Web application checklist

From OCF Help

Before you begin to install a web application on your OCF account, you should prepare yourself by going through this checklist.

Contents 1 Do you have webspace set up correctly? 2 Do you have your MySQL database set up? 3 Do you know your MySQL database login information? 4 Be aware of instructions that can lead to security problems

Do you have webspace set up correctly?

Your website can be found at: http://www.ocf.berkeley.edu/~username

where username is your OCF account name.

If you have not properly set up your webspace, when you visit your website you will get:

Forbidden

You don't have permission to access /~username on this server.

If your webspace has not been set up yet, you need to read How to set up webspace and follow the instructions there. Once you have your webspace set up, it will be accessible in the public_html folder in your home directory.

NOTE: Just creating a folder called public_html in your home directory doesn't work, as what appears to be a public_html folder in your home directory is actually a link to your actual web directory. You need follow the instructions and run the correct command to get your webspace set up properly.

Do you have your MySQL database set up?

If your web app requires a database (and most do), you will need to make sure your database is set up before you attempt to install your web app. If your database has not been set up yet, you need to read How to set up MySQL and follow the instructions. The command the instructions tell you to run will set up your database and assign you a randomly generated database password. Remember your database password is NOT the same as your OCF account password. Don't forget this password, as you will need it to install your web apps.

NOTE: If your database has already been set up, the makemysql command won't erase your database, but it will reset your password and assign you a new randomly generated password. This can be a problem if you already have web apps installed on your account, because they will no longer have the correct database password and will stop working. Only run the makemysql command if you are sure your database doesn't exist, or if you are sure no applications are currently using your database.

Do you know your MySQL database login information?

Assuming your database is set up, in order to access it (or allow a web application to access it), you will need 4 pieces of information:

• Database Host: mysql.ocf.berkeley.edu
• Database Name: <your OCF username>
• Database User: <your OCF username>
• Database password: <your database password>

As mentioned earlier, your database password is not the same as your OCF account password. It is a randomly generated password that was created when your database was created. If you don't know what your database password is, but know your database is set up and in use by some other web application, contact staff. We may be able to help you retrieve it.

Be aware of instructions that can lead to security problems

Before following the installation instructions that come with a web application, it is a good idea to read up on File permissions if you are not already familiar with them.

Usually you can just follow the installation instructions included with a web application, but you need to be very careful when the instructions tell you to "change permissions" or use the "chmod" command. In most cases a web app will claim to need the access permissions loosened on certain files and directories in order for the app to work with the webserver. This is a common thing to do on many webhosts, but NOT on the OCF webserver. OCF has put a lot of effort into making the webserver secure for its users, so many of these "change permissions" steps that loosen security aren't necessary. In fact, these steps often introduce huge security holes that could lead to your account being hacked and disabled. We can't tell you how many times OCF accounts have been hacked because of users blindly following the instructions for some random web app.

This does NOT mean you should just ignore any "change permissions" or "chmod" steps you come across. Sometimes these instructions are to tighten the permissions on sensitive files or folders. Ignoring these steps would be just as bad as blindly following the others.

Since this can be very confusing to many people, we have written custom installation instructions for several of the web applications that users typically install. If you come across one of these steps and aren't sure what to do, PLEASE ask a staff member , either in an e-mail or on IRC. It is a lot easier to ask and get the correct answer now than to find out you made the wrong choice later when your website gets hacked and disabled.