Previous: Configuration Contents and Introduction Next: Recommendations

Running a "local" web server on the IntraComm platform

We offer DGs the possibility to run a "local" web server on the IntraComm platform. The same IntraComm web server will be used, but the starting point will be different. For example, the user will enter an URL "http://www.cc.cec/DGXY/" to access the home page for dgxy's local web data. All the corresponding web pages can be uploaded on the "intracomm.staging.cc.cec.eu.int" FTP server under "/local_sites/htdocs/DGXY", as described in the chapter on uploading data.

Note: We write the DGs' name in UPPERcase for "local" data, and in lowercase for "public" data.

One advantage of using the IntraComm environment to host "local" web sites is that, one way or another, IntraComm is accessible from anywhere. The pages under "http://www.cc.cec/DGXY/" can be accessed from elsewhere through "https://intracomm.cec.eu.int/DGXY/", provided that the CUID, which is required to access "https://intracomm.cec.eu.int", is allowed to access the 'local' web site.

Locating the dissemination version of the 'local' web site

The production version of the 'local' web site can be located either on the IntraComm production platform, or on the staging server.
Using the IntraComm production platform implies that the IntraComm architecture will be followed: updates to the web site will be uploaded on the staging server and transferred for publication using the updating procedures described in the corresponding chapter.
You can also choose to have your information providers upload their updates immediately on the 'live' server. In that case the data will remain on the staging server.

Access restrictions

"Local" web services are per definition ... "local", and access to these services has to be restricted. If access to this information would not be restricted, then it would need to be considered as being part of the public IntraComm web server, which contents are managed by the Internal Communications team of DG Admin.
Access restrictions can be applied based upon IP addresses and/or userids/groups.
Using IP addresses, or IP sub nets, to restrict the access is transparent to the end user, but has turned out to be difficult to manage. Especially the dynamic allocation of IP addresses is causing problems.
We therefore recommend to use basic authentication instead. When using basic authentication (userid/password) then the "central userid" (CUID) that is kept in the "central user database" (CUD) will be used. For accesses from outside the Commission's Intranet only basic authentication can be used.
All that needs to be done is to create a new "service" in the CUD and define who has access to that service.
Both types of access restrictions can be combined: requests coming from IP addresses that are not listed as being allowed access, will then be returned with a request for userid and password.

CGI scripts and programs

The scripts and programs that are used for local web servers running on our system, should reside in the central cgi-bin sub directory: scripts and programs created for IntraComm can also be used for the "local" web servers.
CGI scripts and programs that are specific to a local service will be kept in a sub directory of the central cgi-bin sub directory (giving some thing like: /cgi-bin/DGXY/a_script.pl). Access to this sub directory can then be restricted using the same rules as for the corresponding web pages.

The CGI scripts and programs can only be loaded and updated by members of the web team.

More information about CGI scripts on our web server can be found in the corresponding chapter.

Data Centre