From d4f6bf89576e470f16214f5848b0782e4bec8573 Mon Sep 17 00:00:00 2001 From: Dan Scott Date: Wed, 16 Jan 2013 22:13:41 -0500 Subject: [PATCH] Support Apache 2.4 configuration directives Apache 2.4 uses a different server-side include syntax, but we can direct it to use the old syntax via the SSILegacySyntax directive. 2.4 also uses different access control syntax: "Require all granted" instead of "Allow from all", for example. Accordingly, create a parallel examples/apache_24 directory that contains sample Apache configuration files suitable for Apache 2.4 and higher. Also, amend the README to reflect Apache 2.4 and higher. Signed-off-by: Dan Scott Signed-off-by: Ben Shum --- Open-ILS/examples/apache_24/eg.conf | 147 +++++ Open-ILS/examples/apache_24/eg_vhost.conf | 725 ++++++++++++++++++++++ docs/installation/server_installation.txt | 30 +- 3 files changed, 894 insertions(+), 8 deletions(-) create mode 100644 Open-ILS/examples/apache_24/eg.conf create mode 100644 Open-ILS/examples/apache_24/eg_vhost.conf diff --git a/Open-ILS/examples/apache_24/eg.conf b/Open-ILS/examples/apache_24/eg.conf new file mode 100644 index 0000000000..c7b8be9143 --- /dev/null +++ b/Open-ILS/examples/apache_24/eg.conf @@ -0,0 +1,147 @@ +# :vim set syntax apache + +LogLevel info +# - log locally +CustomLog /var/log/apache2/access.log combined +ErrorLog /var/log/apache2/error.log +# - log to syslog +# CustomLog "|/usr/bin/logger -p local7.info" common +# ErrorLog "|logger -p local7.error" + + +# ---------------------------------------------------------------------------------- +# Set up Perl +# ---------------------------------------------------------------------------------- + +# - needed by CGIs +PerlRequire /etc/apache2/startup.pl +PerlChildInitHandler OpenILS::WWW::Reporter::child_init +PerlChildInitHandler OpenILS::WWW::SuperCat::child_init +PerlChildInitHandler OpenILS::WWW::AddedContent::child_init +PerlChildInitHandler OpenILS::WWW::PasswordReset::child_init +PerlChildInitHandler OpenILS::WWW::AutoSuggest::child_init + +# ---------------------------------------------------------------------------------- +# Set some defaults for our working directories +# ---------------------------------------------------------------------------------- + + Require all granted + + + +# ---------------------------------------------------------------------------------- +# XUL directory +# ---------------------------------------------------------------------------------- + + Options Indexes FollowSymLinks + AllowOverride None + Require all granted + + + +# ---------------------------------------------------------------------------------- +# Remove the language portion from the URL +# ---------------------------------------------------------------------------------- +AliasMatch ^/opac/.*/skin/(.*)/(.*)/(.*) /openils/var/web/opac/skin/$1/$2/$3 +AliasMatch ^/opac/.*/extras/slimpac/(.*) /openils/var/web/opac/extras/slimpac/$1 +AliasMatch ^/opac/.*/extras/selfcheck/(.*) /openils/var/web/opac/extras/selfcheck/$1 + + + +# ---------------------------------------------------------------------------------- +# System config CGI scripts go here +# ---------------------------------------------------------------------------------- +Alias /cgi-bin/offline/ "/openils/var/cgi-bin/offline/" + + AddHandler cgi-script .cgi .pl + AllowOverride None + Options None + Require host 10.0.0.0/8 + Options FollowSymLinks ExecCGI Indexes + + + +# ---------------------------------------------------------------------------------- +# Updates folder +# ---------------------------------------------------------------------------------- +Alias /updates/ "/openils/var/updates/pub/" + + + ForceType cgi-script + + + ForceType cgi-script + + + ForceType cgi-script + + + ForceType cgi-script + + AllowOverride None + Options None + Options ExecCGI + Require all granted + + + +# ---------------------------------------------------------------------------------- +# OPTIONAL: Set how long the client will cache our content. Change to suit +# ---------------------------------------------------------------------------------- +ExpiresActive On +ExpiresDefault "access plus 1 month" +ExpiresByType text/html "access plus 18 hours" +ExpiresByType application/xhtml+xml "access plus 18 hours" +ExpiresByType application/x-javascript "access plus 18 hours" +ExpiresByType application/javascript "access plus 18 hours" +ExpiresByType text/css "access plus 50 minutes" + +# ---------------------------------------------------------------------------------- +# Set up our SSL virtual host +# ---------------------------------------------------------------------------------- +#Listen 443 +NameVirtualHost *:443 + + DocumentRoot "/openils/var/web" + ServerName localhost:443 + ServerAlias 127.0.0.1:443 + SSLEngine on + SSLHonorCipherOrder On + SSLCipherSuite ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM + + # If you don't have an SSL cert, you can create self-signed + # certificate and key with: + # openssl req -new -x509 -nodes -out server.crt -keyout server.key + SSLCertificateFile ssl/server.crt + SSLCertificateKeyFile ssl/server.key + + # - absorb the shared virtual host settings + Include eg_vhost.conf + + # help IE along with SSL pages + SetEnvIf User-Agent ".*MSIE [1-5].*" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 + + SetEnvIf User-Agent ".*MSIE [6-9].*" \ + ssl-unclean-shutdown + + + +# ---------------------------------------------------------------------------------- +# Set up our main virtual host +# Port 80 comes after 443 to avoid "unknown protocol speaking not SSL to HTTPS port!?" +# errors, per http://wiki.apache.org/httpd/InternalDummyConnection +# ---------------------------------------------------------------------------------- + +# Commented to avoid warnings from duplicate "NameVirtualHost: *80" directives +#NameVirtualHost *:80 + + ServerName localhost:80 + ServerAlias 127.0.0.1:80 + DocumentRoot /openils/var/web/ + DirectoryIndex index.xml index.html index.xhtml + # - absorb the shared virtual host settings + Include eg_vhost.conf + + diff --git a/Open-ILS/examples/apache_24/eg_vhost.conf b/Open-ILS/examples/apache_24/eg_vhost.conf new file mode 100644 index 0000000000..2257bf8a15 --- /dev/null +++ b/Open-ILS/examples/apache_24/eg_vhost.conf @@ -0,0 +1,725 @@ +# ---------------------------------------------------------------------------------- +# This is the global Evergreen virtual host config. Anything you want published +# through all virtual hosts (port 80, port 443, etc.) should live in here. +# ---------------------------------------------------------------------------------- + +# ---------------------------------------------------------------------------------- +# Point / to the opac - if you have a custom skin or locale, point at it here +# ---------------------------------------------------------------------------------- +RedirectMatch 301 ^/$ /opac/en-US/skin/default/xml/index.xml + +# ---------------------------------------------------------------------------------- +# Point / to the IP address redirector +# ---------------------------------------------------------------------------------- +# +# SetHandler perl-script +# PerlHandler OpenILS::WWW::Redirect +# Options +ExecCGI +# PerlSendHeader On +# #PerlSetVar OILSRedirectSkin "default" +# # OILSRedirectDepth defaults to the depth of the branch that the OPAC was directed to +# #PerlSetVar OILSRedirectDepth "0" +# #PerlSetVar OILSRedirectLocale "en-US" +# # Use the template-toolkit opac +# #PerlSetVar OILSRedirectTpac "true" +# allow from all +# + + +# ---------------------------------------------------------------------------------- +# Assign a default locale to the accessible OPAC +# ---------------------------------------------------------------------------------- +RedirectMatch 301 ^/opac/extras/slimpac/start.html$ /opac/en-US/extras/slimpac/start.html +RedirectMatch 301 ^/opac/extras/slimpac/advanced.html$ /opac/en-US/extras/slimpac/advanced.html + +# ---------------------------------------------------------------------------------- +# Configure the gateway +# ---------------------------------------------------------------------------------- +OSRFGatewayConfig /openils/conf/opensrf_core.xml +# Translator memcache server. Default is localhost +# OSRFTranslatorCacheServer 127.0.0.1:11211 + + +# ---------------------------------------------------------------------------------- +# Added content plugin +# ---------------------------------------------------------------------------------- + + SetHandler perl-script + PerlHandler OpenILS::WWW::AddedContent + Options +ExecCGI + PerlSendHeader On + Require all granted + + +# Autosuggest for searches + + SetHandler perl-script + PerlHandler OpenILS::WWW::AutoSuggest + PerlSendHeader On + Require all granted + + +# Flattener service + + SetHandler perl-script + PerlHandler OpenILS::WWW::FlatFielder + PerlSendHeader On + Require all granted + + +# ---------------------------------------------------------------------------------- +# Replace broken cover images with a transparent GIF by default +# ---------------------------------------------------------------------------------- +RewriteEngine ON +RewriteRule ^/opac/extras/ac/jacket/(small|medium|large)/$ \ + /opac/images/blank.png [P,L] + +# ---------------------------------------------------------------------------------- +# Add the row ID (RID) and date so we can make unAPI happy +# ---------------------------------------------------------------------------------- +RewriteCond %{QUERY_STRING} (^r|&r)=(\d+) +RewriteRule . - [E=OILS_OPAC_RID:%2,E=OILS_TIME_YEAR:%{TIME_YEAR}] + +# ---------------------------------------------------------------------------------- +# Pull the locale from the URL +# ---------------------------------------------------------------------------------- +RewriteCond %{REQUEST_URI} ^/opac/(.*?)/ +RewriteRule . - [E=locale:%1] + +# ---------------------------------------------------------------------------------- +# For sanity reasons, default indexes to Off +# ---------------------------------------------------------------------------------- +Options -Indexes + +# ---------------------------------------------------------------------------------- +# Configure the OPAC +# ---------------------------------------------------------------------------------- + + SSILegacyExprParser on + AddType application/xhtml+xml .xml + + # - configure mod_xmlent + XMLEntStripPI "yes" + XMLEntEscapeScript "no" + XMLEntStripComments "yes" + XMLEntContentType "text/html; charset=utf-8" + # forces quirks mode which we want for now + XMLEntStripDoctype "yes" + + # - set up the include handlers + Options +Includes + AddOutputFilter INCLUDES .xsl + AddOutputFilter INCLUDES;XMLENT .xml + + SetEnvIf Request_URI ".*" OILS_OPAC_BASE=/opac/ + + # This gives you the option to configure a different host to serve OPAC images from + # Specify the hostname (without protocol) and path to the images. Protocol will + # be determined at runtime + #SetEnvIf Request_URI ".*" OILS_OPAC_IMAGES_HOST=static.example.org/opac/ + + # In addition to loading images from a static host, you can also load CSS and/or + # Javascript from a static host or hosts. Protocol will be determined at runtime + # and/or by configuration options immediately following. + #SetEnvIf Request_URI ".*" OILS_OPAC_CSS_HOST=static.example.org/opac/ + #SetEnvIf Request_URI ".*" OILS_OPAC_JS_HOST=static.example.org/opac/ + + # If you are not able to serve static content via https and + # wish to force http:// (and are comfortable with mixed-content + # warnings in client browsers), set this: + #SetEnvIf Request_URI ".*" OILS_OPAC_STATIC_PROTOCOL=http + + # If you would prefer to fall back to your non-static servers for + # https pages, avoiding mixed-content warnings in client browsers + # and are willing to accept some increased server load, set this: + #SetEnvIf Request_URI ".