Differences between revisions 1 and 2
Revision 1 as of 2017-11-22 00:13:21
Size: 4157
Comment:
Revision 2 as of 2017-11-22 00:14:46
Size: 4121
Comment:
Deletions are marked like this. Additions are marked like this.
Line 11: Line 11:
{{{
Line 15: Line 16:
iptables -I INPUT 9 -i enp1s0f0 -p tcp --dport 8081 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -I INPUT 10 -i enp1s0f1 -p tcp --dport 8081 -m state --state NEW,ESTABLISHED -j ACCEPT
}}}
Line 18: Line 22:
{{{
Line 32: Line 37:
}}}
Line 54: Line 60:
iptables -I INPUT 9 -i enp1s0f0 -p tcp --dport 8081 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -I INPUT 10 -i enp1s0f1 -p tcp --dport 8081 -m state --state NEW,ESTABLISHED -j ACCEPT

sudo iptables -D INPUT 12
sudo iptables -D INPUT 11

Apache

- I first tried a simplest setting as possible. I installed elinks, a text based browser, to test the local access to the web. And the server worked locally but not remotely. It seemed that the ports were not open.

- A command "iptables" is the way to make specific ports available.

- This required to specify correct interface name. This could be checked with "ifconfig -a". nodus has two ethernet I/Fs. i.e. enp1s0f0 and enp1s0f1

- Therefore the commands are like the following:

iptables -I INPUT 5 -i enp1s0f0 -p tcp --dport 8080 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -I INPUT 6 -i enp1s0f1 -p tcp --dport 8080 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -I INPUT 7 -i enp1s0f0 -p tcp --dport 30889 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -I INPUT 8 -i enp1s0f1 -p tcp --dport 30889 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -I INPUT 9 -i enp1s0f0 -p tcp --dport 8081 -m state --state NEW,ESTABLISHED -j ACCEPT 
iptables -I INPUT 10 -i enp1s0f1 -p tcp --dport 8081 -m state --state NEW,ESTABLISHED -j ACCEPT 

- Check the iptable status. 5 to 0 are the new entries. NOTE that this modification is not permanent yet. We need to run the above commands everytime we reboot the host.

# iptables -vnL INPUT --line
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination>
1     532K 1294M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
2       62  3808 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
3    3378K 1896M INPUT_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0
4    3378K 1896M INPUT_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0
5        0     0 ACCEPT     tcp  --  enp1s0f0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8080 state NEW,ESTABLISHED
6        8   512 ACCEPT     tcp  --  enp1s0f1 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8080 state NEW,ESTABLISHED
7        0     0 ACCEPT     tcp  --  enp1s0f0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:30889 state NEW,ESTABLISHED
8        5   320 ACCEPT     tcp  --  enp1s0f1 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:30889 state NEW,ESTABLISHED
9    3378K 1896M INPUT_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0
10     113  4814 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
11   3273K 1869M REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

- Now I configured non-SSL version of 30889 server. This was done by /etc/httpd/sites-available/nodus30889_nosecure.conf and the symbolic link of it in /etc/httpd/sites-enabled.

- I realized that we need php for dokuwikis. It was installed. Maybe we need more careful configuration of php later. > sudo yum -y install php

- To work with the server daemon, use systemctl command. Currently the server is not running. > sudo systemctl (start|restart|stop|status) httpd

elogd

- The new executable seemed installed at /usr/local/sbin. The setting files are in /export/elog.

- The current (best) elog staring script is /export/elog/startELOGD.sh.

- By disabling 8081 secure elog thing, the elog is running at the port 8080. However, the elogd does not want to use the themes in /export/elog/elog-common no matter how this directory is specified for the resource dir. The only workable setup right now is to speficy the resource directory as Resource dir = /usr/local/elog in /export/elog/elog-common/elogd.cfg

- This is not the perfect solution but this allows us to use the elog. There is no true secure password for the elog, this is OK for today, I guess? We need more investigation on the theme and the SSL version of the elog (i.e. port 8081).

cd /cvs/cds/caltech/nodus_backup/etc/apache2

ELOG CFG URL = https://nodus.ligo.caltech.edu:8081/

SVN

sudo yum install subversion

NodusUpgradeNov2017 (last edited 2018-09-13 05:48:45 by KojiaraiATligoDOTorg)