- Added the Apache authnz_ldap module to all sites to support authorization decisions via the Lookup LDAP interface
- Various adjustments to Apache configuration to reduce the likelihood of clients running out of memory
- Add metrics of the number of Apache and MySQL processes running to each site's metrics page
- Added fail2ban to all MWS servers to block repeated SSH robes
31th May 2016
- Institution no longer needed in the registration form.
- Updated link to the Janet Acceptable Use Policy
- The default vhost (and its default hostname) can no longer be deleted.
- Added some stats at: https://panel.mws3.csx.cam.ac.uk/stats/
- Added behaviour to not charge ex-MWS2 users until October.
- Add protocol to renew your TLS Certificate without removing the old one.
- Added more messages when user performs an action using the panel.
MWS3 Launch - 24rd March 2016
- Sqlite3 added. It comes now preinstall in all servers.
- All Websites have now a writable folder outside docroot to store files /var/www/<website_name>/admindir
- All Websites have now a writable folder outside docroot to store script (cgi) files /var/www/<website_name>/cgi-bin
- We have lots of changes in the UI thank to the feedback of our betatesters and the user research conducted:
- More wording, self explanatory sections
- Description of what you get with a MWS Server
- Right slide section message panel containing all the messages that need attention to. An unread badge will appear on the top right.
- You can see now the status of your server in all pages of the panel in the top right bar
- New navigation bar
- Wording changes
- Users can now request domain names under .cam.ac.uk using the automated infrastructure between MWS and the UIS DNS system. We have left the option to the users to create subdomains under .usertest.mws3.csx.cam.ac.uk (with automatic acceptance if they don't currently exists) as we thought this will be useful for testing purposes.
- Users now get an email when the requested domain name is accepted or rejected by the domain name administrator
- Website (vhost) folder is deleted in the machine if the entry is deleted in the panel
- Users can secure their websites clicking the lock icon in the website entry in the panel. This will generate a key and a CSR that they can copy in their preferred TLS certificate provider (the university has one: http://www.ucs.cam.ac.uk/tlscerts/). Once the user gets the certificate they will be able to upload it using the panel. An automated process will secure their website with the provided certificate.
- Users can now create cron jobs using an specific account called mwscron in order to avoid having to create the cronjob in their user account (useful if the user leaves, the cronjob will still be in place)
- Improved the speed a user can get access to their MWS Server after they have completed the request (approximate time now: 2 minutes).
- Our new contact address for support is: email@example.com
- Users can create, modify and delete custom unix groups. They can assign any (already authorised) user of the MWS server into unix groups.
- Users have a new button in each website entry in the panel to enable or disable write access by the web server to the document directory (docroot) so that browser-based updates supported by some web applications (e.g. Wordress) can work.
- MySQL default root password is an empty password (only accessible through localhost) for all debian mysql non-interactive installations. We have changed this policy and you will get a random password as a default MySQL root password when you request a new MWS server. You will get access to that password in the panel and will have the option to change it.
- README files placed on several folders to inform the user about their usage.
- When a user request a new MWS Server a default website with a default domain name (their MWS Server name) is created for them, so they can start working in their websites as soon as possible. If they visit this domain name they will get an example welcome page.
- All docroot folders of all websites include by default a ROBOTS.txt with the no index option for all search engines. Remember to remove this file when you are ready to publish your website.
- We have removed the options to automatically create Wordpress sites by the time being.
- Quarantine mode: Users can now shut down the web and email server of their MWS servers in case they become compromised. They'll still have access by SSH but it will stop serving webpages or sending emails. Once they have fixed the problem they can dequarantine it and the web and email servers will start working again.
- Users will get an email warning them that their MWS Server has only one admin if after a week they haven't added a second one. This is to protect MWS Server of become orphan.
- MWS Servers will get suspended and shut down automatically if they become orphan (the only admin leaves the university).
- MWS Support Team now have full access to your panel in case you need support from them, so they will be able to see the same as you see and will also have access to your server to help you in fixing any problem you may have.
