Index: openacs-dist/debian/debian-binary =================================================================== RCS file: /usr/local/cvsroot/openacs-dist/debian/debian-binary,v diff -u --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ openacs-dist/debian/debian-binary 12 Sep 2006 13:51:44 -0000 1.1 @@ -0,0 +1 @@ +2.0 Index: openacs-dist/debian/debian/DEBIAN/control =================================================================== RCS file: /usr/local/cvsroot/openacs-dist/debian/debian/DEBIAN/Attic/control,v diff -u --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ openacs-dist/debian/debian/DEBIAN/control 12 Sep 2006 13:51:44 -0000 1.1 @@ -0,0 +1,8 @@ +Package: dotlrn +Version: 2.2.0-0 +Section: web +Priority: optional +Architecture: i386 +Depends: aolserver4, aolserver4-nscache, aolserver4-nspostgres, aolserver4-nssha1, tdom, postgresql +Maintainer: Dirk Gomez +Description: .LRN 2.2.0 Index: openacs-dist/debian/debian/DEBIAN/postinst =================================================================== RCS file: /usr/local/cvsroot/openacs-dist/debian/debian/DEBIAN/postinst,v diff -u --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ openacs-dist/debian/debian/DEBIAN/postinst 12 Sep 2006 13:51:44 -0000 1.1 @@ -0,0 +1,41 @@ +#!/bin/sh + +echo "Shutting down aolserver" +/etc/init.d/aolserver4 stop +# make sure nsd is really gone +pkill nsd + +echo "Remove the dummy files from debian's stock aolserver installation" +rm -rf /var/www/index.html /var/www/icons + +echo "Create the www-data user in Postgres and the dotlrn database." +su - postgres "dropuser www-data" +su - postgres "dropdb dotlrn" +su - postgres "createuser -a -d www-data" +su - postgres "createdb -E UNICODE dotlrn" +su - postgres "createlang plpgsql dotlrn" + +echo "Adding vacummdb analyze jobs for dotlrn database to postgres' crontab" +su - postgres "crontab -l > /tmp/pgcrontab.$$; \ +echo @hourly /usr/local/pgsql/bin/vacuumdb --analyze dotlrn >>/tmp/pgcrontab.$$; \ +echo @daily /usr/local/pgsql/bin/vacuumdb --full --analyze dotlrn >>/tmp/pgcrontab.$$; \ +crontab /tmp/pgcrontab.$$; \ +rm /tmp/pgcrontab.$$;" + +echo "Saving default aolserver and postgresql config in /usr/share/doc/dotlrn/default-etc." +cp -p /etc/init.d/aolserver4 /usr/share/doc/dotlrn/default-etc/init.d/ +cp -p /etc/aolserver4/aolserver4.tcl /usr/share/doc/dotlrn/default-etc/aolserver4/ +cp -p /etc/postgresql/postgresql.conf /usr/share/doc/dotlrn/default-etc/postgresql/ +cp -p /etc/postgresql/pg_hba.conf /usr/share/doc/dotlrn/default-etc/postgresql/ + +echo "Overriding default aolserver and postgresql config." +cp -p /usr/share/doc/dotlrn/etc/init.d/aolserver4 /etc/init.d/ +cp -p /usr/share/doc/dotlrn/etc/aolserver4/aolserver4.tcl /etc/aolserver4/ +cp -p /usr/share/doc/dotlrn/etc/postgresql/postgresql.conf /etc/postgresql/ +cp -p /usr/share/doc/dotlrn/etc/postgresql/pg_hba.conf /etc/postgresql/ + +echo "Restarting postgresql" +/etc/init.d/postgresql restart + +echo "Restarting aolserver" +/etc/init.d/aolserver4 restart Index: openacs-dist/debian/debian/DEBIAN/prerm =================================================================== RCS file: /usr/local/cvsroot/openacs-dist/debian/debian/DEBIAN/prerm,v diff -u --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ openacs-dist/debian/debian/DEBIAN/prerm 12 Sep 2006 13:51:44 -0000 1.1 @@ -0,0 +1,24 @@ +#!/bin/sh +echo "Shutting down aolserver" +/etc/init.d/aolserver4 stop +# make sure nsd is really gone +pkill nsd + +echo "Removing the www-data user in Postgres and the dotlrn database." +su - postgres "dropuser www-data" +su - postgres "dropdb dotlrn" + +echo "Removing the dotlrn crontab jobs from postgres' crontab" +su - postgres "crontab -l |grep -v dotlrn> /tmp/pgcrontab.$$; \ +crontab /tmp/pgcrontab.$$; \ +rm /tmp/pgcrontab.$$;" + +echo "Restoring default aolserver and postgresql config." +cp -p /usr/share/doc/dotlrn/default-etc/init.d/aolserver4 /etc/init.d/ +cp -p /usr/share/doc/dotlrn/default-etc/aolserver4/aolserver4.tcl /etc/aolserver4/ +cp -p /usr/share/doc/dotlrn/default-etc/postgresql/postgresql.conf /etc/postgresql/ +cp -p /usr/share/doc/dotlrn/default-etc/postgresql/pg_hba.conf /etc/postgresql/ + +echo "Restarting aolserver" +/etc/init.d/aolserver4 start + Index: openacs-dist/debian/debian/usr/share/doc/dotlrn/aolserver4/aolserver4.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-dist/debian/debian/usr/share/doc/dotlrn/aolserver4/aolserver4.tcl,v diff -u --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ openacs-dist/debian/debian/usr/share/doc/dotlrn/aolserver4/aolserver4.tcl 12 Sep 2006 13:51:44 -0000 1.1 @@ -0,0 +1,644 @@ +ns_log notice "nsd.tcl: starting to read config file..." + +###################################################################### +# +# Instance-specific settings +# These default settings will only work in limited circumstances +# Two servers with default settings cannot run on the same host +# +###################################################################### + +#--------------------------------------------------------------------- +# change to 80 and 443 for production use +set httpport 80 +set httpsport 443 + +# /var/lib/aolserver/service0/packages/etc/daemontools/run + +# The hostname and address should be set to actual values. +# setting the address to 0.0.0.0 means aolserver listens on all interfaces +set hostname [ns_info hostname] +#set address [ns_info address] +set address 0.0.0.0 + +# Note: If port is privileged (usually < 1024), OpenACS must be +# started by root, and, in AOLserver 4, the run script have a +# '-b address' flag which matches the address according to settings (above) + +set server "dotlrn" +set servername "New .LRN Installation - Debian Package" + +set serverroot "/var/www/" + +#--------------------------------------------------------------------- +# which database do you want? postgres or oracle +set database postgres + +set db_name dotlrn + +if { $database == "oracle" } { + set db_password "mysitepassword" +} else { + set db_host localhost + set db_port 5432 + set db_user www-data +} + +#--------------------------------------------------------------------- +# if debug is false, all debugging will be turned off +set debug false + +set homedir /usr/lib/aolserver4 +set bindir ${homedir}/bin + + +###################################################################### +# +# End of instance-specific settings +# +# Nothing below this point need be changed in a default install. +# +###################################################################### + + +#--------------------------------------------------------------------- +# +# AOLserver's directories. Autoconfigurable. +# +#--------------------------------------------------------------------- +# Where are your pages going to live ? +set pageroot ${serverroot}/www +set directoryfile index.tcl,index.adp,index.html,index.htm + + +#--------------------------------------------------------------------- +# Global server parameters +#--------------------------------------------------------------------- +ns_section ns/parameters + ns_param serverlog /var/log/aolserver4/error.log + ns_param home $homedir + # maxkeepalive is ignored in aolserver4.x + ns_param maxkeepalive 0 + ns_param logroll on + ns_param maxbackup 5 + ns_param debug $debug +# ns_param mailhost localhost + ns_param user www-data + ns_param group www-data + + +# If setting port below 1024 with AOLServer 4, read comments in file: + + # setting to Unicode by default + # see http://dqd.com/~mayoff/encoding-doc.html + ns_param HackContentType 1 + ns_param DefaultCharset utf-8 + ns_param HttpOpenCharset utf-8 + ns_param OutputCharset utf-8 + ns_param URLCharset utf-8 + +#--------------------------------------------------------------------- +# Thread library (nsthread) parameters +#--------------------------------------------------------------------- +ns_section ns/threads + ns_param mutexmeter true ;# measure lock contention + # The per-thread stack size must be a multiple of 8k for AOLServer to run under MacOS X + ns_param stacksize [expr 128 * 8192] + +# +# MIME types. +# +ns_section ns/mimetypes + # Note: AOLserver already has an exhaustive list of MIME types: + # see: /usr/local/src/aolserver-4.