Information about our department server, which is primarily used to host the websites of laboratories and individuals and to back up and share files.
Department server
The department server at botany.natur.cuni.cz runs on a single-processor SuperMicro server with AMD EPYC 7232P 3.1 GHz (8 cores, 16 threads), disk arrays are mirrored on 2 x 4 TB HDD and 2 x 1920 GB SSD disks giving a total capacity of almost 6 TB. The operating system is openSUSE GNU/Linux (version Leap 15.5). The web server is Apache 2.4. Also available are PHP 8, MariaDB (binary compatibility with MySQL) and PostgreSQL. To access data it is possible to use SSH/SFTP/SCP, see connection instructions below. To easily access databases, users can use phpMyAdmin and phpPgAdmin.
If you are interested in a user account, contact the administrator. The basic disk space capacity is 4 GB (notification threshold) and after exceeding 4.3 GB your access will be blocked. If you need more space, you can get more upon request. You can use standard SFTP for access (port 22, server botany.natur.cuni.cz, encoding UTF-8). Consult the connection instructions below.
Linux treats files and directories beginning with a dot as system files, so they are hidden. If you are not using an SFTP client compatible with UNIX permissions, it may happen that you won’t see such files. In this case, in the client settings it is necessary to enable viewing of hidden files. Total Commander needs an additional module, Altap Salamander (the faculty has a license) and works well with this from the get go. For this specific purpose the best choice for Windows is probably WinSCP (but it’s a fully standard protocol, so the choice of programs is practically unlimited). Also be aware that Linux distinguishes character size. So if you have a link on the page to the file "page.html", but the file is really called "Page.HTML", it’s not going to work (error 404, not found). We also recommend naming files WITHOUT diacritics and WITHOUT spaces, because when moving through the network these characters get coded into standard ASCII, a process which often generates errors.
Every user generally has the following directories in his/her basic home directory:
- documents
- public_html, where you can place your website (whatever you place there will be accessible to anyone at the address https://botany.natur.cuni.cz/user/). If for any reason you want to prevent access, it is possible to explicitly disable the page in the server settings so that even if something is in the folder, outside visitors will not be able to see it.
Every day all data is backed up on the CESNET data storage. Backup is always synced with the current files.
Administrator
If you have a question, ask.
Blocking after repeated failures to log in
To increase security, the server now uses the Fail2ban program, which tracks unsuccessful login attempts on SSH, SFTP and for web services, and if there are five unsuccessful attempts in one minute, the IP address of the given computer will be blocked. This means that if someone tries to get on FTP after it has been blocked by Fail2ban, then they will not be looking at the Department website (which is generally fine). The blocking period has been set for one entire month. Of course, it may happen that an authorized user just can’t remember their password. In such case, they might consider blocking to be just punishment for a bad memory, or they can contact the administrator and ask for their account to be unblocked. To unblock an account, it is absolutely necessary for the innocent victim to know the IP address that they want unblocked (cannot be done without this)! You can find out your IP address in Windows by entering ipconfig /all in the command line. For Linux (or another UNIX) you will enter the command ifconfig -a or ip a s. Be careful, because these commands (in laptops) display information about both the wired and wireless card – you must select the one you were using when the blocking occurred. You can also use services like What Is My IP, but sometimes the result is not exact.
More information about IT (on the Department of Botany)
- Information Technology Centre
- WiFi at the Faculty
- Charles University Information System
- Charles University Authentication Service (CAS)
Instructions for connecting to the SFTP server of the Department of Botany
Connecting to the department sever through a secure file transfer protocol.
Connecting to the SFTP server of the Department of Botany is simple and even though this can be done using a countless number of programs, the principle is always the same. You must enter the following information:
- Server (host): botany.natur.cuni.cz
- Protocol: SFTP, SCP or SSH2
- Port: 22
- User name and password ;-)
Every SSH server (which runs SFTP) has a unique fingerprint to ensure the user knows which server he/she is connecting to and that the connection is secure. Upon initial login, you must accept the Botany key. If this changes in the future, the program will emphatically warn you. The current key is listed below. If the key is different, that means that the communication may not be secure (man in the middle attack). Current key (in bold):
botany:~ # ssh-keygen -lf /etc/ssh/ssh_host_rsa_key 2048 SHA256:LxKIIYG/ky3OgryBGd8i1VdczAIpkOrtXOjJsHNVqQc root@botany (RSA)
botany:~ # ssh-keygen -lf /etc/ssh/ssh_host_ecdsa_key 256 SHA256:7PsUqRc3L2c5+gyvo0mmiOnWxs28PdknoS+KzgvADVA root@botany (ECDSA)
botany:~ # ssh-keygen -lf /etc/ssh/ssh_host_ed25519_key 256 SHA256:nLNg1x0KIeVDs4proTtW42VIqceRuEfNgnAQuz+RHAo root@botany (ED25519)
You can also verify this from the command line of your Linux machine (or from Mac OS X or Windows using Cygwin):
$ nmap botany.natur.cuni.cz --script ssh-hostkey ... | ssh-hostkey: | 2048 a5:96:33:20:a0:02:cf:17:fc:9d:74:bc:dd:5c:a1:06 (RSA) | 256 51:03:87:05:7e:7d:fc:f3:7b:42:f7:f4:ef:ae:45:80 (ECDSA) |_ 256 da:d1:07:d8:58:0a:ba:c1:b4:64:5c:d0:33:3c:a3:79 (ED25519) ...
But be careful. If you use this command on the faculty system, in 10 minutes your faculty network will automatically disconnect (nmap is often used for exploration before an attack). :-)
There is a shared account available for transferring files or a variety of accounts for work groups. Ask someone who knows for the name and password. ;-) If you want to set up an account, either private or shared with multiple users, contact the administrator.
We also recommend naming files WITHOUT diacritics and WITHOUT spaces, because when moving through the network these characters get coded into standard ASCII, a process which often generates errors.
Multiplatform
FileZilla is powerful universal tool.
Windows
We recommend using WinSCP, a plugin which provides access from the Altap Salamander administrator. But there are of course other possibilities.
UNIX (Linux, Mac OS X, Solaris and others)
Again, there are countless options. For example we use gFTP, which is available in practically all Linux versions (a few clicks in software administrator). It is also available for Mac OS X and other UNIX-based operating systems.
Linux
In practically all Linux file managers you can enter the address in address bar in the following formats - sftp://USER@botany.natur.cuni.cz/ or sftp://USER@botany.natur.cuni.cz:22/ and hit Enter. Then you enter your password.
Databases on departmental server
MariaDB (MySQL) and PostgreSQL databases are available on the departmental server.
On the departmental server, following database servers are available:
- MariaDB 15 Distrib 10 (binary compatible with MySQL) - web interface https://botany.natur.cuni.cz/phpMyAdmin/
- PostgreSQL 10.0 - web interface https://botany.natur.cuni.cz/phpPgAdmin/
If you wish to use some database, contact administrator and he will set it up. MariaDB is accessible only from web applications from the server - it is not possible to connect to it from another computer. PostgreSQL is accessible from any computer over the network: server is botany.natur.cuni.cz, port 5432, database name, you can get user name and password from administrator. It can be used in applications allowing sharing of data through database. Server is running recent versions supported by developers. If You wish to use some web application (content management system) using database, make sure it works with available database versions. SSH access is not allowed (with some exceptions).
MariaDB daily, weekly and monthly is backed up with AutoMySQLBackup. PostgreSQL has daily and weekly backups. You can find them in your home folder in the zaloha_db directory. Old backups are deleted. Older backups have lower density. Oldest backups are about 8 months old.
phpMyAdmin for web management of MariaDB
https://botany.natur.cuni.cz/phpMyAdmin/ Language should be determined from web browser settings. If not, use "Jazyk - Language" dropdown menu.
phpPgAdmin for web management of PostgreSQL
https://botany.natur.cuni.cz/phpPgAdmin/ Language should be determined from web browser settings. If not, use "Jazyk - Language" dropdown menu.
pgAdmin and other tools to work with PostgreSQL
There are plenty of applications which you can install to your computer and connect to PostgreSQL database and facilitate work. A list is on the PostgreSQL website. Probably the most common is multiplatform open-source pgAdmin. Application is available in many languages and has a lot of functions.
Geneious
The DNA sequencing laboratory is maintaining multi-license for the Geneious software. Upon request they send you login information. One of the functions is enables data sharing among users. Click on Shared Databases in left-hand menu. Then to Connect to a database, Direct SQL Connection and enter your login information. See the following image. Do not try to modify the data using a web interface or application like pgAdmin. Data have a complicated structure which you would probably damage. It is possible to connect to one database from various versions of Geneious at version 5.6 and higher.
Git on the Department Server
Our server runs the Git version control system. If for any reason you don't want to use a public server, you can use the department server.
Git is a distributed version control system. It is fundamentally simple but offers an enormous range of features.
Creating a New Project
First, you need to create a new Git repository on the department server. Users without SSH access to the department server must request it from the administrator. Users with SSH access can create the Git repository themselves:
# Create a new empty directory mkdir NewProject # Initialize the server-side Git repository git init --bare
Initializing a Git Repository on the User's Side
If you already have some files or want to store new files in Git, you first need to initialize a new Git repository:
# Create a new empty directory for the new project mkdir NewProject # OR move to a directory with existing files cd path/to/NewProject # In any case, you need to initialize the Git repository git init # Add the remote repository git remote add origin USER@botany.natur.cuni.cz:/path/to/repository/NewProject # Add the first files to the repository git add ... # As needed and appropriate... git commit -m "Comment..." # Or something similar, as needed... # First push to the server git push --set-upstream origin master # Then continue working as usual... vim ... git commit -a -m "Description..." git push
Cloning and Working with an Existing Repository
This needs to be done on any other computer, and any additional users must also do this:
# Clone an existing repository git clone USER@botany.natur.cuni.cz:/path/to/repository/NewProject # Enter the project directory cd NewProject # Modify the files... # Commit the changes git commit -a -m "Log entry..." git push # And continue working as usual...
Fetching Changes from the Repository
Such actions are necessary when working on multiple computers or collaborating with multiple users:
# Fetch and download changes git fetch # Merge changes, update the local working directory git pull
Permission Management
Permissions on the server side are governed by standard UNIX rules. The Git repository must have permissions set for the appropriate user or group, either through standard UNIX commands (chmod and chgrp) or using ACLs. Users with SSH access can set this up to some extent on their own; others must request the administrator to set it up. Depending on the needs of the specific project, a special user and/or group can be created. In any case, it is best to consult with the administrator.
Additional Resources
This extremely brief guide does not cover even a small percentage of Git's functions. Specifically, it does not cover working with tags, branches, logs, etc. Nor is it intended to. It only covers the specifics of installing Git on the department server.
Perhaps the best source of information is the freely available book Pro Git by Scott Chacon:
For basic orientation and work, a simple guide that also contains links to additional resources may suffice.
There are also numerous graphical clients available for Git, and many file managers (especially on Linux) can work directly with Git.