This page is to document the migration of IIS to nginx
Existing Servers And Host Names
| Web Server | Priority | IIS | Tomcat | Migration Status | Comments |
|---|---|---|---|---|---|
| glast-ground.slac.stanford.edu | 0 | glast-win01,glast-win02 | multiple | Migrated (11/16/2015) | |
| web08.slac.stanford.edu | web08 | This is unfortunately used directly by some EXO applications (/logbook a php application). Maybe should use a better name like exo-logbook.slac.stanford.edu | |||
| aida.freehep.org | 2 | web08 | scalnx-v03 | ||
| aidatld.freehep.org | 2 | web08 | scalnx-v03 | Up | |
| exo-data.slac.stanford.edu | 4 | web08 | exolnx-v01 | ||
| forum.freehep.org | web08 | N/A fudform application | Dead | Page is up, but forum may be down, returns a blank page (was fhforum.slac.stanford.edu) | |
| heprep.freehep.org | 2 | web08 | scalnx-v03 | Up | |
| jas.freehep.org | 2 | web08 | scalnx-v03 | ||
| java.freehep.org | 1 | web08 | scalnx-v03 | ||
lcsim.org, www.lcsim.org | web08 | scalnx-v03 | lcsim.freehep.org exists as a host name, but the application appears to actually be www.lcsim.org. DNS controlled by Norman Graf. | ||
| lelaps.freehep.org | 2 | web08 | scalnx-v03 | Up | |
| lp99.freehep.org | web08 | Dead | Down, no DNS record- but IIS is still aware of the Application (checked via telnet web08 80: GET / HTTP/1.1\nHost: lp99.freehep.org\n\n) | ||
| lsst-camera.slac.stanford.edu | web08 | lsstlnx-v01, scalnx-v05 (firefly) | Up | ||
| pingerlod.slac.stanford.edu | web08 | scalnx-v06 | Up | ||
portal.lsst-desc.org portal.lsstdesc.org | 3 | web08 | scalnx01 | Up | |
| sid.slac.stanford.edu | web08 | Dead | Points to exo portal? | ||
| srs.slac.stanford.edu | 5 | web08 | scalnx-v01 | Up | |
| wired1.freehep.org | 2 | web08 | N/A (on web08) | Dead | Up |
| www.freehep.org | 2 | web08 | N/A (on web08) | Up | |
www-sld.slac.stanford.edu www-bes.slac.stanford.edu www-midas.slac.stanford.edu | web08 | N/A (on web08) | Up. Also has www-bes and www-midas, but they all serve the same page. | ||
| www-sldnt.slac.stanford.edu | web08 | scalnx-v03/Also on web08? | Peter Rowson has been asking to get this working again. | scalnx-v03, just a blank page | |
| xrdmon.slac.stanford.edu | web08 | Dead | Worker defined to be xrootd-mon, Not sure if this is on web08 or some other server? | ||
wired4.freehep.org wired.freehep.org | 2 | web08 | scalnx-v03 | ||
| wired2.freehep.org | web08 | Dead | Points to web08. No record in IIS. Not sure how this one works? There is a directory on scalnx-v03 | ||
| forum.linearcollider.org | web08 | N/A (web08) | DNS controlled by linearcollider.org |
To Do List
- Ask windows-admin/unix-admin glast-win01,win02 to be shutdown (but not immediately removed)
- Make plan for how to handle cas.slac.stanford.edu (separate CAS at root?)
- Tony should add java.freehep.org to his hosts file to check that it works
- Move java.freehep.org (priority 1)
- Move rest of freehep (priority 2) – target 3/17
- Move rest of priority 3 – target 3/21 – need to make sure we have lsstdesc.org and lsst-desc.org ready
- Move priority 4 – target 3/23
- Get ready for priority 5 moves
- Complete work on setting up php for forum.linearcollider.org
- Consider where php code will live (afs, nfs) and how we will ensure it is backed up
- Talk to Matthias Wittgen about where/how to move EXO logbook stuff
nginx configuration workbook
Note: See SCA NGINX Configuration for information on actual configuration.
SSL Configuration
http://nginx.com/resources/admin-guide/nginx-ssl-termination/
Tomcat configuration
To take full advantage of nginx+ssl, I believe we need to setup Tomcat to use the RemoteIpValve:
https://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/valves/RemoteIpValve.html
An example is here:
http://kdl.nobugware.com/post/2010/02/12/nginx-ssl-tomcat-confluence
nginx page on configuring individual applications
http://wiki.nginx.org/JavaServers
PHP Applications
[List of PHP Applications here]
A Previous migration of fudforum:
Two potential solutions
- PHP applications on nginx reverse proxies
- PHP applications on another server (configured the same as Tomcat servers)
The second option potentially makes session handling easier.
Taylor has php54 option. I believe Taylor has a drupal option as well, but it may not suit our needs.
Necessary installs for PHP:
sudo yum install php54 php54-php-fpm php54-php-mysqlnd
Fudforum
Fudforum saves attachments to disk. I think we need to do an admin dump then import the dump into the new instance when it's done.
2 Comments
Brian Van Klaveren
Tony Johnson As far as I can tell, all the apps on glast-tomcat03 are mostly/exclusively jsp pages- but they are static. Would you rather them be served by nginx directly?
Also, they don't show up in probe. I don't really understand how they work.
Brian Van Klaveren
Most nginx configs are under ~srs/nginx
PHP applications: ~srs/nginx/sca-nginx03