Hosting Web Sites
by Joel AufrechtThis section collection of maintenance
tasks and alternate configurations for AOLserver. This section has not yet been updated for &version;AOLserver keepalive with inittabThis is an alternative method for keeping the AOLserver
process running. The recommended method is to run AOLserver
supervised.
This step should be completed as root. This can break every service
on your machine, so proceed with caution.
There are 2 general steps to getting this working.
Install a script called
restart-aolserver. This
script doesn't actually restart AOLserver - it just kills
it.
Ask the OS to restart our service whenever it's not
running. We do this by adding a line to
/etc/inittab.
Calling restart-aolserver
kills our service. The OS notices that our service is not
running, so it automatically restarts it. Thus, calling
restart-aolserver effectively
restarts our service.
Copy this file into
/tmp/restart-aolserver.txt.
This script needs to be SUID-root, which means
that the script will run as root. This is necessary to ensure
that the AOLserver processes are killed regardless of who owns
them. However the script should be executable by the
web group to ensure that the
users updating the web page can use the script, but that
general system users cannot run the script. You also need to
have Perl installed and also a symbolic link to it in
/usr/local/bin.
joeuser:~$ su -
Password: ***********
root:~# cp /tmp/restart-aolserver.txt /usr/local/bin/restart-aolserver
root:~# chown root.web /usr/local/bin/restart-aolserver
root:~# chmod 4750 /usr/local/bin/restart-aolserver
root:~# ln -s /usr/bin/perl /usr/local/bin/perl
root:~# exit
Test the restart-aolserver
script. We'll first kill all running servers to clean the
slate. Then, we'll start one server and use
restart-aolserver to kill
it. If it works, then there should be no more servers
running. You should see the following lines.
joeuser:~$ killall nsd
nsd: no process killed
joeuser:~$ /usr/local/aolserver/bin/nsd-postgres -t ~/web/birdnotes/nsd.tcl
joeuser:~$ restart-aolserver birdnotes
Killing 23727
joeuser:~$ killall nsd
nsd: no process killed
The number 23727 indicates the process id(s) (PIDs) of the
processes being killed. It is important that no processes are killed by the second
call to killall. If there are
processes being killed, it means that the script is not
working.
Assuming that the restart-aolserver
script worked, login as root and open
/etc/inittab for
editing.
joeuser:~$ su -
Password: ************
root:~# emacs -nw /etc/inittab
Copy this line into the bottom of the file as a template,
making sure that the first field
nss1 is unique.
nss1:345:respawn:/usr/local/aolserver/bin/nsd-postgres -i -u nobody -g web -t /home/joeuser/web/birdnotes/nsd.tclImportant: Make sure there is a
newline at the end of the file. If there is not a newline at
the end of the file, the system may suffer catastrophic
failures.
Still as root, enter the following command to re-initialize
/etc/inittab.
root:~# killall nsd
nsd: no process killed
root:~# /sbin/init q
See if it worked by running the
restart-aolserver script
again.
root:~# restart-aolserver birdnotes
Killing 23750
If processes were killed, congratulations, your server is now
automated for startup and shutdown.
Running AOLserver on Port 80If you want your webserver to be http://yourserver.com, it must run on port 80, the default HTTP port. You set this in the config.tcl file. You will need to start the service as
root. If you follow the instructions
above for automating
startup, this will be taken care of, but if you ever start the
server from the command line, be sure to su
- first.
Port 80 is a privileged port. Only certain users
can claim it. When you start nsd as
root, it obtains the port, and then changes to run as whatever user
you specify in the server configuration file. This ensures a high
level of security, as the server, once started, is not running as
root. This mean that if someone was
able to exploit your web server to execute a command on your server,
they would not be able to gain root
access.Running multiple services on one machineServices on different portsTo run a different service on another port but the same
ip, simply repeat replacing
service0, and change the
set httpport 8000
set httpsport 8443
to different values.Services on different host namesFor example, suppose you want to support
http://foo.com and
http://bar.com on the same
machine. The easiest way is to assign each one a different ip
address. Then you can install two services as above, but with
different values for
set hostname [ns_info hostname]
set address 127.0.0.1 If you want to install two services with different host
names sharing the same ip, you'll need nsvhr to redirect requests
based on the contents of the tcp headers. See AOLserver
Virtual Hosting with TCP by markd.
($Id: maintenance.xml,v 1.1.2.1 2003/04/19 20:42:59 joela Exp $)