Index: openacs-4/packages/acs-core-docs/www/install-nsopenssl.html =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-core-docs/www/install-nsopenssl.html,v diff -u -r1.28 -r1.28.2.1 --- openacs-4/packages/acs-core-docs/www/install-nsopenssl.html 8 Nov 2017 09:42:11 -0000 1.28 +++ openacs-4/packages/acs-core-docs/www/install-nsopenssl.html 2 Mar 2019 19:30:05 -0000 1.28.2.1 @@ -1,26 +1,17 @@ -
By Joel Aufrecht and Malte Sussdorff
- </authorblurb> - -This AOLserver module is required if you want people to connect to your site via +
This AOLserver module is required if you want people to connect to your site via https. These commands compile nsopenssl and install it, along with a Tcl helper script to handle https connections. You will also need ssl certificates. Because those should be different for each server service, you won't need those instructions until - later.
-You will need the unpacked Aolserver tarball in + later.
You will need the unpacked Aolserver tarball in
/usr/local/src/aolserver
and
the nsopenssl tarball in
- /tmp
.
Red Hat 9 note: see this - thread for details on compiling nsopenssl.)
- -[root bin]#cd /usr/local/src/aolserver
+/tmp
.Red Hat 9 note: see this + thread for details on compiling nsopenssl.)
[root bin]#-cd /usr/local/src/aolserver
[root aolserver]#wget --passive http://www.scottg.net/download/nsopenssl-2.1.tar.gz
[root aolserver]#tar xzf nsopenssl-2.1.tar.gz
[root aolserver]#cd nsopenssl-2.1
@@ -31,30 +22,21 @@ [root nsopenssl-2.1]#cp nsopenssl.so /usr/local/aolserver/bin
[root nsopenssl-2.1]#cp https.tcl /usr/local/aolserver/modules/tcl/
[root nsopenssl-2.1]# -cd /usr/local/src/aolserver +cd /usr/local/src/aolserver wget --passive http://www.scottg.net/download/nsopenssl-2.1.tar.gz tar xzf nsopenssl-2.1.tar.gz cd nsopenssl-2.1 make OPENSSL=/usr/local/ssl cp nsopenssl.so /usr/local/aolserver/bin -cp https.tcl /usr/local/aolserver/modules/tcl/For Debian (more - information):
-apt-get install libssl-dev +cp https.tcl /usr/local/aolserver/modules/tcl/
For Debian (more + information):
apt-get install libssl-dev cd /usr/local/src/aolserver tar xzf /tmp/nsopenssl-2.1.tar.gz cd nsopenssl-2.1 make OPENSSL=/usr/lib/ssl cp nsopenssl.so /usr/local/aolserver/bin -cp https.tcl /usr/local/aolserver/modules/tcl/
-
You will need the AOLserver4 source in /usr/local/src/aolserver/aolserver
and OpenSSL installed in /usr/local/ssl
(or at least symlinked there). The use of INST=/point/to/aolserver
is being replaced with AOLSERVER=/point/to/aolserver
. We are including both here, because while this module still requires INST, if one just uses AOLSERVER, the default value would be used and could intefere with another existing installation.
FreeBSD note: build nsopenssl with gmake install OPENSSL=/usr/local/openssl AOLSERVER=/usr/local/aolserver4r10
-
[root bin]# cd /usr/local/src/aolserver
+cp https.tcl /usr/local/aolserver/modules/tcl/
You will need the AOLserver4 source in /usr/local/src/aolserver/aolserver
and OpenSSL installed in /usr/local/ssl
(or at least symlinked there). The use of INST=/point/to/aolserver
is being replaced with AOLSERVER=/point/to/aolserver
. We are including both here, because while this module still requires INST, if one just uses AOLSERVER, the default value would be used and could intefere with another existing installation.
FreeBSD note: build nsopenssl with gmake install OPENSSL=/usr/local/openssl AOLSERVER=/usr/local/aolserver4r10
+
[root bin]#-cd /usr/local/src/aolserver
[root aolserver]#cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/aolserver login
[root aolserver]#cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/aolserver co nsopenssl
[root aolserver]#cd nsopenssl
@@ -63,40 +45,30 @@ (many lines omitted) [root nsopenssl-2.1]#make install OPENSSL=/usr/local/ssl AOLSERVER=/usr/local/aolserver4r10 INST=/usr/local/aolserver4r10
[root nsopenssl-2.1]# -cd /usr/local/src/aolserver +cd /usr/local/src/aolserver cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/aolserver login cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/aolserver co nsopenssl cd nsopenssl make OPENSSL=/usr/local/ssl -make install OPENSSL=/usr/local/ssl AOLSERVER=/usr/local/aolserver AOLSERVER=/usr/local/aolserver4r10
If you have problems starting your server with nsopenssl.so due to missing libssl.so.0.9.7 (or lower), you have to create symlinks +make install OPENSSL=/usr/local/ssl AOLSERVER=/usr/local/aolserver AOLSERVER=/usr/local/aolserver4r10
If you have problems starting your server with nsopenssl.so due to missing libssl.so.0.9.7 (or lower), you have to create symlinks
[root nsopenssl]#cd /usr/local/aolserver/lib
[root lib]#ln -s /usr/local/ssl/lib/libssl.so.0.9.7 libssl.so.0.9.7
[root lib]#ln -s /usr/local/ssl/lib/libcrypto.so.0.9.7 libcrypto.so.0.9.7
[root lib]# -cd /usr/local/aolserver/lib +cd /usr/local/aolserver/lib ln -s /usr/local/ssl/lib/libssl.so.0.9.7 libssl.so.0.9.7 ln -s /usr/local/ssl/lib/libcrypto.so.0.9.7 libcrypto.so.0.9.7 - +
-
- -SSL support must be enabled separately in each OpenACS - server (Generate ssl certificates.
- -If your ports for SSL are privileged (below 1024), you +
SSL support must be enabled separately in each OpenACS + server (Generate ssl certificates.
If your ports for SSL are privileged (below 1024), you
will have to start AOLserver with prebinds for both your HTTP
and your HTTPS port (usually by adding -b
-
+ your_ip:your_http_port,your_ip:your_https_port
to the nsd call. If you are using daemontools, this can be
changed in your your_ip:your_http_port
,your_ip:your_https_port
etc/daemontools/run
- file
).
To enable SSL support in your server, make sure your + file).
To enable SSL support in your server, make sure your
etc/config.tcl file has a section on "OpenSSL 3 with AOLserver4". If
that section is not present, try looking at the README file in
- /usr/local/src/aolserver/nsopenssl
.
/usr/local/src/aolserver/nsopenssl
.