Table Of Contents

Previous topic

Vhosts

Next topic

Torrent

This Page

Go back

Rootnode Documentation
Rootnode Main Site

Web sites and applications

Before running a web site make sure you have configured domain, DNS, vhost and possibly MySQL database with the Satan tool. Please visit: Domain management, DNS zones, Vhosts and MySQL databases for details. On this site you will find informaition about configuring your web sites and applications.

Fastweb

As you could read in Web server’s DNS configuration we use mainly fastweb servers: lyon to serve PHP applicaton and static HTML sites, and wall to serve Python and Ruby applications.

Fastweb servers are using NginX web server and Varnish in front as a transparent cache. This software is slightly different from old good Apache2, among others no .htaccess files support and that affects:

  • Clean URL rewrites will not work out of a box. You have to define rewrite rules by yourself in NginX format. There is nothing to worry about though because there are many tutorials on the web how to do that for particular application.
  • Basic Auth based on .htaccess and .htpasswd will not work. You need to define basic auth in /conf/auth or /conf/nginx configuration file. Details below on this page.
  • Directory listing is disabled by default. You will need to configure it in /conf/autoindex or /conf/nginx file.
_images/fastweb.png

We called it Fastweb because it is run on the best hardware available at the time of buying and we put a lot of effort tuning performance and automating tasks. Since the beginning (more than a year now) we haven’t had any issue with that machines. Thus Fastweb can be considered as the most stable point in the Rootnode infrastructure.

Quota

Default quota for each fastweb server is 2GB but you can request more if needed. You are not allowed to host illegal content.

Proxy and developer mode

We use cache software in front of web server which works as transparent proxy. After any changes made in your application like editting CSS file, you may not see them immediately because of caching. Developer mode means accessing your web site through port 81 completely avoiding caching. For example:

http://example.com:81/file.html

If you encouter any problems installing web applications like Wordpress, please use developer mode for this task.

Software version

Information about software version you can find at:

File and directory permissions

Proper permissions are:

  • Directories drwx--x---. Use chmod 710 command.
  • Directories with autoindex drwxr-x---. Use chmod 750 command.
  • IMPORTANT! PHP files -rw-------. Use chmod 600 command.
  • HTML files -rw-r-----. Use chmod 640 command.

Owner and group should be yourlogin:yourlogin. Use chown $UID:$UID command to set.

To change permissions in a bulk use following commands:

cd ~/fastweb/your.vhost.com
find htdocs -type d -exec chmod 710 {} \;
find htdocs -type f -exec chmod 640 {} \;
find htdocs -type f -iname '*.php' -exec chmod 600 {} \;
chown -R $UID:$UID htdocs

Remember to set 750 for autoindex directories.

Reload

After changes in vhost configuration you must reload vhost. Create empty file conf/reload and wait one minute. After reloading file should disappear. If something went wrong in file conf/error you will find cause of a problem.

Vhost configuration (simple mode)

You can use simple mode to configure basic things fast. Simple mode uses following files placed in /conf in your vhost directory.

Filename Description Syntax
conf/autoindex With this file you can create automatic directory listing for specified location. It corresponds to Apache2 Options +Indexes directive. The syntax is LOCATION:MODE. Location begins with / sign. Mode is optional and for now there is only normal mode.
conf/auth It enables Basic Authentication for specified location. You can define password file. The syntax is LOCATION:HTPASSWD. If HTPASSWD is not specified default file:conf/htpasswd will be used. We recommend to use absolute path to password file.
conf/rewrite You can put rewrites here. Remember that rewrites are nginx style. The syntax is LOCATION:FROM DESTINATION TYPE. Refer to Nginx documentation for details how to create rewrite. See also examples below.