- We have added support to our infrastructure to support multiple clusters, so that when the time comes and the Managed Web Service need more servers it will be ready to grow.
2nd December 2015
- Production hardware: We have installed and configured a new hardware setup that is much more powerful than the one that we were using. This hardware is intended to be the production hardware used to run MWS3 sites once we launch to the general public. We have migrated all current MWS3 sites to the new production hardware. All your sites should now be running on a much faster platform than they were. If you notice any performance problems, please let us know. You should expect all your MWS sites to be running with production-level performance.
- Domain Names: As you may know, the UIS manages all domains names under .cam.ac.uk (with a few exceptions). We have successfully connected the MWS3 system with the DNS system. This means that you will be able to request a domain name (with some exceptions) under .cam.ac.uk without having to contact us or any other team in the UIS. You will be able to request it using the web panel and an automated process will start. The request will be sent to the owner of the parent domain name you have requested to allow your request (sending them an email to accept or reject the request). Once s/he agrees to the request (by just pressing a button in our panel) the automated process will follow and the domain you requested will be automatically configured and set up in the DNS. Your domain name will then be active and usable once the DNS refreshes.
- For demo purposes (until we launch to production) you will be able to request domain names ONLY under .usertest.mws3.csx.cam.ac.uk, all other domain names will be treated as 'External' which means that for MWS3 purposes they are treated as being not under UIS control; therefore you will be responsible for the DNS set up.
- User Terms and Conditions published on the control panel (accepted when signing in).
10th November 2015
- Several bugs fixed and users feedback implemented. Most important:
- User input errors in forms are now more explicitly marked and shown to user, including error messages.
- List of apache modules installed by default now listed in the apache modules page
- Whole box clickable in the panel
- Changed reboot options
- mod_ucamwebauth AACookieKey now added by default, no need to configure it.
- The email informing the user that the site is ready is now not sent until the site has finished the configuration phase. Until now the email was sent when the VM creation was finished.
28th October 2015
- Support for Python based websites, this includes Django, Flask, Pyramid or any other python web framework with support for mod_wsgi. You will find mod_wsgi installed and activated on your site and ready to be used. We have written a short tutorial with an example of how to install a Django app on the Python support wiki page. (This is an experimental feature and we would really appreciate any feedback you can give us, as the future support of this feature will depend of it.)
- Start of Billing for MWS3:
- You will have up to 30 days to upload a Purchase Order using the web control panel in the "Billing settings" section.
- If you do not upload a Purchase Order within 30 days, your site will automatically be cancelled and you will no longer have access to it.
- Billing works on a subscription basis. You will have to upload a PO for the amount of the annual cost of your MWS3 site. The following year we will charge the same cost centre with the same amount unless you tell us not to do so.
- There are two ways for you to tell us that you do not want to renew your MWS3 site. You can cancel your site using the option "Cancel this Managed Web Service account" in your "Account settings" section which will immediately cancel your site, and take down all the websites associated with it. Alternatively you can schedule the cancellation of your site when your annual subscription expires. For this you will need to use the option "Do not renew the subscription" in your "Account settings" section which will schedule the cancelation of your site when the subscription expires. You will still have access to your site until then.
- If you want your MWS3 renewal to be charged to a different cost centre you will be able to upload a new PO and we will charge the renewal against the new one. You will have to do this before the renewal date.
12th October 2015
- If the user's disk space becomes full, they will receive an email with a warning when it reaches 80%. They will get another one when it reached 90% in which moment old snapshots will start to be deleted to free up space.
- We have speed up the process of recover a user site if it breaks or needs to be recreated for any other reason.
- A pre-packaged version of Wordpress can be installed (using the Wordpress package distributed by Debian). This has the advantage over downloading direct from Wordpress that significant security vulnerabilities should be fixed automatically by package updates, but the downside that ackage updates might also break your site if you perform significant customisation. Separately from this you can still download and install WordPress yourself if you want to. To install the package:
- Enter to your MWS Site web panel
- Select 'MWS server settings'
- Select 'Web sites'
- Select 'Add new web site'
- Select 'Wordpress' in 'Optional pre-installed web application' and click submit
- Associate a domain name to it and access it, it will appear an installation wizard.
