startup considerations: SSL and server space

60 views
Skip to first unread message

Adam Cox

unread,
Apr 15, 2014, 9:54:03 AM4/15/14
to arches...@googlegroups.com
Hello all, I'll be deploying arches in the fall, but I have some up front planning (and learning!) to do right now.  The deployment will be on a brand new server to be housed here at the National Center for Preservation Technology and Training (NPS).  I'm new to server admin (though I have support in that regard) so I have some questions for optimization of the deployment.

1.  Any recommendations on which SSL certificate to go with?  I believe it is a foregone conclusion that we will have an SSL for the domain, but I also know it can cause complications.  I'd like to know if anyone has recommendations, especially with the idea of serving WMS/WFS from this server, or potentially pulling basemap data from elsewhere.

2.  Anyone who has installed arches and loaded the sample data, about how much server space does that take up?  Just curious for a baseline metric.

Thanks!

Adam Cox

unread,
Apr 15, 2014, 9:55:22 AM4/15/14
to arches...@googlegroups.com
Or, perhaps an SSL cert. is a really really bad idea.  That would be good feedback too.


--
-- To post, send email to arches...@googlegroups.com. To unsubscribe, send email to archesprojec...@googlegroups.com. For more information, visit https://groups.google.com/d/forum/archesproject?hl=en
---
You received this message because you are subscribed to a topic in the Google Groups "Arches Project" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/archesproject/GmP_NUSfIq0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to archesprojec...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Van Daele, Koen

unread,
Apr 15, 2014, 10:12:24 AM4/15/14
to Adam Cox, arches...@googlegroups.com

Hi Adam,

 

As soon as you plan to expose Arches or any other piece of software to the internet, SSL is a necessity. Since a few years we have started deploying every site over SSL, even fairly low risk ones. We also don’t do mixed http/https sites.

 

Generally it complicates matters slightly, but not too much. Actual configuration will rather depend on your setup. If you have a typical apache+mod_wsgi setup, apache will need to be configured to handle SSL termination. The impact on Arches itself should be minimal.

 

When it comes to using basemap data, you need to be sure that the basemap provider also provides https versions of those maps, otherwise your users will get these irritating mixed content messages and security warnings. If you basemap provider doesn’t provide an SSL version, you can proxy the map locally, but this does have an impact on performance. In this case it’s better to not only proxy, but also cache them. You might like to use something like http://mapproxy.org (also in python) for this.

 

Cheers,

Koen

 

Koen Van Daele

Applicatiebeheerder

M +32 (0)499 94 93 68  |  T +32 (0)2 553 16 82

You received this message because you are subscribed to the Google Groups "Arches Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to archesprojec...@googlegroups.com.

Utsav

unread,
Apr 15, 2014, 11:15:56 AM4/15/14
to arches...@googlegroups.com
Hii Adam.


 I'll be deploying arches in the fall  

That's great!


Anyone who has installed arches and loaded the sample data, about how much server space does that take up?

From the Arches V2.0 Documentation 

10GB minimum to install the codebase and test dataset, but diskspace requirements will vary greatly
depending on the size of your dataset !


Cheers 
Utsav

Adam Cox

unread,
Apr 15, 2014, 2:18:28 PM4/15/14
to arches...@googlegroups.com
Thanks Utsav! I guess I did a bad job of reading that page...

Koen, thanks very much for the SSL information.  I'm glad to learn about mapproxy, and that the authentication certificate will not close doors to external data. 

From Alexei's response on this thread thread https://groups.google.com/forum/#!searchin/archesproject/apache/archesproject/zKa_0pzFN7A/3e3afOKYNpYJ it looks like I can run arches straight from within virtualenv, and don't actually have to use Apache at all.  Is this correct?  Still a beginner when it comes to server software...

Thanks for the resposes.


--

Van Daele, Koen

unread,
Apr 16, 2014, 2:48:47 AM4/16/14
to Adam Cox, arches...@googlegroups.com

Hi Adam,

 

Virtualenv is very important in that it isolates your python code and versions of your packages from the rest of the system. But is has no bearing on the webserver software used.

 

The runserver that comes with Arches is a part of a standard Django installation. It is a server intended for development purposes only. Do NOT use this in production unless you are just running a local install for yourself on your own laptop (and even then). But since you’re looking into SSL certificaties, you’ll be needing something else anyway. See this part of the Django manual for more info: https://docs.djangoproject.com/en/1.5/howto/deployment/wsgi/ Setting up with Apache and mod_wsgi will probably be easiest. Apache can also take care of SSL for you. Other options I’ve seen used are eg. nginx + uWSGI. There generally are quite a few available. That part of the Django manual and a few Google searches should get you started.

 

Cheers,

Koen

 

Koen Van Daele

Applicatiebeheerder

M +32 (0)499 94 93 68  |  T +32 (0)2 553 16 82

 


Verzonden: dinsdag 15 april 2014 20:18
Aan: arches...@googlegroups.com

You received this message because you are subscribed to the Google Groups "Arches Project" group.

To unsubscribe from this group and stop receiving emails from it, send an email to archesprojec...@googlegroups.com.

Reply all
Reply to author
Forward
0 new messages