This is an updated version of the 2002 edition
The goal was to have faculty and student web pages that were transparently part of their local file directory while limiting the exposure of our local networks from Internet attacks.
The solution was to house the files on the local file server, on an isolated partition, and export the partition read-only through the firewalls to an external web server. Not shown, on the lab level, that bragg uses NFS to export the public-html directory to all lab client machines. (Although mcclellan can export, the server level doesn't have an NFS service at this time.)
other >------------------|-+ +--|------< other.cs.miami.edu \ / proxy mcclellan >===============\ /---< www.cs.miami.edu >=|=> pickett <-|-< bragg >===============/ \---< web.cs.mimai.edu security: servers/lab | public | outside protocol: SMB r/o http
There are a few drawbacks to this solution. The most pronounced is that server-side computation is done on pickett, not mcclellan. This is as designed, and is essential for security. This pushes page-writers into a more sophisticated architecture than they might prefer for their application. For application developers that need access and control of server-side compuation, there are two solutions:
The /exp/pub directory is the root of the export to the webserver which itself determines where it will be mounted. At the moment that mount point /fs/mcclellan, and there may be a symbolic link to make the apache conf file more consistent.
The point is, none of this is a URI, and it the elements that appear on a web page are not paths, but URI's. The reference to path foo/bar.html should be:
http://www.cs.miami.edu/home/_username_/foo/bar.html(or web.cs.miami.edu) and we have wired up everything to make this work consistently.
Historical: While in the past, we have also maintained a private_html directory on the local machine (mcclellan) for non-exportable pages, no one wanted this, and it is no longer supported.
Updated: 2 August 2002
Updated: 22 June 2013