Web Conference 2005
Writing PHP for ITS/ASET Web services
Penn State Specifics
|
|
Web Conference 2005Writing PHP for ITS/ASET Web servicesPenn State Specifics |
|
| <- Back - The Basic 'What's' of PHP Programming | | | Up | | | Your First PHP Script - Next -> |
Updated Dec 28, 2008
What does Penn State provide?The Applied Information Technology (AIT) group currently in Consulting and Support Services (CSS) (formerly in Academic Services and Emerging Technologies (ASET)), a unit of Information Technology Services (ITS) provide various Web services for the Penn State community including Penn State's home (http://www.psu.edu/), the Penn State Personal server (http://www.personal.psu.edu/), the technology behind the Student Organizations Web service (http://www.clubs.psu.edu/), a Web service for courses (http://www.courses.psu.edu/), various Departmental Web sites and virtually hosted domains, and countless other Web services. Among other features, we provide PHP service for the above domains, http://php.scripts.psu.edu/.
How are ITS/CSS Web services at Penn State unique?Every Web server can be configured differently and run many different types of Web server software and extentions. ITS/CSS, charged with running some central Web services for Penn State, including http://www.psu.edu/, has made some decisions on how our services run. Here are the chief differences that separate it from others.
We run Unix
Specifically most general purpose ITS/CSS Web servers run IBM's AIX operating system on RS/6000 based hardware, some on the Sun Solaris operating system on Sun Sparc hardware and others on GNU/Linux on Intel hardware. While known for its stability and ease of administration, there are sometimes small snags when working with other platforms (e.g., Windows) such as UNIX line endings for text files and filename case sensitivity.
We run Apache
The Apache Web server, which has been reported to run over 65% of Web servers on the Internet and climbing, is our choice of Web server software. One of the benefits to running Apache is it enables Web content editors to control some aspects of the server configuration via .htaccess files.
Specifically, we run the 1.3.x series versions of Apache. As powerful as the Apache 2.0 series is, 1.3 is so stable and useful we have not yet found a truly compelling reason to upgrade (think Ford model T). It is also recommended over Apache Web server 2.0 for PHP use.
See the Apache 1.3.x documentation.
We store content in Kerberos/LDAP integrated GPFS, the system used for PASS
The Distributed Computing Environment and Distributed File System (DCE/DFS) was our system for storing content used on the Web and controlling access to our services at the time this tutorial was originally writen. Since then, the Penn State Access Account Storage Space (PASS), has undergone a major technology upgrade (see alert-740) to standard MIT-brand Kerberos, Lightweight Directory Access Protocol (LDAP) based group information and authorization registry and General Parallel File System (GPFS).
DCE/DFS ran on Unix and presented Unix based permissions to tools that understand it, such as SSH Secure File Transfer. However, DCE/DFS also had a rich Access Control List permissions system, which often interacted with Unix based permissions in unintuitive ways.
GPFS also runs on UNIX, interacts with traditional UNIX mode permissions, and has an even richer Access Control List permission scheme (actually 2). However, to prevent UNIX mode interaction from accidentally deleting ACL permissions, users and their programs can no longer change permissions via the traditional UNIX mode permission interfaces (attempts to try will be ignored and return no error). Instead permissions must be changed via a proper ACL interface. PASS makes use of the Network File System (NFS) version 4 style ACL in GPFS as opposed to the "POSIX" style ACL available which is a bit more similar to DFS. Programs familiar with the traditional UNIX mode permissions can still read an approximate mode. Penn State plans to work with the GPFS vendor to develop a method for the traditional UNIX mode permission interface to change ACL permissions in the future.
Unlike DFS, the Web-based Access Control List permission management tool (known as "ACL Explorer" and "PASS File Permissions Manager") for GPFS presents a simplified version of the ACL. To take full advantage of all features of the NFSv4 style ACL available in GPFS, one has to use a native NFSv4 client today. There may be a more advanced ACL Explorer in the future. For now, the current ACL Explorer for GPFS should provide sufficient capabilities for most users, including installing PHP scripts.
The PASS system is a centralized system of files that can be accessed by many Web servers and many different upload methods. This increases its utility.
