER['HTTPS']='on';
|
|
}
|
|
|
|
If you get mixed content warnings, in the default theme.
|
|
edit the file : wp-content/themes/twentyseventeen/assets/images/svg-icons.svg
|
|
and replace http to https
|
|
|
|
old xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
|
|
new xmlns="https://www.w3.org/2000/svg" xmlns:xlink="https://www.w3.org/1999/xlink">
|
|
|
|
|
|
|
|
```
|
|
|
|
|
|
## SSH
|
|
|
|
SSH provides a secure channel over an unsecured network in a client-server architecture, connecting an SSH client application with an SSH server.
|
|
Common applications include remote command-line login and remote command execution, but any network service can be secured with SSH.
|
|
|
|
|
|
Example Connection
|
|
```
|
|
ssh f-number@ssh.webhosting.rug.nl
|
|
```
|
|
|
|
Example Tunnel
|
|
```
|
|
ssh -L 8080:IP:80 f-number@ssh.webhosting.rug.nl -N 1
|
|
```
|
|
|
|
WEB
|
|
This only works with Two Factor Authentication
|
|
```
|
|
https://ssh.webhosting.rug.nl
|
|
```
|
|
|
|
Two factor auth
|
|
```
|
|
Put two files inside you're homedir/.ssh folder
|
|
mobile_number and email_address
|
|
|
|
$ cat ~/.ssh/mobile_number
|
|
0612345678
|
|
|
|
$ cat ~/.ssh/email_address
|
|
email@rug.nl
|
|
|
|
```
|
|
|
|
|
|
Aps
|
|
```
|
|
|
|
filezilla
|
|
putty
|
|
wincp
|
|
ducky
|
|
ssh
|
|
|
|
```
|
|
|
|
|
|
|
|
## MYSQL
|
|
|
|
|
|
|
|
PHPmyAdmin
|
|
```
|
|
https://mysql.webhosting.rug.nl
|
|
```
|
|
|
|
CLI dump database
|
|
```
|
|
$ ssh account@ssh.webhosting.rug.nl
|
|
$ mysqldump --host mysql01.service.rug.nl -u account -p -D database \
|
|
| gzip -c | > ~/backup/database.sql.gz
|
|
|
|
```
|
|
|
|
CLI restore database
|
|
```
|
|
$ ssh account@ssh.webhosting.rug.nl
|
|
$ gunzip < ~/backup/database.sql.gz | mysql --host mysql01.service.rug.nl \
|
|
-u account -p database > ~/backup/database.sql
|
|
```
|
|
|
|
CLI optimize database
|
|
```
|
|
$ ssh account@ssh.webhosting.rug.nl
|
|
$ mysqloptimze --host mysql01.service.rug.nl -u account -p -D database
|
|
```
|
|
|
|
CLI enter database
|
|
```
|
|
$ ssh account@ssh.webhosting.rug.nl
|
|
$ mysql --host mysql01.service.rug.nl -u account -p
|
|
```
|
|
|
|
CLI remote access database
|
|
```
|
|
$ ssh -L 3306:mysql01.service.rug.nl:3306 account@ssh.webhosting.rug.nl -N 1
|
|
$ mysql --host localhost -u account -p
|
|
```
|
|
|
|
|
|
## POSTGRES
|
|
|
|
phpPgAdmin
|
|
|
|
<a href="https://psql.webhosting.rug.nl" target="_blank">https://psql.webhosting.rug.nl</a>
|
|
|
|
|
|
## PHP
|
|
|
|
$ cat ~\site\.htaccess
|
|
|
|
Override upload filesize
|
|
```
|
|
<IfModule mod_php7.c>
|
|
php_value upload_max_filesize 100M
|
|
php_value post_max_size 100M
|
|
php_value max_execution_time 200
|
|
php_value max_input_time 200
|
|
</IfModule>
|
|
```
|
|
|
|
Override memory limit
|
|
```
|
|
<IfModule mod_php7.c>
|
|
php_value memory_limit 64M
|
|
</IfModule>
|
|
```
|
|
|
|
Access
|
|
```
|
|
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
|
|
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
|
|
RewriteCond %{REMOTE_ADDR} !^129\.125\.
|
|
RewriteCond %{REMOTE_ADDR} !^77\.43\.20\.
|
|
RewriteCond %{REMOTE_ADDR} !^10\.9\.
|
|
RewriteRule ^(.*)$ - [R=403,L]
|
|
```
|
|
|