*" OILS_OPAC_BYPASS_STATIC_FOR_HTTPS=yes + + # Specify a ChiliFresh account to integrate their services with the OPAC + #SetEnv OILS_CHILIFRESH_ACCOUNT + #SetEnv OILS_CHILIFRESH_PROFILE + #SetEnv OILS_CHILIFRESH_URL http://chilifresh.com/on-site/js/evergreen.js + #SetEnv OILS_CHILIFRESH_HTTPS_URL https://secure.chilifresh.com/on-site/js/evergreen.js + + # Specify the initial script URL for Novelist (containing account credentials, etc.) + #SetEnv OILS_NOVELIST_URL + # + + # Uncomment to force SSL any time a patron is logged in. This protects + # authentication tokens. Left commented out for backwards compat for now. + #SetEnv OILS_OPAC_FORCE_LOGIN_SSL 1 + + # If set, the skin uses the combined JS file at $SKINDIR/js/combined.js + #SetEnv OILS_OPAC_COMBINED_JS 1 + + + + + # ---------------------------------------------------------------------------------- + # Some mod_deflate fun + # ---------------------------------------------------------------------------------- + + SetOutputFilter DEFLATE + + BrowserMatch ^Mozilla/4 gzip-only-text/html + BrowserMatch ^Mozilla/4\.0[678] no-gzip + BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html + + SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary + + + Header append Vary User-Agent env=!dont-vary + + + + + + + # ---------------------------------------------------------------------------------- + # Some mod_deflate fun + # ---------------------------------------------------------------------------------- + + SetOutputFilter DEFLATE + + BrowserMatch ^Mozilla/4 gzip-only-text/html + BrowserMatch ^Mozilla/4\.0[678] no-gzip + BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html + + SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary + + + Header append Vary User-Agent env=!dont-vary + + + + + +# ---------------------------------------------------------------------------------- +# Force SSL on the OPAC's "My Account" page +# ---------------------------------------------------------------------------------- + + SSLRequireSSL + + + + SSILegacyExprParser on + # Force to en-US for now to satisfy bbags.xml + SetEnv locale en-US + Options +Includes + AddOutputFilter INCLUDES .xml + AddType application/xhtml+xml .xml + + +RewriteCond %{QUERY_STRING} locale=([^&]*) +RewriteRule ^/opac/[a-z]{2}-[A-Z]{2}/extras/slimpac/(.*)$ /opac/%1/extras/slimpac/$1? [redirect] + + AddOutputFilter INCLUDES;XMLENT .html + + +# ---------------------------------------------------------------------------------- +# Run server-side XUL and XHTML through xmlent to load the correct XML entities +# ---------------------------------------------------------------------------------- +RewriteCond %{HTTP:Accept-Language} ^([a-z]{2}-[A-Z]{2})$ +# Default to en-US if we haven't matched a locale of the form xx-YY +RewriteRule .? - [S=4] +RewriteRule ^/xul/ - [E=locale:en-US] +RewriteRule ^/reports/ - [E=locale:en-US] +RewriteRule .? - [E=locale:en-US] +RewriteRule .? - [S=3] +# Otherwise, set our real locale +RewriteRule ^/xul/ - [E=locale:%{HTTP:Accept-Language}] +RewriteRule ^/reports/ - [E=locale:%{HTTP:Accept-Language}] +RewriteRule .? - [E=locale:%{HTTP:Accept-Language}] + + + SSILegacyExprParser on + Options +Includes + XMLEntEscapeScript "no" + XMLEntStripComments "yes" + XMLEntStripPI "yes" + XMLEntStripDoctype "yes" + XMLEntContentType "text/html; charset=utf-8" + AddOutputFilter INCLUDES;XMLENT .xhtml + AddOutputFilter INCLUDES;XMLENT .html + SetEnv no-gzip + Require all granted + + + + + SSILegacyExprParser on + Options +Includes + XMLEntContentType "application/vnd.mozilla.xul+xml" + AddOutputFilter INCLUDES;XMLENT .xul + SetEnv no-gzip + Require all granted + + +# ---------------------------------------------------------------------------------- +# Self-serve password interface +# ---------------------------------------------------------------------------------- + + SetHandler perl-script + PerlHandler OpenILS::WWW::PasswordReset::password_reset + Options +ExecCGI + PerlSendHeader On + Require all granted + + # Force clients to use HTTPS + RewriteCond %{HTTPS} !=on [NC] + RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [R,L] + + +# ---------------------------------------------------------------------------------- +# Supercat feeds +# ---------------------------------------------------------------------------------- + + SetHandler perl-script + PerlHandler OpenILS::WWW::SuperCat::oisbn + Options +ExecCGI + PerlSendHeader On + Require all granted + + + SetHandler perl-script + PerlHandler OpenILS::WWW::SuperCat::supercat + Options +ExecCGI + PerlSendHeader On + Require all granted + + + SetHandler perl-script + PerlHandler OpenILS::WWW::SuperCat::unapi + Options +ExecCGI + PerlSendHeader On + Require all granted + + + SetHandler perl-script + PerlHandler OpenILS::WWW::SuperCat::bookbag_feed + Options +ExecCGI + PerlSendHeader On + Require all granted + + + SetHandler perl-script + PerlHandler OpenILS::WWW::SuperCat::opensearch_feed + Options +ExecCGI + PerlSendHeader On + Require all granted + + + SetHandler perl-script + PerlHandler OpenILS::WWW::SuperCat::sru_search + Options +ExecCGI + PerlSendHeader On + Require all granted + + + SetHandler perl-script + PerlHandler OpenILS::WWW::SuperCat::sru_auth_search + Options +ExecCGI + PerlSendHeader On + Require all granted + + + SetHandler perl-script + PerlHandler OpenILS::WWW::SuperCat::changes_feed + Options +ExecCGI + PerlSendHeader On + Require all granted + + + SetHandler perl-script + PerlHandler OpenILS::WWW::SuperCat::string_browse + Options +ExecCGI + PerlSendHeader On + Require all granted + + + SetHandler perl-script + PerlHandler OpenILS::WWW::SuperCat::string_startwith + Options +ExecCGI + PerlSendHeader On + Require all granted + + +# ---------------------------------------------------------------------------------- +# Module for displaying OpenSRF API documentation +# ---------------------------------------------------------------------------------- + + AddOutputFilter INCLUDES .xsl + + +# ---------------------------------------------------------------------------------- +# Module for processing staff-client offline scripts lives here +# ---------------------------------------------------------------------------------- + + AddHandler cgi-script .pl + AllowOverride None + Options +ExecCGI + Require all granted + + + +# ---------------------------------------------------------------------------------- +# XXX Note, it's important to explicitly set the JSON encoding style +# (OSRFGatewayLegacyJSON), since the default encoding style will likely change +# with OpenSRF 1.0 +# ---------------------------------------------------------------------------------- +# OpenSRF JSON legacy gateway +# ---------------------------------------------------------------------------------- + + SetHandler osrf_json_gateway_module + OSRFGatewayLegacyJSON "true" + Require all granted + +# ---------------------------------------------------------------------------------- +# New-style OpenSRF JSON gateway +# ---------------------------------------------------------------------------------- + + SetHandler osrf_json_gateway_module + OSRFGatewayLegacyJSON "false" + Require all granted + + +# ---------------------------------------------------------------------------------- +# OpenSRF-over-HTTP translator +# (http://open-ils.org/dokuwiki/doku.php?id=opensrf_over_http) +# ---------------------------------------------------------------------------------- + + SetHandler osrf_http_translator_module + Require all granted + + +# ---------------------------------------------------------------------------------- +# The exporter lives here +# ---------------------------------------------------------------------------------- + + SetHandler perl-script + AuthType Basic + AuthName "Exporter Login" + PerlOptions +GlobalRequest + PerlSetVar OILSProxyPermissions "STAFF_LOGIN" + PerlAuthenHandler OpenILS::WWW::Proxy::Authen + require valid-user + PerlHandler OpenILS::WWW::Exporter + Options +ExecCGI + PerlSendHeader On + Require all granted + + + + SetHandler perl-script + AuthType Basic + AuthName "Batch Update Login" + PerlOptions +GlobalRequest + PerlSetVar OILSProxyPermissions "STAFF_LOGIN" + PerlAuthenHandler OpenILS::WWW::Proxy::Authen + require valid-user + PerlHandler OpenILS::WWW::TemplateBatchBibUpdate + PerlSendHeader On + Options +ExecCGI + Require all granted + + + + AuthType Basic + AuthName "Circ Extras Login" + PerlOptions +GlobalRequest + PerlSetVar OILSProxyPermissions "STAFF_LOGIN" + PerlAuthenHandler OpenILS::WWW::Proxy::Authen + require valid-user + Options +ExecCGI + PerlSendHeader On + Require all granted + + + + SetHandler perl-script + AuthType Basic + AuthName "Collections Login" + PerlOptions +GlobalRequest + PerlSetVar OILSProxyPermissions "money.collections_tracker.create" + PerlAuthenHandler OpenILS::WWW::Proxy::Authen + require valid-user + Options +ExecCGI + PerlSendHeader On + Require all granted + + + +# ---------------------------------------------------------------------------------- +# Reporting output lives here +# ---------------------------------------------------------------------------------- + + AuthType Basic + AuthName "Report Login" + PerlOptions +GlobalRequest + PerlSetVar OILSProxyPermissions "VIEW_REPORT_OUTPUT" + PerlAuthenHandler OpenILS::WWW::Proxy::Authen + require valid-user + Options +ExecCGI + PerlSendHeader On + Require all granted + + +# ---------------------------------------------------------------------------------- +# Selfcheck interface +# ---------------------------------------------------------------------------------- + + AuthType Basic + AuthName "Self-check Login" + PerlOptions +GlobalRequest + PerlSetVar OILSProxyPermissions "STAFF_LOGIN" + PerlAuthenHandler OpenILS::WWW::Proxy::Authen + require valid-user + Options +ExecCGI + PerlSendHeader On + Require all granted + + + +# ---------------------------------------------------------------------------------- +# Reports GUI +# ---------------------------------------------------------------------------------- + + SSILegacyExprParser on + Options +Includes + AddOutputFilter INCLUDES;XMLENT .xhtml + + + + IDLChunkStripPI "yes" + IDLChunkEscapeScript "no" + IDLChunkStripComments "yes" + IDLChunkStripDoctype "yes" + IDLChunkContentType "application/xml; charset=utf-8" + AddOutputFilter INCLUDES;IDLCHUNK .xml + + +# ---------------------------------------------------------------------------------- +# EDI Message viewer +# ---------------------------------------------------------------------------------- + + SetHandler perl-script + PerlHandler OpenILS::WWW::EDI + Options +ExecCGI + PerlSendHeader On + Require all granted + + +# ---------------------------------------------------------------------------------- +# XML-RPC gateway +# ---------------------------------------------------------------------------------- + + SetHandler perl-script + PerlHandler OpenILS::WWW::XMLRPCGateway + Options +ExecCGI + PerlSendHeader On + Require all granted + + +# ---------------------------------------------------------------------------------- +# Conify - next-generation Evergreen administration interface +# ---------------------------------------------------------------------------------- +RewriteRule ^/conify/([a-z]{2}-[A-Z]{2})/global/(.*)$ /conify/global/$2 [E=locale:$1,L] + + SSILegacyExprParser on + Options +Includes + XMLEntStripPI "yes" + XMLEntEscapeScript "no" + XMLEntStripComments "no" + XMLEntContentType "text/html; charset=utf-8" + AddOutputFilter INCLUDES;XMLENT .html + + AuthType Basic + AuthName "Dojo Admin Login" + PerlOptions +GlobalRequest + PerlSetVar OILSProxyPermissions "STAFF_LOGIN" + PerlAuthenHandler OpenILS::WWW::Proxy::Authen + require valid-user + Options +ExecCGI + PerlSendHeader On + Require all granted + + + + SetHandler perl-script + PerlHandler OpenILS::WWW::Vandelay::spool_marc + Options +ExecCGI + Require all granted + + +# OpenURL 0.1 searching based on OpenSearch +RewriteMap openurl prg:/openils/bin/openurl_map.pl +RewriteCond %{QUERY_STRING} (^.