Forum OpenACS Q&A: Serving up OpenACS from home
I'm in the process of developing a local 'social group' site using OpenACS. It's a bit premature to go forward with paying for hosting so I'm planning on doing initial dev work on a home server on my @home account (assuming that traffic is pretty low, the telcom won't mind I hope...). I've never set up a server aside from a localhost loopback configuration. Surprisingly, resources on the internet are pretty sparse.
- Would it be useful to document the process for adding to the OpenACS install docs - being entirely opensource, it would seem to be a logical use for the software.
- Does anyone know of any good resources for going through the process? I've found these two:
- http://h otwired.lycos.com/webmonkey/99/08/index3a.html
As I see it, there's already good docs on installing linux and OpenACS' components so all that would be needed would be an openACS specific doc for serving up pages from your home using dynDNS and your high speed connection + setting up Qmail(seems to me you need to be pretty hardcore to work your way through the available setup docs for that puppy) + securing the server. Useful?
Unfortunately, your setup will probably different. As I recall, the way they setup the networking for cable modem is quite particular to the area.
If you're nervous about security of the box and don't know all of the ins and outs, using a home firewall gateway will help - most of em will let you open up ports to the outside. If you want to open up ssh to the outside, talk to someone smarter than me. I think there are some security problems with some versions. I notice intruders try to connect regularly via ssh to a test machine that I administer now, and sometimes I wonder if they've gotten in.
Good for you, taking this plunge is really more satisfying in the long run than using a hosting solution. The knowledge you'll gain, while having complete control over your server can't be matched. In fact, I learn with my home server, then deploy at my day job. Sure keeps me from wasting time and makes me look good to the boss.
I'm currently hosting the following domains on my home server:
- http://www.it-firm.com (currently redirected to myorgbook)
- http://www.hootchi-mama.com (newest one, for fun)
These are all virtual domains hosted on a Redhat 7.1 system with Apache/PHP/MySQL. The same machine has OpenACS 3.2.5/Postgresql/AolServer on port 8000. Any of the domains when pointed to port :8000 end up here. To tell the truth I haven't done alot with OpenACS yet. My installation of OpenACS at work is much further along and makes up for about 60% of all the resources I manage on a similiar equipped machine.
All this joined to the Internet via a Linksys 4-port router, on a Time-Warner Roadrunner cable modem. I use the TZO.com service; while not free, it is cheaper than a hosting service and except for 2 short periods in the past 2 years I have been live 24x7.
The issue with dynamic IP's not changing has to do with Microsoft's implementation of DHCP. Whatever the lease period is on an IP, the client will contact the DHCP server prior to expiration and request a renewal of the IP. If there is no reason for the DHCP to deny the request, the IP address is renewed for another lease period. Roadrunner uses 23 hour periods (I wonder if they think new IP's are being issued daily? My current IP has been static for over a year, since I did a manual IP drop and renew on the router.) We use the same scheme at work with 7 day lease periods. It's not unusual for a client to keep the same IP until the entire system is upgrade, re-imaged etc...
I'd be happy to help with installation and configuration. I used the RPM install for OpenACS provided by Jonathan, and followed the Arsdigita instructions for installing RedHat. I'm going to replace sendmail with qmail this weekend and can provide my experiences if your interested. I'm also working on a updated step by step guide for Redhat/Apache/PHP/MySQL and should have it done by the end of the month.
If you want any help or need any, let me know...
I like <a href=http://www.dyndns.org>dyndns.org</a>. I've been with them since October, and they've been very reliable. $30 per domain for DNS forever is a real bargain. I used dynu.com for a couple months, but wasn't so happy with them. (Reliability issues, mostly.) I'm using ddclient to update my IP address, which changes every time my ISDN line drops. (Maybe 1x per week.) If you want REALLY cheap, you can use their free service (with fewer options) provided you don't mind the name being yourdomain.dyndns.org (or one of a dozen other choices). Dyndns.org also earns big points in my book for not being especially spammy. I think I've had 2 emails from them in 6 months, both of them reasonably relevant.
Definitely get a router/firewall/gateway/something between your box and the internet. I'm happy to know that nothing but port 80 should be able to get into my home network. Another advantage of a router is that you can give the webserver a static (internal) IP and then only the router has to deal with the fact that the IP address is changing.
One note on outgoing mail: most cable IPs, ISDN IPs, DSL IPs, etc are listed in RBL or DUL. This means you're going to have trouble sending email directly to some of your users, if their ISP is doing spam filtering based on one of these lists. You'll need to set up outgoing mail to relay through the SMTP server provided by your ISP. It will accept outgoing mail from your IP (of course - it has to!), but many other mail servers won't. And it may or may not mind if your server calls itself www.yourdomain.com instead of uglylongstring.home.com.