{version}/aolserver/nsd/mimetypes.c + # but in case something is missing you can add it here. + ns_param Default text/plain + ns_param NoExtension text/plain + ns_param .pcd image/x-photo-cd + ns_param .prc application/x-pilot + ns_param .xls application/vnd.ms-excel + ns_param .doc application/vnd.ms-word + + +#--------------------------------------------------------------------- +# +# Server-level configuration +# +# There is only one server in AOLserver, but this is helpful when multiple +# servers share the same configuration file. This file assumes that only +# one server is in use so it is set at the top in the "server" Tcl variable +# Other host-specific values are set up above as Tcl variables, too. +# +#--------------------------------------------------------------------- +ns_section ns/servers + ns_param $server $servername + +# +# Server parameters +# +ns_section ns/server/${server} + ns_param directoryfile $directoryfile + ns_param pageroot $pageroot + ns_param maxconnections 100 ;# Max connections to put on queue + ns_param maxdropped 0 + ns_param maxthreads 10 + ns_param minthreads 5 + ns_param threadtimeout 120 ;# Idle threads die at this rate + ns_param globalstats false ;# Enable built-in statistics + ns_param urlstats false ;# Enable URL statistics + ns_param maxurlstats 1000 ;# Max number of URL's to do stats on +# ns_param directoryadp $pageroot/dirlist.adp ;# Choose one or the other +# ns_param directoryproc _ns_dirlist ;# ...but not both! +# ns_param directorylisting fancy ;# Can be simple or fancy + + # + # Special HTTP pages + # + ns_param NotFoundResponse "/global/file-not-found.html" + ns_param ServerBusyResponse "/global/busy.html" + ns_param ServerInternalErrorResponse "/global/error.html" + +#--------------------------------------------------------------------- +# +# ADP (AOLserver Dynamic Page) configuration +# +#--------------------------------------------------------------------- +ns_section ns/server/${server}/adp + ns_param map /*.adp ;# Extensions to parse as ADP's +# ns_param map "/*.html" ;# Any extension can be mapped + ns_param enableexpire false ;# Set "Expires: now" on all ADP's + ns_param enabledebug $debug ;# Allow Tclpro debugging with "?debug" + ns_param defaultparser fancy + +ns_section ns/server/${server}/adp/parsers + ns_param fancy ".adp" + +ns_section ns/server/${server}/redirects + ns_param 404 "global/file-not-found.html" + ns_param 403 "global/forbidden.html" + +# +# Tcl Configuration +# +ns_section ns/server/${server}/tcl + ns_param library ${serverroot}/tcl + ns_param autoclose on + ns_param debug $debug + +#--------------------------------------------------------------------- +# +# Rollout email support +# +# These procs help manage differing email behavior on +# dev/staging/production. +# +#--------------------------------------------------------------------- +ns_section ns/server/${server}/acs/acs-rollout-support + + # EmailDeliveryMode can be: + # default: Email messages are sent in the usual manner. + # log: Email messages are written to the server's error log. + # redirect: Email messages are redirected to the addresses specified + # by the EmailRedirectTo parameter. If this list is absent + # or empty, email messages are written to the server's error log. + # filter: Email messages are sent to in the usual manner if the + # recipient appears in the EmailAllow parameter, otherwise they + # are logged. + +# ns_param EmailDeliveryMode redirect +# ns_param EmailRedirectTo somenerd@yourdomain.test, othernerd@yourdomain.test +# ns_param EmailAllow somenerd@yourdomain.test,othernerd@yourdomain.test + +#--------------------------------------------------------------------- +# +# WebDAV Support (optional, requires oacs-dav package to be installed +# +#--------------------------------------------------------------------- +ns_section ns/server/${server}/tdav + ns_param propdir ${serverroot}/data/dav/properties + ns_param lockdir ${serverroot}/data/dav/locks + ns_param defaultlocktimeout "300" + +ns_section ns/server/${server}/tdav/shares + ns_param share1 "OpenACS" +# ns_param share2 "Share 2 description" + +ns_section ns/server/${server}/tdav/share/share1 + ns_param uri "/dav/*" + # all WebDAV options + ns_param options "OPTIONS COPY GET PUT MOVE DELETE HEAD MKCOL POST PROPFIND PROPPATCH LOCK UNLOCK" + +#ns_section ns/server/${server}/tdav/share/share2 +# ns_param uri "/share2/path/*" + # read-only WebDAV options +# ns_param options "OPTIONS COPY GET HEAD MKCOL POST PROPFIND PROPPATCH" + + +#--------------------------------------------------------------------- +# +# Socket driver module (HTTP) -- nssock +# +#--------------------------------------------------------------------- +ns_section ns/server/${server}/module/nssock + ns_param timeout 120 + ns_param address $address + ns_param hostname $hostname + ns_param port $httpport +# setting maxinput higher than practical may leave the server vulnerable to resource DoS attacks +# see http://www.panoptic.com/wiki/aolserver/166 + ns_param maxinput [expr 20 * 1024 * 1024] ;# Maximum File Size for uploads in bytes + ns_param recvwait [expr 5 * 60] ;# Maximum request time in minutes + + +#--------------------------------------------------------------------- +# +# Access log -- nslog +# +#--------------------------------------------------------------------- +ns_section ns/server/${server}/module/nslog + ns_param debug false + ns_param dev false + ns_param enablehostnamelookup false + ns_param file ${serverroot}/log/${server}.log + ns_param logcombined true + ns_param extendedheaders COOKIE +# ns_param logrefer false +# ns_param loguseragent false + ns_param logreqtime true + ns_param maxbackup 1000 + ns_param rollday * + ns_param rollfmt %Y-%m-%d-%H:%M + ns_param rollhour 0 + ns_param rollonsignal true + ns_param rolllog true + +#--------------------------------------------------------------------- +# +# nsjava - aolserver module that embeds a java virtual machine. Needed to +# support webmail. See http://nsjava.sourceforge.net for further +# details. This may need to be updated for OpenACS4 webmail +# +#--------------------------------------------------------------------- +ns_section ns/server/${server}/module/nsjava + ns_param enablejava off ;# Set to on to enable nsjava. + ns_param verbosejvm off ;# Same as command line -debug. + ns_param loglevel Notice + ns_param destroyjvm off ;# Destroy jvm on shutdown. + ns_param disablejitcompiler off + ns_param classpath /usr/local/jdk/jdk118_v1/lib/classes.zip:${bindir}/nsjava.jar:${pageroot}/webmail/java/activation.jar:${pageroot}/webmail/java/mail.jar:${pageroot}/webmail/java + +#--------------------------------------------------------------------- +# +# CGI interface -- nscgi, if you have legacy stuff. Tcl or ADP files inside +# AOLserver are vastly superior to CGIs. I haven't tested these params but they +# should be right. +# +#--------------------------------------------------------------------- +#ns_section "ns/server/${server}/module/nscgi" +# ns_param map "GET /cgi-bin/ ${serverroot}/cgi-bin" +# ns_param map "POST /cgi-bin/ ${serverroot}/cgi-bin" +# ns_param Interps CGIinterps + +#ns_section "ns/interps/CGIinterps" +# ns_param .pl "/usr/bin/perl" + + +#--------------------------------------------------------------------- +# +# PAM authentication +# +#--------------------------------------------------------------------- +ns_section ns/server/${server}/module/nspam + ns_param PamDomain "pam_domain" + + +#--------------------------------------------------------------------- +# +# OpenSSL for Aolserver 3.3 and 4 +# +#--------------------------------------------------------------------- +if { [ns_info version] < 4} { + + #--------------------------------------------------------------------- + # OpenSSL for Aolserver 3.3 + #--------------------------------------------------------------------- + + ns_section "ns/server/${server}/module/nsopenssl" + + ns_param ModuleDir ${serverroot}/etc/certs + + # NSD-driven connections: + ns_param ServerPort $httpsport + ns_param ServerHostname $hostname + ns_param ServerAddress $address + ns_param ServerCertFile certfile.pem + ns_param ServerKeyFile keyfile.pem + ns_param ServerProtocols "SSLv2, SSLv3, TLSv1" + ns_param ServerCipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" + ns_param ServerSessionCache true + ns_param ServerSessionCacheID 1 + ns_param ServerSessionCacheSize 512 + ns_param ServerSessionCacheTimeout 300 + ns_param ServerPeerVerify false + ns_param ServerPeerVerifyDepth 3 + ns_param ServerCADir ca + ns_param ServerCAFile ca.pem + ns_param ServerTrace false + + # For listening and accepting SSL connections via Tcl/C API: + ns_param SockServerCertFile certfile.pem + ns_param SockServerKeyFile keyfile.pem + ns_param SockServerProtocols "SSLv2, SSLv3, TLSv1" + ns_param SockServerCipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" + ns_param SockServerSessionCache true + ns_param SockServerSessionCacheID 2 + ns_param SockServerSessionCacheSize 512 + ns_param SockServerSessionCacheTimeout 300 + ns_param SockServerPeerVerify false + ns_param SockServerPeerVerifyDepth 3 + ns_param SockServerCADir internal_ca + ns_param SockServerCAFile internal_ca.pem + ns_param SockServerTrace false + + # Outgoing SSL connections + ns_param SockClientCertFile certfile.pem + ns_param SockClientKeyFile keyfile.pem + ns_param SockClientProtocols "SSLv2, SSLv3, TLSv1" + ns_param SockClientCipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" + ns_param SockClientSessionCache false + ns_param SockClientSessionCacheID 3 + ns_param SockClientSessionCacheSize 512 + ns_param SockClientSessionCacheTimeout 300 + ns_param SockClientPeerVerify false + ns_param SockServerPeerVerifyDepth 3 + ns_param SockClientCADir ca + ns_param SockClientCAFile ca.pem + ns_param SockClientTrace false + + # OpenSSL library support: + # ns_param RandomFile /some/file + ns_param SeedBytes 1024 + +} else { + + #--------------------------------------------------------------------- + # OpenSSL for Aolserver 4 + #--------------------------------------------------------------------- + ns_section "ns/server/${server}/module/nsopenssl" + + # Note this portion of the configuration is not perfect, and you + # will get errors in the your error.log. However, it does + # work. Fixes welcome. + + # this is used by acs-tcl/tcl/security-procs.tcl to get the + # https port. + ns_param ServerPort $httpsport + + # We explicitly tell the server which SSL contexts to use as defaults when an + # SSL context is not specified for a particular client or server SSL + # connection. Driver connections do not use defaults; they must be explicitly + # specificied in the driver section. The Tcl API will use the defaults as there + # is currently no provision to specify which SSL context to use for a + # particular connection via an ns_openssl Tcl command. + ns_section "ns/server/${server}/module/nsopenssl/sslcontexts" + ns_param users "SSL context used for regular user access" + # ns_param admins "SSL context used for administrator access" + ns_param client "SSL context used for outgoing script socket connections" + + ns_section "ns/server/${server}/module/nsopenssl/defaults" + ns_param server users + ns_param client client + + ns_section "ns/server/${server}/module/nsopenssl/sslcontext/users" + ns_param Role server + ns_param ModuleDir ${serverroot}/etc/certs + ns_param CertFile certfile.pem + ns_param KeyFile keyfile.pem + # ns_param CADir ca-client/dir + # ns_param CAFile ca-client/ca-client.crt + # for Protocols "ALL" = "SSLv2, SSLv3, TLSv1" + ns_param Protocols "SSLv3, TLSv1" + ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" + ns_param PeerVerify false + ns_param PeerVerifyDepth 3 + ns_param Trace false + + # following from bartt's nsd4.tcl, might help stablize openssl connections? + # http://www.mail-archive.com/aolserver@listserv.aol.com/msg07092.html + ns_param SessionCache true + ns_param SessionCacheID 1 + ns_param SessionCacheSize 512 + ns_param SessionCacheTimeout 300 + + +# ns_section "ns/server/${server}/module/nsopenssl/sslcontext/admins" + # ns_param Role server + # ns_param ModuleDir /path/to/dir + # ns_param CertFile server/server.crt + # ns_param KeyFile server/server.key + # ns_param CADir ca-client/dir + # ns_param CAFile ca-client/ca-client.crt + # for Protocols "ALL" = "SSLv2, SSLv3, TLSv1" + # ns_param Protocols "All" + # ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" + # ns_param PeerVerify false + # ns_param PeerVerifyDepth 3 + # ns_param Trace false + + ns_section "ns/server/${server}/module/nsopenssl/sslcontext/client" + ns_param Role client + ns_param ModuleDir ${serverroot}/etc/certs + ns_param CertFile certfile.pem + ns_param KeyFile keyfile.pem + # ns_param CADir ${serverroot}/etc/certs + # ns_param CAFile certfile.pem + # for Protocols "ALL" = "SSLv2, SSLv3, TLSv1" + ns_param Protocols "SSLv2, SSLv3, TLSv1" + ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" + ns_param PeerVerify false + ns_param PeerVerifyDepth 3 + ns_param Trace false + + # following from bartt's nsd4.tcl, might help stablize openssl connections? + # http://www.mail-archive.com/aolserver@listserv.aol.com/msg07092.html + ns_param SessionCache true + ns_param SessionCacheID 1 + ns_param SessionCacheSize 512 + ns_param SessionCacheTimeout 300 + + # SSL drivers. Each driver defines a port to listen on and an explitictly named + # SSL context to associate with it. Note that you can now have multiple driver + # connections within a single virtual server, which can be tied to different + # SSL contexts. + ns_section "ns/server/${server}/module/nsopenssl/ssldrivers" + ns_param users "Driver for regular user access" + # ns_param admins "Driver for administrator access" + + ns_section "ns/server/${server}/module/nsopenssl/ssldriver/users" + ns_param sslcontext users + # ns_param port $httpsport_users + ns_param port $httpsport + ns_param hostname $hostname + ns_param address $address + # following added per + # http://www.mail-archive.com/aolserver@listserv.aol.com/msg07365.html + # Maximum File Size for uploads: + ns_param maxinput [expr 5 * 1024 * 1024] ;# in bytes + # Maximum request time + ns_param recvwait [expr 5 * 60] ;# in minutes + +# ns_section "ns/server/${server}/module/nsopenssl/ssldriver/admins" + # ns_param sslcontext admins + # ns_param port $httpsport_admins + # ns_param port $httpsport + # ns_param hostname $hostname + # ns_param address $address +} + +#--------------------------------------------------------------------- +# +# Database drivers +# The database driver is specified here. +# Make sure you have the driver compiled and put it in {aolserverdir}/bin +# +#--------------------------------------------------------------------- +ns_section "ns/db/drivers" +if { $database == "oracle" } { + ns_param ora8 ${bindir}/ora8.so +} else { + ns_param postgres ${bindir}/nspostgres.so ;# Load PostgreSQL driver +} + +if { $database == "oracle" } { + ns_section "ns/db/driver/ora8" + ns_param maxStringLogLength -1 + ns_param LobBufferSize 32768 +} + + +# Database Pools: This is how AOLserver ``talks'' to the RDBMS. You need +# three for OpenACS: main, log, subquery. Make sure to replace ``yourdb'' +# and ``yourpassword'' with the actual values for your db name and the +# password for it, if needed. +# +# AOLserver can have different pools connecting to different databases +# and even different different database servers. See +# http://openacs.org/doc/openacs-5-1/tutorial-second-database.html + +ns_section ns/db/pools + ns_param pool1 "Pool 1" + ns_param pool2 "Pool 2" + ns_param pool3 "Pool 3" + +ns_section ns/db/pool/pool1 + ns_param maxidle 1000000000 + ns_param maxopen 1000000000 + ns_param connections 5 + ns_param verbose $debug + ns_param extendedtableinfo true + ns_param logsqlerrors $debug + if { $database == "oracle" } { + ns_param driver ora8 + ns_param datasource {} + ns_param user $db_name + ns_param password $db_password + } else { + ns_param driver postgres + ns_param datasource ${db_host}:${db_port}:${db_name} + ns_param user $db_user + ns_param password "" + } + +ns_section ns/db/pool/pool2 + ns_param maxidle 1000000000 + ns_param maxopen 1000000000 + ns_param connections 5 + ns_param verbose $debug + ns_param extendedtableinfo true + ns_param logsqlerrors $debug + if { $database == "oracle" } { + ns_param driver ora8 + ns_param datasource {} + ns_param user $db_name + ns_param password $db_password + } else { + ns_param driver postgres + ns_param datasource ${db_host}:${db_port}:${db_name} + ns_param user $db_user + ns_param password "" + } + +ns_section ns/db/pool/pool3 + ns_param maxidle 1000000000 + ns_param maxopen 1000000000 + ns_param connections 5 + ns_param verbose $debug + ns_param extendedtableinfo true + ns_param logsqlerrors $debug + if { $database == "oracle" } { + ns_param driver ora8 + ns_param datasource {} + ns_param user $db_name + ns_param password $db_password + } else { + ns_param driver postgres + ns_param datasource ${db_host}:${db_port}:${db_name} + ns_param user $db_user + ns_param password "" + } + +ns_section ns/server/${server}/db + ns_param pools "*" + ns_param defaultpool pool1 + + +#--------------------------------------------------------------------- +# which modules should be loaded? Missing modules break the server, so +# don't uncomment modules unless they have been installed. +ns_section ns/server/${server}/modules + ns_param nssock ${bindir}/nssock.so + ns_param nslog ${bindir}/nslog.so + ns_param nssha1 ${bindir}/nssha1.so + ns_param nscache ${bindir}/nscache.so + + # openacs versions earlier than 5.x requires nsxml +# ns_param nsxml ${bindir}/nsxml.so + + #--------------------------------------------------------------------- + # nsopenssl will fail unless the cert files are present as specified + # later in this file, so it's disabled by default +# ns_param nsopenssl ${bindir}/nsopenssl.so + + # authorize-gateway package requires dqd_utils + # ns_param dqd_utils dqd_utils[expr {int($tcl_version)}].so + + # Full Text Search +# ns_param nsfts ${bindir}/nsfts.so + + # PAM authentication +# ns_param nspam ${bindir}/nspam.so + + # LDAP authentication +# ns_param nsldap ${bindir}/nsldap.so + + # These modules aren't used in standard OpenACS installs +# ns_param nsperm ${bindir}/nsperm.so +# ns_param nscgi ${bindir}/nscgi.so +# ns_param nsjava ${bindir}/libnsjava.so +# ns_param nsrewrite ${bindir}/nsrewrite.so + + if { [ns_info version] >= 4 } { + # Required for AOLserver 4.x + ns_param nsdb ${bindir}/nsdb.so + } else { + # Required for AOLserver 3.x + ns_param libtdom ${bindir}/libtdom.so + } + + # nsthread library which should become standard in 5.3 + if {[file exists ${homedir}/lib/thread2.6.2/libthread2.6.2.so]} { + ns_param libthread ${homedir}/lib/thread2.6.2/libthread2.6.2.so + } + +ns_log notice "nsd.tcl: using threadsafe tcl: [info exists tcl_platform(threaded)]" +ns_log notice "nsd.tcl: finished reading config file." Index: openacs-dist/debian/debian/usr/share/doc/dotlrn/etc/aolserver4/aolserver4.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-dist/debian/debian/usr/share/doc/dotlrn/etc/aolserver4/aolserver4.tcl,v diff -u --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ openacs-dist/debian/debian/usr/share/doc/dotlrn/etc/aolserver4/aolserver4.tcl 12 Sep 2006 13:51:44 -0000 1.1 @@ -0,0 +1,644 @@ +ns_log notice "nsd.tcl: starting to read config file..." + +###################################################################### +# +# Instance-specific settings +# These default settings will only work in limited circumstances +# Two servers with default settings cannot run on the same host +# +###################################################################### + +#--------------------------------------------------------------------- +# change to 80 and 443 for production use +set httpport 80 +set httpsport 443 + +# /var/lib/aolserver/service0/packages/etc/daemontools/run + +# The hostname and address should be set to actual values. +# setting the address to 0.0.0.0 means aolserver listens on all interfaces +set hostname [ns_info hostname] +#set address [ns_info address] +set address 0.0.0.0 + +# Note: If port is privileged (usually < 1024), OpenACS must be +# started by root, and, in AOLserver 4, the run script have a +# '-b address' flag which matches the address according to settings (above) + +set server "dotlrn" +set servername "New .LRN Installation - Debian Package" + +set serverroot "/var/www/" + +#--------------------------------------------------------------------- +# which database do you want? postgres or oracle +set database postgres + +set db_name dotlrn + +if { $database == "oracle" } { + set db_password "mysitepassword" +} else { + set db_host localhost + set db_port 5432 + set db_user www-data +} + +#--------------------------------------------------------------------- +# if debug is false, all debugging will be turned off +set debug false + +set homedir /usr/lib/aolserver4 +set bindir ${homedir}/bin + + +###################################################################### +# +# End of instance-specific settings +# +# Nothing below this point need be changed in a default install. +# +###################################################################### + + +#--------------------------------------------------------------------- +# +# AOLserver's directories. Autoconfigurable. +# +#--------------------------------------------------------------------- +# Where are your pages going to live ? +set pageroot ${serverroot}/www +set directoryfile index.tcl,index.adp,index.html,index.htm + + +#--------------------------------------------------------------------- +# Global server parameters +#--------------------------------------------------------------------- +ns_section ns/parameters + ns_param serverlog /var/log/aolserver4/error.log + ns_param home $homedir + # maxkeepalive is ignored in aolserver4.x + ns_param maxkeepalive 0 + ns_param logroll on + ns_param maxbackup 5 + ns_param debug $debug +# ns_param mailhost localhost + ns_param user www-data + ns_param group www-data + + +# If setting port below 1024 with AOLServer 4, read comments in file: + + # setting to Unicode by default + # see http://dqd.com/~mayoff/encoding-doc.html + ns_param HackContentType 1 + ns_param DefaultCharset utf-8 + ns_param HttpOpenCharset utf-8 + ns_param OutputCharset utf-8 + ns_param URLCharset utf-8 + +#--------------------------------------------------------------------- +# Thread library (nsthread) parameters +#--------------------------------------------------------------------- +ns_section ns/threads + ns_param mutexmeter true ;# measure lock contention + # The per-thread stack size must be a multiple of 8k for AOLServer to run under MacOS X + ns_param stacksize [expr 128 * 8192] + +# +# MIME types. +# +ns_section ns/mimetypes + # Note: AOLserver already has an exhaustive list of MIME types: + # see: /usr/local/src/aolserver-4.