| Prev | Chapter�6.�Maintenance | Next |
|---|
Maintenance tasks, optional software, and alternate configurations for AOLserver.
Assuming AOLserver started cleanly in the previous step, we'll set it up so that it's always running, and automatically restarts whenever it dies or is stopped. This step is strongly recommended, even for development sites, because it makes install and maintenance much simpler.
The Reference Platform uses Daemontools to control AOLserver. A simpler method, using init, is here.
Daemontools must already be installed. If not, install it.
Each service controlled by daemontools must have a +
Maintenance tasks, optional software, and alternate configurations for AOLserver.
Assuming AOLserver started cleanly in the previous step, we'll set it up so that it's always running, and automatically restarts whenever it dies or is stopped. This step is strongly recommended, even for development sites, because it makes install and maintenance much simpler.
The Reference Platform uses Daemontools to control AOLserver. A simpler method, using init, is here.
Daemontools must already be installed. If not, install it.
Each service controlled by daemontools must have a directory in /service. That directory must have a file called run. Daemontools then @@ -159,7 +159,7 @@ able to exploit your web server to execute a command on your server, they would not be able to gain root access.
Services on different ports.�To run a different service on another port but the same - ip, simply repeat Install OpenACS 5.0.0b4 replacing + ip, simply repeat Install OpenACS 5.0.0rc1 replacing service0, and change the
set httpport 8000 set httpsport 8443
@@ -182,8 +182,8 @@
Prepare a certificate directory for the service.
[service0 etc]$ mkdir /var/lib/aolserver/service0/etc/certs [service0 etc]$ chmod 700 /var/lib/aolserver/service0/etc/certs [service0 etc]$ -mkdir /var/lib/aolserver/service0/etc/certs -chmod 700 /var/lib/aolserver/service0/etc/certs
It takes two files to support an SSL connection. The certificate is the public half of the key pair - the server sends the certificate to browser requesting ssl. The key is the private half of the key pair. In addition, the certificate must be signed by Certificate Authority or browsers will protest. Each web browser ships with a built-in list of acceptable Certificate Authorities (CAs) and their keys. Only a site certificate signed by a known and approved CA will work smoothly. Any other certificate will cause browsers to produce some messages or block the site. Unfortunately, getting a site certificate signed by a CA costs money. In this section, we'll generate an unsigned certificate which will work in most browsers, albeit with pop-up messages.
Use an OpenSSL perl script to generate a certificate and key.
[service0 service0]$ cd /var/lib/aolserver/service0/etc/certs
+mkdir /var/lib/aolserver/service0/etc/certs
+chmod 700 /var/lib/aolserver/service0/etc/certsIt takes two files to support an SSL connection. The certificate is the public half of the key pair - the server sends the certificate to browser requesting ssl. The key is the private half of the key pair. In addition, the certificate must be signed by Certificate Authority or browsers will protest. Each web browser ships with a built-in list of acceptable Certificate Authorities (CAs) and their keys. Only a site certificate signed by a known and approved CA will work smoothly. Any other certificate will cause browsers to produce some messages or block the site. Unfortunately, getting a site certificate signed by a CA costs money. In this section, we'll generate an unsigned certificate which will work in most browsers, albeit with pop-up messages.
Use an OpenSSL perl script to generate a certificate and key.
[service0 service0]$ cd /var/lib/aolserver/service0/etc/certs
[service0 certs]$ perl /usr/share/ssl/misc/CA -newcert
Using configuration from /usr/share/ssl/openssl.cnf
Generating a 1024 bit RSA private key
@@ -211,12 +211,12 @@
[service0 service0]$ cp /var/lib/aolserver/service0/packages/acs-core-docs/www/files/analog.cfg.txt etc/analog.cfg
[service0 service0]$ mkdir www/log
[service0 service0]$ cp -r /usr/share/analog-5.31/images www/log/
-[service0 service0]$
+[service0 service0]$
su - service0
cd /var/lib/aolserver/service0
cp /var/lib/aolserver/service0/packages/acs-core-docs/www/files/analog.cfg.txt etc/analog.cfg
mkdir www/log
-cp -r /usr/share/analog-5.31/images www/log/Edit +cp -r /usr/share/analog-5.31/images www/log/
Edit /var/lib/aolserver/service0/etc/analog.cfg and change the variable in HOSTNAME "[my organisation]" to reflect your website title. If you don't want the traffic log to be publicly visible, change