Web Servers and Samba

This is an updated version of the 2002 edition

Burt Rosenberg
June 2013

Overview

The goal was to have faculty and student web pages that were transparently part of their local file directory while limiting the exposure of our local networks from Internet attacks.

The solution was to house the files on the local file server, on an isolated partition, and export the partition read-only through the firewalls to an external web server. Not shown, on the lab level, that bragg uses NFS to export the public-html directory to all lab client machines. (Although mcclellan can export, the server level doesn't have an NFS service at this time.)


   other     >------------------|-+        +--|------< other.cs.miami.edu
                                   \      /
                                    proxy
   mcclellan >===============\                   /---< www.cs.miami.edu
                              >=|=> pickett <-|-<
   bragg     >===============/                   \---< web.cs.mimai.edu
   
   security:     servers/lab    |   public    |    outside
   
   protocol:       SMB r/o                         http

There are a few drawbacks to this solution. The most pronounced is that server-side computation is done on pickett, not mcclellan. This is as designed, and is essential for security. This pushes page-writers into a more sophisticated architecture than they might prefer for their application. For application developers that need access and control of server-side compuation, there are two solutions:

Public html directory and URI naming

The public_html subdirectory of the user's home directory is sym-linked to an exportable partition that contains all public_html directories. Users find it difficult to avoid using local file paths in their HTML. For instance, locally, the public_html for mcclellan is known as any of the following: however, none of these are usable on the webserver!

The /exp/pub directory is the root of the export to the webserver which itself determines where it will be mounted. At the moment that mount point /fs/mcclellan, and there may be a symbolic link to make the apache conf file more consistent.

The point is, none of this is a URI, and it the elements that appear on a web page are not paths, but URI's. The reference to path foo/bar.html should be:

   http://www.cs.miami.edu/home/_username_/foo/bar.html
(or web.cs.miami.edu) and we have wired up everything to make this work consistently.

Historical: While in the past, we have also maintained a private_html directory on the local machine (mcclellan) for non-exportable pages, no one wanted this, and it is no longer supported.

History

Burton Rosenberg
Updated: 2 August 2002
Updated: 22 June 2013