KICS: Web Hosting

Non-profits that don't have their own domain name, however, will use youraccount.kics.bc.ca.
In this case, replace youraccount with your KICS Account name.

Please review these pages carefully. If you still can't find the information you need, request assistance by submitting a Support Ticket.

Web Hosting

	How/where do I upload files to my web site?
	The easiest way to get started is to open your browser and type in this address: `ftp://user@kics.bc.ca` Replace the word `user` with your account name. (click to enlarge this image) The first screen shows you the main directory with mail folders and your = home folder. Double-click the folder labeled `user.kics.bc.ca` or, if you have your own domain name like `yoursite.com`, double-click the folder labeled `yoursite.com`. (click to enlarge this image) After you open the folder called `example.kics.bc.ca` you can add, read, modify and delete your web site files. To upload new files to your web site using Internet Explorer, drag the new files into the browser window. If you're updating an old file, you will be asked whether you want to overwrite the existing file. As soon as you have uploaded the files, you will be able to view them on your web site. (click to enlarge this image) In Netscape, upload files by choosing "Upload" from the File menu. After you upload `file.html`, you can see it online: `http://example.kics.bc.ca/file.html` A much better, long-term solution is to use a specially designed FTP client program. Several such programs can be downloaded for free on the internet. You can also use a secure (encrypted) file transfer program, like WinSCP.



	How do I get traffic statistics, like a hit counter?
	Visit your tools page: http://yoursite.com/tools Log in and then click the link to "traffic statistics."



	Do you support FrontPage?
	No, we don't use the FrontPage server extensions. Yes, you can design your site using FrontPage. When you upload files to the server, use FTP instead of the default FrontPage protocol.



	How do I use server side includes (SSI)?
	You can use server side includes in any HTML file. For example, to include the contents of a file at a given point in a page, do this: `<!--#include file="includethisfile.html" -->` To insert the output of a CGI program, do this: `<!--#include virtual="includethisprogram.cgi" -->` For more information, read the Server Side Includes section of the Apache web server documentation.



	How do I install CGI programs?
	CGI execution is enabled by default. Make sure the CGI program's filename ends with "`.cgi`". When you use FTP to upload the CGI file, make sure to use ASCII mode (it might be called "text mode"). Don't use binary mode. If your FTP program has an "automatic" setting, that should work. Make the file executable by using the following command in your FTP program, or from a shell prompt (if you're logged in by Telnet or SSH). `chmod 700 example.cgi`



	How do I install PHP programs?
	Make sure the PHP program's filename ends with "`.php`" or "`.php3`". Make the file executable by using the "`chmod`" command, just like you would for a CGI program (see above). PHP programs will only work if you have a file called "`php.cgi`" in your "`yoursite.com`" directory. This file is provided when your KICS Account is set up. If you delete it, you can restore it by logging in to your KICS Account via telnet or SSH and typing the following command: `cp -p /usr/local/bin/php ~/yoursite.com/php.cgi`



	How can I learn more about CGI/PHP/SSI?
	CGI programs are often written in Perl; try www.perl.com. For information about PHP, try www.php.net. Note that the KICS server uses the CGI version of PHP, not mod_php. The Apache web server documentation contains a section about Server Side Includes.



	How do I set up a password-protected area?
	If you want to restrict part of your web site, so that a password is required to use it, you can use HTTP authentication. Log in to your KICS Account using SSH, and set up at least one username and password. user@kics: ~ $ cd yoursite.com/secretplace/ user@kics: ~/yoursite.com/secretplace $ htpasswd -c .htpasswd userone New password: (type password here) Re-type new password: (type password again) Adding password for user userone user@kics: ~/yoursite.com/secretplace $ htpasswd .htpasswd usertwo [...] user@kics: ~/yoursite.com/secretplace $ htpasswd .htpasswd userthree [...] The first time you use htpasswd, you need "-c" meaning "create". Subsequent times you can leave it out. For more info, type "man htpasswd"; for a summary of options, just type "htpasswd" by itself. Create a file called `.htaccess` containing the following text. Put this file in the directory which you wish to protect. Require valid-user AuthUserFile /home/user/yoursite.com/secretplace/.htpasswd AuthGroupFile /dev/null AuthName "the secret place" AuthType basic Now, when you visit http://yoursite.com/secretplace, your browser will say something like "type username and password for the secret place at yoursite.com". In the above example, the "username" would be userone, usertwo, or userthree. (If you intend to use the same username/password pairs in other directories, put the .htpasswd file in /home/user/.htpasswd and make all the .htaccess files refer to that password file.) You can "log out" by quitting your browser.



	How do I turn off Apache directory listings?
	Make a file called `.htaccess` in the folder whose directory listings you want to turn off. Put the following text in the `.htaccess`file: `Options -Indexes` This will also turn off directory listings in all folders beneath that one; you can use "Options +Indexes" to turn them back on.



	How do I set up a custom error page?
	Make a file called `.htaccess` in your web site folder. Put the following text in the `.htaccess`file: `ErrorDocument 404 /error404.html` Instead of the default "404 Not Found" page, the server will send the contents of `error404.html`, just as if someone had requested `http://yoursite.com/error404.html`. Microsoft Internet Explorer 5 and 6 shows its own built-in error message ("the page could not be displayed") instead of your custom error page unless your custom error page is at least 512 bytes long. To work around this, Microsoft recommends adding 513 superfluous characters to the end of each error page. You can use the same technique to set up custom error pages for other errors: "401 Unauthorized", "403 Forbidden", "500 Internal Server Error", and so on. Rather than showing a page from your site, you can redirect errant browsers to another web site: `ErrorDocument 404 http://some-other-site.bc.ca/error404.html` However, if you use that technique with 401 errors, HTTP authentication will no longer work; the browser will get a "Redirect" message instead of an "Unauthorized" message, so it won't ask for a username and password.



