How do I administering A PrattWeb Account? (PrattWeb Site Owner Documentation)
Accessing PrattWeb
As a site owner, there are three main ways to access the server
SFTP Access
The most convenient and useful means of access is via SFTP, for file upload and site updates. There are a variety of SFTP clients available from the OIT Software Download Page as well as freely available on the web. We find that one of the best SFTP clients available is FileZilla which has documentation available here.
SSH Access
For those who prefer shell access to manage their website, access is provided via SSH2. You will be placed in a restrivted enviromernt where you will have access to vi and tools needed for file manipulation. You will not have access to any other user's files and they will not have access to yours. If you do not have an SSH2 client, you can download one from the OIT Software Download Page or elsewhere off the web. One of the better free SSH2 clients available is Puddy if you prefer OSS software.
Website Development Tools
To manage your web content, we currently recommend Macromedia Dreamweaver (for larger more complex websites) although many site development tools are available and almost all can be configured to work with PrattWeb. When selecting web sevelopment tools, please note whether it has the capability to upload your content via SFTP or legacy FTP. In the latter case, you will need to follow the direction for Setting Up An FTP to SFTP Tunnel in order to access PrattWeb via plain FTP.
Web Based Administration
Common activities such as changing passwords and viewing error logs can be done through the Web Based Administration interface. As new account administration features are added to PrattWeb, you will find most available through this interface.
Change Password - This tool allows you simply, to change your password in a secure fashion. NOTE: You can not change your password from the SSH shell enviroment.
GPG Encryption - This tool allows you to create and manage a GPG keyring for encryption of of files and communications. There are various means to use the keys you manage through this interface, from within your CGI programs. If you are not familiar with GPG, you can read more about it here. The web baserd tool allows you to create, import and export keys, as well as encrypt, decrypt and sign files.
Change Theme/Language - The Change Theme and Change Language tools alter settings within the web based administration enviroment. Their use should be self explanatory.
Change User Details - This tool allows you to change various information about your user account, which will effect only a few essoteric applications. within your CGI enviroment. These changes will not effect your SSH shell enviroment. Most users will not need to make changes to these settings.
System Documentation - With this tool you can search and view various types of documentation for tools available on the system, most of which are available in the CGI enviroment only.
Apache Error Logs - This tool displays up to the last 250 error log messages generated through your webpages and CGI. Use this tool to help you debug your CGI scripts.
Vacation Auto-Reply - This tool is available upon request. It allows users to specify an automatic message to be sent as a response to email sent to your website email addresses.
Disk Quotas - Coming soon, you will be able to view the amount of disk space occupied by your website in relation to the total disk space you have been allocated.
ht://Check Website Structure - View the broken links on your webpage. All sites hosted on PrattWeb are tested daily for broken links, allowing you to check for broken links using this tool. You can even view each of your pages with the broken links highlighted for easy identification. The data used here is gathered once every 24 hours, so any changed you make to fix broken links on your site will be reflected in this tool the next day.
Website Account Directory Structure
Your account has a simple directory structure When you access your account via SSH or SFTP your effective document root path (location of HTML dociments) is /public_html and the CGI path is /cgi-bin. Note that the CGI directory is outside the document root. This is a security measure. It does not effect the manner in which you call your CGI scripts from web pages. You should call these scripts using !URLs of the form HTTP://userid.pratt.duke.edu/cgi-bin/scriptname.cgi (Note: You should be in the practice of specifying relitive paths insode CGI scripts or wherever else required, as relitive paths will insure portability and since your shell enviroment is not identical to the enviroment in which the CGIs will be running when called from the web).
Writing CGI Programs For PrattWeb
As a Prattweb site owner, you have access to a full CGI enviroment including Perl, Python and Ruby. We ask that you excersise caution when writing CGI scripts as a poorly written script can introduce security risks on your website. An excellant starting point for writing good CGI can be foud in Writing Secure CGI Programs. Your CGI scripts will be executed with the privileges of your userid and will have access to all your files on PrattWeb, but will not have access to those of other users.
Using NetID authentication to restrict websites
If you need to restrict access to sections of your website, you usually have to setup some security directives and create accounts for each user. However, if your restricted audience is all Duke employees, students, or affiliates, you can avoid creating account and dealing with passwords, etc. Duke provides an authentication service called WebAuth which PrattWeb now supports. This allows you to specify who can access a restricted section by their netid. When they go to that section, they are prompted for their login on an OIT WebAuth server and once they successfully login using their Duke NetID, they get redirected to the restricted section. The wonderful thing about WebAuth is it provides a 'Single Sign-On' Once a person logs into Webauth, they can access ALL NetID/Webauth protected areas for the duration of their browser session without logging in again. This makes for much happier users.
To setup a section of your website to use WebAuth, do the following:
1. Get familiar with the Apache authentication directives at http://httpd.apache.org/docs-2.0/howto/auth.html
2. Create a .htaccess file in the directory with web pages you want to restrict (you can do much more granular control by using the advanced techniques outlined on the apache.org site)
3. Put the following into your .htaccess file:
AuthType webauth
AuthName "Duke NetID Restricted Section"
WebauthEnable
WebauthConfig /etc/apache2/webauth/webauth.xml
Require user netid1 netid2 netid3
4. Your site is now WebAuth restricted