Re: [Server-devel] Upgrade to 0.6
On Wed, Jun 17, 2009 at 5:28 PM, Reuben K. Caronreu...@laptop.org wrote: Glad to hear you found the root cause. If we can come up with one or two simple commands for the OLPCorps teams to type at the command line to fix this and then enable squid; I'm sure they will be glad to do so. It had all been a theoretical exercise. Today, trying to figure out what the correct fix is to put it in an rpm I just cannot repro the problem. The reason it 'Just Works' is that Apache is actually also listening on localhost. So Squid will gladly connecto localhost and issue an HTTP/1.1 request saying 'host'. Here is how I test that manually -- and apache replies nicely: # telnet 127.0.0.1 80 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. GET / HTTP/1.1 Host: schoolserver.test.xs.laptop.org HTTP/1.1 302 Found Date: Thu, 18 Jun 2009 12:59:45 GMT Server: Apache/2.2.9 (Fedora) Location: http://schoolserver.test.xs.laptop.org/moodle Content-Length: 325 Content-Type: text/html; charset=iso-8859-1 !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN ... HTML output elided. Now, there is a number of changes (some of them trivial in appearence) in the apache configuration that could break the behaviour... have the local teams installed any extra software or added/changed configuration of Apache? If so, which? cheers, m -- martin.langh...@gmail.com mar...@laptop.org -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
[Server-devel] Moodle/Server configuration for static IP external access
Now with the a fixed internal IP I am able to map the actual external IP with it for external access. Change the apache httpd-xs.conf to listen to 192.168.1.30:80 as well as 172.18.0.1:80 Loaded the pafm application and external upload and download working well. I maybe missing something - but have issue of the moodle not displaying the graphics and format, etc while login prompt is shown. What aspect of /var/www/moodle/web/config.php or files should I modify for both normal external or internal moodle access? I want to open up for external access so that the team can play with the moodle to get familar with it. Cheers -Original Message- From: Martin Langhoff [mailto:martin.langh...@gmail.com] Sent: Tuesday, June 16, 2009 11:36 PM To: tkk...@nurturingasia.com Cc: 'Sameer Verma', 'Rodolfo D. Arce S.', 'XS Devel' Subject: Re: [Server-devel] Server configuration for static IP instead of DHCP On Tue, Jun 16, 2009 at 5:25 PM, tkk...@nurturingasia.com wrote: Maybe the WIKI need an update that include ... take a break and come back for the cache stuff Probably a strategic reboot is better, faster and clearer. You do need it once you've set the domain. If you 1 - install 2 - set the domain (which sets resolv.conf 3 - set the forwarders 4 - set ifcfg-eth0-local 5 - reboot everything 'just works'. Once I make 0.6 an official release -- soon! I promise! -- we can update the install guide with this info. Working normally..and I am amazed by the level of automation via the XS. Just registered 2 XOs via wireless. Great! Now I need to see how the Moodle could be a mix of external users and XOs registered users. I use to have success login in with admin and the password supplied to add newlanguage options. Any changes? I have not been login with the combination recently? Use the first registered XO -- which has 'course creator' rights in Moodle. It can create new normal accounts, which login with username/password. If you want those accounts to be 'course creators' too, after creating the accounts you can grant them the right from Users-Roles-Sitewide roles (a standard Moodle procedure) hth, m -- martin.langh...@gmail.com mar...@laptop.org -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Moodle/Server configuration for static IP external access
On Thu, Jun 18, 2009 at 3:03 PM, tkk...@nurturingasia.com wrote: Now with the a fixed internal IP I am able to map the actual external IP with it for external access. Change the apache httpd-xs.conf to listen to 192.168.1.30:80 as well as 172.18.0.1:80 Loaded the pafm application and external upload and download working well. I maybe missing something - but have issue of the moodle not displaying the graphics and format, etc while login prompt is shown. What aspect of /var/www/moodle/web/config.php or files should I modify for both normal external or internal moodle access? I want to open up for external access so that the team can play with the moodle to get familar with it. I can't really recommend that. Moodle and other services should only be in the internal network. Publishing it in the external network creates security issues. If you still want to do it, the best way is to ensure that the external users (external from the PoV of the XS) see the exact same DNS name for the server. Once you do that, images, forms and links will work. cheers, m -- martin.langh...@gmail.com mar...@laptop.org -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Moodle/Server configuration for static IP external access
I can't really recommend that. Moodle and other services should only be in the internal network. Publishing it in the external network creates security issues. Yes, with a real school deployment this is a major concern. The XS I understand is designed for minimal maintence without this headache!! If you still want to do it, the best way is to ensure that the external users (external from the PoV of the XS) see the exact same DNS name for the server. Once you do that, images, forms and links will work. What settings do I need to configure for this? Thanks ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Moodle/Server configuration for static IP external access
On Thu, Jun 18, 2009 at 3:34 PM, tkk...@nurturingasia.com wrote: What settings do I need to configure for this? Thanks You can shoot yourself in the foot, but I'm not sure how much I'll help ;-) The instructions start... find the DNS server in the 'outer' network... cheers, m -- martin.langh...@gmail.com mar...@laptop.org -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Moodle/Server configuration for static IP external access
