Pivotree
Pivotree
Embedded Files
Pivotree, formerly known as Tenzing, is a web hosting company.
Overview
Overview
ICOM has contracted the use of 4 physical servers under 2 accounts with Tenzing Managed IT Services of Toronto.
Account #97028
Account #97470
Support
Support
A ticket is requested when contacting Pivotree Support. Account number may be required.
- URL: https://www.sparkred.com/sd/servicedesk/customer/portal/8/user/login
- User: mjohnson@icomproductions.ca
Servers
Servers
server9483
IP used for outbound traffic:
67.22.102.177
Deleting files older than 90 days in the current directory:
sudo find . -mtime +90 -exec rm {} \;Which are the biggest vhosts?
sudo du --max-depth=1 /var/www/vhosts/ > vhost_folder_size.txtZip vhosts:
sudo tar -czvf teckapi.tar.gz teckapi/Apache redirects
RewriteEngine OnRewriteCond %{REQUEST_URI} !=/index.phpRewriteCond %{REQUEST_URI} !\.(gif|jpe?g|png|css)$RewriteRule ^ /index.php [R=302]DocumentRoot /var/www/vhosts/disabled/webroot/htdocsSSL
SSL
CSR
Before buying a Certificate, or asking our clients to provide one, a CSR needs to be generated from our web server.
sudo openssl req -new -newkey rsa:2048 -nodes -keyout shortname.key -out shortname.csrLeave the CSR in a ssl folder for the vhost:
eg: /var/www/vhosts/shortname/webroot/ssl/
Certificate
Using the CSR text, purchase a PositiveSSL certificate from:
Namecheap
Certificate should be compatible with an Apache webserver running OpenSSL.
Copy certificates to a ssl directory of the vhost (replace "shortname"):
eg: /var/www/vhosts/shortname/webroot/ssl/
Bundle the intermediate certificates provided into one (replace "shortname"):
sudo cat AddTrustExternalCARoot.crt COMODORSAAddTrustCA.crt COMODORSADomainValidationSecureServerCA.crt > shortname.bundleApache conf
Edit/create an Apache HTTPS Virtual Host configuration file.
An example:
/etc/httpd/conf.d/vhosts/shell.conf
NameVirtualHost 67.22.102.183:80<VirtualHost 67.22.102.183:80> Use icomproductions_domains shell Redirect 301 / https://shell.icomproductions.ca/</VirtualHost>NameVirtualHost 67.22.102.183:443<VirtualHost 67.22.102.183:443> Use icomproductions_domains shell Use films_common shell htsdocs Use films_aliases shell live htsdocs Use films_php_values shell live Use films_open_basedir shell live htsdocs Use films_directories shell live htsdocs
SSLEngine on SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
SSLCertificateKeyFile /var/www/vhosts/shell/ssl/shell2014.key SSLCertificateFile /var/www/vhosts/shell/ssl/shell2014.crt SSLCertificateChainFile /var/www/vhosts/shell/ssl/shell2014.bundle</VirtualHost>
<VirtualHost 67.22.102.179:80> Use icomproductions_subdomains shell staging Use films staging/shell staging</VirtualHost>
Apache changes?
Apache changes?