For CGI, we use separate servers for "testing" and "production" service
The http://test.scripts.psu.edu/ server is our "test" server. You may run any code you want there, provided you follow applicable policies such as AD-20. The idea is that you test your code here before asking it to be installed on a production service. This looks like the Personal server, http://www.personal.psu.edu/ in its URI layout; for instance user xyz123 may have personal Webspace at http://www.personal.psu.edu/users/x/y/xyz123/ which is also visible at the URL http://test.scripts.psu.edu/users/x/y/xyz123/. You may also run "production" code here long term if you wish, but you do so without any guarantee the server will be online. As others are testing their code here, it is possible for a bug in a CGI to take down the server or cause other problems. That's why we have a test server.
The servers your sites run from are "production" in that we typically do not allow CGI to run unless we install it for you.
Unlike CGI, PHP is permitted to run without administrator installation/audit.
To limit exposure to server failures due to programming mistakes, all PHP code is executed on a dedicated server, php.scripts.psu.edu.
PHP code is run on a server separate from static content and CGI
PHP (.php) content is automatically redirected to the dedicated PHP server, php.scripts.psu.edu on most sites and can be set to redirect from most others.
php.scripts.psu.edu is one of the new app engines slated for general use
| New Dynamic Content Application Engines | Old Dynamic Content Application Engines | |
|---|---|---|
| Hostnames | engine-name.scripts.psu.edu e.g. php.scripts.psu.edu |
engine-namedb.aset.psu.edu e.g. phpdb.aset.psu.edu |
| Who may use the service and for what purpose | Anyone with an account for Penn State Personal, Clubs, Courses or Departmental Web space provided by ITS/CSS for uses allowed by University Policy such as AD-20 and applicable laws. | Approved for use by individuals for teaching and research use. |
| Apply policy | Anyone may use immediately with Penn State Personal, Clubs, Courses or Departmental Web space provided by ITS/CSS. | Individuals must apply for a database account and request the Web space to be prepared. |
| Available engines | PHP | PHP, JSP; Perl and ASP were provided in the past |
| Database services provided | None yet, but SQLite may be used | DB2 |
| PHP version | 5.x | 4.x, may be 5.x soon |
| Load balanced? | Yes - two servers currently in rotation | No |
| Contact | dbadmin@aset.psu.edu | dbadmin@aset.psu.edu |
| This course | Will cover this service | Will NOT cover this service |
Our aim is to replace all functionality (including databases) of the older engines with the new ones.
What's new with Penn State Web services?This section remains current to original time of writing (dated for tutorial given June 13-14, 2005).
Penn State General Purpose Application Engines, starting with PHP php.scripts.psu.edu (launched June 2004).
Phase II, Build 3, effective Wednesday, June 8, 2005. Note the changes with this upgrade.
Penn State WebAccess, a Single Sign-On (SSO) Web authentication system deployed last year (Aug 2004) for Penn State Access Accounts and Friends of Penn State (FPS) accounts (since May 11, 2005), and additional Penn State sites and Web services continue to be added. See php.scripts.psu.edu for directions on how to request for WebAccess protection of your PHP site.
Changes to Web content in PASS access methods:
Improved PASS Explorer interface, the Web-based file management utility for files in PASS; available via the Penn State Portal.
New hostname for Samba (Windows) PASS Gateway service, win.pass.psu.edu is available. Old hostname, samba.cac.psu.edu to be deprecated starting June 6, 2005. Full story.
What is to be expected in the future with Penn State Web services?This section remains current to original time of writing (dated for tutorial given June 13-14, 2005).
Additional services to be converted to Penn State WebAccess, including:
Penn State Personal Web Server (and others) to be upgraded to newer servers in a load-balanced network
Relational Database services for the newer application engines
Additional application engines, such as JSP
| <- Back - The Basic 'What's' of PHP Programming | | | Up | | | Your First PHP Script - Next -> |
|
If you have any questions, feel free to ask me. Content by: Jeff D'Angelo <jcd@psu.edu> © 2005 Last update on: Sun Dec 28, 2008, 8:10:24 PM |
|