wiki:Crin4

Version 8 (modified by chris, 3 years ago) (diff)

--

crin4.crin.org

The crin1.crin.org development / staging server, at 93.95.228.222 is a 512MB RAM, 4 CPU core, virtual server running 64 bit Debian 8.0, Jessie, which was configured in July 2015 on ticket:23.

dev.crin.org and stage.crin.org

The two main sites on the server are:

These sites use a CAcert certificate.

MySQL is running on Crin1 and that server also has phpMyAdmin available, users need a ~/.my.cnf file as follows for drush:

[client]
host=crin1
ssl-cipher=DHE-RSA-AES256-SHA
ssl-ca=/etc/ssl/cacert/cacert.pem
ssl-cert=/etc/ssl/cacert/crin1_cert.pem
ssl-key=/etc/ssl/cacert/crin1_yassl_privatekey.pem

If databases need to be copied best do this on Crin1 as the root user has root access to MySQL, there isn't (intentionally) root MySQL access to Crin1 the live MySQL server from Crin4, the dev server.

The key Nginx config differences from the live site are these env vars:

fastcgi_param SITE_ENV crin_dev;

fastcgi_param SITE_ENV crin_stage;

That a different robots.txt file is served to prevent the sites form being indexed:

         location = /robots.txt {
                root /var/www/html;
        }

And if files are not found locally in /sites/default/files then they are reverse proxied off the live server as there isn't room for a full copy of these files:

        location /sites/default/files {
                try_files   $uri @proxy_to_live;
        }
        location @proxy_to_live {
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $http_host;
                proxy_redirect off;
                proxy_pass   http://www.crin.org$uri;
        }

The live servers, Crin2 which runs nginx and php5-fpm and Crin1 which runs MySQL are both set up with root access to Crin4 so you can simply copy files between the servers, for example:

rsync -av /var/example/ crin4:/var/example/

There isn't ssh access from the Crin4, the dev server to the live servers, Crin1 and Crin2 -- it is intentionally set up so there is only access from live to dev.

ssh access

The server is set up to only allow access via ssh keys, to add a new user:

export NEWUSER="username"
adduser --disabled-password $NEWUSER
adduser $NEWUSER sudo
mkdir /home/$NEWUSER/.ssh
chmod 700 /home/$NEWUSER/.ssh
chown -R $NEWUSER:$NEWUSER  /home/$NEWUSER/.ssh
vi /home/$NEWUSER/.ssh/authorized_keys

Munin

Current crin4 tickets

Ticket Summary Owner Reporter
#122 DB sync failed chris russell
#103 Upgrade CRIN4 to 2GB of RAM chris chris
#102 Security certificate issue chris russell
#92 dev.crin.org needs /en appending the the URL for CSS to load chris chris
#49 Frozen emails on crin4 chris chris

Closed crin4 tickets

Ticket Summary Owner Reporter
#48 crin4 /tmp filling up chris chris
#23 Development and staging environment chris chris