RUG WEBHOSTING#

  • Kubernetes domain hosting
  • 5+ GB website space ( fair use policy )
  • PHP support (Linux/Apache variant)
  • ASP support (Windows/IIS variant)
  • All container based services.

The following options are available at an extra charge:

  • expansion of web space (in consultation with CIT)
  • e-mail addresses
  • domain registration (.nl, .com, .org, .eu, etc.).

Since 2017 every new hosting domain is automatically a docker environment. There’s still a active connection between the old shared environment and the new one.

HTTPS#

The whole webhosting environment is behind several loadbalancers, force ssl does not work out of the box. Because the internal communication between the loadbalancers (lb) and webservers are plain http.

If you force a website without the correct headers, the application will stay in a loop and fail. The answer is simple , the webserver doesn’t know that the request is secure! only the loadbalancer knows.

If we do a htaccess override, actually were telling the webserver , redirect once, if the Header HTTP:X-SSL-Enabled is true, don’t do anything! otherwise redirect to https.

Examples#

standard

client http (80) <-> http (80) -> http (80) -> website (80)

or both

client https (443) <--> (443) -> http (80) -> website(80)

force https

client http (80) <-> force redirect https (443) -> http (80) -> website (80)

htaccess Override

    # auto redirect to ssl, only for webhosting.rug.nl domains or with own certificates
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RequestHeader set HTTP:X-SSL-Enabled "true"
    RewriteCond %{HTTP:X-SSL-Enabled} !true
    RewriteRule (.*) https://domain.webhosting.rug.nl/$1 [R,L]
    </IfModule>


wordpress https

Add the following to the wp-config.php

if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'X-SSL-Enabled') != 'true') {
       $_SERVER['HTTPS']='on';
}

If you get mixed content warnings, in the default theme.
edit the file : wp-content/themes/twentyseventeen/assets/images/svg-icons.svg
and replace http to https

old  xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
new  xmlns="https://www.w3.org/2000/svg" xmlns:xlink="https://www.w3.org/1999/xlink">



SSH#

SSH provides a secure channel over an unsecured network in a client-server architecture, connecting an SSH client application with an SSH server. Common applications include remote command-line login and remote command execution, but any network service can be secured with SSH.

Example Connection

ssh f-number@ssh.webhosting.rug.nl

Example Tunnel

ssh -L 8080:IP:80 f-number@ssh.webhosting.rug.nl -N 1

WEB This only works with Two Factor Authentication

https://ssh.webhosting.rug.nl

Two factor auth

Put two files inside you're homedir/.ssh folder
mobile_number and email_address

$ cat ~/.ssh/mobile_number
0612345678

$ cat ~/.ssh/email_address
email@rug.nl

Aps


filezilla
putty
wincp
ducky
ssh

MYSQL#

PHPmyAdmin

https://mysql.webhosting.rug.nl

CLI dump database

$ ssh account@ssh.webhosting.rug.nl
$ mysqldump --host mysql01.service.rug.nl -u account -p -D database \ 
| gzip -c | > ~/backup/database.sql.gz

CLI restore database

$ ssh account@ssh.webhosting.rug.nl
$ gunzip < ~/backup/database.sql.gz | mysql --host mysql01.service.rug.nl \ 
-u account -p database > ~/backup/database.sql

CLI optimize database

$ ssh account@ssh.webhosting.rug.nl
$ mysqloptimze --host mysql01.service.rug.nl -u account -p -D database 

CLI enter database

$ ssh account@ssh.webhosting.rug.nl
$ mysql --host mysql01.service.rug.nl -u account -p

CLI remote access database

$ ssh -L 3306:mysql01.service.rug.nl:3306 account@ssh.webhosting.rug.nl -N 1
$ mysql --host localhost -u account -p

POSTGRES#

phpPgAdmin

https://psql.webhosting.rug.nl

PHP#

$ cat ~\site.htaccess

Override upload filesize

<IfModule mod_php7.c>
php_value upload_max_filesize 100M
php_value post_max_size 100M
php_value max_execution_time 200
php_value max_input_time 200
</IfModule>

Override memory limit

<IfModule mod_php7.c>
php_value memory_limit 64M
</IfModule>

Access

RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^129\.125\.
RewriteCond %{REMOTE_ADDR} !^77\.43\.20\.
RewriteCond %{REMOTE_ADDR} !^10\.9\.
RewriteRule ^(.*)$ - [R=403,L]