burble.dn42/www
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

add shell web service
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Simon Marsh 2021-06-27 16:26:34 +01:00
parent 021b4094e5
commit a571829e6f
Signed by: burble
GPG Key ID: 0FCCD13AE1CF7ED8
2 changed files with 47 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
site/content/additional/maintlog/_index.md
View File

@ -7,6 +7,13 @@ A log of changes to the burble.dn42 network.
---
## 27th June 2021
The shell servers now have apache2 installed to provide home directory
public_html access.
See the [Shell Accounts](/services/shell/) service page
for more info.
## 23rd June 2021
Added shell.ca-bhs2.burble.dn42 as a new shell server.

42
site/content/services/shell.md
View File

@ -14,8 +14,7 @@ The shell service imports user information from the dn42 registry allowing
any MNTNER with an SSH auth method to log in to the servers. Usernames
are constructed by lowercasing and removing the '-MNT' suffix.
For example:
{{<hint info>}}
**FOO-MNT**
```
mntner: FOO-MNT
@ -26,6 +25,7 @@ Log in using the key specified in the auth method:
```shell
ssh foo@shell.fr-rbx1.burble.dn42
```
{{</hint>}}
Your home directory is created automatically on first access and will then
persist across logins.
@ -45,6 +45,40 @@ The current set of packages can be found in the shell config repo:
Requests for additional packages are welcome, please raise these as
[issues](https://git.dn42.dev/burble/config-shell/issues) in the repo.
### Webserver
The shell servers include a webserver with user directories (`~/public_html/`)
and CGI (`~/public_html/cgi-bin/`) enabled. The webserver is accessed over https
and has a dn42 certificate auto-renewed from the
[ACME service](https://acme.dn42/about.html).
- `https://shell.fr-rbx1.burble.dn42/<username>/`
- `https://shell.ca-bhs2.burble.dn42/<username>/`
{{<hint info>}}
Remember that any files need to be accessible by the webserver
which runs as user/group www-data/www-data; CGI scripts must also be executable.
The default umask of 077 means that the webserver won't be able to
read your public_html folder or any files within it without changing permissions.
A simplistic approach would be to make your home directory, and
public_html directory world readable:
```shell
chmod a+rX ~
chmod -R a+rX ~/public_html
chmod -R a+rx ~/public_html/cgi-bin
```
A more secure way of allowing access would be to use posix ACLs:
```shell
setfacl -m "u:www-data:rX" ~
setfacl -Rdm "u:www-data:rX" ~/public_html
setfacl -Rdm "u:www-data:rx" ~/public_html/cgi-bin
```
{{</hint>}}
### Scratch Area (*fr-rbx1 only*)
A large storage area is mounted on to /scratch
@ -55,8 +89,10 @@ area it is recommended to create your own directory (named after your
username) and then store all your stuff in the new directory; this will help
prevent clutter.
{{<hint warning>}}
Note that the storage for /scratch is nfs mounted across dn42 so
performance will be variable.
{{</hint>}}
### Changing Shell
@ -64,11 +100,13 @@ The registry import process currently limits the initial shell to /bin/bash
and currently this cannot be changed. If you want to use something different,
just exec to the new shell in your .profile or .bashrc.
{{<hint info>}}
Example .bashrc line for zsh:
```shell
if [[ $- == *i* ]]; then exec /usr/bin/zsh; fi
```
{{</hint>}}
### Cron, Batch and Services