{version}/aolserver/nsd/mimetypes.c + # but in case something is missing you can add it here. + ns_param Default text/plain + ns_param NoExtension text/plain + ns_param .pcd image/x-photo-cd + ns_param .prc application/x-pilot + ns_param .xls application/vnd.ms-excel + ns_param .doc application/vnd.ms-word + + +#--------------------------------------------------------------------- +# +# Server-level configuration +# +# There is only one server in AOLserver, but this is helpful when multiple +# servers share the same configuration file. This file assumes that only +# one server is in use so it is set at the top in the "server" Tcl variable +# Other host-specific values are set up above as Tcl variables, too. +# +#--------------------------------------------------------------------- +ns_section ns/servers + ns_param $server $servername + +# +# Server parameters +# +ns_section ns/server/${server} + ns_param directoryfile $directoryfile + ns_param pageroot $pageroot + ns_param maxconnections 100 ;# Max connections to put on queue + ns_param maxdropped 0 + ns_param maxthreads 10 + ns_param minthreads 5 + ns_param threadtimeout 120 ;# Idle threads die at this rate + ns_param globalstats false ;# Enable built-in statistics + ns_param urlstats false ;# Enable URL statistics + ns_param maxurlstats 1000 ;# Max number of URL's to do stats on +# ns_param directoryadp $pageroot/dirlist.adp ;# Choose one or the other +# ns_param directoryproc _ns_dirlist ;# ...but not both! +# ns_param directorylisting fancy ;# Can be simple or fancy + + # + # Special HTTP pages + # + ns_param NotFoundResponse "/global/file-not-found.html" + ns_param ServerBusyResponse "/global/busy.html" + ns_param ServerInternalErrorResponse "/global/error.html" + +#--------------------------------------------------------------------- +# +# ADP (AOLserver Dynamic Page) configuration +# +#--------------------------------------------------------------------- +ns_section ns/server/${server}/adp + ns_param map /*.adp ;# Extensions to parse as ADP's +# ns_param map "/*.html" ;# Any extension can be mapped + ns_param enableexpire false ;# Set "Expires: now" on all ADP's + ns_param enabledebug $debug ;# Allow Tclpro debugging with "?debug" + ns_param defaultparser fancy + +ns_section ns/server/${server}/adp/parsers + ns_param fancy ".adp" + +ns_section ns/server/${server}/redirects + ns_param 404 "global/file-not-found.html" + ns_param 403 "global/forbidden.html" + +# +# Tcl Configuration +# +ns_section ns/server/${server}/tcl + ns_param library ${serverroot}/tcl + ns_param autoclose on + ns_param debug $debug + +#--------------------------------------------------------------------- +# +# Rollout email support +# +# These procs help manage differing email behavior on +# dev/staging/production. +# +#--------------------------------------------------------------------- +ns_section ns/server/${server}/acs/acs-rollout-support + + # EmailDeliveryMode can be: + # default: Email messages are sent in the usual manner. + # log: Email messages are written to the server's error log. + # redirect: Email messages are redirected to the addresses specified + # by the EmailRedirectTo parameter. If this list is absent + # or empty, email messages are written to the server's error log. + # filter: Email messages are sent to in the usual manner if the + # recipient appears in the EmailAllow parameter, otherwise they + # are logged. + +# ns_param EmailDeliveryMode redirect +# ns_param EmailRedirectTo somenerd@yourdomain.test, othernerd@yourdomain.test +# ns_param EmailAllow somenerd@yourdomain.test,othernerd@yourdomain.test + +#--------------------------------------------------------------------- +# +# WebDAV Support (optional, requires oacs-dav package to be installed +# +#--------------------------------------------------------------------- +ns_section ns/server/${server}/tdav + ns_param propdir ${serverroot}/data/dav/properties + ns_param lockdir ${serverroot}/data/dav/locks + ns_param defaultlocktimeout "300" + +ns_section ns/server/${server}/tdav/shares + ns_param share1 "OpenACS" +# ns_param share2 "Share 2 description" + +ns_section ns/server/${server}/tdav/share/share1 + ns_param uri "/dav/*" + # all WebDAV options + ns_param options "OPTIONS COPY GET PUT MOVE DELETE HEAD MKCOL POST PROPFIND PROPPATCH LOCK UNLOCK" + +#ns_section ns/server/${server}/tdav/share/share2 +# ns_param uri "/share2/path/*" + # read-only WebDAV options +# ns_param options "OPTIONS COPY GET HEAD MKCOL POST PROPFIND PROPPATCH" + + +#--------------------------------------------------------------------- +# +# Socket driver module (HTTP) -- nssock +# +#--------------------------------------------------------------------- +ns_section ns/server/${server}/module/nssock + ns_param timeout 120 + ns_param address $address + ns_param hostname $hostname + ns_param port $httpport +# setting maxinput higher than practical may leave the server vulnerable to resource DoS attacks +# see http://www.panoptic.com/wiki/aolserver/166 + ns_param maxinput [expr 20 * 1024 * 1024] ;# Maximum File Size for uploads in bytes + ns_param recvwait [expr 5 * 60] ;# Maximum request time in minutes + + +#--------------------------------------------------------------------- +# +# Access log -- nslog +# +#--------------------------------------------------------------------- +ns_section ns/server/${server}/module/nslog + ns_param debug false + ns_param dev false + ns_param enablehostnamelookup false + ns_param file ${serverroot}/log/${server}.log + ns_param logcombined true + ns_param extendedheaders COOKIE +# ns_param logrefer false +# ns_param loguseragent false + ns_param logreqtime true + ns_param maxbackup 1000 + ns_param rollday * + ns_param rollfmt %Y-%m-%d-%H:%M + ns_param rollhour 0 + ns_param rollonsignal true + ns_param rolllog true + +#--------------------------------------------------------------------- +# +# nsjava - aolserver module that embeds a java virtual machine. Needed to +# support webmail. See http://nsjava.sourceforge.net for further +# details. This may need to be updated for OpenACS4 webmail +# +#--------------------------------------------------------------------- +ns_section ns/server/${server}/module/nsjava + ns_param enablejava off ;# Set to on to enable nsjava. + ns_param verbosejvm off ;# Same as command line -debug. + ns_param loglevel Notice + ns_param destroyjvm off ;# Destroy jvm on shutdown. + ns_param disablejitcompiler off + ns_param classpath /usr/local/jdk/jdk118_v1/lib/classes.zip:${bindir}/nsjava.jar:${pageroot}/webmail/java/activation.jar:${pageroot}/webmail/java/mail.jar:${pageroot}/webmail/java + +#--------------------------------------------------------------------- +# +# CGI interface -- nscgi, if you have legacy stuff. Tcl or ADP files inside +# AOLserver are vastly superior to CGIs. I haven't tested these params but they +# should be right. +# +#--------------------------------------------------------------------- +#ns_section "ns/server/${server}/module/nscgi" +# ns_param map "GET /cgi-bin/ ${serverroot}/cgi-bin" +# ns_param map "POST /cgi-bin/ ${serverroot}/cgi-bin" +# ns_param Interps CGIinterps + +#ns_section "ns/interps/CGIinterps" +# ns_param .pl "/usr/bin/perl" + + +#--------------------------------------------------------------------- +# +# PAM authentication +# +#--------------------------------------------------------------------- +ns_section ns/server/${server}/module/nspam + ns_param PamDomain "pam_domain" + + +#--------------------------------------------------------------------- +# +# OpenSSL for Aolserver 3.3 and 4 +# +#--------------------------------------------------------------------- +if { [ns_info version] < 4} { + + #--------------------------------------------------------------------- + # OpenSSL for Aolserver 3.3 + #--------------------------------------------------------------------- + + ns_section "ns/server/${server}/module/nsopenssl" + + ns_param ModuleDir ${serverroot}/etc/certs + + # NSD-driven connections: + ns_param ServerPort $httpsport + ns_param ServerHostname $hostname + ns_param ServerAddress $address + ns_param ServerCertFile certfile.pem + ns_param ServerKeyFile keyfile.pem + ns_param ServerProtocols "SSLv2, SSLv3, TLSv1" + ns_param ServerCipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" + ns_param ServerSessionCache true + ns_param ServerSessionCacheID 1 + ns_param ServerSessionCacheSize 512 + ns_param ServerSessionCacheTimeout 300 + ns_param ServerPeerVerify false + ns_param ServerPeerVerifyDepth 3 + ns_param ServerCADir ca + ns_param ServerCAFile ca.pem + ns_param ServerTrace false + + # For listening and accepting SSL connections via Tcl/C API: + ns_param SockServerCertFile certfile.pem + ns_param SockServerKeyFile keyfile.pem + ns_param SockServerProtocols "SSLv2, SSLv3, TLSv1" + ns_param SockServerCipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" + ns_param SockServerSessionCache true + ns_param