Check status:
sudo service httpd statusTest any changes first:
sudo service httpd configtestGraceful restart:
sudo service httpd gracefulIP addresses
IP addresses
Unusable IPs
67.22.99.170 was bound to the server but is not part of one of your private subnets. It is unusable as it is on a vlan which is not configured on the switch your server is using. I have hence removed 67.22.99.170 from Server9483 (to avoid more confusion in the future) and have bound a new IP - 66.11.148.91 for you. Will you please update your configure files to use 66.11.148.91 and let us know how it works? Thanks! Nathan
Binding address
Binding address
Ensure "20" is the next available device number:
cd /etc/sysconfig/network-scripts/ cp ifcfg-eth0:0 ifcfg-eth0:20 vi ifcfg-eth0:20
Edit file to contain your:
- Device number, eg: ifcfg-eth0:20
- Public IP Address, eg: 66.11.148.85
Restart and confirm:
/etc/init.d/network restart /sbin/ifconfig
Firewall
Firewall
2013/07/08 18:35:41 BY Jason Manning This is what I am showing for Rules: FTP/SSH to server9641 199.202.144.0/24 199.202.144.192 199.202.144.204 208.98.233.6 SSH to Server9641 66.222.178.187 Full Trust all servers 216.13.179.146 SSH to server9483 209.82.26.132 FTPS Access 216.58.14.240 , 216.220.51.2 , 71.4.124.77 , 71.4.124.76 , 71.4.124.75 , 71.4.124.74 , 71.4.124.73 , 71.4.124.72 , 71.4.124.71 , 71.4.124.70 , 71.4.124.69 , 71.4.124.67 , 71.4.124.68 , 206.75.198.0/24 , 208.98.233.0/24 , 206.108.31.36 , 66.225.131.29 , 72.29.238.61 , 216.198.158.43 , 216.198.158.44 , 216.198.158.46 , 207.228.86.2 , 209.82.26.132 , 209.148.219.99 , 198.161.238.19 SSH Access 198.161.238.19 , 66.249.75.49 , 209.82.26.132 , 208.38.44.210 , 207.228.86.2 , 216.198.158.46 , 216.198.158.44 , 208.38.59.120 , 66.225.131.0/27 , 208.38.59.124 , 208.38.59.123 , 216.198.158.43 , 205.210.17.0/24 , 208.98.233.0/24 , 206.75.198.0/24 , 71.4.124.67 , 216.13.179.146 , 71.4.124.68 , 71.4.124.69 , 71.4.124.70 , 71.4.124.71 , 71.4.124.72 , 71.4.124.74 , 71.4.124.73 , 71.4.124.75 , 71.4.124.77 , 71.4.124.76
FTP Accounts
FTP Accounts
Whitelisting
Whitelisting
In order to connect to our web server clients need this IP addresses whitelisted. This request can be made through Tenzing support:
URL: https://my.tenzing.com/SignIn.aspx
User Name: icom.support
Password:
Visit: Tickets >> Add Ticket >> Firewall
Current accounts
Current accounts
ICOM sets up FTP accounts for clients hoping to drop user lists into their FiLMS install and/or pulling enrollment exports produced by FiLMS. Passwords are kept secure here:
- \\icomnt11\Private\Admin\ICOM IT\_Passwords\tenzing_films_ftp_accounts.txt
CNRL Horizon
- Connection details
- Host: cnrl.icomproductions.ca
- Protocol: FTPeS
- User: cnrl
- Pass: (see passwords file noted above)
CNRL Training
- Issuance
- 2012-11-05
- Ryan.Docksteader@cnrl.com
- Connection details
- Host: cnrltraining.icomproductions.ca
- Protocol: SFTP
- User: trimac
- Pass: (see passwords file noted above)
Enerplus
- Connection details
- Host: sftp.icomproductions.ca
- Protocol: SFTP
- User: enerplus
- Pass: (see passwords file noted above)
Mark's
- Connection details
- Host: mymarkslearning.com
- Protocol: FTPeS
- User: mymarkslearning.com
- Pass: (see passwords file noted above)
Mark's
- Connection details
- Host: mymarkslearning.com
- Protocol: FTPeS
- User: marksftp
- Pass: (see passwords file noted above)
Newalta
- Connection details
- Host: elearn.newalta.com
- Protocol: FTPeS
- User: newalta_transfer
- Pass: (see passwords file noted above)
Precision Drilling
- Connection details
- Host: pd.icomproductions.ca
- Protocol: FTPeS
- User: pd
- Pass: (see passwords file noted above)
Suncor Contractors
- Issuance
- February 07, 2013
- Schultz, Tim
- Connection details
- Host: tenzing01.icomproductions.ca
- Protocol: SFTP
- User: suncorcontractorssftp
- Pass: (see passwords file noted above)
Teck
- Issuance
- February 14, 2013
- Dan Jackson
- Connection details
- Host: tenzing01.icomproductions.ca
- Protocol: SFTP
- User: teck_sftp
- Pass: (see passwords file noted above)
TELUS Integrity
- Connection details
- Host: telus.icomproductions.ca
- Protocol: FTPeS
- User: telus_integrity
- Pass: (see passwords file noted above)
Trimac
- Issuance
- 2012-10-05
- Barry Reese
- Connection details
- Host: trimac.icomproductions.ca
- Protocol: SFTP
- User: trimac
- Pass: (see passwords file noted above)
Database
Database
Backups
Backups
Unknown? cd /data/backups/
server9822: cd /var/backup/db/
Size
Size
SELECT table_schema "Data Base Name", sum( data_length + index_length ) / 1024 / 1024 "Data Base Size in MB" FROM information_schema.TABLES GROUP BY table_schema;
See also
See also
Contacts
Contacts
Networking team
Networking team
- Jason Liu
- 877 767 5577 x454
- 416-737-3395
Page updated
Report abuse