*************************************
* Powernet Shared Web Server README *
*************************************



About This Document
===================

This document refers to the default state of your newly-created web space.
However you are often free to make changes so that some things work
differently, or stop working at all.  This document describes how your web
site works in its initial state.

When examples are given below, they will usually use the web site name
"www.yourdomain.com".  Obviously you should replace this by the actual name
of your web site.

Please also read http://supportpages.power.net.uk/Shared_Web_Server_FAQ .



Shared Services
===============

Although we have taken steps to provide a stable and secure environment for
you, please note that your web-site is hosted on a "Shared" web server.

As a result, there is a possibility that changes might impact other users, and
we therefore require you to act responsibly when making changes to your web
space.  If you are in any doubt regarding how a required change might impact
the environment as a whole, please contact us before you implement the change.



Uploading Your Web Site
=======================

When you upload your web site using FTP, make sure that you put your site
into the "html" directory.  Only files in the "html" directory will appear
on your web site.



What's Where
============

Under your home directory are three links to other parts of the system:

 * "html" links to your web space.  Any files you put under this area
   will be accessible via the web.
 * "data" links to your data area.  Any files you put under this area
   can be read by the web *server*, but can't be accessed via the web.
   For example, it would be a good idea to put password files here.
 * "logs" links to your web logs directory.  This directory contains the
   log files that the web server keeps for your web site.



Web Stats
=========

Point your web browser towards the "/powernet/usage" part of your web space
- for example, if your web is www.yourdomain.com then the web stats would be
at http://www.yourdomain.com/powernet/usage (or, if you have an SSL-enabled
site, you could use the secure version -
https://www.yourdomain.com/powernet/usage).

The web stats password file is /custdata/www.yourdomain.com/usage-passwords.
If you want to change your web stats password, or create a new web stats
username / password, see "Web Password Files" (below).

Your web stats will be updated at least once every 48 hours.  The monthly
stats pages are deleted after 12 months.

The web stats program we use is "Webalizer".  For more information about
Webalizer, including advice on how to interpret the stats, please see
http://www.mrunix.net/webalizer/webalizer_help.html .



Access Logs
===========

To download your access logs, use your preferred file transfer method (e.g.
FTP - see below), go into the "logs" directory, and download the log files
from there.

Each line of the access log includes the following fields, in this order:

 * client hostname (or IP address, if there is no hostname)
 * remote logname (almost always just "-")
 * authenticated user name (or "-")
 * the date and time of the request
 * the HTTP request line (e.g. "GET / HTTP/1.1")
 * the HTTP response code (e.g. 200)
 * the Content-Length of the document transferred to the client (in bytes)
 * the HTTP "Referer" (sic) header
 * the HTTP "User-Agent" header
 * the HTTP "Host" header
 * the client IP address
 * "nossl" if the request did not use SSL; otherwise, details of
   the encryption used for this connection

The first seven fields are the "Common Log Format".



Passwords
=========

The same username and password is used for all these things: shell access,
FTP, SCP and SFTP, and web stats.

If this server detects too many failed SSH/FTP login attempts within a short
space of time from any single IP address, then all SSH/FTP login attempts
from that IP address will be temporarily blocked.  This is to defend against
people guessing passwords, in order to gain unauthorised access.  However,
this does mean that you have to be extra careful when logging in yourself,
otherwise you might accidentally lock yourself out for a while.



Shell Access
============

Shell access is via "ssh" (not "telnet").  To connect, you will need an SSH
client.  "Putty" is a free SSH client for Windows; it can be downloaded from
http://www.chiark.greenend.org.uk/~sgtatham/putty/ .



File Transfer
=============

You can use FTP to transfer files to and from your web site.  The ftp
username and password is the same as for shell access; the host name is the
same as your web site name (e.g. "www.yourdomain.com", NOT
"ftp.yourdomain.com").

Alternatively you can use SFTP or SCP, both of which work via SSH.  These
have the advantage of using an encrypted connection, thus protecting your
files and your password.  Again, you can download SFTP and SCP clients for
Windows from http://www.chiark.greenend.org.uk/~sgtatham/putty/ .



CGI Scripting (including PHP)
=============================

This server supports the use of CGI scripts, including PHP.

