Internet facing Apache server

Attention

Before embarking on an Internet facing OpenStack project one should ensure they rule out the use of simpler managed web hosting solutions beforehand.

Using OpenStack will allow you run whatever web stack you wish but with great flexibility comes great responsibility. The options to rule out (in order) are:

• King's website using CMS content types e.g. 'research project'
• CREATE Web for automated static (HTML/CSS/JS) content hosting from a Git repo or self-service WordPress provisioning

Once the above have been ruled out:

• Follow the Instance Creation doc to create a new VM.
• On the VM:
  • sudo apt update && sudo apt install -y apache2
  • sudo a2enmod ssl
  • sudo systemctl restart apache2
  • sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt
  • Fill in the prompts appropriately, for Common Name enter <somename>.sites.er.kcl.ac.uk where <somename> is a descriptive name for your site
  • Create a file /etc/apache2/sites-available/<somename>.sites.er.kcl.ac.uk.conf with the content

<VirtualHost *:443>
   ServerName <somename>.sites.er.kcl.ac.uk
   DocumentRoot /var/www/<somename>.sites.er.kcl.ac.uk

   SSLEngine on
   SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
   SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
</VirtualHost>

• sudo mkdir /var/www/<somename>.sites.er.kcl.ac.uk
• echo '<h1>Hello, World!</h1>' | sudo tee /var/www/<somename>.sites.er.kcl.ac.uk/index.html
• sudo a2ensite <somename>.sites.er.kcl.ac.uk
• sudo systemctl reload apache2
• If everything went as planned you should be able to check things locally with curl:

ubuntu@web1:~$ curl https://localhost:443 --insecure
<h1>Hello, World!</h1>

• Moving to the e-Research Portal click the group you wish to work with under the 'Groups' section of the navigation panel

  • Click 'Add resource' and choose 'Standard website'

  Attention

  Admin-level access is required to view group resources. PI/ Admins can update this via the portal. Alternatively, you can contact support@er.kcl.ac.uk for access

  • Enter a Site name and a description for your site
  • Enter Site name in the domain name box (note that names outside of .sites.er.kcl.ac.uk will require specific DNS changes, please get in touch to discuss)
  • Select External (Internal would limit access to devices on the King's network or users connected to the e-Research VPN)
  • Choose "Require KCL authentication" and choose the group this site is part of (this will
    bounce users via King's multi factor authentication and check they are group members before they
    access the site, this setting can be removed later if open access is required but is good to
    operate with while setting things up initially)
  • The site will now show as building, click 'View'
  • Initially the Locations Add/Actions buttons may show as locked, if so wait a minute and refresh the page
  • Choose 'Actions' > 'Edit' for the Location '/'
  • Click 'Proxy' and select the VM you have been working with in the Target field (this may take a second or two to populate)
  • Click 'Edit' to update the configuration
  • Back in the OpenStack UI:
  • 'Edit Security Groups' for your VM
  • Click the + next to 'er_https_from_lbs'
  • If all is well you should now be able to browse to https://<somename>.sites.er.kcl.ac.uk