Difference between revisions of "Mhttpd"

From MidasWiki
Jump to navigation Jump to search
Line 1: Line 1:
 
{{Pagelinks}}
 
{{Pagelinks}}
 
= Links =
 
= Links =
<div style="column-count:3;-moz-column-count:3;-webkit-column-count:3">
+
{{mhttpdpages3|[[Mhttpd.js|MIDAS Javascript Library]]|[[odbedit]]|[[Security]]}}
* [[Status Page]]
+
 
* [[Programs Page]]
 
* [[ODB Page]]
 
* [[Alarms Page]]
 
* [[MSCB Page]]
 
* [[Custom Page]]
 
* [[Chat Page]]
 
* [[Mhttpd.js|MIDAS Javascript Library]]
 
* [[odbedit]]  
 
* [[Security]]
 
</div>
 
  
 
= Purpose =
 
= Purpose =
The <span style="color:darkcyan;">''mhttpd''</span> utility runs the '''MIDAS Web Server''' which allows the user to communicate with an experiment using any web browser. It is used primarily for run control.  
+
The {{Utility|name=mhttpd}} utility runs the '''MIDAS Web Server''' which allows the user to communicate with an experiment using any web browser. It is used primarily for run control.  
  
 +
= Enhanced security =
 +
The latest version (post May 2015) of {{Utility|name=mhttpd}} is now explicitly linked with OpenSSL to provide secure HTTPS connections via the [https://bitbucket.org/tmidas/midas/src/ecb9a8537448a8a43f7f9a2bfdb82e578208cde3/doc/mongoose/?at=develop Mongoose] web server. Web access to {{Utility|name=mhttpd}} can be restricted by using the [[#Access Control List|Access Control List]]. 
 +
 +
Building without OpenSSL is supported (see [https://midas.triumf.ca/elog/Midas/1069]).
 +
 
= Arguments =
 
= Arguments =
 +
If using an older version (before May 2015), see [[#Insecure (pre-May 2015) versions|old server]] argument list.
  
    -p port       : port number e.g. 8081 (no default). See [[#Usage|usage]].
+
  --mg [port,port,port] : use the mongoose web server (default) on specified ports
    --mg          : listens on port 8443. See [[#Usage|usage]].
+
                              (defaults are taken from ODB). See [[#Usage|usage]].
 +
  --nomg                    : use the old mhttpd web server
 +
  --oldserver [port]        : use the old web server on given port
 +
  --nooldserver            : do not use the old mhttpd web server
 
   [-h hostname ]  : see [[Common Parameters to MIDAS Utilities]]
 
   [-h hostname ]  : see [[Common Parameters to MIDAS Utilities]]
 
   [-e experiment] : see [[Common Parameters to MIDAS Utilities]]
 
   [-e experiment] : see [[Common Parameters to MIDAS Utilities]]
Line 31: Line 30:
  
 
= Usage =
 
= Usage =
If Web [[Security]] is an issue, use the command
 
: mhttpd --mg   
 
to start the web server.  See [[#HTTPS/SSL server (mongoose)|mhttpd HTTPS/SSL server]] for more information.
 
  
 +
: mhttpd --mg
 +
or
 +
: mhttpd --mg 8443s,8080r
 +
 +
to start the web server. Starting {{Utility|name=mhttpd}} like this will redirect the default HTTP port of 8080 to the secure HTTPS port 8443. If the ports are not supplied, the default ports will be read from the ODB key [[/Experiment ODB tree#Mongoose listening_port|Mongoose listening_port]]. If ports are supplied, their values will overwrite the default values stored in the ODB. When {{Utility|name=mhttpd}} is started with a secure port for the first time, a SSL certificate and password need to be created. See [[#HTTPS/SSL server (mongoose)|mhttpd HTTPS/SSL server]] for more information.
 +
 +
If {{Utility|name=mhttpd}} is started on IP host machine "myhost" using the default ports, the [[#Features|''Midas status page'']] can be accessed by pointing a web browser to
 +
https://myhost.mydomain:8443
 +
or to
 +
http://myhost.mydomain:8080 which will be redirected automatically to https://myhost.mydomain:8443
  
If Web Security is not a concern, or if running behind a firewall, the command '''mhttpd -p port''' can be used to start the web server (http version). In this case, the TCP/IP port number is '''required''' as an argument in order to listen to the web-based request.
+
The automatic redirect will be convenient for users who are used to using {{Utility|name=mhttpd}} with a particular HTTP port (e.g. 8080) for their experiment.  
<br>e.g. if mhttpd is started on IP host machine "myhost" on port 8081 as follows
 
: mhttpd -p 8081 -D
 
access to the [[#Features|''Midas status page'']] can be obtained by pointing a web browser to
 
  http://myhost.mydomain:8081
 
  
 
;Note  
 
;Note  
 
If [[Exptab|multiple experiments]] run on the same host, a web server for each experiment must be started on a different port, e.g.
 
If [[Exptab|multiple experiments]] run on the same host, a web server for each experiment must be started on a different port, e.g.
           mhttpd -e expt1 -p 8081 -D
+
           mhttpd -e expt1 --mg 8443s,8080r -D
           mhttpd -e expt2 -p 8082 -D
+
           mhttpd -e expt2 --mg 8444s,8081r -D
 
 
 
 
  
  
 
= Features =
 
= Features =
[[Mhttpd]] provides a means for run control including monitoring of the run parameters.
+
The Midas web server {{Utility|name=mhttpd}} provides a means for run control including monitoring of the run parameters.
 
Its main feature is a web page invoked through any web browser accessing the Midas experimental URL at a defined port (see [[#Usage|Usage]]).   
 
Its main feature is a web page invoked through any web browser accessing the Midas experimental URL at a defined port (see [[#Usage|Usage]]).   
 
 
  
 
The contents of this '''Midas status page''' is composed with minimal information relative to the experiment. It contains a collection of buttons and links to other pages to further describe and control the configuration of the experiment.  
 
The contents of this '''Midas status page''' is composed with minimal information relative to the experiment. It contains a collection of buttons and links to other pages to further describe and control the configuration of the experiment.  
Line 88: Line 86:
 
Other features include a JSON interface and Javascript library used for implementing interactive [[Custom Page|custom pages]] for MIDAS experiments.
 
Other features include a JSON interface and Javascript library used for implementing interactive [[Custom Page|custom pages]] for MIDAS experiments.
  
= HTTPS/SSL server (mongoose) =
+
<br>
 +
--------
 +
<br>
 +
 
 +
 
 +
= HTTPS/SSL server (Mongoose) =
  
The HTTPS/SSL server is activated using "mhttpd --mg" (instead of -p) and it listens on port 8443.
+
The HTTPS/SSL ([https://bitbucket.org/tmidas/midas/src/ecb9a8537448a8a43f7f9a2bfdb82e578208cde3/doc/mongoose/?at=develop Mongoose]) server is activated using "mhttpd --mg" and by default it listens on port 8443.
  
The example SSL certificate provided in midas git is self-signed, for instructions on generating your own  
+
The example SSL certificate provided in midas git is self-signed, and it should be replaced with your own certificate. For instructions on generating your own signed certificate, remove it and run "mhttpd --mg" - it will print the correct instructions.
signed certificate, remove it and run "mhttpd --mg" - it will print the correct instructions.
 
  
 +
[user@dasdevpc2 test]$ rm /home/user/packages/midas/ssl_cert.pem   
 +
[user@dasdevpc2 test]$ mhttpd
 +
Web server will listen on ports "8080r,8443s"
 +
[mhttpd,ERROR] [mhttpd.cxx:17086:mongoose,ERROR] cannot find SSL certificate file "/home/user/online/test/ssl_cert.pem"
 +
[mhttpd,ERROR] [mhttpd.cxx:17087:mongoose,ERROR] please create SSL certificate file: openssl req -new -nodes -newkey rsa:2048
 +
-sha256 -out  ssl_cert.csr -keyout ssl_cert.key; openssl x509 -req -days 365 -sha256 -in ssl_cert.csr -signkey ssl_cert.key
 +
-out ssl_cert.pem; cat ssl_cert.key >> ssl_cert.pem
 +
could not start the mongoose web server, see messages and midas.log, bye!
 +
 +
Once a valid certificate is generated (or if using the example certificate as below) when mhttpd is restarted, you will need to create a password file
 +
 
 +
[user@dasdevpc2 test]$ mhttpd
 +
Web server will listen on ports "8080r,8443s"
 +
Web server will use SSL certificate file "/home/user/packages/midas/ssl_cert.pem"
 +
[mhttpd,ERROR] [mhttpd.cxx:17137:mongoose,ERROR] mongoose web server cannot find password file "/home/user/online/test/htpasswd.txt"
 +
[mhttpd,ERROR] [mhttpd.cxx:17138:mongoose,ERROR] please create password file: htdigest -c /home/user/online/test/htpasswd.txt test midas
 +
could not start the mongoose web server, see messages and midas.log, bye!
 +
 +
[user@dasdevpc2 test]$ htdigest -c /home/user/online/test/htpasswd.txt test midas
 +
Adding password for midas in realm test.
 +
New password:
 +
Re-type new password:
 +
[user@dasdevpc2 test]$ mhttpd
 +
Web server will listen on ports "8080r,8443s"
 +
Web server will use SSL certificate file "/home/user/packages/midas/ssl_cert.pem"
 +
Web server will use authentication realm "test", password file "./htpasswd.txt"
 +
 +
 +
Access to the [[#Features|''Midas status page'']] can be obtained by pointing a web browser to
 +
https://myhost.mydomain:8443
 +
The first time you connect you will be asked for a username and password. Enter "midas" and the password you created.
  
 
Documentation for the version of mongoose included with MIDAS can be found at [http://ladd00.triumf.ca/~daqweb/doc/midas-devel/doc/mongoose/ Mongoose documentation].  
 
Documentation for the version of mongoose included with MIDAS can be found at [http://ladd00.triumf.ca/~daqweb/doc/midas-devel/doc/mongoose/ Mongoose documentation].  
  
 
For more information see [https://midas.triumf.ca/elog/Midas/1062 Elog note 1062]
 
For more information see [https://midas.triumf.ca/elog/Midas/1062 Elog note 1062]
 +
 +
== Access Control List ==
 +
By default, web access to the Midas web server mhttpd is not restricted. Mongoose provides an Access Control List (ACL) to restrict access to the web server. The ACL is contained in the ODB key [[/Experiment ODB tree#Mongoose access_control_list|Mongoose access_control_list]].
 +
 +
 +
= HTTP only (pre-May 2015) versions =
 +
 +
;Note
 +
* If Web [[Security]] is an issue, update to the latest version of mhttpd which uses HTTPS/OpenSSL.
 +
* HTTP-only (pre-May2015) versions of mhttpd should only be used behind a firewall
 +
 +
== Arguments (old version) ==
 +
 +
    -p port        : port number e.g. 8080 (no default). See [[#Usage|usage]].
 +
  [-h hostname ]  : see [[Common Parameters to MIDAS Utilities]]
 +
  [-e experiment] : see [[Common Parameters to MIDAS Utilities]]
 +
  [-v]            : display verbose HTTP communication
 +
  [-D]            : starts program as a daemon
 +
  [-E]            : only display ELog system
 +
  [-H]            : only display history plots
 +
  [-a hostname]  : only allow access for specific host(s). Several [-a Hostname] statements might be given
 +
  [-help] 
 +
 +
== Usage (old version) == 
 +
The command '''mhttpd -p port''' can be used to start the web server (http version). In this case, the TCP/IP port number is '''required''' as an argument in order to listen to the web-based request.
 +
<br>e.g. if mhttpd is started on IP host machine "myhost" on port 8081 as follows
 +
: mhttpd -p 8081 -D
 +
access to the [[#Features|''Midas status page'']] can be obtained by pointing a web browser to
 +
http://myhost.mydomain:8081
 +
 +
;Note
 +
If [[Exptab|multiple experiments]] run on the same host, a web server for each experiment must be started on a different port, e.g.
 +
          mhttpd -e expt1 -p 8081 -D
 +
          mhttpd -e expt2 -p 8082 -D
 +
 +
 +
  
 
[[Category:Utilities]]
 
[[Category:Utilities]]
 
[[Category:Web server mhttpd]]
 
[[Category:Web server mhttpd]]
 
[[Category:Run control]]
 
[[Category:Run control]]

Revision as of 16:33, 30 July 2015


Links



Purpose

The mhttpd utility runs the MIDAS Web Server which allows the user to communicate with an experiment using any web browser. It is used primarily for run control.

Enhanced security

The latest version (post May 2015) of mhttpd is now explicitly linked with OpenSSL to provide secure HTTPS connections via the Mongoose web server. Web access to mhttpd can be restricted by using the Access Control List.

Building without OpenSSL is supported (see [1]).

Arguments

If using an older version (before May 2015), see old server argument list.

  --mg [port,port,port] : use the mongoose web server (default) on specified ports
                             (defaults are taken from ODB).  See usage.
  --nomg                    : use the old mhttpd web server
  --oldserver [port]        : use the old web server on given port
  --nooldserver             : do not use the old mhttpd web server
  [-h hostname ]  : see Common Parameters to MIDAS Utilities
  [-e experiment] : see Common Parameters to MIDAS Utilities
  [-v]            : display verbose HTTP communication
  [-D]            : starts program as a daemon
  [-E]            : only display ELog system
  [-H]            : only display history plots
  [-a hostname]   : only allow access for specific host(s). Several [-a Hostname] statements might be given
  [-help]         : display usage information

Usage

mhttpd --mg

or

mhttpd --mg 8443s,8080r

to start the web server. Starting mhttpd like this will redirect the default HTTP port of 8080 to the secure HTTPS port 8443. If the ports are not supplied, the default ports will be read from the ODB key Mongoose listening_port. If ports are supplied, their values will overwrite the default values stored in the ODB. When mhttpd is started with a secure port for the first time, a SSL certificate and password need to be created. See mhttpd HTTPS/SSL server for more information.

If mhttpd is started on IP host machine "myhost" using the default ports, the Midas status page can be accessed by pointing a web browser to

https://myhost.mydomain:8443

or to

http://myhost.mydomain:8080 which will be redirected automatically to https://myhost.mydomain:8443

The automatic redirect will be convenient for users who are used to using mhttpd with a particular HTTP port (e.g. 8080) for their experiment.

Note

If multiple experiments run on the same host, a web server for each experiment must be started on a different port, e.g.

          mhttpd -e expt1 --mg 8443s,8080r -D
          mhttpd -e expt2 --mg 8444s,8081r -D


Features

The Midas web server mhttpd provides a means for run control including monitoring of the run parameters. Its main feature is a web page invoked through any web browser accessing the Midas experimental URL at a defined port (see Usage).

The contents of this Midas status page is composed with minimal information relative to the experiment. It contains a collection of buttons and links to other pages to further describe and control the configuration of the experiment.

  • Minimal display on the main Status Page
    • Experiment name, time & date, page refresh rate
    • Standard Menu Buttons (see below)
    • User defined buttons (e.g. alias links, run scripts, custom pages etc.)
    • run comments and condition display section (if enabled)
    • Equipment list with current running condition, number of event received, event rate, data rate for each equipment.
    • Data logging statistics (number of event recorded, data size recorder, compression factor, usage storage level) if enabled.
    • Secondary Data logging (data mover) with statistics if enabled.
    • Single line of the most recent Midas message.
    • Table of the current applications connected to this experiment.
  • Standard Menu Buttons
    • Transition the state of the run (stopped/running/paused), allows user running condition parameters to be entered at the start state (see Edit-on-start Parameters).
    • Access to the full Online Database for data display and/or data content modification.
    • Display the Message Page, which shows messages generated by the MIDAS [Message System]] as well as the user using cm_msg() functions.
    • Access to ELOG Page switches to the predefined "electronic logbook".
    • Access to the Alarms Page for monitoring the different type of alarms (evaluated, programs, internals, periodic).
    • Access to the Programs Page for a status or interaction with the current running applications part of the Midas experiment.
    • Access to the History Page for graphical data representation of any ODB variables and acquired data.
    • Access to the Midas Slow Control Bus devices MSCB Page connected to this experiment.
    • Access to the Sequencer Page control/monitoring page for Sequencer i.e. interactive loading/saving/running of a run sequence based on any ODB parameters.
    • Access to the Chat Page for communication between users on the same experiment.
    • Access to the Help Page with short-cut to the Midas Help documentation resource and other information.
  • Links
    • links to all the listed equipments invoking a dedicated page for the display and possible control of the equipment parameters.
    • link to the logger configuration (if present) for the data recording.
    • link to the possible secondary logging configuration parameters (if present).

Other features include a JSON interface and Javascript library used for implementing interactive custom pages for MIDAS experiments.





HTTPS/SSL server (Mongoose)

The HTTPS/SSL (Mongoose) server is activated using "mhttpd --mg" and by default it listens on port 8443.

The example SSL certificate provided in midas git is self-signed, and it should be replaced with your own certificate. For instructions on generating your own signed certificate, remove it and run "mhttpd --mg" - it will print the correct instructions.

[user@dasdevpc2 test]$ rm /home/user/packages/midas/ssl_cert.pem    
[user@dasdevpc2 test]$ mhttpd
Web server will listen on ports "8080r,8443s"
[mhttpd,ERROR] [mhttpd.cxx:17086:mongoose,ERROR] cannot find SSL certificate file "/home/user/online/test/ssl_cert.pem"
[mhttpd,ERROR] [mhttpd.cxx:17087:mongoose,ERROR] please create SSL certificate file: openssl req -new -nodes -newkey rsa:2048
-sha256 -out  ssl_cert.csr -keyout ssl_cert.key; openssl x509 -req -days 365 -sha256 -in ssl_cert.csr -signkey ssl_cert.key 
-out ssl_cert.pem; cat ssl_cert.key >> ssl_cert.pem
could not start the mongoose web server, see messages and midas.log, bye!

Once a valid certificate is generated (or if using the example certificate as below) when mhttpd is restarted, you will need to create a password file

[user@dasdevpc2 test]$ mhttpd
Web server will listen on ports "8080r,8443s"
Web server will use SSL certificate file "/home/user/packages/midas/ssl_cert.pem"
[mhttpd,ERROR] [mhttpd.cxx:17137:mongoose,ERROR] mongoose web server cannot find password file "/home/user/online/test/htpasswd.txt"
[mhttpd,ERROR] [mhttpd.cxx:17138:mongoose,ERROR] please create password file: htdigest -c /home/user/online/test/htpasswd.txt test midas
could not start the mongoose web server, see messages and midas.log, bye!
[user@dasdevpc2 test]$ htdigest -c /home/user/online/test/htpasswd.txt test midas
Adding password for midas in realm test.
New password:
Re-type new password:
[user@dasdevpc2 test]$ mhttpd
Web server will listen on ports "8080r,8443s"
Web server will use SSL certificate file "/home/user/packages/midas/ssl_cert.pem"
Web server will use authentication realm "test", password file "./htpasswd.txt"


Access to the Midas status page can be obtained by pointing a web browser to

https://myhost.mydomain:8443

The first time you connect you will be asked for a username and password. Enter "midas" and the password you created.

Documentation for the version of mongoose included with MIDAS can be found at Mongoose documentation.

For more information see Elog note 1062

Access Control List

By default, web access to the Midas web server mhttpd is not restricted. Mongoose provides an Access Control List (ACL) to restrict access to the web server. The ACL is contained in the ODB key Mongoose access_control_list.


HTTP only (pre-May 2015) versions

Note
  • If Web Security is an issue, update to the latest version of mhttpd which uses HTTPS/OpenSSL.
  • HTTP-only (pre-May2015) versions of mhttpd should only be used behind a firewall

Arguments (old version)

   -p port        : port number e.g. 8080 (no default). See usage.
  [-h hostname ]  : see Common Parameters to MIDAS Utilities
  [-e experiment] : see Common Parameters to MIDAS Utilities
  [-v]            : display verbose HTTP communication
  [-D]            : starts program as a daemon
  [-E]            : only display ELog system
  [-H]            : only display history plots
  [-a hostname]   : only allow access for specific host(s). Several [-a Hostname] statements might be given
  [-help]  

Usage (old version)

The command mhttpd -p port can be used to start the web server (http version). In this case, the TCP/IP port number is required as an argument in order to listen to the web-based request.
e.g. if mhttpd is started on IP host machine "myhost" on port 8081 as follows

mhttpd -p 8081 -D

access to the Midas status page can be obtained by pointing a web browser to

http://myhost.mydomain:8081
Note

If multiple experiments run on the same host, a web server for each experiment must be started on a different port, e.g.

          mhttpd -e expt1 -p 8081 -D
          mhttpd -e expt2 -p 8082 -D