WebServers

A description of the web servers and how to operate them is provided below.

General Documentation

Please read !

If you develop Web applications at CERN, you are strongly encouraged to attend (for free) "Developing secure software" course. The last part of the course is dedicated to Web application security: typical vulnerabilities are demonstrated, and ways to avoid them are discussed.

Web Servers

The Point1 Web Servers are :

  • atlasop (alias of atlasop-lb-1) : external web server available from CERN GPN network and also from outside, not available in ATCN
    • login is not allowed
  • pc-atlas-www (alias of pc-atlas-www-lb-1) : internal web server available from ATCN and from CERN GPN network with proxy defined
    • login is not allowed
  • pc-atlas-www-edit (alias of vm-atlas-www-edit-01): it is meant to be used for editing (modifying, adding, removing) web pages
    • login is allowed to users having an XYZ:www role enabled
  • pc-atlas-www-dev (alias of vm-atlas-www-dev-01): internal development web server available from ATCN and CERN GPN network with proxy defined, it is meant to be used to develop new web pages
    • login is allowed to users having an XYZ:www role enabled

Guidelines

Use the development web server (pc-atlas-www-dev) to test or develop new pages.
Once you are ready use pc-atlas-www-edit to modify your page on the production P1 web servers (pc-atlas-www and atlasop).
If you do not use the standard areas described below you or you code is not self consistent, you might have issue in publishing on the P1 external web server (atlasop) please Contact TDAQ SysAdmins for any question or request.

SSO on the external web server

The external P1 web servers atlasop is behind the new SSO as of Oct 15th, 2020.

To authenticate via command line the following steps should be performed

  • auth-get-sso-cookie -u https://atlasop.cern.ch -o /tmp/newssocookie_atlasop , the output file can be named and save as you prefer
  • curl -L --cookie /tmp/newssocookie_atlasop https://atlasop.cern.ch/elisa/api/messages/xxxxx, the cookie file is the one saved in the previous step

Upgrade to SLC6

All the web servers have been upgraded to SLC6 in the first 6 months in 2016.

Upgrade to CC7

All the web servers have been upgraded to CC7 in the last 6 months in 2020.

Definitions of the web areas

The information published on the web can be divided in the following groups:

  1. information to be published on both atlasop and pc-atlas-www
    • the information is available in ATCN, GPN and outside CERN domain
  2. information to be published only on pc-atlas-www
    • information is available only in ATCN and in GPN setting the proxy

To improve security and to better organize the content of the web it has been decided to

  • have the web area on a file server (and no more on a local disk)
  • distribute the content in different sub-directories according to the needs
  • mount the different sub-directories where needed

The main web areas are:

  • /www/ALL : information is available also outside CERN
  • /www/ATCN : information is available only in ATCN and in GPN setting the proxy
    this is actually used only by sysadmin, so it is not mounted on the server available to the ATLAS web developers.
    If you need to use it please write to TDAQ SysAdmins.

Both /www/ALL/ and /www/ATCN are sub-divided as following:

  • prod_dyn is a dynamic area meant for all dynamic applications as twiki (only in /www/ALL)
    • read-write mounted on pc-atlas-www
    • read-only mounted on atlasop
  • prod is a production area, quite everything is still there
    • read-only mounted on pc-atlas-www and atlasop and pc-atlas-www-dev
    • read-write mounted on pc-atlas-www-edit
  • data is meant to contain data information (pictures, wmi and dcs data,...) (only in /www/ALL)
    • read-only mounted on pc-atlas-www and atlasop
    • read-write mounted on pc-atlas-www-edit
  • dev is the area foreseen for development
    • read-write mounted on pc-atlas-www-dev
    • read-only mounted on pc-atlas-www-edit
  • dev_dyn is the area foreseen for development
    • read-write mounted on pc-atlas-www-dev
    • read-only mounted on pc-atlas-www-edit

See also the table below for a summary: who mounts what and with which permissions.

  atlasop pc-atlas-www pc-atlas-www-edit pc-atlas-www-dev
ALL/prod_dyn r/o r/w r/w -
ALL/prod r/o r/o r/w r/o
ALL/data r/o r/o r/w -
ALL/etc r/o r/o r/w -
ALL/dev - - r/o r/w
ALL/dev_dyn - - - r/w
ATCN/prod - r/o r/w (to be verified/updated) -
ATCN/dev - - r/o r/w (to be verified/updated)

r/o = read-only
r/w = read-write

N.B. pc-atlas-www-edit is mounting only the directories that are supposed to be modified.

-- DianaScannicchio - 2010-11-29

Topic attachments
I Attachment History Action Size Date Who Comment
PDFpdf WebServers.pdf r1 manage 953.2 K 2010-12-06 - 13:00 DianaScannicchio Description of the Web Servers setup
Edit | Attach | Watch | Print version | History: r30 < r29 < r28 < r27 < r26 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r30 - 2020-11-03 - scannicc_40CERN_2eCH
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding ATLAS?Please contact the page author (see Topic revision above) or the Run Coordinator of the specific system.
Contact SysAdmins support only for technical issues