Jump to main content
University Computer Centre
PROWeb server

PROWeb – Project Web Server

Service description

PROWeb stands for the service Project Web Server. This is used to implement secure web servers for special projects (so-called "microsites"). PROWeb is available for all structural units of the TU Chemnitz.

  • The administration responsibility regarding operation and maintenance of the system for such a server lies with the URZ.
  • The responsibility for the content of the websites or web applications lies with the respective client.
  • The URZ creates a basic configuration of the web server, the client can adapt the functionality to his wishes by installing further components (e. g. Tomcat, Content Management System).
  • Increased security standards compared to the central web servers:
    • HTML, PHP or CGI files can only be read by authorised persons.
    • Data written by PROWeb servers can only be viewed by authorised persons.
    • Encryption of the transmission by SSL/TLS and project-specific certificates.
  • The service is provided on the basis of a virtual server (VPSH). This incurs costs for the client.

Features

FeaturePROWeb SL7
Operating system Scientific Linux 7
Software Apache 2.4, PHP 7 (on request other PHP versions), MariaDB / MySQL 5.5
Installation and ongoing maintenance of the basic system URZ
Configuration of web server, SSL certificate, integration of Web Trust Center Yes
Use of the TUCAL authoring system for websites Yes 1.4
Use of other content management platforms Yes
High availability Yes
Individual requests (e. g. cron scripts) Yes
Server access via Secure Shell, SFTP, SCP Yes
other software packages, e. g. Tomcat Yes
Hardware parameters customisable Yes

The specification of the service is regulated by the Service Level Agreement (SLA).

The way to your own PROWeb server

  1. You commission a new project web server
    • You choose a project name. This name is important – it should be:
      • short, i. e. writeable and printable (recommendation: four to twelve characters, lower case letters, numbers, hyphen, no umlauts)
      • concise, i. e. easy to remember and describing your project well
      • unique, i. e. as unmistakable as possible
      • secure, i. e. not legally contestable – not a brand or product name
    • The name forms the name of the web server and the computer name.
      • web server: www.projectname.tu-chemnitz.de (http (forwarding only) and https)
      • computer name: www-projectname.hrz.tu-chemnitz.de (secure shell access)
    • Furthermore, you describe the request and define some technical parameters.
  2. We check the order and set up the PROWeb server
    • The project name and the request are agreed with the Press Office and Crossmedia Communications team.
    • The technical requirements are created in the URZ (virtual server, DNS entries, certificate, basic configuration).
    • After completion, you will receive the access data by e-mail.
    • An ME note is sent to the contact person to cover the costs.
  3. You create the content
    • The function admins named by the client have access to the PROWeb server (secure shell, scp) and can install and configure software if necessary. We recommend that you use the mechanisms of ToSCA to secure the configuration of the system.
    • The Autorensyauthoring systemstem TUCAL is available for creating the content.
  4. Maintenance
    • You maintain the content on your own responsibility. You have access to log files.
    • You regularly process the e-mails you receive as the person responsible for the server.
    • The URZ ensures availability and other administrative tasks (see SLA) and advises you on questions.
    • For administrative tasks (viewing statistics and log files, specifying backup, admins, etc.) we provide a web interface.
    • You are responsible for data protection (backup). You can use the URZ backup service for this (see FAQ).
    • Before the term expires, we will send an email with information on renewal or deregistration.

Service Level Agreement (SLA) for PROWeb servers

The SLAs for Virtual Private Server Hosting and Linux VPS apply to PROWeb servers. This agreement regulates special performance features and conditions between the client and the URZ as service provider (contractor) resulting from the operation and use of a PROWeb server.

Specification of a PROWeb server order

Please commission a PROWeb server via this commission form.

The project name and request will be coordinated by the contractor with the Press Office and Crossmedia Communications team. The name can be rejected, even afterwards, without giving reasons.

Scope of services

  • Installation and configuration of a web server
  • Issue of SSL/TLS certificates from the TUC/URZ-CA
  • Consultation and support of the client

Performance parameters

  • The operating system used is Scientific Linux 7 (64 bit).
  • By default, the WWW server contains the following software:
    • Apache web server with mod_ssl, CGI
    • PHP with support for MySQL
  • System and network security
    • prompt installation of security patches for the WWW server components

Term, changes and termination

The terms and conditions regarding costs, terms, changes and termination of the Virtual Private Server Hosting service apply.

Answers to frequently asked questions

Questions about the web server

Is the authoring and layout system of the TU Chemnitz available?

Yes, you can access the web-based file manager via the administrator area https://www.project.tu-chemnitz.de/tuc-admin/ and edit your files. All functions of TUCAL can be used.

Additional functions are available in the administrator area:

  • Viewing the server configuration and the current server status
  • Viewing the log files and server statistics (using awstats)
  • Changing the authorisation to access the administrator area
  • Control the data backup

Can I also use my own content management system?

Yes, you can install a content management system. This requires knowledge of Linux and access via Secure Shell.

How is the web server configured?

