Forum OpenACS Q&A: Serving up OpenACS from home

I'm in the process of developing a local 'social group' site using OpenACS. It's a bit premature to go forward with paying for hosting so I'm planning on doing initial dev work on a home server on my @home account (assuming that traffic is pretty low, the telcom won't mind I hope...). I've never set up a server aside from a localhost loopback configuration. Surprisingly, resources on the internet are pretty sparse.

My questions:>

1. Would it be useful to document the process for adding to the OpenACS install docs - being entirely opensource, it would seem to be a logical use for the software.
2. Does anyone know of any good resources for going through the process? I've found these two:

• http://h otwired.lycos.com/webmonkey/99/08/index3a.html
• http://serverwatch.internet.com/articles/buildserver/index.html

As I see it, there's already good docs on installing linux and OpenACS' components so all that would be needed would be an openACS specific doc for serving up pages from your home using dynDNS and your high speed connection + setting up Qmail(seems to me you need to be pretty hardcore to work your way through the available setup docs for that puppy) + securing the server. Useful?

Good for you, taking this plunge is really more satisfying in the long run than using a hosting solution. The knowledge you'll gain, while having complete control over your server can't be matched. In fact, I learn with my home server, then deploy at my day job. Sure keeps me from wasting time and makes me look good to the boss.

I'm currently hosting the following domains on my home server:

• http://www.gilprice.com
• http://www.opedworld.com
• http://www.fltstd.com
• http://www.pcs-sc.com
• http://www.myorgbook.com
• http://www.it-firm.com (currently redirected to myorgbook)
• http://www.hootchi-mama.com (newest one, for fun)

These are all virtual domains hosted on a Redhat 7.1 system with Apache/PHP/MySQL. The same machine has OpenACS 3.2.5/Postgresql/AolServer on port 8000. Any of the domains when pointed to port :8000 end up here. To tell the truth I haven't done alot with OpenACS yet. My installation of OpenACS at work is much further along and makes up for about 60% of all the resources I manage on a similiar equipped machine.

All this joined to the Internet via a Linksys 4-port router, on a Time-Warner Roadrunner cable modem. I use the TZO.com service; while not free, it is cheaper than a hosting service and except for 2 short periods in the past 2 years I have been live 24x7.

The issue with dynamic IP's not changing has to do with Microsoft's implementation of DHCP. Whatever the lease period is on an IP, the client will contact the DHCP server prior to expiration and request a renewal of the IP. If there is no reason for the DHCP to deny the request, the IP address is renewed for another lease period. Roadrunner uses 23 hour periods (I wonder if they think new IP's are being issued daily? My current IP has been static for over a year, since I did a manual IP drop and renew on the router.) We use the same scheme at work with 7 day lease periods. It's not unusual for a client to keep the same IP until the entire system is upgrade, re-imaged etc...

I'd be happy to help with installation and configuration. I used the RPM install for OpenACS provided by Jonathan, and followed the Arsdigita instructions for installing RedHat. I'm going to replace sendmail with qmail this weekend and can provide my experiences if your interested. I'm also working on a updated step by step guide for Redhat/Apache/PHP/MySQL and should have it done by the end of the month.

If you want any help or need any, let me know...

So there's a fine heritage of home-hosting behind this entire project.  I ran my birding database project off my DSL line for a year and really had no problems.  The only reason I co-lo'd the box is because my ISP lets me do it for $100/month and now my DSL bandwidth at home is all mine! mine! mine! for downloading infinite numbers of infinitely broken Oracle versions :)

You can turn off the auto-kill feature on the ssh server, but you'll have old processes running and running if you kill your terminal session without first logging off. Actually, if you're sloppy using screen you're liable to have a lot of processes running too.

I recommend using a Netgear or Linksys DSL four/five port router with firewall protection (~$80.00).

I am using the Netgear, it blocks all ports by default (but you can open them up), and it automatically reconnects if you lose the connection. You configure it via Web browser or telnet, and it even has a configuration menu for dynDNS.

I agree with the router suggestions, and the linksys product previously mentioned is really good. (great value for the money)

If you've got a little more cash to burn, you could also try the BuffaloTech WLAR-L11G-L.

