Index: openacs-4/packages/acs-core-docs/www/install-nsopenssl.adp =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-core-docs/www/install-nsopenssl.adp,v diff -u -r1.2 -r1.3 --- openacs-4/packages/acs-core-docs/www/install-nsopenssl.adp 7 Aug 2017 23:47:50 -0000 1.2 +++ openacs-4/packages/acs-core-docs/www/install-nsopenssl.adp 8 Nov 2017 09:42:11 -0000 1.3 @@ -3,18 +3,16 @@ Install nsopenssl

-Install nsopenssl

-

By Joel Aufrecht and Malte Sussdorff -

-OpenACS docs are written by the named authors, and may be edited by -OpenACS documentation staff.

This AOLserver module is required if you want people to connect +Install nsopenssl

<authorblurb>

By Joel Aufrecht and +Malte Sussdorff +

</authorblurb>

This AOLserver module is required if you want people to connect to your site via https. These commands compile nsopenssl and install it, along with a Tcl helper script to handle https connections. You will also need ssl certificates. Because those @@ -36,20 +34,20 @@ [root nsopenssl-2.1]# cp nsopenssl.so /usr/local/aolserver/bin [root nsopenssl-2.1]# cp https.tcl /usr/local/aolserver/modules/tcl/ [root nsopenssl-2.1]# -cd /usr/local/src/aolserver +cd /usr/local/src/aolserver wget --passive http://www.scottg.net/download/nsopenssl-2.1.tar.gz tar xzf nsopenssl-2.1.tar.gz cd nsopenssl-2.1 make OPENSSL=/usr/local/ssl cp nsopenssl.so /usr/local/aolserver/bin -cp https.tcl /usr/local/aolserver/modules/tcl/ -

For Debian (more information):

apt-get install libssl-dev
+cp https.tcl /usr/local/aolserver/modules/tcl/
+

For Debian (more information):

apt-get install libssl-dev
 cd /usr/local/src/aolserver
 tar xzf /tmp/nsopenssl-2.1.tar.gz
 cd nsopenssl-2.1
 make OPENSSL=/usr/lib/ssl
 cp nsopenssl.so /usr/local/aolserver/bin
-cp https.tcl /usr/local/aolserver/modules/tcl/
+cp https.tcl /usr/local/aolserver/modules/tcl/

Install on AOLserver4

You will need the AOLserver4 source in /usr/local/src/aolserver/aolserver and @@ -70,40 +68,40 @@ (many lines omitted) [root nsopenssl-2.1]# make install OPENSSL=/usr/local/ssl AOLSERVER=/usr/local/aolserver4r10 INST=/usr/local/aolserver4r10 [root nsopenssl-2.1]# -cd /usr/local/src/aolserver +cd /usr/local/src/aolserver cvs -d:pserver:anonymous\@cvs.sourceforge.net:/cvsroot/aolserver login cvs -d:pserver:anonymous\@cvs.sourceforge.net:/cvsroot/aolserver co nsopenssl cd nsopenssl make OPENSSL=/usr/local/ssl -make install OPENSSL=/usr/local/ssl AOLSERVER=/usr/local/aolserver AOLSERVER=/usr/local/aolserver4r10 +make install OPENSSL=/usr/local/ssl AOLSERVER=/usr/local/aolserver AOLSERVER=/usr/local/aolserver4r10

If you have problems starting your server with nsopenssl.so due to missing libssl.so.0.9.7 (or lower), you have to create symlinks

 [root nsopenssl]# cd /usr/local/aolserver/lib
 [root lib]# ln -s /usr/local/ssl/lib/libssl.so.0.9.7 libssl.so.0.9.7
 [root lib]# ln -s /usr/local/ssl/lib/libcrypto.so.0.9.7 libcrypto.so.0.9.7
 [root lib]#
-cd /usr/local/aolserver/lib
+cd /usr/local/aolserver/lib
 ln -s /usr/local/ssl/lib/libssl.so.0.9.7 libssl.so.0.9.7
 ln -s /usr/local/ssl/lib/libcrypto.so.0.9.7 libcrypto.so.0.9.7
-
+

SSL support must be enabled separately in each OpenACS server (Generate ssl certificates.

If your ports for SSL are privileged (below 1024), you will have to start AOLserver with prebinds for both your HTTP and your HTTPS -port (usually by adding -b -your_ip:your_http_port,your_ip:your_https_port - to the -nsd call. If you are using daemontools, this can be changed in your -etc/daemontools/run file).

To enable SSL support in your server, make sure your +port (usually by adding -b your_ip:your_http_port,your_ip:your_https_port + to +the nsd call. If you are using daemontools, this can be changed in +your etc/daemontools/run +file).

To enable SSL support in your server, make sure your etc/config.tcl file has a section on "OpenSSL 3 with AOLserver4". If that section is not present, try looking at the README file in /usr/local/src/aolserver/nsopenssl.