Web servers and web sites
The Computer Laboratory operates a number of web sites, along with other services which use the HTTP/HTTPS protocols. The main server used to host most of these sites, but as of 2007, some moved to use separate servers.
The main catagories of machines are
- Lab-managed machines that provide external services
- Group-managed machines that are back-ends for services proxied by a Lab-managed server
- Internal services
- other services using HTTP
The security model for each is determined by their exposure, and the resources they require. For example, if a machine has no access to the Lab fileservers, the security concerns are greatly reduced.
Main web server
The Computer Laboratory's main web server is characterised by:
- software: Apache 2.2 with HTTPS support (under CentOS Linux)
- disk space: full access to all of the departmental file server (elmer)
- Page types: nearly all pages are static files. A few CO managed CGI scripts are used.
- hosts the lab's main site http://www.cl.cam.ac.uk/
from /anfs/www/VH-cl/html = \\filer\www\VH-cl\html
- hosts the personal web pages of Lab
from /auto/userfiles/crsid/public_html/ = \\filer\userfiles\crsid\public_html
- offers Raven/Ucam-Webauth user authentication
- acts as a virtual host for a number of other sites
- tunnels HTTP traffic to several internal servers that are not directly reachable from outside the Lab
This main webserver is managed by Martyn Johnson and Piete Brooks. Their email address in this regard is webmaster.
Shell login to the web server is restricted to system administrators, but the directories with the files served are accessible from all Lab-administered Linux and Windows machines.
Main server for dynamic content
Conversely, the "dynamic" server is characterised by:
- software: Apache 2.2 with HTTPS and LAMP (under Linux)
- disk space: very restricted access to a very small part of the departmental file server (elmer)
- page types: the emphasis is on dynamic pages (e.g. CGI and PHP), managed by users.
- hosts the lab's "dynamic" site http://www-dyn.cl.cam.ac.uk/
from /auto/userfiles/crsid/dynamic_html/ = \\filer\userfiles\crsid\dynamic_html (details)
- does not provide any other services
Main web site
Computer Laboratory News is a WordPress blog hosted on the back-end server www-dyns.cl.cam.ac.uk, administered by Piete Brooks. The "frontpage" category postings (News headlines on the front page via RSS feed) are edited by Jan Samols and Caroline Stewart.
Many parts of the main web site are looked after by other maintainers. Where this is the case, the relevant contact details of the person(s) in charge should be given at the bottom of each page.
Some websites (e.g. http://www.cl.cam.ac.uk/research/dtg/ are fronted by the main server, with requests being forwarded to a back-end server. This ensures central logging and control, and allows extra network access controls to the machine.
Internal web servers are not visible from outside the department, to reduce security concerns. They can be user managed, with full access to Lab resources.
Other services using HTTP
A very wide range of applications, and a growing number of embedded systems, now include web management or access (e.g. CUPS, nagios, mrtg, webcams, BMCs, Netapps). Access to these from outside the department is normally blocked.
Web house style
The Computer Lab’s main web pages generally follow the recommendations of the University web page style (currently using its 2008 incarnation). House style is applied on the main web site using the ucampas HTML formatting tool.