Apache Hosting 2015 RHEL6 (wvi)

During 2015 a new Apache web hosting has been deployed for our customers. New accounts will be created on the new environment. Furthermore, over the next few months we will be working with our existing customers to migrate their websites to the new infrastructure.

As much as possible for new accounts and migrations to the new environment we will be creating one user account to host each web site. This is a change from the past to increase security and cut down on leakage between sites and keep test site issues from leaking to production web sites.

Changes of note (from 2010 Apache hosting):

  • Red Hat Enterprise Linux 6, current update
  • default PHP 5.3.3 with patches
  • optional PHP 5.6 (currently 5.6.5) with patches
  • DirectoryIndex index.cgi index.html index.html.var index.htm index.shtml

Shibboleth changes:

  • Shibboleth default REMOTE_USER is UFID (rather than EPPN or GatorLink username) if the SP has that Attribute (the value used is the first attribute that is released to the SP in this list "ufid eppn glid persistent-id targeted-id")
  • Shibboleth generated environment variables are prefixed with "UFShib_" for security (and may also have a "REDIRECT_" prefix depending on how you access scripts, usually PHP scripts will have the prefix and others will not, this may change if you use .htaccess configuration). Example, to find the value of the "ufid" attribute check the environment for one of the following variables and read the value of the first one found:
    • UFShib_ufid
    • REDIRECT_UFShib_ufid
    Please verify you do not have "ShibUseHeaders on" set in any .htaccess files, this setting compromises security.

    Shibboleth with mod_rewrite usage:

    If you are using mod_rewrite/RewriteEngine/RewriteRule inside a .htaccess file at the top of a site's DocumentRoot ( ~/*/htdocs/.htaccess ) and wish to allow Shibboleth (https://login.ufl.edu/ logins) make sure to add the following two lines just under "RewriteEngine On":

        RewriteCond %{REQUEST_URI} ^/Shibboleth\.sso
        RewriteRule ^ - [L]

    Details on usage:

    File upload and access

    To match the new environment for the web servers we have a new access node to upload/edit content. Please use ssh/scp/sftp to access your site's account on glint-prod06.osg.ufl.edu which has the same environment as the new web cluster.

    How to run CGI with PHP 5.6.x (instead of PHP 5.3.3)

    As in the current FAQ this will be an edit in ROOT/cgi-bin/php.cgi and will require editing the definition of PHP_CGI, replace the whole line with:

    PHP_CGI="scl enable rh-php56 -- php-cgi"

    Note Well: This change will cause any site on the old hosting system to stop running PHP scripts. Do not make this change unless your site has been created or migrated to the new hosting system.