  • /etc/httpd/conf/httpd.conf – basic settings, do not make any changes here, it is maintained centrally!
  • /etc/httpd/conf/server.conf – server-specific settings
    • Config files in /etc/httpd/conf.d are not automatically included in the server configuration, but must be embedded here by Include ….
  • /etc/php.ini – settings for PHP, do not make any changes here, it is maintained centrally!
  • /var/www/htmlDocumentRoot, i. e. these files are displayed to the visitor.
    • The start page should be called index.html or index.php.
    • PHP code is also executed in .html files.
    • Control instructions can be written in .htaccess files.
  • The current configuration and status can be viewed in the administrator area.

Reserved paths

In the server configuration, these paths are already occupied and cannot be used by you:

  • https://www.project.tu-chemnitz.de/tuc-admin/ – The access for administrators
  • https://www.project.tu-chemnitz.de/tucal/ – TUCAL layout
  • https://www.project.tu-chemnitz.de/awstats/ – Usage statistics

Linux system administration

Who is allowed to log on to the server via Secure Shell?

Initially, only the function administrators and some URZ employees responsible for system maintenance are allowed to do this. The function administrator can name additional function administrators:

Overview "Virtual Private Server Hosting" → Click on server name …

In addition, the function administrator can allow other users normal access by adding the user IDs to the file /etc/login.access. For example, to allow access to the user with user ID otto, do the following:

  • Add to /etc/login.access (before the last line with -): + : otto : ALL
  • Then save the file /etc/login.access – see "How does it work with the configuration files in ToSCA" and description of ToSCA.

How do I obtain root rights?

As function admin using sudo, e. g.:

  • sudo suservice httpd restart – restart httpd (Apache)
  • sudo bash – start a root shell, stop with exit

How do I install additional software packages?

Using yum, e. g.:

  • List existing packages: yum list 'php*'
    • ists already installed and additionally existing packages that start with php.
  • Installing additional packages: sudo yum -d2 install php-mcrypt
    • installs (as root) the package php-mcrypt (+ possibly other required packages)

Data protection: backup and restore

The aim of data backup is to be able to restore a system after errors (hardware failure, accidental deletion) with little effort.

  1. Restoration of the base system and the configuration:
    • ToSCA is used to install the basic system and the required software packages and to import the specific configuration files.
    • The URZ takes care of the installation with the corresponding packages.
    • The function admin must put the configuration files into the ToSCA repository. Only then can they be restored in the event of an error.
  2. Restoring data:
    • Data, e. g. web pages of your PROWeb server under /var/www/html, possibly also others, must be backed up appropriately.
    • Possibility 1: Rsync service of the URZ – In the administrator area, enter the directories to be backed up under the item Datensicherung (Data Backup). From the next day, you can access the backed-up data from there.
    • Possibility 2: You organise this yourself, i. e. you make backups of the relevant data stock of the PROWeb server on another computer.

How does it work with the configuration files in ToSCA?

If you change configuration files, e.g. the httpd config /etc/httpd/conf/server.conf, they must be saved in a repository.

  • Description of ToSCA
  • Overview of repository directories: /usr/local/bin/tosca-diff -r
  • List of all files in repositories: /usr/local/bin/tosca-diff -l
  • Differences between files on the computer and in the repository: /usr/local/bin/tosca-diff
    lists commands for matching.

After changing and testing configuration files on the server, start /usr/local/bin/tosca-diff as root and then execute the issued cpcommands for the files you changed. If you change a configuration file that is not yet in a repository, copy this file(s) to a suitable repository directory. For system release-dependent files (most of them), it is best to copy the file to
/afs/tu-chemnitz.de/ToSCA/ROOTS/SL_7/FU_XXX_PROWEB_PROJECT_SERVER/…

For example, you have changed /etc/httpd/conf/server.conf and /etc/php.ini:
 shell> sudo bash                     -- work as root
 shell# tosca-diff                    -- show differences to repositories
   DIFF: /etc/httpd/conf/server.conf
   cp /etc/httpd/conf/server.conf /afs/tu-chemnitz.de/ToSCA/ROOTS/SL_7/FU_URZ_PROWEB_PROJECT2_SERVER/etc/httpd/conf/server.conf
 shell# cp /etc/httpd/conf/server.conf /afs/tu-chemnitz.de/ToSCA/ROOTS/SL_7/FU_URZ_PROWEB_PROJECT2_SERVER/etc/httpd/conf/server.conf
            -- /etc/httpd/conf/server.conf saved to repository
 shell# tosca-diff -r
    ... 
    /afs/tu-chemnitz.de/ToSCA/ROOTS/SL_7/FU_URZ_PROWEB_PROJECT2_SERVER
    ...
 shell# mkdir -p /afs/tu-chemnitz.de/ToSCA/ROOTS/SL_7/FU_URZ_PROWEB_PROJECT2_SERVER/etc
 shell# cp /etc/php.ini /afs/tu-chemnitz.de/ToSCA/ROOTS/SL_7/FU_URZ_PROWEB_PROJECT2_SERVER/etc/php.ini
           -- /etc/php.ini saved to repository
 shell# exit                       -- Exit root shell, continue working as a normal user

This ensures that the correct configuration files can be restored if the system needs to be reinstalled.

Press Articles