About web home pages



Members of the Maths department are able to host their own personal web home pages on the ICT central Linux webfarm which lets them explore HTML and create web content, write JavaScript, PHP & Perl scripts and become familiar wth creating websites. Control of these home pages is firmly in your own hands, unlike CMS-based official college sites, and these notes describe how to use this facility to get the most out of your personal web site.

About the home pages

Most of the official Maths website content is now hosted on the central college web servers and is accessed through the URL http://www.imperial.ac.uk/mathethatics with the old Maths website URL http://www.ma.ic.ac.uk also available. but by appending a forward slash, a tilde and a Maths username to this URL, personal home pages for that user can also be served if they exist in a special folder in that user's ICNFS home directory as in this example http://www.ma.ic.ac.uk/~cb.

How do I set up my home pages?

If you want to create and serve your own home pages from the Maths website, her's a checklist of what you will need:

  1. an account and a home directory on the ICNFS server

  2. a folder called public_html within your ICNFS home directory

  3. the access permissions of both your home directory and your public_html folder - and the files within - must be set correctly

  4. in most cases, you should have a default page within your public_html folder that will be served if the URL http://www.ma.ic.ac.uk/~username is visited

your ICNFS account

To begin with you will need a home directory on the ICNFS server since your Maths web home pages will be stored in this home directory (even if you have other home directories on other servers as well as a Windows H: drive) and they will be served by the ICT Linux webfarm. ICNFS is a central server managed by ICT that is intended for use by those who mainly use Linux or UNIX desktop PCs and workstations, as opposed to those who primarily use Windows whose home directories will be stored on a different server (the ICT SAN).

Most Linux/UNIX users and some Windows users will already have an account and home directory on the ICNFS server but if you are not sure, one quick way of finding out is to try logging into a Maths Linux system using ssh and your college computer account username and password.

If you are a Windows user, PuTTY is installed on most college Windows machines or you can download this and install it on your own system. Mac and Linux users can simply open a terminal and use ssh from the command line. Try logging into hessian.ma.ic.ac.uk - if it will not accept your college username and password, the chances are high that your college computer account does not permit you to access the ICNFS service and you should contact the ICT service desk.

your public_html folder

By convention, the folder (or subdirectory) within your home directory where your home pages actually reside is called public_html - this is a convention used by all webservers that serve home page content for local users. If this doesn't exist, you will need to create it.

for Linux users: simply use ssh to connect to a Maths Linux system (for example, hessian) and create the subdirectory using the remote command feature of ssh:

ssh username@hessian.ma.ic.ac.uk mkdir public_html

for Windows users: you could log into a Maths Linux system using PuTTY and create a public_html folder on the command line as described above for Linux users but you'll probably feel more at home using Windows Explorer to create your public_html folder and, indeed, doing everything else related to your web home pages. Fortunately, ICNFS also supports mapping a Windows network drive to your home directory or to a folder within it so that it appears to be just another drive on your desktop PC or laptop:

Log onto your Windows PC or laptop using your college username

double click on My Computer

Screenshot of My Computer menu

and then select Tools... Map Network Drive...:

choose the drive letter you would like to map to your web home pages - drive W: might be a good choice

in the box labelled Folder: type the following share name:

\\icnfs-ma.cc.ic.ac.uk\your username\public_html

where your username is your college loginname.

Screenshot of Map Network Drive menu

now click on Finish to complete the mapping.

the Map Network Drive dialog box will close and you should now see a network drive called public_html on 'www.ma.ic.ac.uk\your username'(disk:) where disk: is the drive letter you have chosen for your mapping.

Screenshot of Map Network Drive menu

Note: if you are outside the college, you will need to connect to the college VPN service first because for security reasons, access to Windows network shares is blocked by the college perimeter firewall.

getting the permissions right

The webserver software (apache) needs to be able to read the HTML pages, images and any scripts you may have in your public_html folder otherwise it will not be able to find them and visitors to your home pages will receive the familiar "404 Page not found" error. By default, your ICNFS home directory will have been set up with initial permissions that restrict access to yourself only and deny access to other members of your login group and the world generally, but this will also deny access to the webserver too. So you will need to make some changes to these permissions in such a way as to allow webserver access but not allow others to access your data, which may be very personal.