*$) +RewriteRule ^/openurl$ ${openurl:%1} [NE,PT] + + + +# General Evergreen web template processor + + SetHandler perl-script + PerlHandler OpenILS::WWW::EGWeb + Options +ExecCGI + PerlSendHeader On + Require all granted + + PerlSetVar OILSWebBasePath "/eg" + PerlSetVar OILSWebWebDir "/openils/var/web" + PerlSetVar OILSWebDefaultTemplateExtension "tt2" + + # Enable Template-Toolkit error debugging messages (apache error log) + PerlSetVar OILSWebDebugTemplate "true" + + # ------------------------------------------------------- + # Media Prefix. In the 3rd example, the protocol (http) is enforced + #PerlSetVar OILSWebMediaPrefix "/media" + #PerlSetVar OILSWebMediaPrefix "static.example.com/media" + #PerlSetVar OILSWebMediaPrefix "http://static.example.com/media" + + # Locale messages files: + # + # These appear in pairs; the first represents the user agent + # Accept-Language header locale, and the second represents + # the fully-qualified path for the corresponding PO file that + # contains the messages. + # + # If you enable two or more locales, then users will be able to + # select their preferred locale from a locale picker in the TPAC. + # + #PerlAddVar OILSWebLocale "en" + #PerlAddVar OILSWebLocale "/openils/var/data/locale/messages.en.po" + #PerlAddVar OILSWebLocale "en_ca" + #PerlAddVar OILSWebLocale "/openils/var/data/locale/en-CA.po" + #PerlAddVar OILSWebLocale "fr_ca" + #PerlAddVar OILSWebLocale "/openils/var/data/locale/fr-CA.po" + + # Set the default locale: defaults to en-US + #PerlAddVar OILSWebDefaultLocale "fr_ca" + + # Templates will be loaded from the following paths in reverse order. + PerlAddVar OILSWebTemplatePath "/openils/var/templates" + #PerlAddVar OILSWebTemplatePath "/openils/var/templates_localskin" + + #------------------------------------------------- + # Added Content Configuration + #------------------------------------------------- + # Content Cafe + #SetEnv OILS_CONTENT_CAFE_USER MYUSER + #SetEnv OILS_CONTENT_CAFE_PASS MYPASS + + # LibraryThing + #SetEnv OILS_LIBRARYTHING_URL http://ltfl.librarything.com/forlibraries/widget.js?id=MYID + #SetEnv OILS_LIBRARYTHING_HTTPS_URL https://ltfl.librarything.com/forlibraries/widget.js?id=MYID + + # ChiliFresh + #SetEnv OILS_CHILIFRESH_ACCOUNT + #SetEnv OILS_CHILIFRESH_URL http://chilifresh.com/on-site/js/evergreen.js + #SetEnv OILS_CHILIFRESH_HTTPS_URL https://secure.chilifresh.com/on-site/js/evergreen.js + #------------------------------------------------- + + + SetOutputFilter DEFLATE + BrowserMatch ^Mozilla/4 gzip-only-text/html + BrowserMatch ^Mozilla/4\.0[678] no-gzip + BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html + SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary + + Header append Cache-Control "public" + Header append Vary User-Agent env=!dont-vary + + + + + # should pick up the default expire time from eg.conf... + + SetOutputFilter DEFLATE + BrowserMatch ^Mozilla/4 gzip-only-text/html + BrowserMatch ^Mozilla/4\.0[678] no-gzip + BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html + SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary + + Header append Cache-Control "public" + Header append Vary User-Agent env=!dont-vary + + + + + PerlSetVar OILSWebContextLoader "OpenILS::WWW::EGCatLoader" + # Expire the HTML quickly since we're loading dynamic data for each page + ExpiresActive On + ExpiresByType text/html "access plus 5 seconds" + + + PerlSetVar OILSWebContextLoader "OpenILS::WWW::EGKPacLoader" + PerlSetVar KPacConfigFile "/openils/conf/kpac.xml.example" + ExpiresActive On + ExpiresByType text/html "access plus 5 seconds" + + +# Note: the template processor will decline handling anything it does not +# have an explicit configuration for, which means it will fall back to +# Apache to serve the file. However, in the interest of speed, go ahead +# and tell Apache to avoid asking OpenILS::WWW::EGWeb for static content. +# Add more exemptions as needed. + + SetHandler None + + +# ---------------------------------------------------------------------------------- +# Some mod_deflate logging setup +# ---------------------------------------------------------------------------------- + + DeflateFilterNote Input instream + DeflateFilterNote Output outstream + DeflateFilterNote Ratio