	How do I use a custom PHP configuration file (php.ini)?
	The easiest way to do this is to put a `php.ini` file in the same directory as the PHP programs which require the custom configuration. For example, any settings in `/home/example/yoursite.com/custom/php.ini` will apply to files like `http://yoursite.com/custom/bar.php`. However, if you want your settings to apply to `http://yoursite.com/custom/foo/bar.php` as well, then you must have another copy of `php.ini` in `/home/example/yoursite.com/custom/foo/php.ini`. You should use `chmod` to set your `php.ini` file's mode (permissions) to 600. This prevents hackers from finding security problems by reading your configuration file. You can customize the PHP configuration for your entire web site -- rather than just one folder -- by creating an `.htaccess` file in your web site directory with the following code: `SetEnv PHPRC /home/example` . In this case, your configuration file should be stored in `/home/example/php.ini`. The system's default configuration file is `/usr/local/lib/php.ini`-- you may wish to use that file as a starting point for your custom `php.ini`. John Pritchard has contributed a more detailed explanation (below).



	Installing a custom `php.ini`file
	contributed by John Pritchard (3 October 2002) Situation It is sometimes desirable to have the ability to customize your PHP installation. For example, you might want to turn "register_globals" off or on, modify the level of error reporting, add "include" pathways, or other such details. While this ability might not be of interest to the everyday user, it can provide an individual with adequate technical knowledge a lot of power and flexibility. However, utilizing a customized php.ini file also involves RISK. Make sure you know what you are doing, and be willing to accept the responsibility that comes with using a modified "php.ini" file. Mission You will configure your Kootenay Internet Communications Society web hosting environment to utilize a custom php.ini. Execution The first thing you need to decide is WHERE you are going to put your custom php.ini file. I would strongly recommend that you place this file OUTSIDE of your web directory. While it might be convenient to place php.ini in your webroot, it is an obvious location and it may be possible for someone to read your php.ini file and look for security vulnerabilities. Instead, place your customized php.ini file outside of your webroot. [You can also avoid exposing your php.ini file by changing its permissions to 600 (-rw-------) but it is better to use more than one safeguard!] For example, let's assume your KICS username is "testbed" and your webroot directory is "testbed.kics.bc.ca". We will create a directory named "php_customization" to hold your custom php.ini file. In the following steps, I'll outline what you'll want to do once you've established shell access to your KICS Account via SSH or Telnet. See where you're at. testbed@kics:~ $ pwd /home/testbed Create the directory and add a "default" php.ini file. testbed@kics:~ $ mkdir php_customization testbed@kics:~ $ cd php_customization testbed@kics:~/php_customization $ cp /usr/local/lib/php.ini . testbed@kics:~/php_customization $ chmod 600 php.ini testbed@kics:~/php_customization $ ls php.ini testbed@kics:~/php_customization $ pwd /home/testbed/php_customization Create a PHP Information File. Now, we'll place a file in our webroot that will tell us what php.ini file is being used. [From now on, I'll just use a "$" to refer to the shell prompt. Comments will be in square brackets]. [switch to your webroot directory] $ cd /home/testbed/testbed.kics.bc.ca [create the file "report-php.php"] $ echo >report-php.php '<?php phpinfo(); ?>' We can now visit the "report-php.php" file in our webroot to view our php configuration settings. This is accomplished by simply opening the page in any web browser. You'll want to look for the line titled "Configuration File (php.ini) Path". By default, it should read: /usr/local/lib/php.ini Keep in mind that the information displayed by the "phpinfo();" command can also provide people with sensitive information about your setup. So, as with your custom php.ini file, you'll want to take steps to protect it. I recommend naming the file something cryptic and deleting it when you are finished. Point to your custom php.ini file. To complete your setup, we simply need to add an .htaccess file that redefines the PHPRC environment variable. Place this file in your webroot. $ cd /home/testbed/testbed.kics.bc.ca $ echo >.htaccess 'SetEnv PHPRC /home/testbed/php_customization' Visit PHP Info File and Confirm Customization Visit the PHP Info file you created (i.e. report-php.php), give it a refresh, and see if the Configuration File (php.ini) Path has changed. If you've done everything correctly, it should now read: /home/testbed/php_customization/php.ini Modify your custom php.ini file You can now modify the php.ini file in your "php_customization" directory and this file will be used by PHP in your webspace. Again, you need to know how to customize your php.ini file, but we're assuming you've got that one covered. Good luck!



	For system administrators
	The steps above outline what you need to do to use a custom php.ini on the KICS web server (kics.bc.ca). If you are trying to set up a similar environment somewhere else, there are a couple of other things you'll want to know. First, the KICS webserver uses FreeBSD 4.5 for the operating system. We're running Apache 1.3.27 with PHP 4.2.3 as a CGI. Apache runs as the "httpd" user. If you use PHP as a CGI ("standalone"), you'll need to add `PHPRC` to suexec's list of `safe_env_vars` in `src/support/suexec.c` so that the `PHPRC` environment variable gets passed through to `php.cgi`(this is done by the Apache suexec env patch at http://tomclegg.net/apache). After updating suexec.c, recompile suexec and install it: # make suexec # install -o root -g httpd -m 4010 suexec /usr/local/sbin/suexec # ls -l /usr/local/sbin/suexec ---S--x--- 1 root httpd 12088 Oct 2 23:17 /usr/local/sbin/suexec