[[PageOutline(2-5, Table of Contents, floated)]] = crin4.crin.org = The crin4.crin.org development / staging server, at {{{93.95.228.222}}} is a 1GB RAM, 4 CPU core, virtual server running 64 bit Debian 8.0, Jessie, which was configured in July 2015 on ticket:23. == SSH Fingerprints == These were produced using the SshFingerprints script: {{{ 1024 ea:4e:63:e7:cf:57:bc:15:1b:96:68:e7:d3:85:cb:d6 /etc/ssh/ssh_host_dsa_key.pub (DSA) 256 15:1a:8f:4a:a5:22:55:0a:99:12:28:77:91:e2:f1:2e /etc/ssh/ssh_host_ecdsa_key.pub (ECDSA) 256 33:71:79:f5:1c:3e:b6:89:52:9a:a7:a5:56:f2:6c:2d /etc/ssh/ssh_host_ed25519_key.pub (ED25519) 2048 e2:33:7b:fd:f3:ee:cd:4a:38:b3:68:dc:fb:c0:af:07 /etc/ssh/ssh_host_rsa_key.pub (RSA) }}} == dev.crin.org and stage.crin.org == The two main sites on the server are: * https://dev.crin.org/ * https://stage.crin.org/ === HTTPS Certificates === These sites use a [[CAcert]] certificate. === MySQL === MySQL is running on [[Crin1]] and that server also has [[phpMyAdmin]] available, users need a `~/.my.cnf` file as follows for `drush`: {{{ [client] host=crin1 ssl-cipher=DHE-RSA-AES256-SHA ssl-ca=/etc/ssl/cacert/cacert.pem ssl-cert=/etc/ssl/cacert/crin1_cert.pem ssl-key=/etc/ssl/cacert/crin1_yassl_privatekey.pem }}} If databases need to be copied best do this on [[Crin1]] as the root user has root access to MySQL, there isn't (intentionally) root MySQL access to [[Crin1]] the live MySQL server from [[Crin4]], the dev server. === Nginx === The key Nginx config differences from the live site follow. ==== Env vars ==== These env vars are set: {{{ fastcgi_param SITE_ENV crin_dev; fastcgi_param SITE_ENV crin_stage; }}} See ticket:23#comment:22 and ticket:23#comment:50 ==== robots.txt ==== That a different `robots.txt` file is served to prevent the sites form being indexed: {{{ location = /robots.txt { root /var/www/html; } }}} ==== /sites/default/files ==== And if files are not found locally in `/sites/default/files` then they are reverse proxied off the live server as there isn't room for a full copy of these files: {{{ location /sites/default/files { try_files $uri @proxy_to_live; } location @proxy_to_live { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_redirect off; proxy_pass http://www.crin.org$uri; } }}} == Access from live servers == The live servers, [[Crin2]] which runs nginx and php5-fpm and [[Crin1]] which runs MySQL are both set up with root access to [[Crin4]] so you can simply copy files between the servers, for example: {{{ rsync -av /var/example/ crin4:/var/example/ }}} There isn't ssh access from the [[Crin4]], the dev server to the live servers, [[Crin1]] and [[Crin2]] -- it is intentionally set up so there is only access from live to dev. == ssh access == The server is set up to only allow access via ssh keys, to add a new user: {{{ export NEWUSER="username" adduser --disabled-password $NEWUSER adduser $NEWUSER sudo mkdir /home/$NEWUSER/.ssh chmod 700 /home/$NEWUSER/.ssh touch /home/$NEWUSER/.ssh/authorized_keys chmod 600 /home/$NEWUSER/.ssh/authorized_keys chown -R $NEWUSER:$NEWUSER /home/$NEWUSER/.ssh vi /home/$NEWUSER/.ssh/authorized_keys }}} == Munin == * https://munin.crin.org/munin/crin.org/crin4.crin.org/index.html == Current crin4 tickets == [[TicketQuery(status=accepted|new|assigned|reopened&component=crin4,order=id,desc=1,format=table,col=summary|owner|reporter)]] == Closed crin4 tickets == [[TicketQuery(status=closed&component=crin4,order=id,desc=1,format=table,col=summary|owner|reporter)]]