SockServerSessionCacheID 2 + ns_param SockServerSessionCacheSize 512 + ns_param SockServerSessionCacheTimeout 300 + ns_param SockServerPeerVerify false + ns_param SockServerPeerVerifyDepth 3 + ns_param SockServerCADir internal_ca + ns_param SockServerCAFile internal_ca.pem + ns_param SockServerTrace false + + # Outgoing SSL connections + ns_param SockClientCertFile certfile.pem + ns_param SockClientKeyFile keyfile.pem + ns_param SockClientProtocols "SSLv2, SSLv3, TLSv1" + ns_param SockClientCipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" + ns_param SockClientSessionCache false + ns_param SockClientSessionCacheID 3 + ns_param SockClientSessionCacheSize 512 + ns_param SockClientSessionCacheTimeout 300 + ns_param SockClientPeerVerify false + ns_param SockServerPeerVerifyDepth 3 + ns_param SockClientCADir ca + ns_param SockClientCAFile ca.pem + ns_param SockClientTrace false + + # OpenSSL library support: + # ns_param RandomFile /some/file + ns_param SeedBytes 1024 + +} else { + + #--------------------------------------------------------------------- + # OpenSSL for Aolserver 4 + #--------------------------------------------------------------------- + ns_section "ns/server/${server}/module/nsopenssl" + + # Note this portion of the configuration is not perfect, and you + # will get errors in the your error.log. However, it does + # work. Fixes welcome. + + # this is used by acs-tcl/tcl/security-procs.tcl to get the + # https port. + ns_param ServerPort $httpsport + + # We explicitly tell the server which SSL contexts to use as defaults when an + # SSL context is not specified for a particular client or server SSL + # connection. Driver connections do not use defaults; they must be explicitly + # specificied in the driver section. The Tcl API will use the defaults as there + # is currently no provision to specify which SSL context to use for a + # particular connection via an ns_openssl Tcl command. + ns_section "ns/server/${server}/module/nsopenssl/sslcontexts" + ns_param users "SSL context used for regular user access" + # ns_param admins "SSL context used for administrator access" + ns_param client "SSL context used for outgoing script socket connections" + + ns_section "ns/server/${server}/module/nsopenssl/defaults" + ns_param server users + ns_param client client + + ns_section "ns/server/${server}/module/nsopenssl/sslcontext/users" + ns_param Role server + ns_param ModuleDir ${serverroot}/etc/certs + ns_param CertFile certfile.pem + ns_param KeyFile keyfile.pem + # ns_param CADir ca-client/dir + # ns_param CAFile ca-client/ca-client.crt + # for Protocols "ALL" = "SSLv2, SSLv3, TLSv1" + ns_param Protocols "SSLv3, TLSv1" + ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" + ns_param PeerVerify false + ns_param PeerVerifyDepth 3 + ns_param Trace false + + # following from bartt's nsd4.tcl, might help stablize openssl connections? + # http://www.mail-archive.com/aolserver@listserv.aol.com/msg07092.html + ns_param SessionCache true + ns_param SessionCacheID 1 + ns_param SessionCacheSize 512 + ns_param SessionCacheTimeout 300 + + +# ns_section "ns/server/${server}/module/nsopenssl/sslcontext/admins" + # ns_param Role server + # ns_param ModuleDir /path/to/dir + # ns_param CertFile server/server.crt + # ns_param KeyFile server/server.key + # ns_param CADir ca-client/dir + # ns_param CAFile ca-client/ca-client.crt + # for Protocols "ALL" = "SSLv2, SSLv3, TLSv1" + # ns_param Protocols "All" + # ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" + # ns_param PeerVerify false + # ns_param PeerVerifyDepth 3 + # ns_param Trace false + + ns_section "ns/server/${server}/module/nsopenssl/sslcontext/client" + ns_param Role client + ns_param ModuleDir ${serverroot}/etc/certs + ns_param CertFile certfile.pem + ns_param KeyFile keyfile.pem + # ns_param CADir ${serverroot}/etc/certs + # ns_param CAFile certfile.pem + # for Protocols "ALL" = "SSLv2, SSLv3, TLSv1" + ns_param Protocols "SSLv2, SSLv3, TLSv1" + ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" + ns_param PeerVerify false + ns_param PeerVerifyDepth 3 + ns_param Trace false + + # following from bartt's nsd4.tcl, might help stablize openssl connections? + # http://www.mail-archive.com/aolserver@listserv.aol.com/msg07092.html + ns_param SessionCache true + ns_param SessionCacheID 1 + ns_param SessionCacheSize 512 + ns_param SessionCacheTimeout 300 + + # SSL drivers. Each driver defines a port to listen on and an explitictly named + # SSL context to associate with it. Note that you can now have multiple driver + # connections within a single virtual server, which can be tied to different + # SSL contexts. + ns_section "ns/server/${server}/module/nsopenssl/ssldrivers" + ns_param users "Driver for regular user access" + # ns_param admins "Driver for administrator access" + + ns_section "ns/server/${server}/module/nsopenssl/ssldriver/users" + ns_param sslcontext users + # ns_param port $httpsport_users + ns_param port $httpsport + ns_param hostname $hostname + ns_param address $address + # following added per + # http://www.mail-archive.com/aolserver@listserv.aol.com/msg07365.html + # Maximum File Size for uploads: + ns_param maxinput [expr 5 * 1024 * 1024] ;# in bytes + # Maximum request time + ns_param recvwait [expr 5 * 60] ;# in minutes + +# ns_section "ns/server/${server}/module/nsopenssl/ssldriver/admins" + # ns_param sslcontext admins + # ns_param port $httpsport_admins + # ns_param port $httpsport + # ns_param hostname $hostname + # ns_param address $address +} + +#--------------------------------------------------------------------- +# +# Database drivers +# The database driver is specified here. +# Make sure you have the driver compiled and put it in {aolserverdir}/bin +# +#--------------------------------------------------------------------- +ns_section "ns/db/drivers" +if { $database == "oracle" } { + ns_param ora8 ${bindir}/ora8.so +} else { + ns_param postgres ${bindir}/nspostgres.so ;# Load PostgreSQL driver +} + +if { $database == "oracle" } { + ns_section "ns/db/driver/ora8" + ns_param maxStringLogLength -1 + ns_param LobBufferSize 32768 +} + + +# Database Pools: This is how AOLserver ``talks'' to the RDBMS. You need +# three for OpenACS: main, log, subquery. Make sure to replace ``yourdb'' +# and ``yourpassword'' with the actual values for your db name and the +# password for it, if needed. +# +# AOLserver can have different pools connecting to different databases +# and even different different database servers. See +# http://openacs.org/doc/openacs-5-1/tutorial-second-database.html + +ns_section ns/db/pools + ns_param pool1 "Pool 1" + ns_param pool2 "Pool 2" + ns_param pool3 "Pool 3" + +ns_section ns/db/pool/pool1 + ns_param maxidle 1000000000 + ns_param maxopen 1000000000 + ns_param connections 5 + ns_param verbose $debug + ns_param extendedtableinfo true + ns_param logsqlerrors $debug + if { $database == "oracle" } { + ns_param driver ora8 + ns_param datasource {} + ns_param user $db_name + ns_param password $db_password + } else { + ns_param driver postgres + ns_param datasource ${db_host}:${db_port}:${db_name} + ns_param user $db_user + ns_param password "" + } + +ns_section ns/db/pool/pool2 + ns_param maxidle 1000000000 + ns_param maxopen 1000000000 + ns_param connections 5 + ns_param verbose $debug + ns_param extendedtableinfo true + ns_param logsqlerrors $debug + if { $database == "oracle" } { + ns_param driver ora8 + ns_param datasource {} + ns_param user $db_name + ns_param password $db_password + } else { + ns_param driver postgres + ns_param datasource ${db_host}:${db_port}:${db_name} + ns_param user $db_user + ns_param password "" + } + +ns_section ns/db/pool/pool3 + ns_param maxidle 1000000000 + ns_param maxopen 1000000000 + ns_param connections 5 + ns_param verbose $debug + ns_param extendedtableinfo true + ns_param logsqlerrors $debug + if { $database == "oracle" } { + ns_param driver ora8 + ns_param datasource {} + ns_param user $db_name + ns_param password $db_password + } else { + ns_param driver postgres + ns_param datasource ${db_host}:${db_port}:${db_name} + ns_param user $db_user + ns_param password "" + } + +ns_section ns/server/${server}/db + ns_param pools "*" + ns_param defaultpool pool1 + + +#--------------------------------------------------------------------- +# which modules should be loaded? Missing modules break the server, so +# don't uncomment modules unless they have been installed. +ns_section ns/server/${server}/modules + ns_param nssock ${bindir}/nssock.so + ns_param nslog ${bindir}/nslog.so + ns_param nssha1 ${bindir}/nssha1.so + ns_param nscache ${bindir}/nscache.so + + # openacs versions earlier than 5.x requires nsxml +# ns_param nsxml ${bindir}/nsxml.so + + #--------------------------------------------------------------------- + # nsopenssl will fail unless the cert files are present as specified + # later in this file, so it's disabled by default +# ns_param nsopenssl ${bindir}/nsopenssl.so + + # authorize-gateway package requires dqd_utils + # ns_param dqd_utils dqd_utils[expr {int($tcl_version)}].so + + # Full Text Search +# ns_param nsfts ${bindir}/nsfts.so + + # PAM authentication +# ns_param nspam ${bindir}/nspam.so + + # LDAP authentication +# ns_param nsldap ${bindir}/nsldap.so + + # These modules aren't used in standard OpenACS installs +# ns_param nsperm ${bindir}/nsperm.so +# ns_param nscgi ${bindir}/nscgi.so +# ns_param nsjava ${bindir}/libnsjava.so +# ns_param nsrewrite ${bindir}/nsrewrite.so + + if { [ns_info version] >= 4 } { + # Required for AOLserver 4.x + ns_param nsdb ${bindir}/nsdb.so + } else { + # Required for AOLserver 3.x + ns_param libtdom ${bindir}/libtdom.so + } + + # nsthread library which should become standard in 5.3 + if {[file exists ${homedir}/lib/thread2.6.2/libthread2.6.2.so]} { + ns_param libthread ${homedir}/lib/thread2.6.2/libthread2.6.2.so + } + +ns_log notice "nsd.tcl: using threadsafe tcl: [info exists tcl_platform(threaded)]" +ns_log notice "nsd.tcl: finished reading config file." Index: openacs-dist/debian/debian/usr/share/doc/dotlrn/etc/init.d/aolserver4 =================================================================== RCS file: /usr/local/cvsroot/openacs-dist/debian/debian/usr/share/doc/dotlrn/etc/init.d/aolserver4,v diff -u --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ openacs-dist/debian/debian/usr/share/doc/dotlrn/etc/init.d/aolserver4 12 Sep 2006 13:51:44 -0000 1.1 @@ -0,0 +1,69 @@ +#!/bin/sh +# +# Start the AOLServer HTTP server. +# + +NAME=dotlrn +USER=www-data +GROUP=www-data +ADDRESS=0.0.0.0 +PORT=80 +PATH=/bin:/usr/bin:/sbin:/usr/sbin +DAEMON=/usr/sbin/aolserver4-nsd +PIDFILE=/var/run/aolserver4/$NAME.pid +CONF=/etc/aolserver4/aolserver4.tcl + +trap "" 1 + +[ -f $DAEMON ] || exit 0 + +start() +{ + echo -n "Starting web server: $NAME" + + start-stop-daemon --start --quiet --exec $DAEMON --pidfile $PIDFILE --oknodo -- \ + -u $USER -g $GROUP -b $ADDRESS:$PORT -s $NAME -t $CONF >/dev/null 2>&1 + if [ $? != 0 ]; then + echo " ... failed" + exit 1 + else + echo "." + fi +} + +stop() +{ + echo -n "Stopping web server: $NAME" + start-stop-daemon --stop --quiet --pidfile $PIDFILE --oknodo >/dev/null 2>&1 + if [ $? != 0 ]; then + echo " ... failed" + exit 2 + else + echo "." + fi +} + + +case "$1" in + start) + start + ;; + + stop) + stop + ;; + + reload|force-reload|restart) + stop + sleep 2 + start + ;; + + *) + echo "Usage: /etc/init.d/$NAME {start|stop|restart|reload|force-reload}" + exit 1 + ;; +esac + +exit 0 + Index: openacs-dist/debian/debian/usr/share/doc/dotlrn/etc/postgresql/pg_hba.conf =================================================================== RCS file: /usr/local/cvsroot/openacs-dist/debian/debian/usr/share/doc/dotlrn/etc/postgresql/Attic/pg_hba.conf,v diff -u --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ openacs-dist/debian/debian/usr/share/doc/dotlrn/etc/postgresql/pg_hba.conf 12 Sep 2006 13:51:44 -0000 1.1 @@ -0,0 +1,100 @@ +# PostgreSQL Client Authentication Configuration File +# =================================================== +# +# Refer to the PostgreSQL Administrator's Guide, chapter "Client +# Authentication" for a complete description. A short synopsis +# follows. +# +# This file controls: which hosts are allowed to connect, how clients +# are authenticated, which PostgreSQL user names they can use, which +# databases they can access. Records take one of seven forms: +# +# local DATABASE USER METHOD [OPTION] +# host DATABASE USER IP-ADDRESS IP-MASK METHOD [OPTION] +# hostssl DATABASE USER IP-ADDRESS IP-MASK METHOD [OPTION] +# hostnossl DATABASE USER IP-ADDRESS IP-MASK METHOD [OPTION] +# host DATABASE USER IP-ADDRESS/CIDR-MASK METHOD [OPTION] +# hostssl DATABASE USER IP-ADDRESS/CIDR-MASK METHOD [OPTION] +# hostnossl DATABASE USER IP-ADDRESS/CIDR-MASK METHOD [OPTION] +# +# (The uppercase quantities should be replaced by actual values.) +# The first field is the connection type: "local" is a Unix-domain socket, +# "host" is either a plain or SSL-encrypted TCP/IP socket, "hostssl" is an +# SSL-encrypted TCP/IP socket, and "hostnossl" is a plain TCP/IP socket. +# DATABASE can be "all", "sameuser", "samegroup", a database name (or +# a comma-separated list thereof), or a file name prefixed with "@". +# USER can be "all", an actual user name or a group name prefixed with +# "+", an include file prefixed with "@" or a list containing either. +# IP-ADDRESS and IP-MASK specify the set of hosts the record matches. +# CIDR-MASK is an integer between 0 and 32 (IPv6) or 128(IPv6) +# inclusive, that specifies the number of significant bits in the +# mask, so an IPv4 CIDR-MASK of 8 is equivalent to an IP-MASK of +# 255.0.0.0, and an IPv6 CIDR-MASK of 64 is equivalent to an IP-MASK +# of ffff:ffff:ffff:ffff::. METHOD can be "trust", "reject", "md5", +# "crypt", "password", "krb5", "ident", or "pam". Note that +# "password" uses clear-text passwords; "md5" is preferred for +# encrypted passwords. OPTION is the ident map or the name of the PAM +# service. +# +# INCLUDE FILES: +# If you use include files for users and/or databases (see PostgreSQL +# documentation, section 19.1), these files must be placed in the +# database directory. Usually this is /var/lib/postgres/data/, but +# that can be changed in /etc/postgresql/postmaster.conf with the +# POSTGRES_DATA variable. Putting them in /etc/postgresql/ will NOT +# work since the configuration files are only symlinked from +# POSTGRES_DATA. +# +# This file is read on server startup and when the postmaster receives +# a SIGHUP signal. If you edit the file on a running system, you have +# to SIGHUP the postmaster for the changes to take effect, or use +# "pg_ctl reload". +# +# Upstream default configuration +# +# The following configuration is the upstream default, which allows +# unrestricted access to amy database by any user on the local machine. +# +# TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD +# +#local all all trust +# IPv4-style local connections: +#host all all 127.0.0.1 255.255.255.255 trust +# IPv6-style local connections: +# +# Put your actual configuration here +# ---------------------------------- +# +# This default configuration allows any local user to connect as himself +# without a password, either through a Unix socket or through TCP/IP; users +# on other machines are denied access. +# +# If you want to allow non-local connections, you need to add more +# "host" records before the final line that rejects all TCP/IP connections. +# Also, remember TCP/IP connections are only enabled if you enable +# "tcpip_socket" in /etc/postgresql/postgresql.conf. +# +# DO NOT DISABLE! +# If you change this first entry you will need to make sure the postgres user +# can access the database using some other method. The postgres user needs +# non-interactive access to all databases during automatic maintenance +# (see the vacuum command and the /usr/lib/postgresql/bin/do.maintenance +# script). +# +# TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD +# Database administrative login