Notes for Zeus Webmasters


Andy Wild April 2003

Introduction

These notes are for users who have web sites on the JCSU's web server, www-jcsu.jesus.cam.ac.uk (a.k.a. Zeus). If you will be maintaining a society web site there are some differences, noted in the text. The operation of more advanced features are described to help users get the most of out their web space.

Access Files

Access file allow users to tailor the behaviour of the web server when it is dealing with requests for their web site. Examples of changes the user may wish to make include disabling automatic indexing of directories without an index file, or protecting an area of their web site with a password.

Access files on Zeus have the standard name of .htaccess and are enabled for all individual and society web spaces. Users are allowed to change any valid configuration directive (in other words they have AllowOverride All)

For more information on using access files see the tutorial Using .htaccess Files with Apache .

Server Side Includes (SSI)

All users and societies are permitted to use SSI. Files given the extension .shtml are parsed for includes automatically, and this can be extended to include files with the user execute bit set by placing the directive XBitHack on in an access file. If you really want to force include parsing for all .html files use the following directive instead:

AddHandler server-parsed .html

Societies with virtual hosts should place the directive in their configuration file instead. The recommended way to use SSI is to name files with a .shtml extension, but it can be difficult to change an existing web site, in which case the XBitHack directive should be used instead.

CGI scripts

Common Gateway Interface (CGI) scripts are programs that run on the web server, enabling web pages to be produced dynamically. Users should place any CGI scripts they create inside a directory called cgi-bin, inside their public_html directory. Execution of scripts outside of a cgi-bin directory is permitted but not reccomended. Any file inside a CGI bin is treated as a script, so any file extension can be used.

If you want to use CGI scripts outside of a cgi-bin directory scripts need to have an extension of .cgi, .sh or .pl, but you can add others that you like to use by placing an AddHandler directive inside an access file in the same directory as your script:

AddHandler zeus-cgi-handler .otherextension

For individual users CGI scripts execute as the owner of the script, and that owner must be the same as the home space they are placed within. Permissions should be read, write, execute for the user, and nothing for everyone else (-rwx------).

Society CGI scripts execute as that societies user, regardless of the files owner. Permission should be set to read, write, execute for the owner and group, and nothing for everyone else (-rwxrwx---).

Failure to set the correct permissions on your script and place it inside a cgi-bin will result in the web server refusing to execute your script, sometimes producing cryptic error messages.

PHP

When given an extension of .php, .php3, .php4, .phtml or .pht PHP files are handled by a PHP4 interpreter (phpinfo). The extension .php5 is handled by an experimental PHP5 interpreter (phpinfo).

For individual users PHP scripts run as the owner, for societies PHP scripts run as the societies user. There is an artificial requirement enforced by the php handler that PHP scripts are world readable, so make sure this is the case with your PHP scripts.

For the interested: PHP and CGI scripts use a modified handler borrowed from the SRCF. You can read about the reason for its existence on the SRCF CGI/PHP FAQ

Virtual Hosting

Societies who think they would benefit from having a unique host name for their web space need to contact the college computer officers to request the name. The name will typically be [society].jesus.cam.ac.uk where [society] is the name of the society.

When this has been done the Zeus admins will create the host for you. There should be no need to change your web site.

SSL

Individual users and societies without virtual hosts can access their web sites using a Secure Sockets Layer (SSL) connection. To do this simply use a https:// prefix in place of http://. Your browser must be able to support SSL. Unfortunately societies with virtual hosts will not be able to access their host using SSL, instead finding they are redirected to the JCSU web site. This is due technical limitations of name based virtual hosts. If you are a society affected by this there are things that can be done:

The certificate currently used by www-jcsu.jesus.cam.ac.uk is self signed. This means although secure connections are encrypted and confidential, there is no guarantee for users that they are connected to the correct server. A consequence of this is that browsers display a warning notice to users about trusting the server. If this is not acceptable you are encouraged to purchase your own certificate signed by a certificate authority.

Logging

All users who do not have a virtual host can find the access log at /var/log/apache/www-jcsu.jesus.cam.ac.uk-access_log and the error log at /var/log/apache/www-jcsu.jesus.cam.ac.uk-jcsu-error_log. The error log is especially useful when trying to track down problems with scripts because all the error output (STDERR) from scripts ends up in here.

For societies with virtual hosts logging is done separately, with both log files prefixed with your virtual host name.


zeus-admin@jesus.cam.ac.uk


Valid HTML 4.01! Valid CSS!