Examples

Directory listing with autoindex

Directory permissions should be drwxr-x--- or 750. Autoindex option is descending into directory tree. If you set this option for / location every directory will have listing unless you change directory permissions to drwx--x-- or 710. Couple of examples:

/directory
/otherdirectory:normal

Basic authentication with auth

To use basic authentication you have to create a password file and conf/auth file. Default password file location is conf/htpasswd. To create such a file and add first user execute:

$ htpasswd -c ~/fastweb/example.com/conf/htpasswd yourlogin
New password:
Re-type new password:
Adding password for user yourlogin

Inside the file you will see something similar to userlogin:Aio5ltXzk7LZc and this is your login and password. Now to conf/auth file we can add locations we want to protect by password:

/projects
/secret:/home/bongo/fastweb/example.com/conf/passwords

In the first location default password file will be used.

Rewrite

You should refer Nginx documentation to learn how to write powerful rewrites. Many tutorials and solutions can be found on the Internet. In conf/rewrite you need to put location for which you define rewrite. Remember to ommit rewrite keyword and semicolon from original Nginx rewrite. Few examples:

/yahoo:(.*) http://yahoo.com permanent
/ftp:(.*) http://ftp.cdrom.com last

Vhost configuration (advanced mode)

If advanced mode is enabled, that is /conf/nginx file exists`, all config files from simple mode are ignored. An example below presents more or less all available options (it doesn’t need to make any sense though):

<nginx>
      <error code="403">/forbidden.html</error>
      <error code="401 402 403 404">http://google.com</error>

      <location path="/directory">
         <set variable="variable">value</set>
         <set variable="filename">$request_filename</set>
         <if condition="!-f $request_filename">
             <rewrite>(test.*) http://google.com/$1 permanent</rewrite>
             <rewrite>(.*) http://nasa.gov last</rewrite>
             <break/>
         </if>
         <autoindex type="normal"/>
      </location>

      <location path="/proxypath">
          <proxy_pass host="http://host.com:1234/helo">
             <proxy_set_header name="X-Powered-By">Rootnode</proxy_set_header>
             <proxy_hide_header name="Server"/>
          </proxy_pass>
      </location>

      <location path="/secret">
         <ssl/>
         <auth text="This area is restricted" file="$document_root/.htpasswd"/>
         <rack_env name="stable"/>
      </location>

      <passenger_base_uri path="/app1"/>
      <rails_env name="devel"/>
</nginx>

As you can see you can configure pretty much a lot of things.

XML special chars

Advanced mode is using XML thus some characters must be replaced with special code:

  • " change to &quot;
  • ' change to &apos;
  • < change to &lt;
  • > change to &gt;
  • & change to &amp;

Nginx built-in variables

Here is the list of Nginx variables you can use:

$args, $binary_remote_addr, $body_bytes_sent, $content_length, $content_type, $document_root, $document_uri, $host, $is_args, $limit_rate, $query_string, $remote_addr, $remote_port, $remote_user, $request_filename, $request_body, $request_body_file, $request_completion, $request_method, $request_uri, $scheme, $server_addr, $server_name, $server_port, $server_protocol, $uri, http_host, proxy_add_x_forwarded_for

If you need more $http_* and $proxy_* variables let us know. Detailed description you can find on http://wiki.nginx.org/NginxHttpCoreModule#Variables

Syntax

The syntax is following:

Tag name Attribute Description
<location> path Sets location path which all options between <location></location> tags will refer to. The most popular path is <location path="/"></location>.
prefix Possible values are =, ~, ~*, ^~. Prefix is not mandatory. Details can be found at http://wiki.nginx.org/NginxHttpCoreModule#location
<autoindex> type Sets listing type. For now only one available: normal. Remember about proper directory directory permissions.