Your default home directory permissions pattern will look like this:

drwx------

whereas the correct permissions, when you want to allow access to your web pages, should look like this:

drwx--x--x

The extra 'x' characters in the correct pattern allow members of your login group and the world to descend into your home directory and read a known, named and requested filename or path/filename - this is what the webserver will do when asked to access the file public_html/index.html for example; as this is a known file requested by name, access will be possible. But setting these permissions will not allow all and sundry to go into your home directory and/or public_html folder and browse around!

Checking and if necessary correcting the permissions is best done from a Linux or UNIX system (it can be done from Windows but frankly it is quicker and easier to simply log into a Linux system and check/change it there with one or two commands):

  1. log into a Maths Linux system (eg, hessian) using either ssh (for UNIX/Linux users) or PuTTY (for Windows users)

  2. Now type the following command at the prompt

    ls -ld $HOME

  3. Supposing your username is jbloggs, then you should see:

    jbloggs@hessian:~ $ ls -ld $HOME
    drwx--x--x  70 jbloggs ammp 8192 Mar 25 12:12 /home/ma/j/jbloggs

  4. If your home directory permission pattern is drwx------ and assuming you are still logged into the Linux system, you will need to correct this by typing:

    jbloggs@hessian:~ $ chmod 711 $HOME

  5. and double check that the permissions are now correct:

    jbloggs@hessian:~ $ ls -ld $HOME
    drwx--x--x  70 jbloggs ammp 8192 Mar 25 12:12 /home/ma/j/jbloggs

  6. Similarly the permissions of your public_html folder should at least be the same as your home directory at drwx--x--x; if not you can correct this with:

    jbloggs@hessian:~ $ chmod 711 $HOME/public_html

  7. and double check that the permissions are now correct:

    jbloggs@hessian:~ $ ls -ld public_html
    drwx--x--x  70 jbloggs ammp 8192 Mar 25 12:12 public_html/

  8. Finally, do make sure that the permissions of the web content files - that is the pages, images, scripts, etc that you upload into your public_html folder - also allows the webserver read-only access to them. If you like creating your HTML pages interactively by editing them 'in situ' via a ssh session into a Maths Linux system, the editor will by default save your pages with the correct permissions as in this example:

    jbloggs@hessian:~ $ ls -l public_html
    -rw-r--r-- 1 jbloggs ammp    26402 Sep  4 11:45 index.html

    If you upload content into your public_html from your own computer using scp, sftp or by mapping a network drive in Windows to your public_html folder, the permissions of your uploaded content will usually match those of your files on your own computer allowing read-only access to all, including the webserver. But if you have set unusual permissions for your files on your own system, or if you are using a Windows, a Mac or a third-party Linux sftp or scp program that allows permissions to be changed during the upload so that read access by the webserver is denied, your pages won't display!

    So in addition to making sure your ICNFS home directory and public_html folder permissions are correct, you must make sure that the content's permissions are correct too. Pages, images, scripts and any other files you want to be able to display to visitors to your home pages should be set to:

    rw-r--r--

    and any subdirectories or folders within your public_html folder should have the permissions:

    drwx--x--x

    If your file and/or folder permissions are wrong, you can reset these permissions remotely using most graphical scp or sftp programs for Windows, Mac, Linux, Andoid or iPhone and if you have mapped a Windows network drive to your public_html folder, you can change the permissions from Windows. Alternatively, a quick way of doing this is to log into a Maths Linux system and fix this yourself; if you have a simple set of pages with no subdirectories inside your public_html folder, you can use this remote ssh command:

    ssh username@hessian.ma.ic.ac.uk chmod 644 public_html/*

    to set the correct permissions for your content files. However, if you have subdirectories within your public_html folder, this simple command will make these subfolders inaccessible! In this case the best way to get the permissions right is to first log into a Maths Linux system, say, hessian.ma, and then use the Linux 'find' command to separately find all the files and folders and set their permissions correctly:

    ssh username@hessian.ma.ic.ac.uk
    find ~/public_html -type d -exec chmod 711 {} \;
    find ~/public_html -type f -exec chmod 644 {} \;
    exit

about default pages in your public_html folder

To protect your own security, directory indexes are disabled on the ICT webfarm. This means that:

  1. you cannot display a listing of the files or folders within the public_html folder (or any other folder within it or below it) by using a URL that ends with either the user's username or the name of a folder below the public_html folder

  2. if one of the defined default top level pages (index.html, index.htm, default.htm or index.php) is not present in the public_html folder, then a URL such as http://www.ma.ic.ac.uk/~username will return an error message like this:

    missing default top level page error screenshot

  3. if one of the default top level pages is not present in any folder, then a URL such as http://www.ma.ic.ac.uk/~username/empty-folder will return an error message like this:

    empty folder error screenshot

  4. Do note that a folder that lacks a default index page can still serve a page or file explicitly referred to by the URL, as in the example here:

    empty folder error screenshot

Getting your home page content onto the webserver

Although you cannot log into or transfer files directly to the webserver or the ICNFS server, there are several ways in which you can get your pages, images, sound files, etc into your home pages:

Using file transfer methods, two options are supported:
via sftp
via scp

Using direct filesystem access from Windows or Linux:
by mapping a Windows network drive to your home pages
by mounting your home pages on your Linux/UNIX system via NFS

Interactively: by logging into a Maths Linux system either at the local screen/keyboard or remotely via ssh and editing your pages with a text editor

These will be described in turn starting with file transfer methods.

sftp

This is a secure, encrypted version of the traditional FTP file transfer program - a SFTP client is installed on all college Windows machines as part of the SSH Secure Shell package and can be acessed from Start... Programs SSH Secure Shell... Secure File Transfer Client. Alternatives include FileZilla and WinSCP. For the Macintosh, Fugu is recommended and the long-time FTP client Fetch has now had SFTP facilities added to it. (You can also drop down into a shell terminal and run sftp from the command line as this is part of the native ssh installation in the UNIX operating system that underlies Mac OS X). For UNIX/Linux the gnome Nautilus and KDE Konqueror filemanagers also have SFTP capabilities and as with Mac OS X, you can also run sftp directly from the command line.

You can connect to any Linux system in Maths using a sftp client but if you are outside the college, you will need to connect to a system that has external ssh access through the college's perimeter firewall, as external access to most Linux/UNIX systems in Maths is not possible. A list of the systems that are currently accessible externally is kept here.

Here is an example of a command line sftp login from a PC running OpenSolaris to hessian, which is one of the Maths SSH gateways - note the short-form addressing where the host is simply referred to as 'hessian' since the connection is being made from a computer on the same sub-domain (ma.ic.ac.uk) as hessian; if you are connecting from a different department or from outside the college, you will need to give the full Internet address hessian.ma.ic.ac.uk:

andy@anahata:~ $ sftp hessian
Connecting to hessian...
andy@hessian's password: 
sftp>

scp

scp (secure copy) is a utility present on most UNIX and Linux systems that allows the copying of files or even complete directory trees between UNIX/Linux systems with a single command. If you are using such a system, you can transfer your home page content to/from the Maths webserver in this way and scp has many advantages over sftp including the ability to use it without a password using standard ssh private/public keys, it can be executed from scripts and it is possible to preserve the original file parameters (date & time, ownership, permissions, etc) in the copied files.

A simple example of the syntax for using scp on a Linux systems is given here - the file gprs-network-info.html is being transferred from my desktop workstation to the mobile_networks subfolder in my public_html folder:

andy@anahata:~ $ scp gprs-network-info.html andy@hessian.ma.ic.ac.uk:public_html/mobile_networks
andy@hessian.ma.ic.ac.uk's password: 
gprs-network-info.ht 100% |*****************************| 76075       00:00
There's at least one free scp client for Windows called WinSCP but most of the other packages that claim to implement scp for Windows actually use sftp whose interface is quite different.

Mounting your home pages on your Linux/UNIX system via NFS

Users of Linux and UNIX systems (and Macintosh users too if they are so inclined to use the underlying UNIX of Mac OS X) can mount the webservers's home page filesystem on their own systems by following these instructions:

  1. log into your system as root or become root if you are already logged in

  2. create the mount point /home/ma, eg:

    mkdir /home/ma

  3. now add the following line to your /etc/fstab:

    icnfs-ma.cc.ic.ac.uk:/home/ma /home/ma nfs rw,bg,intr,soft,nosuid,nodev,rsize=8192,wsize=8192 0 0
    (all on one line).