So there's a fine heritage of home-hosting behind this entire project. I ran my birding database project off my DSL line for a year and really had no problems. The only reason I co-lo'd the box is because my ISP lets me do it for $100/month and now my DSL bandwidth at home is all mine! mine! mine! for downloading infinite numbers of infinitely broken Oracle versions :)
Heh, the backup (never used, but available) for uptime.openacs.org is still behind my DSL line. Of course I did happen to "charm" my way into a class C for my DSL line (after suffering 7 months of deployment testing).
GNU has a GPL'd dynamic DNS server available. Maybe when OpenACS 4 goes gold we could setup hostname.my.openacs.org with it. Heh :)
As for setting up qmail (it was mentioned in the starting post) one url: http://www.lifewithqmail.org. Absolutely the best documentaion for setting up a mail server I've ever read. The docs guys might really want to look into that site for a very good example for creating a brain dead installation doc.
You can turn off the auto-kill feature on the ssh server, but you'll have old processes running and running if you kill your terminal session without first logging off. Actually, if you're sloppy using screen you're liable to have a lot of processes running too.
for a server and a couple of laptops all sharing the connection, a
router (I think this is it based on the reading I've done), a
switch or a hub?
I recommend using a Netgear or Linksys DSL four/five port router with firewall protection (~$80.00).
I am using the Netgear, it blocks all ports by default (but you can open them up), and it automatically reconnects if you lose the connection. You configure it via Web browser or telnet, and it even has a configuration menu for dynDNS.
<p>You'll want to use a multi-port router. I use the Linksys BEFSR41 4-port router myself. It's cheap, works great, and has been reliable for the past 2 years on my Roadrunner service. More information is available <a href="http://www.linksys.com/Products/product.asp?grid=23&prid=20">here</a>.
<p>The primary difference between using a router vs. hub is that while the hub will work, you internal network is exposed to the world. There is no "router" to route data packets to the proper machine or to shield the network from outside attack.
<p>Another consideration that immediately strikes the wallet, Roadrunner encourages the use of a hub for home networks. They also charge $9.95 for each additional IP address at each cable modem. Each machine that come up on the hub, will request and get an IP issued from you ISP's DHCP server. With a router, you only have one public IP address, the rest of the network is hidden behind the router and the IP addresses are either generated by the router (if you enable DHCP) or are manually assigned by you. I use the private IP range in the 10.XXX.XXX.XXX for my LAN. Roadrunner only charges me for one connection, and I have 3 machines online 24x7.
<p>A switch is just a smart HUB, it can send data packets to the actual port for the machine that needs to receive the packet without sending the data packet to machines that don't need the packet. IOW, a hub shows the data packet to all the machines on the network, the one the packet is intended for will actually do something with it, the smart hub (switch) will send the data packet to only the machine that needs to act on it, the router will switch and route packets from one sub-net to another.
I agree with the router suggestions, and the linksys product previously mentioned is really good. (great value for the money)
If you've got a little more cash to burn, you could also try the BuffaloTech WLAR-L11G-L.
This router has 4 "wired" ports, but also serves as an 802.11b hub, so you can hook you laptops up to the network wirelessly. It uses Lucent hardware (so don't be afraid that it's a "no name" product; it's got the same guts as the orinoco stuff.)
We use it internally at work. Our dev servers & network printer are "hard wired", and we have a bunch laptops connected wirelessly. It covers 2500 sq. ft. without a problem.
It's a pretty good value for $200.
It's the same connector that Lucent uses, I think.
I've been able to plug the buffalo antennae into both the buffalo base station and into some Orinico wireless PCMCIA cards that I had lying around. I've never seen a real Lucent antenna, though, so I don't know 100% that it uses the identical connector.
Hope it helps
The antenna helped that out a lot.
We shove the base station into a walk-in closet with our servers. Works fine. Everything is out of our sight. Makes the place a lot tidier.
I nixed the idea of a 2.4ghz phone system, b/c I was afraid of interference. It works fine with 900 Mhz.
All in all, for the price, i'm pleased with Buffalo's products (this is the third base station i've installed, and i've never had an issue.)
Thanks a lot for the great information. Are you aware of any IPSEC VPN issues with these units? The docs state PPTP works OK, but I've read of people who have had trouble with IPSEC VPNs (cf. comp.dcom.modems.cable and .xdsl newsgroups)
I'm not aware of any specific problems with the Buffalo products. That said, there may be some, but I wouldn't know of any. Perhaps Rolf can chime in, as he has significantly futzed with our routers here.
The Buffalo products are nice, in that configuration is totally web-based, and is really straightforward. (Though they do have plenty of scary packet-filtering and NAT options, that I don't go near..)
I've got one running at my parents place (they are tech illiterate), and it's had an uptime of >1 year. If only their windows installs worked so flawlessly....
A good overview of the WEP vulnerabilities is at
Some vendors have already implemented IV randomization in their products (Lucent's latest AP-1000 firmware specifically mentions this in their README). This will help a lot. Between this and changing your encryption keys often you should be OK for home usage. Or you can put your AP on a separate subnet and firewall it off. That defeats the purpose of "anywhere" access a little bit, but not too much.
