The server configuration is done using Ansible. It's really easy to understand and modify. You can find the playbooks in /playbooks,

• The setup.yml file contains the main sequence of actions and tasks.
• When a configuration file is introduced by the playbook, i.e. isn't a pre-existing one, it's found in the files subdirectory and is transferred using the 'copy' action. Files that already exist on the server, that we are modifying, are found in templates and have Jinja2-style variable substitution. They are transferred using Ansible's 'template' action.
• Every value in a configuration file that is modified from the default will contain a variable substitution, so you know that looking in the settings.yml file will give you a complete overview of all the configuration that is modified from the server package default.

This playbook will setup your brand new Ubuntu 12.04 server to run the LAMP stack for training LAMP applications like Drupal and Wordpress. We install PHP, APC, sendmail, MySQL, Apache, vsftpd.

Apache is configured using a VirtualDocumentRoot, which means that when going to the following URLs...

http://sally.drupal.example.com
http://billy.drupal.example.com
http://jane.drupal.example.com

... Apache will serve pages from these corresponding document roots:

/home/sally/www/drupal
/home/billy/www/drupal
/home/jane/www/drupal

Other than this, the configuration is pretty standard.

If you'd like to run the controller on the same machine as the student environments, this playbook will automatically set it up for you. The Drupal distribution is automatically downloaded, and nginx is setup with php-fpm to run the controller site on port 8000.

The Training Wheels controller is a web interface that allows you to administer a server. It's inherently a risky thing to do from a server security viewpoint, however we've taken steps to mitigate the risk as much as possible. The php-fpm user has elevated privileges, but will only accept communication over a Unix socket that is owned by nginx. The student environments all use Apache and mod-php, so their environments don't run PHP with this privileged access.

The controller uses the Drupal distribution which is well tested and secure. Nevertheless, please take all precautions you deem necessary to protect the controller site from unauthorized access. If you add Drupal modules or change the default configuration of the site, you're increasing the risk.