    If you already have NFS mounts listed in your /etc/fstab, the existing entries may look quite different to the one above. This is because anything after the 'nfs' in the line shown above is optional and your existing entries may not have these, or they may have different options. Omitting all the options entirely will still work and allow you to mount the exported home page directories - the options shown prevent your system hanging at boot time if there is a network or server failure and the home pages can't be mounted; they also speed up NFS read/write performance and stop your computer wasting time at boot-up trying to check the remote filesystem :-).

  4. now mount the home pages from penguin68 onto your system - the lazy way of doing this is to simply type:

    mount -a

    to mount in one go all the filesystems listed in /etc/fstab including the newly added home page filesystem exported from penguin68. Of course, if you prefer you can do things the hard way by mounting this individually on its own - you might have to do this anyway if you have deliberately unmounted a device listed in your /etc/fstab and you don't want it remounted now: the command syntax to do this varies from one UNIX flavour to another but this one will work with sensible defaults with any Linux:

    mount -t nfs icnfs-ma.cc.ic.ac.uk:/home/ma	/home/ma

Logging into a Linux system and working with your pages interactively

You can also log into any Maths Linux system directly using ssh (Secure SHell), change to your public_html folder and edit your home pages and manipulate files, folder and images directly on the server. You can find some information about SSH here; users of UNIX/Linux text editors tend to belong to either the vi camp or the emacs camp so to keep everyone happy, both are installed on Maths Linux systems - the installed version of vi is actually Vim (VI iMproved).

Image creation and editing is possible using The Gimp, an alternative to Photoshop that handles many image formats and contains a lot of tools for both artists and photo-retouchers.

Also installed is the ImageMagick suite, a collection of powerful command line utilities that allow ypu to perform all sorts of format conversion, resizing, image conversion, special effects, colour editing, etc. Although you can run these programs from the command line during an interactive login session, the main reason this suite is installed is so that you can actually run these programs from a web script written in Perl or PHP so that you can do a lot of exciting and adventurous things with images in real-time.

For interactive use there is a X-Window GUI frontend to the ImageMagick suite called display so you can use this from a Linux or UNIX system running a X-Windows server, or from a Windows PC running VistaExceed, by simply typing:

display

at the prompt and the GUI interface will open on ypur local screen and ypu can use your mouse to perform image edits. (This assumes that your local system is configured correctly to allow remote X-Windows clients to execute displays on your local system, and that you have configured your ssh client to allow X forwarding, etc. Troubleshooting X-Window System problems is beyond the scope of this page so if display doesn't work for you, have a look at the SSH pages.

If you are unfamiliar with the Linux packages you might want to use to create your homepage content in this way, you'll find the documentation on the system you have logged into as standard man pages for most packages:

man vim - about the Vi(Mproved) editor - see the Vim website for more information.

man emacs - about the emacs editor - see the emacs website for more information.

man ImageMagick - about the ImageMagick image manipulation suite - see the ImageMagick website for more information.

The GIMP doesn't have a man page (it is far too big and complex for plain man pages) but The Gimp website will have all the information you need.

About PHP

Those of you who are using the popular PHP server-side scripting language should note that in keeping with current good practice, register globals are 'off' on this server. This means that variables can no longer be passed to and from PHP scripts as plain parameters added onto a URL, for example - scripts now need to be written to pass variables in one of the variety of more secure methods available and any legacy scripts relying on global variables need to be updated. Disabling register globals has been the default setting ever since PHP version 4.2.0.

This is for security reasons - if you do not know what global variables are, or are unsure of the security issues, you'll find this explanantion useful. Having said this, global variables have their uses in re-entrant scripts, that is, scripts that contain a form and the action on submitting the form is to re-execute the same script. If you need to do this sort of thing, you can emulate global variabels within a script with this bit of PHP code:

// Emulate register_globals on
if ( ! ini_get('register_globals')) {
    $superglobals = array($_SERVER, $_ENV,
        $_FILES, $_COOKIE, $_POST, $_GET);
    if (isset($_SESSION)) {
        array_unshift($superglobals, $_SESSION);
    }
    foreach ($superglobals as $superglobal) {
        extract($superglobal, EXTR_SKIP);
    }
}


Andy Thomas

Research Computing Manager,
Department of Mathematics

last updated: 16.11.16