[[PageOutline(2-5, Table of Contents, floated)]]

= crin4.crin.org =

The crin1.crin.org development / staging server, at {{{93.95.228.222}}} is a 512MB RAM, 4 CPU core, virtual server running 64 bit Debian 8.0, Jessie, which was configured in July 2015 on ticket:23.

== dev.crin.org and stage.crin.org ==

The two main sites on the server are:

* https://dev.crin.org/
* https://stage.crin.org/

These sites use a [[CAcert]] certificate.

MySQL is running on [[Crin1]] and that server also has [[phpMyAdmin]] available, users need a `~/.my.cnf` file as follows for `drush`:

{{{
[client]
host=crin1
ssl-cipher=DHE-RSA-AES256-SHA
ssl-ca=/etc/ssl/cacert/cacert.pem
ssl-cert=/etc/ssl/cacert/crin1_cert.pem
ssl-key=/etc/ssl/cacert/crin1_yassl_privatekey.pem
}}}

If databases need to be copied best do this on [[Crin1]] as the root user has root access to MySQL, there isn't (intentionally) root MySQL access to [[Crin1]] the live MySQL server from [[Crin4]], the dev server.

The key Nginx config differences from the live site are these env vars:

{{{
fastcgi_param SITE_ENV crin_dev;

fastcgi_param SITE_ENV crin_stage;
}}}

That a different `robots.txt` file is served to prevent the sites form being indexed:

{{{
         location = /robots.txt {
                root /var/www/html;
        }
}}}

And if files are not found locally in `/sites/default/files` then they are reverse proxied off the live server as there isn't room for a full copy of these files:

{{{
        location /sites/default/files {
                try_files   $uri @proxy_to_live;
        }
        location @proxy_to_live {
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $http_host;
                proxy_redirect off;
                proxy_pass   http://www.crin.org$uri;
        }
}}}

The live servers, [[Crin2]] which runs nginx and php5-fpm and [[Crin1]] which runs MySQL are both set up with root access to [[Crin4]] so you can simply copy files between the servers, for example:

{{{
rsync -av /var/example/ crin4:/var/example/
}}}

There isn't ssh access from the [[Crin4]], the dev server to the live servers, [[Crin1]] and [[Crin2]] -- it is intentionally set up so there is only access from live to dev.

== ssh access ==

The server is set up to only allow access via ssh keys, to add a new user:

{{{
export NEWUSER="username"
adduser --disabled-password $NEWUSER
adduser $NEWUSER sudo
mkdir /home/$NEWUSER/.ssh
chmod 700 /home/$NEWUSER/.ssh
chown -R $NEWUSER:$NEWUSER  /home/$NEWUSER/.ssh
vi /home/$NEWUSER/.ssh/authorized_keys
}}}

== Munin ==

* https://munin.crin.org/munin/crin.org/crin4.crin.org/index.html