For CGI scripts to work:

 * File permissions must be set to 755 or it will not execute for security
   reasons. This is full rights to owner and read+execute rights to group
   and public. If your script is erroring with 500 Internal Server Error,
   this is the most likely cause of the problem.
 * the filename must end in ".cgi" (or you can use ".php" for PHP);
   specifically, ".pl", ".php3" and ".php4" will not work
 * the file must be marked as "executable" (see below)
 * Perl scripts must be uploaded with UNIX line endings (see below)
 * Perl scripts, as well as being executable, must have a first line
   that reads:
     #!/usr/bin/perl
 * PHP pages, as well as being executable, must have:
     <?php
   as the first five characters of the file.

To mark a file as executable, log in to the shell and use "chmod +x", e.g.:

  chmod +x /webs/www.yourdomain.com/search.cgi

Alternatively your file transfer program may include a facility for
changing the file permissions without having to log in to the shell.

A Perl script will only execute if it has UNIX line endings (as opposed to
DOS or MAC line endings).  If you're uploading your files from a Windows PC,
the conversion between the different types of line endings will usually
be handled automatically if you upload the Perl script using "text" (or
"ASCII") mode.



Email
=====

Your web site cannot receive email.  However with the right CGI scripting,
it can send email.

To send mail, you must pipe the message to "/usr/sbin/sendmail" - trying to
establish an SMTP connection will not work.

For more details, including details of how to actually do this using your
preferred CGI scripting language, please use your favourite Internet search
engine.

To send mail, your account MUST have a valid "webmaster" email address
(which is conventially, but not necessarily, 'webmaster@yourdomain.com').
If the "webmaster" email address associated with your account is missing or
invalid, you won't be able to send any mail!  Your webmaster email address
is shown to you when you log in via the shell.  If you need to change the
address, please call Support.



MySQL
=====

MySQL support is available.  If you require a MySQL database for your web
site, please call Support.

Your MySQL username will be the same as your shell / FTP username.  When
connecting to MySQL, do not specify a host name - the default, unspecified
host name is the correct one to use.

For example in Perl, you might write:

 use DBI;
 my $db = DBI->connect("DBI:mysql:mysqldatabasename", "mysqlusername", "password");

Every night your database will be dumped to a text file in your home
directory, like this: ~/auto-dbdump-DATABASENAME.sql.  This file counts
towards your quota; hence, your quota must be large enough to hold both your
"web" files and your MySQL database dump.



Networking
==========

Apart from DNS traffic and "ping", outgoing networking connections are not
allowed.  If you want to send email, please read the "Email" section
elsewhere in this document.



"Good" and "Bad" CGI Scripts
============================

If a CGI script is "bad" (for example, if it compromises the security or
stability of the web server, or if it can be used to send "spam") then the
script will be disabled.  Some scripts we already know have this problem -
for example, "Formmail.cgi" by Matt Wright, or "tellafriend.cgi" by Jackie
Hamilton.  We won't let you use these scripts, so please don't ask.

For more information on our script blocking policy, please read
http://www.powernet.co.uk/client/general/scriptblocking.shtml .

If you're looking for well-written and secure CGI scripts (in Perl), we
can recommend http://nms-cgi.sourceforge.net/ .  Additionally we do provide
a small number of "shared" CGI scripts for your use.  For more information
about this, please read /usr/local/bin/shared-cgi/README.txt .



Web Password Files
==================

To manage passwords stored in /some/password/file, log in to the shell and
use the "htpasswd" command:

 * To add a user, or update the password of an existing user, type:
   htpasswd /some/password/file theusername

 * To delete a user from the password file, type:
   htpasswd -D /some/password/file theusername

 * If you need to create a new password file, type:
   htpasswd -c /some/password/file theusername

Obviously you should replace "/some/password/file" with the real location of
your password file.

The best place to store your password files is not under /webs, but under
/custdata instead.  This helps protect your password file from being
downloaded via the web.



File and Directory Permissions
==============================

The default file and directory permissions should "just work" and do the
right thing.  However if you're interested in how it works, or you want to
know what the correct settings are, please read
/usr/local/Permissions-README.txt for more information.



Character Encoding
==================

The default character encoding used by the web server is UTF-8. If your
pages are not encoded using UTF-8, you may want to disable this behaviour
as follows:

 * create a file containing just a single line of text:

       AddDefaultCharset Off

 * save that file as ".htaccess" in the root of your web space (i.e. your
   "html" directory).



Service Announcements
=====================

Any important announcements about this service will be sent to the Technical
Contact email address associated with your web account.  If you're not sure
what Technical Contact details are associated with your account, or if you
would like to change those details, please call Support.



Support
=======

Powernet support is available on 01908 242103.  For general enquiries, call
01908 605188.



# vi: set tw=76 :