User login

documentation

Deploying the Agaric way

Background

Where we come from

After journeying from Capistrano to Vlad we eventually use pure Rake tasks for our deployment. While Vlad was a great improvement it also had downsides. Lack of feedback from tasks made it hard to tell why they failed. Also the most interesting feature of those deployment tools is not required in our case: The ability to roll out to many servers at the same time.

Account management with LDAP

Add new user

$ sudo cpu useradd user

Add existing user to group

$ sudo ldapaddusertogroup user group

You can check that the add has taken effect by looking over the lists of groups the user is in (due to caching this may take some time):

$ sudo -u user groups

Using LDAP Serverside

Most LDAP functions used at Agaric will be controlled through the Drupal interface.

When for some reason you need to use LDAP straight, here is how.

Type ldap and press TAB to see the available ldap commands. You can then use "man ldapetcetc" to look up that particular command (there is no "ldap" command).

Common commands you may need:
ldapsearch -x cn=Username

ldapsearch, ldapmodify, ldapadd, ldapdelete

To delete a user you need to connect as admin:

Email management for domains hosted by Agaric

Using Agaric's MySQL-based Postfix e-mail configuration

These are the instructions sent to Dan Melançon for Mountaineer Grading.

In PHPMyAdmin on the live server:

Go to the emailserver database
Browse or go to the virtual_users table.

Check the number of entries in the table. So long as we don't delete any, the next record you create should use this number plus one as its ID. Specifically, you need to make your new record have an ID of one more than the last inserted ID (note that only 30 entries are shown on a page by default).

SSL Server Certificates

Nowadays there is a wealth of information on the web about generating certifcate signing requests and installing signed certificates. I followed the instructions at OpenSSL HOWTOs.

To ease the process one should first adjust some default settings in /etc/ssl/openssl.cnf:

[ req_distinguished_name ]

countryName_default             = US

stateOrProvinceName_default     = Massachusetts

Monitoring

As a web design and devleopment collective we need a tool that allows us to monitor web servers and individual sites. We are using Monit. It has a poweful configuration syntax for doing many kinds of tests on remote and local websites and sends alerts via email.

There are many interesting features that need to be explored like apache-status.

Main configuration file: /etc/monit/monitrc
Monit manual: http://mmonit.com/documentation/

Git

Tell Git about you

In order to have commits properly tagged you need to provide Git with your name and email address:

$ git config --global user.name "Jean R. Hacker"
$ git config --global user.email jean.hacker@example.com

This ends up in your home directory's .gitconfig.

Backup

Looking for a simple backup tool (no sophisticated client-server solution for now) I stumbled upon backupninja. From its package description I learnt:

Backupninja lets you drop simple config files in /etc/backup.d to
coordinate system backups. Backupninja is a master of many arts,
including incremental remote filesystem backup, MySQL backup, and ldap
backup.

Web App Security

Introduction

This page is the seed of Public Display's collective knowledge base about security. Here you will find the main classes of vulnerability we need to be aware of, with a brief description.

Coding Conventions

  • Use 2 space indents
  • NO tabs - anywhere
  • try not to leave trailing whitespace
  • prefer parentheses around method arguments - ESPECIALLY when the argument list has more than one argument.
  • Optimize your code for READABILITY first.
  • always put whitespace between successive elements of a list (e.g. argument list, array)

Version Control with Git

  • Commit locally very often - you can always rearrange it later.
Syndicate content