The buffalo base station uses 128-bit WEP. You can explicitly deny connections from _all_ wireless cards, except those those MAC address you specify. So, in our network, only 3 wireless cards can connect at all.
In short, if you set up the base correctly, you can keep the casual hacker/script kiddie out. I'm sure an uber-leet hax0r could get into our setup. But I feel reasonably safe that no such people are within the range of our network.
The IP ranges that have been set aside for non-public networks are 192.168.xxx.xxx , and 172.16.xxx.xxx, and 10.xxx.xxx.xxx . It is always safe to use IPs in this range on your local network; especially since any packet addressed to either network will be dropped at the first router, making some kinds of network attacks impossible. You can learn more by reading RFC 1918.
While it won't bother anyone if you use IP addresses other that this range (since your ISP will not be routing packets to you anyways) it could cause you to not be able to access some sites, since your router will be looking on the local network and not on the public Internet for a machine with that address. It is considered bad practice to do so however.
That said, you can make the wireless network secure for your system but that's a non-trivial task. Basically put the WAP outside your internal wired LAN (you probably need to buy at least one more switch or router to do this). Run NAT on the WAP to share your IP address with your wired network, run your wired network with any security you feel like using -- search openacs or aD for firewall and sonicwall, and then install some VPN somewhere on your LAN.
That VPN can probably be a Linux or Windows app. Install a VPN client on your wireless devices. So now to access your LAN from your wireless unit, you VPN in through your firewall, the VPN software may/should let you see the rest of your LAN the network.
At this point, realizing that my $200 WAP + $50 switch was only going to yield me maybe 4MBps, while the $50 switch and a big $25 cat 5 cable was going to crank up my speeds to 100MBps, I returned the WAP.
Other note: one benefit of running your own servers that I haven't seen mentioned above are the benefits of running your own mail servers. Qmail in particular let's you create a gazillion unique email addresses. So each time you find someone wanting your email address you can give them a unique email address that gets back to you. Very useful in tracking down the source of SPAM, and in then allowing you to create precise filters that get rid of the SPAM and nothing else.
Blah, okay, I've rambled on long enough, sorry. Just wanted to mention how useful those air vents are...
Using cold-air vents sounds like a good idea, except alot of houses have dual systems these days where the upstairs and downstairs systems do not cross-connect :(.
Thanks for the great advice. I went out and grabbed an SMC barricade router. Plugged my dsl into the WAN port and a couple of XP laptops into the LAN ports and was off to the races, no further futzing required. There is a config interface which I will get to later (if any tweaking is needed) but it was easy as pie right out of the box - 2 minutes to set up.
Two more questions (actually 3 if you count one aside question)
1. I am currently running Mandrake in a vmware window under XP on my dell 8100 laptop until I find a good deal on a used pentium box. VMware is using NAT networking to access the internet over the built in network card - this works without any hiccups. I have an additional pcmcia network card that I can put in if necessary. The question: Will a server run properly out of a vmware window over NAT (while using xp for regular web use) or would it be better to dedicate the pcmcia card to the server?
2. Is paying $30 for dyndns.org have any advantages over any free dyndns services? If not, any recommendations for a free service?
3. An aside - I'm planning on going through the openACS setup this weekend but I noticed in another thread that the beta is basically ready. Is there a release date yet? Any advantage in waiting until then or are any upgrades to the beta pretty painless if I install from cvs this weekend?
Thanks again everyone
(was @home back in the day) as a router/gateway between my
LAN and the rest of the Internet. I have a second RH 7 box which
is where I develop ACS/OpenACS stuff. I use IP Forwarding to
make certain web servers on the dev box accessible to the rest
I'm moving in a week and a half and want to sell the FreeBSD
box ASAP which leaves me without a router for the rest of my
time here. I don't really want to throw down for a new hardware
router (which would be the right thing if I was starting from
scratch), as I'm not sure what I'm going to have for connectivity in
my new place.
In the past I have set up Linux as a router for DSL. No big woop.
This is what I would like to do again. I already have two ethernet
cards (one being for DHCP client for AT&T network, the other for
the LAN) and a hub for the LAN. Does anybody have a favorite
setup guide for this kind of thing? The Linux HOWTOs tend to be
convoluted in this area. A personal "these are the steps I took
for Redhat 7" kinda doc would be much faster. I'm thinking
something like Sean Yakamoto used to put together. I don't
need a DHCP server to the LAN.
Freesco.org might be suitable for someone else who has some old hardware laying around (I have an old 486 which was my first Linux box that might do the trick, I'm just trying to get rid of stuff like that in my moving sale), but I'm looking to maintain my dev environment on the RH box. In other words, I just want a guide to configure it for what I need for right now. I think I found something to get me started in example two here: