Scratch Pad

rsync -av -e ssh  george@192.168.122.132:/cygdrive/c/receiver/   /home/george2/Desktop/rec  --rsync-path="c:\deltacopy\rsync.exe"<br>
 
http://www.diy.com/departments/triton-t80-easyfit-electric-shower-85kw/207706_BQ.prd<br>
 
https://onedrive.live.com/redir?resid=D25859C757A336DF!1190&authkey=!AJAlF9k43x4IqDM&ithint=folder%2c
 
 
 
!![=EZproxy=] for IP access
 
There are a small, but significant, number of Service Providers who are not yet Shibboleth compliant.  Fortunately they do seem to allow IP authentication.  However, this means that access to these resources is only available in College.  A proxy server (more correctly a URL mangler) has been installed to provide access to users from outside the College to these resources.
 
The software is [=EZproxy=] http://www.oclc.org/ezproxy/.  It is installed on the Shibboleth server(s) (prawn and prawn2) under the DNS of @@libprox.gold.ac.uk@@ and a wildcard entry of @@*.libprox.gold.ac.uk@@ - this is necessary for the hostname proxying.  Note: the @@libprox@@ entries  must be A records not CNAME records.
 
 
!!!Installation and Configuration
Installation is simply copying the downloaded binary into the relevant place (i.e. @@/usr/local/ezproxy/@@), following the instructions.  There are only two configuration files: @@/usr/local/ezproxy/user.txt@@ and @@/usr/local/ezproxy/config.txt@@.  Remember to copy over these files to @@prawn2.gold.ac.uk@@ if you make any changes.
 
The first (@@user.txt@@) contains an admin username/password so that someone can access the admin interfact.  Then it contains two LDAP entries, the first pointing to @@rhubarb@@ the second to @@custard@@.  When authenticating a user the file is read in order, this means that if it is not the admin user logging in, [=EZproxy=] wil first try to authenticate the user against @@rhubarb@@ and if there is no response from @@rhubarb@@ it will try @@custard@@.  Attach:user.txt
 
The second (@@config.txt@@) contains:
*@@Name libprox.gold.ac.uk@@ - the entry for the name of the server
*@@[=RunAs nobody:nobody=]@@ - to ensure it runs as an unprivileged user
*@@Option [=ProxyByHostname=]@@ - the option to proxy by hostname (better than by port)
*@@[=LoginPortSSL=] 9443@@ - do an encrypted connection for login on port 9443 (443 is already in use)
*@@Option [=ForceHTTPSLogin=]@@ - force the encrypted login on port 9443 even if not specified in the referring url.
*@@[=ExcludeIP=] 158.223.0.0-158.223.255.255@@ - do not proxy if the requesting machine has a Goldsmiths IP
*@@[=IncludeIP=] 158.223.X.X@@ - proxy this machine even though it is a Goldsmiths machine (optional)
 
 
Then there is a list of the sites for which the server is proxying.  These are listed under the database section. They are invariably in the format:
--> Title Name of Journal
--> URL   http://www.journalsite.com
--> DJ    journalsite.com
 
Other options are:
* @@Host@@ which is the hostname of the server, but this is implied by @@URL@@ so is not necessary if it is the same as the @@URL@@.
* @@Domain@@ which is the domain name (duh), but it is better to use the javascript version @@DJ@@ as in the example above.  This will allow access to @@www.journalsite.com@@, @@search.journalsite.com@@, @@anything.journalsite.com@@ etc..  It is unnecessary unless the journal links to different hosts (e.g. @@www.newjournalsite.com@@), in which case use another @@DJ@@ entry.
* @@HJ@@ which is @@[=HostJavascript=]@@, again this is implied by the @@URL@@ and the @@DJ@@ lines so is unnecessary unless the actual domain changes.
 
Attach:config.txt
 
 
Any changes to these two files will require a restart to [=EZproxy=]
 
Obviously the server's local firewall and the College's firewall need to allow connections on these ports.
 
!!!Starting / Stopping [=EZproxy=]
Run: @@/usr/local/ezproxy/ezproxy start@@  This will start it in the background.  Startup messages are printed to @@/usr/local/ezproxy/messages.txt@@.  To start it up in the foreground just run the binary with no argument.  To stop it when running in the background: @@/usr/local/ezproxy/ezproxy stop@@, or simply @@ctrl-c@@ if running in the foreground.  Once you're happy with the install, running @@./ezproxy -si@@ will install all the necessary @@init.d@@ files for it to start up at boot time.
 
!!!Licence
A commercial licence has been purchased by the Library for this.  It runs for 1 year - it will expire on 31st October, 2011.  The licence key for this year is: @@m4pau9n5bq@@.  To apply the key: @@/usr/local/ezproxy/ezproxy -k m4pau9n5bq@@.  No restart is required.  See Chris Levey for renewing the licence.
 
!!!SSL
A wildcard SSL certificate is required (@@*.libprox.gold.ac.uk@@).  As JANET does not issue free wildcard certificates a free wildcard certificate has been obtained from ipsca.com.  This certificate will expire in 27th January 2012.  The easiest way to deal with certificates is to use the admin web interface: http://libprox.gold.ac.uk:2048/admin  No, really, they make it VERY easy!  The admin username/password is in the @@user.txt@@ file.  You will need the IPSCA chaining certificate @@IPS-IPSCABUNDLE.CRT@@, which should be in the @@/usr/local/ezproxy@@ directory, and the @@libprox.key@@
 
'''NOTE:''' The new root CA for IPSCA is not currently bundled in any web browser other than MS Explorer: which begs the question why not sign our own...  This means that all mac and linux users, and all windows users who don't use MSE, will have to accept the root CA manually.  A pdf has been produced explaining to users how to do this: http://www.gold.ac.uk/media/AcceptingLibProxCertificate.pdf
 
 
!!!Branding
The default pages that are served up by [=EZproxy=] are found in the @@/usr/local/ezproxy/docs@@ directory.  These are simple html files which are easily branded.  Any images and CSS files should go into @@/usr/local/ezproxy/docs/public@@.  The same CSS used by Shibboleth has been placed in the @@public@@ folder and where possible the branding is set to look as similar as possible to the Shibboleth login page.  Attach:docs.tar.txt
 
!!!Links on Library Webpages
Once a Journal has been set up in the @@config.txt@@ file to be proxied, the Library has to put a URL on their webpage pointing to the proxied site.  The URL basically comprises @@[=http://libprox.gold.ac.uk:2048/login?url==]@@ followed by the actual URL of the journal.  e.g. @@[=http://libprox.gold.ac.uk:2048/login?url=http://anthrosource.net=]@@
 
NOTE: on the Library's SFX server the proxy URL should be entered in the Admin Centre as: @@[=http://libprox.gold.ac.uk:2048/login=]@@  Do '''not''' put the @@?url=@@ part in as this is supplied automatically by the SFX server and you end up with an additional @@?url=@@ (or @@%3furl%3d@@ to be precise) in the middle of the URL which then produces an error when you log in.
 
!!!Troubleshooting
We have had a small number of users not being able to access things via the proxy.  They get a message like "unable to open the page".  The reason for this we suspect is because they are behind a firewall which is preventing access on certain ports (e.g. they are trying to access the sites from their place of work which has a stringent firewall).  The ports used for the proxy are non-standard ports: for example they are NOT part of the [=EduRoam=] agreement.  So users may also be experiencing difficulty when logged into another university's wireless network. At this point all we can do is tell the user to contact the network/systems people at the place they are having trouble at and enquire about having ports 2048 and 9443 (and also the SFX server opens a pop-up window on an odd port) opened up.