Webarch Secure Hosting

From WebarchDocs
Jump to navigation Jump to search

Our shared hosting servers run Debian GNU/Linux and use some administration scripts that we are developing. If you order one of our virtual servers you can opt for the server to have the Webarch Secure Hosting (WSH) environment installed, this is a good option for web developers who manage multiple sites for multiple clients and who wish to give SFTP / phpMyAdmin access to different developers and / or clients.

Overview

The key features of the WSH environment are:

  • Fast deployment, the installation of a WSH server is largely automated so servers running it can be setup quickly.
  • User isolation, Apache runs using the users ID, this means Apache can read all the files users upload and cannot read other users files.
  • Password synchronisation, users have the same username / passwords for SFTP and MySQL and they can change their own passwords via phpmyadmin.
  • Easy adminstration, some commands have a curses interface which is very easy to use, there are some bash scripts for superusers to use to create and add sites to existing accounts and we intend to develop a web interface for easy of use.
  • Automatic CMS install, currently WordPress and Drupal are supported and more applications, will be added in the future.

Quickstart

To create a new user account run curses-create-user and answer the following questions (use tab to navigate between options):

  • Create a new user — enter the username, best use lowercase letters and numbers, must be less than or equal to 12 characters and unique.
  • Select a product — choose the type of account you want to set up, use the spacebar to select the product, see the products documentation for how to customise the products.
  • Users email address — the email address that you want the accounts details to be sent to.
  • Does this user expect gpg encrypted email — if you want the accounts details to be sent gpg encrypted then first import the key and then select Yes, otherwise leave this at the default of No.

Configuration Files

The configuration files are in /root/webarch/, user account configuration files are in /root/webarch/accounts/ and templates and other configuration files are in /root/webarch/conf/.

Accounts

The /root/webarch/accounts/accounts.txt file contains the list of SFTP/MySQL user accounts, the format is as follows: 

# Please add usernames in alphabetical order, for help see the documentation
# http://webarch.net/docs/wsh#accounts 
#
# Username (unique < 12 chars)  Product  Email address      GPG crypted (0 or 1)
user1                           3        user1@example.org  0

After you have added the new user to the accounts.txt files you can then run the create user command.

  • Username must be unique and 12 or less characters, it is case sensitive and should probably just contain lowerrcase letters and numbers. The username is user for the SFTP and MySQL username.
  • Product number is defined in the products configuration file and it should be a number.
  • Email address will be used to send the user their account details so make sure it’s correct and a valid address.
  • GPG encrypted column should contain a 0 or 1, 0 will result in the email to the user being gpg signed and a 1 will result in the email being gpg signed and encrypted, if you want the accounts details sent out gpg encrypted then you need to first import the users gpg key.

Sites

The /root/webarch/accounts/sites.txt file is used is specify additional sites (Apache VirtualHosts) for users — users can have multiple web site / domain names running from a single account. An example sites.txt file follows: 

#  See the documentation
# http://webarch.net/docs/wsh#sites
#
# Username  Sub-directory  ServerName              ServerAlias (comma seperated for multiple)
user1       default        user1.example.org       user1.org, www.user1.org
user1       wiki           wiki.user1.example.org  wiki.user1.org

Products

The /usr/local/webarch/conf/products.txt defines the types of accounts which can be specified in the accounts configuration file. You can copy the products.txt file to /root/webarch/conf/ and edit it suit you needs, format of the file is as follows: 

# The columns correspond to:
# PRODUCTID, DISKQUOTE (GB), BANDWIDTHQUOTE (GB), APACHE TEMPLATE to use, DATABASES (No), CMS (0 for none)      
#
## tiny
1,3,36,apache-nophp-nocgi.template,0,0
## medium
2,5,60,apache-nocgi.template,1,0
## large
3,10,120,apache.template,2,0
## massive
4,20,240,apache.template,6,0
## medium + wordpress
5,5,60,apache.template,1,1
  • Product ID, this is a number to identify the configuration type.
  • Diskquota is based on the total size of all the files owned by the user in the /home/ directory, it doesn’t include the size of a users MySQL database(s).
  • Bandwidth quote is based on the bandwidth used by Apache (it doesn’t include SFTP transfers or the volume of email a user might send).
  • Apache template is the name of a file in /usr/local/webarch/conf/ which is used
  • Databases, if more that one database is specified then they are named in the form user_1, user_2 etc and the same username / password is used for accessing all the databases.
  • CMS, 0 to have no CMS installed, 1 for WordPress, support for additional CMSs will be added in the future.

Commands

All the scripts are in /usr/local/webarch/bin and this directory is added to the root users account PATH env var by appending the following to ~/.bashrc — add this to your user account if you want to run commands via sudo command rather than logging in as root or using sudo -i: 

export PATH=$PATH:/usr/local/webarch/bin

Create a user account

First add a line for the new account to the accounts configuration file and then run the create-user script with the username as the first argument, this command needs to be run as root or via sudo, for example: 

sudo -i
vim ~/webarch/accounts/accounts.txt
create-user username

Update a users Apache configuration

First edit the sites configuration file and add the new sites / aliases you want to be created and then run the buildapache script with the username as the first argument, this command needs to be run as root or via sudo, for example: 

sudo -i
vim ~/webarch/accounts/sites.txt
buildapache username

Run shell commands as a user

As an administrator of a server there are often tasks that are quicker to do via SSH than using SFTP, and for some of these tasks it’s best if they are done using the users ID, however users don’t have a shell set so, the su-user script can be used to sudo to a user: 

sudo -i
su-user username

This is especially useful for running drush and wp for managing Drupal and WordPress sites.

Change a users password

Users passwords are MySQL passwords, so you can either use the phpmyadmin facility for changing passwords or the passwd-user script: 

sudo -i
passwd-user username

Remove a user

Because user user accounts are sored in MySQL removing a user is not as simple as deleting their files and removing them from /etc/passwd, so there is a script to automate the removal of users: 

sudo -i
rm-user username

Update the system packages

To make installing package updates easy and to have the updates recorded in the /root/Changelog file we have a simple script that can be run: 

sudo -i
a-up

The script this uses to record updates in the /root/Changelog file, logchange can also be used directly, for example: 

sudo -i 
logchange "unzip : installed"

The debian metche package can be installed to email the updates to the Changelog to the alias for root.

Retrieved from "https://docs.webarch.net/w/index.php?title=Webarch_Secure_Hosting&oldid=209"