Options set by default:

  • autoindex_exact_size off
  • autoindex_localtime on
<auth> text Sets text displayed in login box. Default is Restricted.
file

Location of password file. By default it is conf/htpasswd. Format of the password file is LOGIN:CRYPT. Use:command:htpasswd command to create:

$ htpasswd -c ~/fastweb/example.com/conf/htpasswd yourlogin
<proxy_pass> host Defines URL of the application the requests are made to, e.g. http://example.com:1234/hello.
<proxy_set_header> name Name of the header we want to add to proxy pass request, e.g. X-Proxy.
body of tag In the body of the tag you can set value of defined header.
<proxy_hide_header> name Name of the header to hide before proxying a request.
<if> condition Set an if condition, e.g. -f $request_filename which checks if the requested file exists. This option is very useful and powerful. Please refer to nginx documentation for details.
<return> code Error code which will be returned, e.g. 404. Can be written as <return/>.
<set> variable Name of the variable you want to set without $ sign, e.g. var. The name of the variable cannot be the same as one of Nginx built-in variables
body of tag Value of the variable.
<break> none Breaks futher processing. Can be written as <break/>.
<error> code Code of error we want to handle, e.g. 404. You can use multiple values seperated with space, e.g. 403 404 405.
body of tag Error page URL absolute or relative, e.g. /404.html or http://google.com.
<ssl> none

This option does not enable SSL support. It is an alias to:

if ($scheme != 'https') {
   rewrite ^(.*)$ https://$server_name$1 redirect;
}

Code presented above redirects all requests to HTTPS. To enable SSL support create conf/ssl file and reload vhost.
<passenger_base_uri> path Sets application path. Helpful if we have more than one application in the same virtual host. This option can be set only for Ruby/Python vhost.
<rails_env> name Changes Rails application environment. Default is production.
<rack_env> name Changes Rack application environment. Default is production.

For completness below you can find rest configuration files you can use in /conf directory. All are described later in this document.

file:conf/wildcard Vhost wildcard. Inside this file you can put either vhost or alias depending on which level you want to have wildcard.
file:conf/memcache Runs memcache daemon just for you.
file:/conf/ssl HTTPS support.
file:/conf/nowww Disables default www.* alias.
file:/conf/awstats AWSTATS statistics.
file:/conf/noproxy NOT IMPLEMENTED YET! Disables proxy for vhost. Not recommended!

Logs

Web logs are in logs/ folder. Logs are rotated only once:

  • Today’s access log is access.log
  • Yesterday’s access log is access.log.0
  • Today’s error log is error.log
  • Yesterday’s error log is error.log.0

Log displaying by tail -f command may be a little bit delayed because of NFS.

Memcache

We recommend to use memcache whenever it is possible. It accelerates things a lot especially database operations. Create a conf/memcache file in any vhost directory and reload vhost. If you have many applications sharing Memcache consider using prefixes to the memcache keys.

  • Host: 127.0.0.1:11211
  • Size: 32M

If you need more memory let us know.

Secure connection over HTTPS

To enable HTTPS for virtual host create conf/ssl file and reload vhost. For domains other than *.rootnode.net you will receive certificate signed by Rootnode. Unfortunately, we are not Certification Authority (CA) and using our certificate user will get an error unknown issuer.

Users using login.rootnode.net domains are in better situation because we have a wildcard certificate for rootnode.net domain signed by Godaddy CA. In this case there will be no error after requesting web site over HTTPS.

To redirect you page to https:// please add <ssl/> tag to conf/nginx file, e.g.:

<location path="/">
   <ssl/>
</location>

AWSTATS statistics

You can run awstats very easily. Just create conf/awstats and reload vhost. In htdocs folder symlink called file:awstats will be created which leads to the awstats site.

Statistics are available at http://example.com/awstats and reloaded once every hour.

Password protection

You can protect your statistics with password. In simple configuration mode put /awstats into conf/auth file. In advanced mode create conf/nginx file containing:

<location path="/awstats">
   <auth/>
</location>

Login and password can be created with htpasswd -c conf/htpasswd yourlogin command.

Secure connection

If you want to access Awstats over HTTPS create conf/ssl file and change conf/nginx into:

<location path="/awstats">
   <ssl/>
   <auth/>
</location>

Remember to reload vhost after changes.

Navigation

All rights reserved © marcinhlybin.com | Are you looking for individual offer or IT specialists? Let us know.
If you are reading this you are definitely the right person to have a shell account. Rootnode just for geeks, join now.