| Prev | Chapter�6.�Maintenance | Next |
|---|
Maintenance tasks, optional software, and alternate configurations for AOLserver.
Assuming AOLserver started cleanly in the previous step, we'll set it up so that it's always running, and automatically restarts whenever it dies or is stopped. This step is strongly recommended, even for development sites, because it makes install and maintenance much simpler.
The Reference Platform uses Daemontools to control AOLserver. A simpler method, using init, is here.
Daemontools must already be installed. If not, install it.
Each service controlled by daemontools must have a +
Maintenance tasks, optional software, and alternate configurations for AOLserver.
The simplest way to start and stop and OpenACS site is to run the startup shell script provided, /var/lib/aolserver/service0/etc/daemontools/run. This runs as a regular task, and logs to the logfile. To stop the site, kill the script.
A more stable way to run OpenACS is with a "keepalive" mechanism of some sort, so that whenever the server halts or is stopped for a reset, it restarts automatically. This is recommended for development and production servers.
The Reference Platform uses Daemontools to control AOLserver. A simpler method, using init, is here.
Daemontools must already be installed. If not, install it.
Each service controlled by daemontools must have a directory in /service. That directory must have a file called run. Daemontools then @@ -54,7 +54,7 @@ Most of this information comes from Tom Jackson's AOLserver+Daemontools Mini-HOWTO.
This is an alternative method for keeping the AOLserver - process running. The recommended method is to run AOLserver + process running. The recommended method is to run AOLserver supervised.
This step should be completed as root. This can break every service on your machine, so proceed with caution. @@ -145,7 +145,7 @@ automated for startup and shutdown.
If you want your webserver to be http://yourserver.com, it must run on port 80, the default HTTP port. You set this in the config.tcl file. You will need to start the service as root. If you follow the instructions - above for automating + above for automating startup, this will be taken care of, but if you ever start the server from the command line, be sure to su - first. @@ -159,7 +159,7 @@ able to exploit your web server to execute a command on your server, they would not be able to gain root access.
Services on different ports.�To run a different service on another port but the same - ip, simply repeat Install OpenACS 5.0.0 replacing + ip, simply repeat Install OpenACS replacing service0, and change the
set httpport 8000 set httpsport 8443
@@ -182,8 +182,8 @@
Prepare a certificate directory for the service.
[service0 etc]$ mkdir /var/lib/aolserver/service0/etc/certs
[service0 etc]$ chmod 700 /var/lib/aolserver/service0/etc/certs
[service0 etc]$
-mkdir /var/lib/aolserver/service0/etc/certs
-chmod 700 /var/lib/aolserver/service0/etc/certsIt takes two files to support an SSL connection. The certificate is the public half of the key pair - the server sends the certificate to browser requesting ssl. The key is the private half of the key pair. In addition, the certificate must be signed by Certificate Authority or browsers will protest. Each web browser ships with a built-in list of acceptable Certificate Authorities (CAs) and their keys. Only a site certificate signed by a known and approved CA will work smoothly. Any other certificate will cause browsers to produce some messages or block the site. Unfortunately, getting a site certificate signed by a CA costs money. In this section, we'll generate an unsigned certificate which will work in most browsers, albeit with pop-up messages.
Use an OpenSSL perl script to generate a certificate and key.
[service0 service0]$ cd /var/lib/aolserver/service0/etc/certs
+mkdir /var/lib/aolserver/service0/etc/certs
+chmod 700 /var/lib/aolserver/service0/etc/certsIt takes two files to support an SSL connection. The certificate is the public half of the key pair - the server sends the certificate to browser requesting ssl. The key is the private half of the key pair. In addition, the certificate must be signed by Certificate Authority or browsers will protest. Each web browser ships with a built-in list of acceptable Certificate Authorities (CAs) and their keys. Only a site certificate signed by a known and approved CA will work smoothly. Any other certificate will cause browsers to produce some messages or block the site. Unfortunately, getting a site certificate signed by a CA costs money. In this section, we'll generate an unsigned certificate which will work in most browsers, albeit with pop-up messages.
Use an OpenSSL perl script to generate a certificate and key.
[service0 service0]$ cd /var/lib/aolserver/service0/etc/certs
[service0 certs]$ perl /usr/share/ssl/misc/CA -newcert
Using configuration from /usr/share/ssl/openssl.cnf
Generating a 1024 bit RSA private key
@@ -211,12 +211,12 @@
[service0 service0]$ cp /var/lib/aolserver/service0/packages/acs-core-docs/www/files/analog.cfg.txt etc/analog.cfg
[service0 service0]$ mkdir www/log
[service0 service0]$ cp -r /usr/share/analog-5.31/images www/log/
-[service0 service0]$
+[service0 service0]$
su - service0
cd /var/lib/aolserver/service0
cp /var/lib/aolserver/service0/packages/acs-core-docs/www/files/analog.cfg.txt etc/analog.cfg
mkdir www/log
-cp -r /usr/share/analog-5.31/images www/log/Edit +cp -r /usr/share/analog-5.31/images www/log/
Edit /var/lib/aolserver/service0/etc/analog.cfg and change the variable in HOSTNAME "[my organisation]" to reflect your website title. If you don't want the traffic log to be publicly visible, change