There are several ways to access and edit files on your webserver or upload new files. This article explains the options.


Overview

Two access methods are available: using SSH via an acces host (gateway) or using the FTP server of the LRZ.

For both, you log in with the function ID (Funktionskennung) of the web site and the corresponding password. We suggest you select a secure connection method like SFTP (less error-prone on Windows) or SCP, so your login credentials and files will be encrypted during transmission. Most upload tools support encryption these days.

If you are using a content management system like Joomla! or WordPress, an administration interface (backend) may offer additional options. Make sure you are using HTTPS when logging in.


Host names and supported protocols


Access host (restricted to MWN)

FTP Server (world-wide accessible)

Host/Server name

webdev02-lmu.lrz.de (LMU)
webdev02-tum.lrz.de (TUM)
webdev02-mwn.lrz.de (MWN)

ftp.lrz.de

Supported protocols

SSH, SCP, SFTP

SCP, SFTP, FTPS, FTP

Client software (selection)

There are many programs for data transfer and interactive access. The following represents a selection:



Interactive access via SSH

Using SSH you can login at so-called access hosts (gateways) with the functional ID (Funktionskennung) of your site and manage your files there. The access hosts support most common Linux commands.

The names of the access hosts are:

  • webdev02-lmu.lrz.de (für sites of LMU)

  • webdev02-tum.lrz.de (for sites of TUM)

  • webdev02-mwn.lrz.de (for all other sites)

Access via SSH is only possible from IP addresses of the MWN (Münchener Wissenschaftsnetz). If you need access from outside of MWN, like from home, you need to set up a VPN connection first. The login user for the VPN connection may be different from the site's functional ID.


SSH fingerprints of the access host

ECDSA

SHA256:PNzhFS43k7KBdltZrztBoSs7fr6gKV6glkqs4rzMlkU

ED25519

SHA256:kVL9fpG42CQm3Cks+DEKSh5x/V/uF2EndT35y6NMoE0

RSA

SHA256:1eLmbsCTxKA1LZTcFC9yBYlyJhS0t2XXqGxbbR3mCWs

Data transfer by SCP, SFTP, FTPS or FTP

Unlike the access hosts, the LRZ's FTP server is word-wide accessible. We recommend choosing a protocol that uses encryption to protect your data from unauthorized access and modification. Encrypted protocols are SCP, SFTP and FTPs. A suitable client program is FileZilla, which is available for Windows, Linux and Mac.

Data area of your webserver

Each web site has its own directory in the file system. When loggin in with SSH or SFTP you are automatically led to this directory. The exact path is given in the e-mail confirming the site's creation. It is build from

  • the NFS volume for the institution (/nfs/web_tum/www/ or /nfs/web_lmu/www/ or /nfs/web_mwn/www/),

  • a www/ directory,

  • a directory consisting of the last letter of your site's ID, and

  • a directory named after your's ID.

A complete path could look like this

/nfs/web_lmu/www/p/mu73zop

In the web directory is a directory named webserver/htdocs. This is the document directory (DocumentRoot). Its content is served by the webserver if you access the domain name without any additional path. Files ending with .php within this directory are being run as PHP programs by the webserver. Other files are send as-is by the webserver. An exception are files named .htaccess, which you can use to modify some webserver settings. Upon creation of the site, we place a start page index.html in this directory.You can modify or remove it.

Files in the directory /webserver/config/ are not accessible via HTTP. You can place password files or other data here.

Command line: determine PHP interpreter version

Several versions of the PHP interpreter are available on the access hosts. The standard command php may not use the intended version. You can check this with php -v.

user@webdev02:~$ php -v
PHP 7.4.2 (cli) (built: Jan 23 2020 14:09:40) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
    with Zend OPcache v7.4.2, Copyright (c), by Zend Technologies


It is recommended to use the same version as your website at the command line or in cron jobs, and to state the full path explicitly. The paths of all available interpreters can be listed with update-alternatives --list php.

/usr/bin/php
/usr/bin/php7.2
/usr/bin/php7.3
/usr/bin/php7.4

Usually,  /usr/bin/php points via symlink(s) to the most recent PHP version.


Troubleshooting

In case of problems accessing your files, you should first check the password status in the IdM-Portal. Should the password not be "expired", but "Start password", you have to set a proper password before the account is usable. The status "Startpasswort" will also be set if a Master User resets the password (in case the old one is lost).

Be aware that access hosts are have a naming scheme like webdev02... since March 2020.

Database password are not managed at the IdM portal, but at the database server.

Please note that you need to set up an VPN connection when logging in from outside the MWN.

  • No labels