- Complete the setup of your Wordpress site introducing a new username and password and you will have a running Wordpress instance in a few seconds.
You will be able to upload media files and install plugins and themes but we aware that this may broke if the Wordpress site is updated and these themes or plugins does not support the new version because these haven't been updated. The Wordpress site will update automatically when the operating system updates. These updates are applied automatically every night in all MWS Sites. You will need to be responsible for keeping your themes and plugins updated but not the Wordpress installation. You will receive an email telling you to update your Wordpress installation, please ignore these emails by now.
28th September 2015
- Users now have access to the Apache logs.
- The ability to send emails from your web application is now enabled. There is a limit of 100 recipients per day for MWS3 sites but we can add special cases by request.
- The 'sender' address by default will be the email entered when the MWS3 site was requested. This email address is required.
- It is now required the confirmation of your email address before you can access to the MWS3 site requested.
- Users can enable and disable Apache modules using the control panel, for example, enable mod_cgi.
- Users can install and uninstall PHP libraries using the control panel.
- There is a limit on the number of IPs we have allocated for this preview, therefore, please create no more than one MWS Site, so that all beta-testers can have a chance of trying the service. You can configure as many websites (or vhosts) as you want in a single site, therefore one site will be enough for most people.
- A Virtual Machine will be created when you request a site, its network configuration will appear in the control panel. Use this data to connect to it through ssh, and try the service. Please, tell us if you are missing any system packages that you think it should be installed by default.
- You can connect to your VMs via ssh using your crsid as username. There are two options to authenticate, you can either user your UIS password or set up a ssh public key. If you want to set up a ssh public key, click on your name in the control panel, you will be redirected to a your User's panel where you can upload it. Once the key is uploaded, it will be installed in all the VMs you have access to.
- You can create as many web sites as you want in each MWS3 site, and configure as many domain names as you want for each one of these web sites.
- For this preview you will be only able to associate domain names that you own and manage to the web sites that you create.
- By default, a web site space is created when you request a new MWS Site with the name 'default'.
- Authorisation management can be done using the control panel, this includes authorising others user by searching for them using their name or crsid and the use of lookup groups instead of single user lists.
- The default VM installation includes Apache, PHP, and MySQL, with the default configuration. Feel free to deploy your favourite PHP web app, and test it.
- If you forget your MySQL root password or you lock yourself out of MySQL, you can use the "Change database root password option" in the control panel.
- A key and self signed TLS certificate can be generated and installed to test TLS capabilities of the web server [HTTPS] (full support for keys and certificates will follow in due course)
- Daily file-system (and mysqldump) snapshots are automatically made so that previous versions of files can be easily recovered. Snapshots are automatically mounted under the /snapshots folder, you will be able to access to your previous versions of files in the subfolders named after the date when the snapshot was taken.
- Snapshots older than 30 days will be deleted automatically.
- Snapshots can be manually created from the 'Backups' section of your control web panel (limited to 2) to save the state of the filesystem and database in a chosen point in time. These snapshots won't be deleted unless you run out of space.
- Any snapshot/backups (either auto daily ones or manual ones) can be restore using the control web panel in the 'Backups' section.
- There is no need for you to fill in the billing settings, but we will be grateful if you can try it and let us know what you think on how to improve it or how do you think we could improve the way we charge for our services.
- Access is available to a collection of machine metrics (on CPU, memory, disk space, etc)
- mod_ucam_webauth is installed by default.
- OS automatic patching occurs nightly.
- Logfiles are rotated daily. Apache logs are kept 2 weeks (compressed).
- .htaccess in vhosts allow to override global/default apache configuration options as well as php(.ini) ones.
- Server Side Includes is supported