Pivotree

Pivotree, formerly known as Tenzing, is a web hosting company.

Overview

ICOM has contracted the use of 4 physical servers under 2 accounts with Tenzing Managed IT Services of Toronto.

Account #97028

Account #97470

Support

A ticket is requested when contacting Pivotree Support. Account number may be required.

Servers

server9483

IP used for outbound traffic:

67.22.102.177

Deleting files older than 90 days in the current directory:

sudo find . -mtime +90 -exec rm {} \;

Which are the biggest vhosts?

sudo du --max-depth=1 /var/www/vhosts/ > vhost_folder_size.txt

Zip vhosts:

sudo tar -czvf teckapi.tar.gz teckapi/

Apache redirects

RewriteEngine OnRewriteCond %{REQUEST_URI} !=/index.phpRewriteCond %{REQUEST_URI} !\.(gif|jpe?g|png|css)$RewriteRule ^ /index.php [R=302]DocumentRoot /var/www/vhosts/disabled/webroot/htdocs


SSL

CSR

Before buying a Certificate, or asking our clients to provide one, a CSR needs to be generated from our web server.

sudo openssl req -new -newkey rsa:2048 -nodes -keyout shortname.key -out shortname.csr

Leave the CSR in a ssl folder for the vhost:

eg: /var/www/vhosts/shortname/webroot/ssl/

Certificate

Using the CSR text, purchase a PositiveSSL certificate from:


Namecheap

Certificate should be compatible with an Apache webserver running OpenSSL.

Copy certificates to a ssl directory of the vhost (replace "shortname"):

eg: /var/www/vhosts/shortname/webroot/ssl/

Bundle the intermediate certificates provided into one (replace "shortname"):

sudo cat AddTrustExternalCARoot.crt COMODORSAAddTrustCA.crt COMODORSADomainValidationSecureServerCA.crt > shortname.bundle

Apache conf

Edit/create an Apache HTTPS Virtual Host configuration file.

An example:

/etc/httpd/conf.d/vhosts/shell.conf

NameVirtualHost 67.22.102.183:80<VirtualHost 67.22.102.183:80> Use icomproductions_domains shell Redirect 301 / https://shell.icomproductions.ca/</VirtualHost>
NameVirtualHost 67.22.102.183:443<VirtualHost 67.22.102.183:443> Use icomproductions_domains shell Use films_common shell htsdocs Use films_aliases shell live htsdocs Use films_php_values shell live Use films_open_basedir shell live htsdocs Use films_directories shell live htsdocs
 SSLEngine on SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
 SSLCertificateKeyFile /var/www/vhosts/shell/ssl/shell2014.key SSLCertificateFile /var/www/vhosts/shell/ssl/shell2014.crt SSLCertificateChainFile /var/www/vhosts/shell/ssl/shell2014.bundle</VirtualHost>
<VirtualHost 67.22.102.179:80> Use icomproductions_subdomains shell staging Use films staging/shell staging</VirtualHost>

Apache changes?

Check status:

sudo service httpd status

Test any changes first:

sudo service httpd configtest

Graceful restart:

sudo service httpd graceful

IP addresses

Tenzing Public IPs

Unusable IPs

67.22.99.170 was bound to the server but is not part of one of your private subnets. It is unusable as it is on a vlan which is not configured on the switch your server is using. I have hence removed 67.22.99.170 from Server9483 (to avoid more confusion in the future) and have bound a new IP - 66.11.148.91 for you. Will you please update your configure files to use 66.11.148.91 and let us know how it works? Thanks! Nathan

Binding address

Ensure "20" is the next available device number:

cd /etc/sysconfig/network-scripts/ cp ifcfg-eth0:0 ifcfg-eth0:20 vi ifcfg-eth0:20

Edit file to contain your:

  • Device number, eg: ifcfg-eth0:20
  • Public IP Address, eg: 66.11.148.85

Restart and confirm:

/etc/init.d/network restart /sbin/ifconfig

Firewall

2013/07/08 18:35:41 BY Jason Manning This is what I am showing for Rules: FTP/SSH to server9641 199.202.144.0/24 199.202.144.192 199.202.144.204 208.98.233.6 SSH to Server9641 66.222.178.187 Full Trust all servers 216.13.179.146 SSH to server9483 209.82.26.132 FTPS Access 216.58.14.240 , 216.220.51.2 , 71.4.124.77 , 71.4.124.76 , 71.4.124.75 , 71.4.124.74 , 71.4.124.73 , 71.4.124.72 , 71.4.124.71 , 71.4.124.70 , 71.4.124.69 , 71.4.124.67 , 71.4.124.68 , 206.75.198.0/24 , 208.98.233.0/24 , 206.108.31.36 , 66.225.131.29 , 72.29.238.61 , 216.198.158.43 , 216.198.158.44 , 216.198.158.46 , 207.228.86.2 , 209.82.26.132 , 209.148.219.99 , 198.161.238.19 SSH Access 198.161.238.19 , 66.249.75.49 , 209.82.26.132 , 208.38.44.210 , 207.228.86.2 , 216.198.158.46 , 216.198.158.44 , 208.38.59.120 , 66.225.131.0/27 , 208.38.59.124 , 208.38.59.123 , 216.198.158.43 , 205.210.17.0/24 , 208.98.233.0/24 , 206.75.198.0/24 , 71.4.124.67 , 216.13.179.146 , 71.4.124.68 , 71.4.124.69 , 71.4.124.70 , 71.4.124.71 , 71.4.124.72 , 71.4.124.74 , 71.4.124.73 , 71.4.124.75 , 71.4.124.77 , 71.4.124.76

FTP Accounts

Whitelisting

In order to connect to our web server clients need this IP addresses whitelisted. This request can be made through Tenzing support:

URL: https://my.tenzing.com/SignIn.aspx

User Name: icom.support

Password:

Visit: Tickets >> Add Ticket >> Firewall

Current accounts

ICOM sets up FTP accounts for clients hoping to drop user lists into their FiLMS install and/or pulling enrollment exports produced by FiLMS. Passwords are kept secure here:

  • \\icomnt11\Private\Admin\ICOM IT\_Passwords\tenzing_films_ftp_accounts.txt

CNRL Horizon

  • Connection details
    • Host: cnrl.icomproductions.ca
    • Protocol: FTPeS
    • User: cnrl
    • Pass: (see passwords file noted above)

CNRL Training

  • Issuance
    • 2012-11-05
    • Ryan.Docksteader@cnrl.com
  • Connection details
    • Host: cnrltraining.icomproductions.ca
    • Protocol: SFTP
    • User: trimac
    • Pass: (see passwords file noted above)

Enerplus

  • Connection details
    • Host: sftp.icomproductions.ca
    • Protocol: SFTP
    • User: enerplus
    • Pass: (see passwords file noted above)

Mark's

  • Connection details
    • Host: mymarkslearning.com
    • Protocol: FTPeS
    • User: mymarkslearning.com
    • Pass: (see passwords file noted above)

Mark's

  • Connection details
    • Host: mymarkslearning.com
    • Protocol: FTPeS
    • User: marksftp
    • Pass: (see passwords file noted above)

Newalta

  • Connection details
    • Host: elearn.newalta.com
    • Protocol: FTPeS
    • User: newalta_transfer
    • Pass: (see passwords file noted above)

Precision Drilling

  • Connection details
    • Host: pd.icomproductions.ca
    • Protocol: FTPeS
    • User: pd
    • Pass: (see passwords file noted above)

Suncor Contractors

  • Issuance
    • February 07, 2013
    • Schultz, Tim
  • Connection details
    • Host: tenzing01.icomproductions.ca
    • Protocol: SFTP
    • User: suncorcontractorssftp
    • Pass: (see passwords file noted above)

Teck

  • Issuance
    • February 14, 2013
    • Dan Jackson
  • Connection details
    • Host: tenzing01.icomproductions.ca
    • Protocol: SFTP
    • User: teck_sftp
    • Pass: (see passwords file noted above)

TELUS Integrity

  • Connection details
    • Host: telus.icomproductions.ca
    • Protocol: FTPeS
    • User: telus_integrity
    • Pass: (see passwords file noted above)

Trimac

  • Issuance
    • 2012-10-05
    • Barry Reese
  • Connection details
    • Host: trimac.icomproductions.ca
    • Protocol: SFTP
    • User: trimac
    • Pass: (see passwords file noted above)

Database

Backups

Unknown? cd /data/backups/

server9822: cd /var/backup/db/

Size

SELECT table_schema "Data Base Name", sum( data_length + index_length ) / 1024 / 1024 "Data Base Size in MB" FROM information_schema.TABLES GROUP BY table_schema;

See also

Contacts

Networking team

  • Jason Liu
    • 877 767 5577 x454
    • 416-737-3395