Index: openacs-4/packages/acs-core-docs/www/install-nsopenssl.html =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-core-docs/www/install-nsopenssl.html,v diff -u -r1.9 -r1.10 --- openacs-4/packages/acs-core-docs/www/install-nsopenssl.html 11 Dec 2003 23:08:46 -0000 1.9 +++ openacs-4/packages/acs-core-docs/www/install-nsopenssl.html 4 Feb 2004 16:47:32 -0000 1.10 @@ -1,23 +1,26 @@ -Install nsopenssl

Install nsopenssl

This AOLserver module is required if you want people to connect to your site via +Install nsopenssl

Install nsopenssl

By Joel Aufrecht and Malte Sussdorff

+ OpenACS docs are written by the named authors, and may be edited + by OpenACS documentation staff. +

This AOLserver module is required if you want people to connect to your site via https. These commands compile nsopenssl and install it, along with a tcl helper script to handle https connections. You will also need ssl certificates. Because those should be different for each server service, you won't need those instructions until - later. You will need the unpacked Aolserver tarball in + later.

Install on AOLserver3

You will need the unpacked Aolserver tarball in /usr/local/src/aolserver and the nsopenssl tarball in /tmp.

Red Hat 9 note: see this - thread for details on compiling nsopenssl.)

[root@yourserver bin]# cd /usr/local/src/aolserver
-[root@yourserver aolserver]# wget --passive http://www.scottg.net/download/nsopenssl-2.1.tar.gz
-[root@yourserver aolserver]# tar xzf nsopenssl-2.1.tar.gz 
-[root@yourserver aolserver]# cd nsopenssl-2.1
-[root@yourserver nsopenssl-2.1]# make OPENSSL=/usr/local/ssl
+          thread for details on compiling nsopenssl.)

[root bin]# cd /usr/local/src/aolserver
+[root aolserver]# wget --passive http://www.scottg.net/download/nsopenssl-2.1.tar.gz
+[root aolserver]# tar xzf nsopenssl-2.1.tar.gz 
+[root aolserver]# cd nsopenssl-2.1
+[root nsopenssl-2.1]# make OPENSSL=/usr/local/ssl
 gcc -I/usr/local/ssl/include -I../aolserver/include -D_REENTRANT=1 -DNDEBUG=1 -g -fPIC -Wall -Wno-unused -mcpu=i686 -DHAVE_CMMSG=1 -DUSE_FIONREAD=1 -DHAVE_COND_EINTR=1   -c -o nsopenssl.o nsopenssl.c
 (many lines omitted)
 gcc -shared -nostartfiles -o nsopenssl.so nsopenssl.o config.o init.o ssl.o thread.o tclcmds.o -L/usr/local/ssl/lib -lssl -lcrypto
-[root@yourserver nsopenssl-2.1]# cp nsopenssl.so /usr/local/aolserver/bin
-[root@yourserver nsopenssl-2.1]# cp https.tcl /usr/local/aolserver/modules/tcl/
-[root@yourserver nsopenssl-2.1]#
+[root nsopenssl-2.1]# cp nsopenssl.so /usr/local/aolserver/bin
+[root nsopenssl-2.1]# cp https.tcl /usr/local/aolserver/modules/tcl/
+[root nsopenssl-2.1]#
 cd /usr/local/src/aolserver
 wget --passive http://www.scottg.net/download/nsopenssl-2.1.tar.gz
 tar xzf nsopenssl-2.1.tar.gz 
@@ -31,4 +34,29 @@
 cd nsopenssl-2.1
 make OPENSSL=/usr/lib/ssl
 cp nsopenssl.so /usr/local/aolserver/bin
-cp https.tcl /usr/local/aolserver/modules/tcl/
View comments on this page at openacs.org
+cp https.tcl /usr/local/aolserver/modules/tcl/

Install on AOLserver4

You will need the AOLserver4 source in /usr/local/src/aolserver/aolserver and OpenSSL installed in /usr/local/ssl (or at least symlinked there).

[root bin]# cd /usr/local/src/aolserver
+[root aolserver]# cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/aolserver login
+[root aolserver]# cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/aolserver co nsopenssl
+[root aolserver]# cd nsopenssl
+[root nsopenssl]# make OPENSSL=/usr/local/ssl
+gcc -I/usr/local/ssl/include (many items omitted)  -c -o sslcontext.o sslcontext.c
+(many lines omitted)
+[root nsopenssl-2.1]# make install OPENSSL=/usr/local/ssl INST=/usr/local/aolserver
+[root nsopenssl-2.1]#
+cd /usr/local/src/aolserver
+cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/aolserver login
+cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/aolserver co nsopenssl
+cd nsopenssl
+make OPENSSL=/usr/local/ssl 
+make install OPENSSL=/usr/local/ssl INST=/usr/local/aolserver

If you have problems starting your server with nsopenssl.so due to missing libssl.so.0.9.7 (or lower), you have to create symlinks +

+[root nsopenssl]# cd /usr/local/aolserver/lib
+[root lib]# ln -s /usr/local/ssl/lib/libssl.so.0.9.7 libssl.so.0.9.7
+[root lib]# ln -s /usr/local/ssl/lib/libcrypto.so.0.9.7 libcrypto.so.0.9.7
+[root lib]#
+cd /usr/local/aolserver/lib
+ln -s /usr/local/ssl/lib/libssl.so.0.9.7 libssl.so.0.9.7
+ln -s /usr/local/ssl/lib/libcrypto.so.0.9.7 libcrypto.so.0.9.7
+
+

+

To enable SSL support in your server, make sure your config.tcl file has a section on "OpenSSL 3 with AOLserver4". If your ports for SSL are priviledged (below 1024), you will have to start AOLserver with prebinds for both your HTTP and your HTTPS port (usually by adding -b your_ip:your_http_port,your_ip:your_https_port to the nsd call).

View comments on this page at openacs.org