On Thu, Jun 18, 2009 at 3:59 PM, Dave Bauerdave.ba...@gmail.com wrote: Most Moodle installs are available to the internet. Does it really make sense to rely only on Moodle being on the internal network to provide security? You are right, and a lot of my pre-OLPC work has been in making the largest of those installations work smoothly in scale, security, performance, customisations... In those cases, Moodle is a webapp. In this case, however. Moodle is the central UI for most things XS. Some things XS change how the XS behave. For example, I am drafting a bit of code that will let you configue eth0 and 'domain_config' from a Moodle-based UI. So on first boot, the XS comes up in a special mode that lets you set those 2 things. Once this work is done, you no longer need to login as root. Ever. On the other hand, it'd be serious trouble if Moodle started listening on the public address. Right now Moodle seems to be reasonably meek... but I haven't thought that through actually, it may have risks too. The bottom line is: Services that are on the LAN address have not been designed to be on the WAN address -- many (most?) of them are a security risk if exposed to the WAN today. As the XS evolves, _more_ services will pose a risk if exposed to the WAN. So -- put your test/dev machines on the LAN to play with things. The XS will hand out DHCP leases to non-XOs, you can create normal user accounts in Moodle (from the 'course creator'-blessed XO) so that things work. Using non-Sugar XMPP clients (mostly) works too if you're on the LAN. hth, m -- martin.langh...@gmail.com mar...@laptop.org -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Moodle/Server configuration for static IP external access
On Thu, 2009-06-18 at 16:19 +0200, Martin Langhoff wrote: On Thu, Jun 18, 2009 at 3:59 PM, Dave Bauerdave.ba...@gmail.com wrote: Most Moodle installs are available to the internet. Does it really make sense to rely only on Moodle being on the internal network to provide security? You are right, and a lot of my pre-OLPC work has been in making the largest of those installations work smoothly in scale, security, performance, customisations... In those cases, Moodle is a webapp. In this case, however. Moodle is the central UI for most things XS. Some things XS change how the XS behave. For example, I am drafting a bit of code that will let you configue eth0 and 'domain_config' from a Moodle-based UI. So on first boot, the XS comes up in a special mode that lets you set those 2 things. Just had a thought, couldn't we do something with xs-named.conf.in where it could source lets say /etc/sysconfig/network looking for forwarders=? We already have to fiddle with hostname in that file anyway... Once this work is done, you no longer need to login as root. Ever. On the other hand, it'd be serious trouble if Moodle started listening on the public address. Right now Moodle seems to be reasonably meek... but I haven't thought that through actually, it may have risks too. The bottom line is: Services that are on the LAN address have not been designed to be on the WAN address -- many (most?) of them are a security risk if exposed to the WAN today. As the XS evolves, _more_ services will pose a risk if exposed to the WAN. So -- put your test/dev machines on the LAN to play with things. The XS will hand out DHCP leases to non-XOs, you can create normal user accounts in Moodle (from the 'course creator'-blessed XO) so that things work. Using non-Sugar XMPP clients (mostly) works too if you're on the LAN. hth, This is where iptables may come in handy, you could allow access to the local lan, reachable by the external address, only from a pre-defined set of ipaddresses. I'll work something up if there is interest. The other alternative is to use a vpn solution, to gain access to services available on the LAN. Just a thought, Jerry ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Moodle/Server configuration for static IP external access
On Thu, Jun 18, 2009 at 10:19 AM, Martin Langhoff martin.langh...@gmail.com wrote: On Thu, Jun 18, 2009 at 3:59 PM, Dave Bauerdave.ba...@gmail.com wrote: Most Moodle installs are available to the internet. Does it really make sense to rely only on Moodle being on the internal network to provide security? You are right, and a lot of my pre-OLPC work has been in making the largest of those installations work smoothly in scale, security, performance, customisations... In those cases, Moodle is a webapp. In this case, however. Moodle is the central UI for most things XS. Some things XS change how the XS behave. For example, I am drafting a bit of code that will let you configue eth0 and 'domain_config' from a Moodle-based UI. So on first boot, the XS comes up in a special mode that lets you set those 2 things. Once this work is done, you no longer need to login as root. Ever. Cool, maybe a switch to turn this off would be useful for those who are running a different configuration. Dave On the other hand, it'd be serious trouble if Moodle started listening on the public address. Right now Moodle seems to be reasonably meek... but I haven't thought that through actually, it may have risks too. The bottom line is: Services that are on the LAN address have not been designed to be on the WAN address -- many (most?) of them are a security risk if exposed to the WAN today. As the XS evolves, _more_ services will pose a risk if exposed to the WAN. So -- put your test/dev machines on the LAN to play with things. The XS will hand out DHCP leases to non-XOs, you can create normal user accounts in Moodle (from the 'course creator'-blessed XO) so that things work. Using non-Sugar XMPP clients (mostly) works too if you're on the LAN. hth, m -- martin.langh...@gmail.com mar...@laptop.org -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff -- Dave Bauer d...@solutiongrove.com http://www.solutiongrove.com ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel