User Manual - Web Services

Overview

Liberal Arts ITS provides a web and application development environment, web hosting and publishing, and data storage services for administrative units, faculty, staff, and graduate students in the College of Liberal Arts at the University of Texas at Austin.

The following user manual, policies, and service level agreement are provided to ensure that users are aware of what kind of server environment we provide, what applications we support, best practices in application development, what availability and uptime can be expected, and how to get assistance.

Service Level Agreement


Web Hosting and Publishing / Application Support

Liberal Arts ITS will host websites or applications developed as part of the ongoing business and research taking place within the College. For those websites and applications developed on other systems, project sponsors and developers should consult with our systems and development staff at the start of each project to assure that the website or application is supportable within our environment.

To be supportable, applications should

  • run within our LAMP environment
  • follow standard programming and database security practices
  • adhere to Liberal Arts ITS best practices

We will consider requests to support other application environments with a view to the benefits to the College and the capacity of our staff over the longer term to provide adequate support. Independently developed applications must still meet certain minimum requirements, and must not impact the day-to-day operation or performance of supported applications.


hosting environment


Supported Applications

Apache Web Server

Apache is the industry-standard web server software. It is extremely robust, has a large and active developer base, has extensive support resources, and is customizable to provide support for many different situations or needs.

Modules

Apache functionality can be extended by the addition of modules. We provide all standard modules that come with a default instance of Apache, as well as the following modules. Other modules may be requested with justification.

  • EID Authentication - mod_auth_eid is available to provide for UT EID authentication
  • SSL - mod_ssl is available and supported to provide encrypted connections via HTTPS to hosts on: ** www.la[its].utexas.edu ** dev.la[its].utexas.edu ** coerll.utexas.edu
  • mod_rewrite - we can easily accommodate most any redirection or rewrite requirement for websites by usage of the apache module mod_rewrite. Additionally, we can provide website forwarding for faculty websites that are housed on alternative servers both on- and off-campus. This is extensively used for faculty with websites that were on retired servers; we forward their old URLs to their new URLs regardless of destination.

Development and Production Web Services

We provide both a development web server, dev.la[its].utexas.edu, in addition to our production web server, www.la[its].utexas.edu. Please reference the Development Web Services and Production Web Services sections below, for information on accessing, publishing, and the usage of the two different services.

Write Access via Web Applications

We typically do not allow applications to have write access to the server (excluding databases). We do have an alternate location where such access is permitted. Please consult with the server administration staff to configure your site for write access.

Virtual Hosts and Vanity Domains

Users are encouraged to use the www.la.utexas.edu, www.laits.utexas.edu, or www.utexas.edu/cola namespaces for their websites. The usage of vanity domains is discouraged, but we will provide support for virtual hosts (allowing for the support of custom domains), if there is a demonstrated need or reason. In some situations, ITS-Networking may apply an annual fee for [http://www.utexas.edu/its/utnic/ Domain Name Hosting] of non-utexas.edu sites.

MySQL

Many web applications require a database backend to manage their data, which is typically manipulated by PHP scripts. We support the MySQL database software as a backend database for websites. Applications requiring database access will be created upon request.

Database Policies

  • MySQL user accounts - In most situations, each project or website will be provided with two mysql user accounts: an account with expanded privileges for the developer, and an account with limited privileges for the application.
  • Database connections - Connections to your database should be made from within an inc directory at the base level of your application. We encourage users to use the PEAR database abstraction library for your database connections.
  • PHPMyAdmin - Access to the mysql server from hosts other than the web servers, is restricted to the [https://pma.la.utexas.edu/] web application.
  • User authentication and authorization - Developers are encouraged to use EID authentication (via [http://www.utexas.edu/manual/mod/mod_auth_eid.html mod_auth_eid]) whenever feasible. Developers with the need to maintain their own user authentication and authorization systems are strongly encouraged to consult with system administrators prior to development to ensure compliance with security requirements.
  • Security - users should be aware of Cross Site scripting (XSS) security concerns and best practices to avoid compromising their data and website.

PHP

PHP is one of the most widespread languages available, particularly for interacting with Apache web servers. We fully support PHP, including these extensions: * PEAR - The PEAR framework is available and supported. * PECL - The PHP Extension Community Library is available and supported.


application versions


Drupal

Drupal is a content management system based on PHP. Drupal is modular, and can be easily extended to be used as a blog, forum, wiki, collaborative authoring environment, or for any other form of content management. Our drupal installation is configured for central management, and we restrict developers ability to install modules directly. We have reviewed, evaluated, and installed a core set of modules for usage by developers. We run the [http://pressflow.org/ Pressflow] distribution of Drupal.

  • Modules - If you require add-on modules outside of those provided, or intend on developing new or extending existing modules, please discuss your intentions with the system administrations staff first.
  • Themes - We encourage the usage of the [http://drupal.org/project/zen Zen theme] engine, as it is standards-compliant, well documented, and flexible.
  • Developer-created Modules and Themes - Users creating their own modules will be required to keep them within our source control system (Subversion or CVS).
  • Comments - All user contributed comments must be moderated, so as to prevent blog spam. Typical blog spam violates the UT Acceptable Usage Policy.

Wordpress

Wordpress is a publishing platform based on PHP. Our Wordpress installation is configured for central management (WordpressMU), and we restrict developers ability to install plug-ins directly. Use of Wordpress is encouraged for one-off, rapid development, blog sites. Those requiring more advanced content management are encouraged to use Drupal. * Comments - All user contributed comments must be moderated, so as to prevent blog spam. Typical blog spam violates the UT Acceptable Usage Policy.

Adobe Flash Interactive Server

We provide multimedia streaming services through Adobe Flash Server, additional details on this service can be found at [#1002]. We can stream the following formats/protocols: * Flash - FLV, AAC, MPEG; RTMP protocol


System Access

  • File System Access is available via SSH/SFTP and SMB. Please see the [#640] for specific instructions on accessing the file server.
  • MySQL access is available via [https://pma.la.utexas.edu/].

Web Services

Liberal Arts ITS provides three volumes for the storage of data needed in creating a website. * projects - for the storage of source material, design ideas, raw content, and other necessary materials in the creation of a website. This folder is not web-accessible. * dev - for the development, testing, and review of websites prior to final production. * www - for the final production website.

Development Web Service

Projects developed for the web will also have a development folder for the testing and development of their website. Any content placed within the dev folder for your project: dev/dev.laits.utexas.edu/projectname/ will be immediately viewable in a web browser at the following URL: http://dev.laits.utexas.edu/projectname/

Production Web Services

Production web services are provided for projects or other sites that have been deemed complete or ready for production by their respective developers and/or project owners. The storage of development data (such as raw images, project outlines) or previous site versions is not permitted; please offload this data to the project folder or alternate storage, as appropriate.

The www volume contains subfolders for each of the virtual domains/virtual hosts supported by our web services. A site with file content located at: www/laits.utexas.edu/my_site www/la.utexas.edu/my_site would be available to be viewed in a web browser at: http://www.laits.utexas.edu/my_site http://www.la.utexas.edu/my_site


Best Practices for PHP Developers

PHP developers are strongly encouraged to review their coding practices for possible security vulnerabilities. These may include the following:

  • SQL Injection
  • [http://en.wikipedia.org/wiki/Cross-site_scripting Cross Site Scripting (XSS)]
  • Local File Inclusion
  • [http://www.owasp.org/index.php/PHP_Top_5#P1:_Remote_Code_Execution Remote Code Execution]
  • [http://en.wikipedia.org/wiki/Directory_traversal Directory Traversal] There are several techniques that can be used to help prevent the above vulnerabilities, they include:
  • [http://www.owasp.org/index.php/PHP_Filters Sanitizing User Inputs]
  • [http://www.owasp.org/index.php?title=XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet XSS Prevention Cheat Sheet]

Web Server Structure Overview

Liberal Arts ITS employs a fairly complex web server infrastructure to help ensure redundancy and increased uptime of our web services. This structure has several components:

  • Load Balancing System - incoming web traffic first goes through one of a redundant pair of systems that process the request and route it to one of our web servers, depending on the specific request. This system is composed of a combination of several application, including varnish, nginx and [Pacemaker](http://www.clusterlabs.org/wiki/Main_Page Pacemaker]).
  • Web Servers - traffic from the load balancers is then routed to the appropriate web server: ** dev.laits.utexas.edu ** Production Web Servers - we have several web server nodes that process traffic for laits.utexas.edu, la.utexas.edu, and several other domains
  • Web Content - content served by dev.laits.utexas.edu and the production web servers is mounted from the file.laits.utexas.edu file server
  • Backend Servers - Depending on your content, the web servers may make calls to our mysql database server, multimedia servers, or other application servers.
Taxonomy upgrade extras: