From: Bill Erickson Date: Thu, 6 Mar 2014 20:47:36 +0000 (-0500) Subject: LP#1268619: websockets : additional apache config docs X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=bb424c1424193e4db340e3f6e17a939dc1dd821a;p=working%2FOpenSRF.git LP#1268619: websockets : additional apache config docs Signed-off-by: Bill Erickson Signed-off-by: Galen Charlton --- diff --git a/README.websockets b/README.websockets index 0b94fd3..639e080 100644 --- a/README.websockets +++ b/README.websockets @@ -1,46 +1,27 @@ - -Websockets installation instructions for Debian: +Websockets installation instructions for Debian # TODO: Most of this can be scripted. -# TODO: Better handling of external dependencies (websocket_plugin.h). -# as root +# ! as root ! +# Perform these steps after installing OpenSRF. + +# install the apache-websocket module +% cd tmp # or wherever +% git clone https://github.com/disconnect/apache-websocket +% cd apache-websocket +% apxs2 -i -a -c mod_websocket.c +# create the websocket Apache instance # see also /usr/share/doc/apache2/README.multiple-instances % sh /usr/share/doc/apache2.2-common/examples/setup-instance websockets -% cp examples/apache2/websockets.conf /etc/apache2-websockets/sites-available/ - -# activate the websockets configuration -% a2ensite-websockets websockets.conf - -# deactivate the default site -% a2dissite-websockets default - -# remove most of the mods with this shell script - -MODS=$(apache2ctl-websockets -M | grep shared | grep -v 'Syntax OK' | sed 's/_module//g' | cut -d' ' -f2 | xargs); -for mod in $MODS; do - if [ $mod = 'mime' -o $mod = 'ssl' -o $mod = 'websocket' ]; then - echo "* Leaving module $mod in place"; - else - echo "* Disabling module $mod"; - a2dismod-websockets $mod; - fi; -done +# remove from the main apache instance +% a2dismod websocket -# follow the instructions for installing Apache mod_websockets at -# https://github.com/disconnect/apache-websocket +# update configs +% cp /path/to/OpenSRF/examples/apache2/websockets/apache2.conf /etc/apache2-websockets/ -# copy the headers into place so OpenSRF can compile -% cp $LOCATION_OF_APACHE_WEBSOCKET_CHECKOUT/websocket_plugin.h src/gateway/ - -# install OpenSRF - -# remove the websocket module from the default OpenSRF Apache instance -% a2dismod osrf_websocket_translator - -# optional: add these configuration variables to +# OPTIONAL: add these configuration variables to # /etc/init.d/apache2-websockets/envvars and adjust as needed. # export OSRF_WEBSOCKET_IDLE_TIMEOUT=60 # export OSRF_WEBSOCKET_IDLE_CHECK_INTERVAL=5 @@ -49,7 +30,7 @@ done # # IDLE_TIMEOUT specifies how long we will allow a client to stay connected # while idle. A longer timeout means less network traffic (from fewer -# websocket CONNECT calls), but it also means more Apache processes are +# websocket CONNECT calls), but it also means more Apache processes are # tied up doing nothing. # # IDLE_CHECK_INTERVAL specifies how often we wake to check the idle status @@ -59,8 +40,7 @@ done # # CONFIG_FILE / CTXT are the standard opensrf core config options. -# After OpenSRF is up and running, fire up the secondary Apache instance -# errors will appear in /var/log/apache2-websockets/error.log -% /etc/init.d/apache2-websockets restart - - +# After OpenSRF is up and running (or after any re-install), +# fire up the secondary Apache instance errors will appear in +# /var/log/apache2-websockets/error.log +% /etc/init.d/apache2-websockets start diff --git a/examples/apache2/websockets.conf b/examples/apache2/websockets.conf deleted file mode 100644 index 6b8433a..0000000 --- a/examples/apache2/websockets.conf +++ /dev/null @@ -1,43 +0,0 @@ -# :vim set syntax apache -# -# This is the top-level configuration file for the -# apache2-websockets instance. For example, in Debian -# this file lives in /etc/apache2-websockets/sites-available/ - -LogLevel info -# - log locally -CustomLog /var/log/apache2-websockets/access.log combined -ErrorLog /var/log/apache2-websockets/error.log -# Add the PID to the error log (Apache 2.4 only) -# ErrorLogFormat "[%t] [%P] [%l] [pid %P] %F: %E: [client %a] %M" - -# ---------------------------------------------------------------------------------- -# Set up our SSL virtual host -# ---------------------------------------------------------------------------------- -Listen 7682 -NameVirtualHost *:7682 - - DocumentRoot /var/www - ServerName localhost:7682 - ServerAlias 127.0.0.1:7682 - SSLEngine on - SSLHonorCipherOrder On - SSLCipherSuite ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM - - # re-use the certs from the main apache instance - SSLCertificateFile /etc/apache2/ssl/server.crt - SSLCertificateKeyFile /etc/apache2/ssl/server.key - - -Listen 7680 -NameVirtualHost *:7680 - - ServerName localhost:7680 - ServerAlias 127.0.0.1:7680 - DocumentRoot /var/www - - - - SetHandler websocket-handler - WebSocketHandler /usr/lib/apache2/modules/osrf_websocket_translator.so osrf_websocket_init - diff --git a/examples/apache2/websockets/apache2.conf b/examples/apache2/websockets/apache2.conf new file mode 100644 index 0000000..0aaca73 --- /dev/null +++ b/examples/apache2/websockets/apache2.conf @@ -0,0 +1,73 @@ +# This is the main Apache server configuration file for the OpenSRF +# WebSockets gateway. + +# if we don't want to run as "opensrf", change the LockFile +LockFile ${APACHE_LOCK_DIR}/accept.lock +PidFile ${APACHE_PID_FILE} +User ${APACHE_RUN_USER} +Group ${APACHE_RUN_GROUP} + +DefaultType None +HostnameLookups Off +ErrorLog ${APACHE_LOG_DIR}/error.log +LogLevel warn + +# only affects the initial connection, which should be quick. +Timeout 30 + +# WebSockets is KeepAlive on steroids +KeepAlive Off + + + StartServers 5 + MinSpareServers 5 + MaxSpareServers 20 + # use ServerLimit to raise beyond 256 + MaxClients 256 + MaxRequestsPerChild 0 + + +# include the exact mods we need +Include mods-available/mime.load +Include mods-available/mime.conf +# SSL requires mime +Include mods-available/ssl.load +Include mods-available/ssl.conf +Include mods-available/websocket.load + +LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined +LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %O" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent + +# WebSockets via SSL +Listen 7682 +NameVirtualHost *:7682 + + DocumentRoot /var/www + ServerName localhost:7682 + ServerAlias 127.0.0.1:7682 + SSLEngine on + SSLHonorCipherOrder On + SSLCipherSuite ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM + + # re-use the certs from the main apache instance + SSLCertificateFile /etc/apache2/ssl/server.crt + SSLCertificateKeyFile /etc/apache2/ssl/server.key + + +# WebSockets via non-SSL +Listen 7680 +NameVirtualHost *:7680 + + ServerName localhost:7680 + ServerAlias 127.0.0.1:7680 + DocumentRoot /var/www + + +# OpenSRF WebSockets gateway + + SetHandler websocket-handler + WebSocketHandler /usr/lib/apache2/modules/osrf_websocket_translator.so osrf_websocket_init +