(http://www.buffalotech.com/products/airstation/wlarl11l.html)

This router has 4 "wired" ports, but also serves as an 802.11b hub, so you can hook you laptops up to the network wirelessly. It uses Lucent hardware (so don't be afraid that it's a "no name" product; it's got the same guts as the orinoco stuff.)

We use it internally at work. Our dev servers & network printer are "hard wired", and we have a bunch laptops connected wirelessly. It covers 2500 sq. ft. without a problem.

It's a pretty good value for $200.

It's the same connector that Lucent uses, I think.

I've been able to plug the buffalo antennae into both the buffalo base station and into some Orinico wireless PCMCIA cards that I had lying around. I've never seen a real Lucent antenna, though, so I don't know 100% that it uses the identical connector.

Hope it helps

The antenna helped that out a lot.

Thanks a lot for the great information.  Are you aware of any IPSEC VPN issues with these units?  The docs state PPTP works OK, but I've read of people who have had trouble with IPSEC VPNs (cf. comp.dcom.modems.cable and .xdsl newsgroups)

I'm not aware of any specific problems with the Buffalo products. That said, there may be some, but I wouldn't know of any. Perhaps Rolf can chime in, as he has significantly futzed with our routers here.

The Buffalo products are nice, in that configuration is totally web-based, and is really straightforward. (Though they do have plenty of scary packet-filtering and NAT options, that I don't go near..)

I've got one running at my parents place (they are tech illiterate), and it's had an uptime of >1 year. If only their windows installs worked so flawlessly....

The buffalo base station uses 128-bit WEP. You can explicitly deny connections from _all_ wireless cards, except those those MAC address you specify. So, in our network, only 3 wireless cards can connect at all.

In short, if you set up the base correctly, you can keep the casual hacker/script kiddie out. I'm sure an uber-leet hax0r could get into our setup. But I feel reasonably safe that no such people are within the range of our network.

That said, you can make the wireless network secure for your system but that's a non-trivial task.  Basically put the WAP outside your internal wired LAN (you probably need to buy at least one more switch or router to do this).  Run NAT on the WAP to share your IP address with your wired network, run your wired network with any security you feel like using -- search openacs or aD for firewall and sonicwall, and then install some VPN somewhere on your LAN.

That VPN can probably be a Linux or Windows app.  Install a VPN client on your wireless devices.  So now to access your LAN from your wireless unit, you VPN in through your firewall, the VPN software may/should let you see the rest of your LAN the network.

At this point, realizing that my $200 WAP + $50 switch was only going to yield me maybe 4MBps, while the $50 switch and a big $25 cat 5 cable was going to crank up my speeds to 100MBps, I returned the WAP.

Other note: one benefit of running your own servers that I haven't seen mentioned above are the benefits of running your own mail servers.  Qmail in particular let's you create a gazillion unique email addresses.  So each time you find someone wanting your email address you can give them a unique email address that gets back to you.  Very useful in tracking down the source of SPAM, and in then allowing you to create precise filters that get rid of the SPAM and nothing else.

Using cold-air vents sounds like a good idea, except alot of houses have dual systems these days where the upstairs and downstairs systems do not cross-connect :(.

I'm moving in a week and a half and want to sell the FreeBSD
box ASAP which leaves me without a router for the rest of my
time here.  I don't really want to throw down for a new hardware
router (which would be the right thing if I was starting from
scratch), as I'm not sure what I'm going to have for connectivity in
my new place.

In the past I have set up Linux as a router for DSL.  No big woop.
This is what I would like to do again.  I already have two ethernet
cards (one being for DHCP client for AT&T network, the other for
the LAN) and a hub for the LAN.  Does anybody have a favorite
setup guide for this kind of thing?  The Linux HOWTOs tend to be
convoluted in this area.  A personal "these are the steps I took
for Redhat 7" kinda doc would be much faster.  I'm thinking
something like Sean Yakamoto used to put together.  I don't
need a DHCP server to the LAN.

TIA,

Freesco.org might be suitable for someone else who has some old hardware laying around (I have an old 486 which was my first Linux box that might do the trick, I'm just trying to get rid of stuff like that in my moving sale), but I'm looking to maintain my dev environment on the RH box. In other words, I just want a guide to configure it for what I need for right now. I think I found something to get me started in example two here:

http://www.yolinux.com/ TUTORIALS/LinuxTutorialNetworkGateway.html