WWP Server Configuration

From Digital Scholarship Group
Jump to navigation Jump to search

How to log in

Instructions for getting a temporary password for your centrified user account (i.e., sysUSER) on wwp.neu.edu or wwp-test.neu.edu.

From a GNU/Linux System

Following instructions tested on Ubuntu 16.04 w/ globalprotect 4.1.

  1. Sign into VPN
    1. $ globalprotect connect -portal vpn.northeastern.edu
    2. You will be prompted for username & password twice (username does not include @northeastern.edu, i.e. Syd’s is “sbauman”)
    3. The DUO app on your phone should alert you; tap “Accept”
  2. Using a browser other than Chrome, surf over to https://erpm.nunet.neu.edu/PWCweb
  3. If browser prompts for it, enter username and password again, this time with username prefixed by “nunet\”.
  4. Enter standard username and password into Lieberman RED form fields, leaving authenticator set to “NUNET”.
  5. Lieberman RED gives you three options for 2-factor identification, use one
  6. Now on Lieberman RED identity management homepage

First time only

  1. Choose Passwords > Manage Passwords
  2. Click “recover password” button (tiny blue icon with mouse-over text)
  3. Click on heart icon to save previous 2 steps for fast future use
  4. Click on eye icon to view password
  5. Click on the cipboard icon on R to copy directly to clipboard

Subsequent times

  1. On R side of home page is a “Favorites” panel; click on blue “Recover Windows Password” icon
  2. Click on eye icon to view password
  3. Click on the cipboard icon on R to copy directly to clipboard

Apache Web Server configuration

The configuration of Apache Web Server on Penn and Teller is controlled by the various configuration files located in /etc/httpd/conf/ and /etc/httpd/conf.d/.

The httpd.conf file in /etc/httpd/conf/ handles general configuration (what modules to load, default server behavior, etc.) and rarely needs to be edited or updated. Most changes to our web configuration will take place in conf files located in /etc/httpd/conf.d/ instead. Apache is configured to automatically process any .conf files in /etc/httpd/conf.d/.

The files that need to be modified most frequently are:

wwptest.conf (Teller) and wwp.conf (Penn)

This file defines the virtual hosts we use for www.wwptest.brown.edu, teller.services.brown.edu, and textbase.wwptest.brown.edu.

For some virtual hosts, this file defines Proxy/Reverse Proxy settings for proxying CouchDB and eXist behind Apache (to prevent us from exposing the ports for these applications to the outside world). It also defines file handlers, gzip compression for select MIME types, and the location for error and access logs.

On Penn, the wwp.conf file also defines a location directive that prevents non-Brown IP addresses from accessing the administrative pages for eXist and CouchDB.


wwprewrite.conf

Defines a standard set of URL rewriting rules that are applied by Apache to all incoming requests. This is used to rewrite permanent URLs for the WWO collection so that incoming requests are sent to the right place in our XTF-based WWO. It is also used to rewrite requests for MME materials in the MME data directory, so that visitors are taken to the MME overview page.

wwp-ipaccess.conf

Defines the specific directories to which WWO access control should be applied.

redirects.conf

Defines redirects that should be applied by Apache to all incoming requests. Most of the redirects defined here have to do with mapping URLs for our old (pre-2010) web site onto the correct URLs for our new site.

A note about mod_jk

After our migration of WWO to XTF (which uses Tomcat) in early 2012, we began using mod_jk to manage the IP-based authentication process (or, rather, to make it possible to continue using our existing IP authentication system). Peter DiCamillo has installed and configured mod_jk on Teller such that IP authentication works properly.

As of Feb. 5, 2013, our efforts to get the same mod_jk setup functioning properly on Penn have been unsuccessful. This means that IP authentication is not actually working on Penn (because Apache hands off incoming requests to Tomcat before applying any authentication, due to the proxy/reverse proxy behavior we have set up).

CouchDB

I have installed CouchDB on both Teller and Penn, using the yum package manager (which makes it easier to make sure the various CouchDB dependencies -- Erlang, for instance -- are in place and up to date).

The current CouchDB installed version on both servers appears to be 1.0.2. This is not the most recent CouchDB version available (which is 1.2.1). Once a package becomes available for Red Hat, it can be installed via yum.

CouchDB has been configured to run automatically, so you shouldn't ever have to start/stop it manually. To test if CouchDB is running properly, just access http://teller.services.brown.edu/couch/ (on Teller) or http://www.wwp.brown.edu/couch/ (on Penn). You should see the following message: 

 {"couchdb":"Welcome","version":"1.0.2"}

(If you have installed a more recent version, you'll see that listed instead.) If you do not see this message, or if you receive an Apache Web Server error, you'll need to investigate.

For security, our Apache Web Server configuration has been set up to proxy CouchDB traffic behind /couch/ (which does not actually exist as a location in the web hierarchy on our servers).

Administrative access

The graphical administrative interface (called Futon) can be accessed at http://teller.services.brown.edu/couch/_utils/ (on Teller) or http://www.wwp.brown.edu/couch/_utils/ (on Penn). This interface can be used to view currently running jobs, to manage users, to view and edit collections or individual records, to perform routine database management (e.g. compaction), etc.

eXist

Retrieved from "https://dsg.northeastern.edu/wiki/index.php?title=WWP_Server_Configuration&oldid=3549"