ratio + + LogFormat '"%r" %{outstream}n/%{instream}n (%{ratio}n%%)' deflate + CustomLog /var/log/apache2/deflate_log deflate + + # There are problems with XMLENT and mod_deflate - so lets disable it + # This is where we don't have a pre-existing LocationMatch directive earlier + + SetEnv no-gzip + + + SetEnv no-gzip + + + SetEnv no-gzip + + + SetEnv no-gzip + + + + + + + SetHandler perl-script + PerlHandler OpenILS::WWW::IDL2js + Options +ExecCGI + PerlSendHeader On + Require all granted + + + Header append Cache-Control "public" + + + + SetOutputFilter DEFLATE + BrowserMatch ^Mozilla/4 gzip-only-text/html + BrowserMatch ^Mozilla/4\.0[678] no-gzip + BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html + SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary + + Header append Vary User-Agent env=!dont-vary + + + + +# Uncomment the following to force SSL for everything. Note that this defeats caching +# and you will suffer a performance hit. +#RewriteCond %{HTTPS} off +#RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NE,R,L] diff --git a/docs/installation/server_installation.txt b/docs/installation/server_installation.txt index 6765cbde0f..2b75fbfc6e 100644 --- a/docs/installation/server_installation.txt +++ b/docs/installation/server_installation.txt @@ -193,10 +193,11 @@ chown -R opensrf:opensrf /openils Configure the Apache Web server ------------------------------- -1. Use the example configuration files in `Open-ILS/examples/apache/` to -configure your Web server for the Evergreen catalog, staff client, Web -services, and administration interfaces. Issue the following commands as the -*root* Linux account: +1. Use the example configuration files in `Open-ILS/examples/apache/` (for +Apache versions below 2.4) or `Open-ILS/examples/apache_24/` (for Apache +versions 2.4 or greater) to configure your Web server for the Evergreen +catalog, staff client, Web services, and administration interfaces. Issue the +following commands as the *root* Linux account: + .Debian and Ubuntu [source,bash] @@ -209,7 +210,7 @@ mkdir /etc/apache2/ssl cd /etc/apache2/ssl ------------------------------------------------------------------------------ + -.Fedora +.Fedora 17 [source,bash] ------------------------------------------------------------------------------ cp Open-ILS/examples/apache/eg.conf /etc/httpd/conf.d/ @@ -220,6 +221,17 @@ mkdir /etc/httpd/ssl cd /etc/httpd/ssl ------------------------------------------------------------------------------ + +.Fedora 18 +[source,bash] +------------------------------------------------------------------------------ +cp Open-ILS/examples/apache_24/eg.conf /etc/httpd/conf.d/ +cp Open-ILS/examples/apache_24/eg_vhost.conf /etc/httpd/ +cp Open-ILS/examples/apache/startup.pl /etc/httpd/ +# Now set up SSL +mkdir /etc/httpd/ssl +cd /etc/httpd/ssl +------------------------------------------------------------------------------ ++ 2. The `openssl` command cuts a new SSL key for your Apache server. For a production server, you should purchase a signed SSL certificate, but you can just use a self-signed certificate and accept the warnings in the staff client @@ -233,9 +245,11 @@ openssl req -new -x509 -days 365 -nodes -out server.crt -keyout server.key + 3. As the *root* Linux account, edit the `eg.conf` file that you copied into place. - a. Replace `Allow from 10.0.0.0/8` with `Allow from all` (to enable - access to the offline upload / execute interface from any workstation on - any network - note that you must secure this for a production instance) + a. To enable access to the offline upload / execute interface from any + workstation on any network, make the following change (and note that + you *must* secure this for a production instance): + * (Apache 2.2): Replace `Allow from 10.0.0.0/8` with `Allow from all` + * (Apache 2.4): Replace `Require host 10.0.0.0/8` with `Require all granted` b. (Fedora): Change references from the non-existent `/etc/apache2/` directory to `/etc/httpd/`. 4. Change the user for the Apache server. -- 2.43.2