Index: openacs-4/packages/acs-core-docs/www/install-nsopenssl.html =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-core-docs/www/install-nsopenssl.html,v diff -u -r1.9 -r1.10 --- openacs-4/packages/acs-core-docs/www/install-nsopenssl.html 11 Dec 2003 23:08:46 -0000 1.9 +++ openacs-4/packages/acs-core-docs/www/install-nsopenssl.html 4 Feb 2004 16:47:32 -0000 1.10 @@ -1,23 +1,26 @@ -
This AOLserver module is required if you want people to connect to your site via +
This AOLserver module is required if you want people to connect to your site via https. These commands compile nsopenssl and install it, along with a tcl helper script to handle https connections. You will also need ssl certificates. Because those should be different for each server service, you won't need those instructions until - later. You will need the unpacked Aolserver tarball in + later.
You will need the unpacked Aolserver tarball in /usr/local/src/aolserver and the nsopenssl tarball in /tmp.
Red Hat 9 note: see this - thread for details on compiling nsopenssl.)
[root@yourserver bin]# cd /usr/local/src/aolserver -[root@yourserver aolserver]# wget --passive http://www.scottg.net/download/nsopenssl-2.1.tar.gz -[root@yourserver aolserver]# tar xzf nsopenssl-2.1.tar.gz -[root@yourserver aolserver]# cd nsopenssl-2.1 -[root@yourserver nsopenssl-2.1]# make OPENSSL=/usr/local/ssl + thread for details on compiling nsopenssl.)[root bin]# cd /usr/local/src/aolserver +[root aolserver]# wget --passive http://www.scottg.net/download/nsopenssl-2.1.tar.gz +[root aolserver]# tar xzf nsopenssl-2.1.tar.gz +[root aolserver]# cd nsopenssl-2.1 +[root nsopenssl-2.1]# make OPENSSL=/usr/local/ssl gcc -I/usr/local/ssl/include -I../aolserver/include -D_REENTRANT=1 -DNDEBUG=1 -g -fPIC -Wall -Wno-unused -mcpu=i686 -DHAVE_CMMSG=1 -DUSE_FIONREAD=1 -DHAVE_COND_EINTR=1 -c -o nsopenssl.o nsopenssl.c (many lines omitted) gcc -shared -nostartfiles -o nsopenssl.so nsopenssl.o config.o init.o ssl.o thread.o tclcmds.o -L/usr/local/ssl/lib -lssl -lcrypto -[root@yourserver nsopenssl-2.1]# cp nsopenssl.so /usr/local/aolserver/bin -[root@yourserver nsopenssl-2.1]# cp https.tcl /usr/local/aolserver/modules/tcl/ -[root@yourserver nsopenssl-2.1]# +[root nsopenssl-2.1]# cp nsopenssl.so /usr/local/aolserver/bin +[root nsopenssl-2.1]# cp https.tcl /usr/local/aolserver/modules/tcl/ +[root nsopenssl-2.1]# cd /usr/local/src/aolserver wget --passive http://www.scottg.net/download/nsopenssl-2.1.tar.gz tar xzf nsopenssl-2.1.tar.gz @@ -31,4 +34,29 @@ cd nsopenssl-2.1 make OPENSSL=/usr/lib/ssl cp nsopenssl.so /usr/local/aolserver/bin -cp https.tcl /usr/local/aolserver/modules/tcl/
You will need the AOLserver4 source in /usr/local/src/aolserver/aolserver and OpenSSL installed in /usr/local/ssl (or at least symlinked there).
[root bin]# cd /usr/local/src/aolserver +[root aolserver]# cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/aolserver login +[root aolserver]# cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/aolserver co nsopenssl +[root aolserver]# cd nsopenssl +[root nsopenssl]# make OPENSSL=/usr/local/ssl +gcc -I/usr/local/ssl/include (many items omitted) -c -o sslcontext.o sslcontext.c +(many lines omitted) +[root nsopenssl-2.1]# make install OPENSSL=/usr/local/ssl INST=/usr/local/aolserver +[root nsopenssl-2.1]# +cd /usr/local/src/aolserver +cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/aolserver login +cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/aolserver co nsopenssl +cd nsopenssl +make OPENSSL=/usr/local/ssl +make install OPENSSL=/usr/local/ssl INST=/usr/local/aolserver
If you have problems starting your server with nsopenssl.so due to missing libssl.so.0.9.7 (or lower), you have to create symlinks +
+[root nsopenssl]# cd /usr/local/aolserver/lib
+[root lib]# ln -s /usr/local/ssl/lib/libssl.so.0.9.7 libssl.so.0.9.7
+[root lib]# ln -s /usr/local/ssl/lib/libcrypto.so.0.9.7 libcrypto.so.0.9.7
+[root lib]#
+cd /usr/local/aolserver/lib
+ln -s /usr/local/ssl/lib/libssl.so.0.9.7 libssl.so.0.9.7
+ln -s /usr/local/ssl/lib/libcrypto.so.0.9.7 libcrypto.so.0.9.7
+
+
+
To enable SSL support in your server, make sure your config.tcl file has a section on "OpenSSL 3 with AOLserver4". If your ports for SSL are priviledged (below 1024), you will have to start AOLserver with prebinds for both your HTTP and your HTTPS port (usually by adding -b your_ip:your_http_port,your_ip:your_https_port to the nsd call).