From d7dc11a11851843c441a599f1294845456b259cc Mon Sep 17 00:00:00 2001 From: Dan Scott Date: Wed, 28 Sep 2011 23:06:19 -0400 Subject: [PATCH] Remove an installation step: Listen 443 uncommenting Every distribution known to man ships Apache listening on port 443, so installers always have to comment out the "Listen 443" directive - so why not just comment it out ourselves and save a step in the installation instructions? Also, merge Apache configuration instructions from master. Signed-off-by: Dan Scott --- Open-ILS/examples/apache/eg.conf | 2 +- README | 97 +++++++++++++++++++++++++++++++++++----- 2 files changed, 86 insertions(+), 13 deletions(-) diff --git a/Open-ILS/examples/apache/eg.conf b/Open-ILS/examples/apache/eg.conf index e2138197b9..3bf5696c45 100644 --- a/Open-ILS/examples/apache/eg.conf +++ b/Open-ILS/examples/apache/eg.conf @@ -102,7 +102,7 @@ ExpiresByType text/css A3000 # ---------------------------------------------------------------------------------- # Set up our SSL virtual host # ---------------------------------------------------------------------------------- -Listen 443 +#Listen 443 NameVirtualHost *:443 DocumentRoot "/openils/var/web" diff --git a/README b/README index 921ec8c2dd..51601e7d57 100644 --- a/README +++ b/README @@ -105,17 +105,6 @@ cd /openils/var/web/xul ln -sf rel_name/server server ------------------------------------------------------------------------------ -Create the oils_web.xml configuration file: -------------------------------------------- -Many administration interfaces, such as acquisitions, bookings, and various -configuration screens, depend on the correct configuration of HTML templates. -Copying the sample configuration file into place should work in most cases: - -[source, bash] ------------------------------------------------------------------------------- -cp /openils/conf/oils_web.xml.example /openils/conf/oils_web.xml ------------------------------------------------------------------------------- - Change ownership of the Evergreen files: ---------------------------------------- @@ -128,12 +117,96 @@ ownership on the files: chown -R opensrf:opensrf /openils ------------------------------------------------------------------------------ +Create the oils_web.xml configuration file: +------------------------------------------- +Many administration interfaces, such as acquisitions, bookings, and various +configuration screens, depend on the correct configuration of HTML templates. +Copying the sample configuration file into place should work in most cases: + +[source, bash] +------------------------------------------------------------------------------ +cp /openils/conf/oils_web.xml.example /openils/conf/oils_web.xml +------------------------------------------------------------------------------ + Configure the Apache Web server: -------------------------------- -Use the example configuration files in `Open-ILS/examples/apache/` to configure +1. Use the example configuration files in `Open-ILS/examples/apache/` to configure your Web server for the Evergreen catalog, staff client, Web services, and administration interfaces. ++ +.Debian and Ubuntu +[source,bash] +------------------------------------------------------------------------------ +cp Open-ILS/examples/apache/eg.conf /etc/apache2/sites-available/ +cp Open-ILS/examples/apache/eg_vhost.conf /etc/apache2/ +cp Open-ILS/examples/apache/startup.pl /etc/apache2/ +# Now set up SSL +mkdir /etc/apache2/ssl +cd /etc/apache2/ssl +------------------------------------------------------------------------------ ++ +.Fedora +[source,bash] +------------------------------------------------------------------------------ +cp Open-ILS/examples/apache/eg.conf /etc/httpd/sites-available/ +cp Open-ILS/examples/apache/eg_vhost.conf /etc/httpd/ +cp Open-ILS/examples/apache/startup.pl /etc/httpd/ +# Now set up SSL +mkdir /etc/httpd/ssl +cd /etc/httpd/ssl +------------------------------------------------------------------------------ ++ +2. Create an SSL key for the Apache server: ++ +[source,bash] +------------------------------------------------------------------------------ +openssl req -new -x509 -days 365 -nodes -out server.crt -keyout server.key +------------------------------------------------------------------------------ ++ +The `openssl` command cuts a new SSL key for your Apache server. For a +production server, you should purchase a signed SSL certificate, but you can +just use a self-signed certificate and accept the warnings in the staff client +and browser during testing and development ++ +3. Edit the `eg.conf` file that you copied into place. + a. Replace `Allow from 10.0.0.0/8` with `Allow from all` (to enable + access to the offline upload / execute interface from any workstation on + any network - note that you must secure this for a production instance) +4. Change the user for the Apache server. + * (Debian and Ubuntu): As the root user, edit `/etc/apache2/envvars`. + Change `export APACHE_RUN_USER=www-data` to + `export APACHE_RUN_USER=opensrf`. + * (Fedora): As the root user, edit `/etc/httpd/conf/httpd.conf`. Change + `User apache` to `User opensrf`. +5. Configure Apache with performance settings appropriate for Evergreen: + * (Debian and Ubuntu): As the root user, edit `/etc/apache2/apache2.conf`: + * (Fedora): As the root user, edit `/etc/httpd/conf/httpd.conf`: + a. Change `KeepAliveTimeout` to `1`. Higher values reduce the chance of + a request timing out unexpectedly, but increase the risk of using up + all available Apache child processes. + b. 'Optional': Change `MaxKeepAliveRequests` to `100` + c. Update the prefork configuration section to suit your environment. The + following settings apply to a busy system: ++ +[source,bash] +------------------------------------------------------------------------------ + + StartServers 20 + MinSpareServers 5 + MaxSpareServers 15 + MaxClients 150 + MaxRequestsPerChild 10000 + +------------------------------------------------------------------------------ ++ +6. (Debian and Ubuntu): As the root user, enable the Evergreen site: ++ +[source,bash] +------------------------------------------------------------------------------ +a2dissite default # OPTIONAL: disable the default site (the "It Works" page) +a2ensite eg.conf +------------------------------------------------------------------------------ Configure OpenSRF for the Evergreen application: ------------------------------------------------ -- 2.11.0