by UNIX sockets +local all postgres ident sameuser +# +# All other connections by UNIX sockets +local all all ident sameuser +# +# All IPv4 connections from localhost +host all all 127.0.0.1 255.255.255.255 ident sameuser +# +# All IPv6 localhost connections +host all all ::1 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff ident sameuser +host all all ::ffff:127.0.0.1/128 ident sameuser +# +# reject all other connection attempts +host all all 0.0.0.0 0.0.0.0 reject + Index: openacs-dist/debian/debian/usr/share/doc/dotlrn/etc/postgresql/postgresql.conf =================================================================== RCS file: /usr/local/cvsroot/openacs-dist/debian/debian/usr/share/doc/dotlrn/etc/postgresql/Attic/postgresql.conf,v diff -u --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ openacs-dist/debian/debian/usr/share/doc/dotlrn/etc/postgresql/postgresql.conf 12 Sep 2006 13:51:44 -0000 1.1 @@ -0,0 +1,276 @@ +# ----------------------------- +# PostgreSQL configuration file +# ----------------------------- +# +# This file consists of lines of the form: +# +# name = value +# +# (The '=' is optional.) White space may be used. Comments are introduced +# with '#' anywhere on a line. The complete list of option names and +# allowed values can be found in the PostgreSQL documentation. The +# commented-out settings shown in this file represent the default values. +# +# Any option can also be given as a command line switch to the +# postmaster, e.g. 'postmaster -c log_connections=on'. Some options +# can be changed at run-time with the 'SET' SQL command. +# +# This file is read on postmaster startup and when the postmaster +# receives a SIGHUP. If you edit the file on a running system, you have +# to SIGHUP the postmaster for the changes to take effect, or use +# "pg_ctl reload". + + +#--------------------------------------------------------------------------- +# CONNECTIONS AND AUTHENTICATION +#--------------------------------------------------------------------------- + +# - Connection Settings - + +tcpip_socket = true +max_connections = 100 + # note: increasing max_connections costs about 500 bytes of shared + # memory per connection slot, in addition to costs from shared_buffers + # and max_locks_per_transaction. +superuser_reserved_connections = 2 +port = 5432 +#unix_socket_directory = '' +#unix_socket_group = '' +#unix_socket_permissions = 0777 # octal +#virtual_host = '' # what interface to listen on; defaults to any +#rendezvous_name = '' # defaults to the computer name + +# - Security & Authentication - + +#authentication_timeout = 60 # 1-600, in seconds +#ssl = false +#password_encryption = true +#krb_server_keyfile = '' +#db_user_namespace = false + + +#--------------------------------------------------------------------------- +# RESOURCE USAGE (except WAL) +#--------------------------------------------------------------------------- + +# - Memory - + +#shared_buffers = 1000 # min 16, at least max_connections*2, 8KB each +#sort_mem = 1024 # min 64, size in KB +#vacuum_mem = 8192 # min 1024, size in KB + +# - Free Space Map - + +#max_fsm_pages = 20000 # min max_fsm_relations*16, 6 bytes each +#max_fsm_relations = 1000 # min 100, ~50 bytes each + +# - Kernel Resource Usage - + +#max_files_per_process = 1000 # min 25 +#preload_libraries = '' + + +#--------------------------------------------------------------------------- +# WRITE AHEAD LOG +#--------------------------------------------------------------------------- + +# - Settings - + +# A special note on FSYNC: +# FSYNC only affects writes to the WAL (Write-Ahead Log). Turning it +# off will give some increase in performance, but at the risk of data- +# corruption in the event of power failure or other disaster. It is on +# by default. I strongly recommend you not to turn it off. +#fsync = true # turns forced synchronization on or off +#wal_sync_method = fsync # the default varies across platforms: + # fsync, fdatasync, open_sync, or open_datasync + # open_sync and open_dsync are synonymous in + # Linux. fdatasync is less expensive than + # fsync, but does not sync file metadata +#wal_buffers = 8 # min 4, 8KB each + +# - Checkpoints - + +#checkpoint_segments = 3 # in logfile segments, min 1, 16MB each +#checkpoint_timeout = 300 # range 30-3600, in seconds +#checkpoint_warning = 30 # 0 is off, in seconds +#commit_delay = 0 # range 0-100000, in microseconds +#commit_siblings = 5 # range 1-1000 + + +#--------------------------------------------------------------------------- +# QUERY TUNING +#--------------------------------------------------------------------------- + +# - Planner Method Enabling - + +#enable_hashagg = true +#enable_hashjoin = true +#enable_indexscan = true +#enable_mergejoin = true +#enable_nestloop = true +#enable_seqscan = true +#enable_sort = true +#enable_tidscan = true + +# - Planner Cost Constants - + +#effective_cache_size = 1000 # typically 8KB each +#random_page_cost = 4 # units are one sequential page fetch cost +#cpu_tuple_cost = 0.01 # (same) +#cpu_index_tuple_cost = 0.001 # (same) +#cpu_operator_cost = 0.0025 # (same) + +# - Genetic Query Optimizer - + +#geqo = true +#geqo_threshold = 11 +#geqo_effort = 1 +#geqo_generations = 0 +#geqo_pool_size = 0 # default based on tables in statement, + # range 128-1024 +#geqo_selection_bias = 2.0 # range 1.5-2.0 + +# - Other Planner Options - + +#default_statistics_target = 10 # range 1-1000 +#from_collapse_limit = 8 +#join_collapse_limit = 8 # 1 disables collapsing of explicit JOINs + + +#--------------------------------------------------------------------------- +# ERROR REPORTING AND LOGGING +#--------------------------------------------------------------------------- + +# - Syslog - + +syslog = 0 # range 0-2; 0=stdout; 1=both; 2=syslog +#syslog_facility = 'LOCAL0' +#syslog_ident = 'postgres' + +# - When to Log - + +#client_min_messages = notice # Values, in order of decreasing detail: + # debug5, debug4, debug3, debug2, debug1, + # log, info, notice, warning, error + +#log_min_messages = notice # Values, in order of decreasing detail: + # debug5, debug4, debug3, debug2, debug1, + # info, notice, warning, error, log, fatal, + # panic + +#log_error_verbosity = default # terse, default, or verbose messages + +#log_min_error_statement = panic # Values in order of increasing severity: + # debug5, debug4, debug3, debug2, debug1, + # info, notice, warning, error, panic(off) + +#log_min_duration_statement = -1 # Log all statements whose + # execution time exceeds the value, in + # milliseconds. -1 disables. Zero logs + # all statements. + +silent_mode = false # DO NOT USE without Syslog! + +# - What to Log - + +#debug_print_parse = false +#debug_print_rewritten = false +#debug_print_plan = false +#debug_pretty_print = false +log_connections = true +#log_duration = false +log_pid = true +#log_statement = false +log_timestamp = true +#log_hostname = false +#log_source_port = false + + +#--------------------------------------------------------------------------- +# RUNTIME STATISTICS +#--------------------------------------------------------------------------- + +# - Statistics Monitoring - + +#log_parser_stats = false +#log_planner_stats = false +#log_executor_stats = false +#log_statement_stats = false + +# - Query/Index Statistics Collector - + +stats_start_collector = true +#stats_command_string = false +#stats_block_level = false +stats_row_level = true +#stats_reset_on_server_start = true + + +#--------------------------------------------------------------------------- +# CLIENT CONNECTION DEFAULTS +#--------------------------------------------------------------------------- + +# - Statement Behavior - + +#search_path = '$user,public' # schema names +#default_transaction_isolation = 'read committed' +#default_transaction_read_only = false +#statement_timeout = 0 # 0 is disabled, in milliseconds + +# - Locale and Formatting - + +# How (by default) to present dates to the frontend; the user can override +# this setting for his own session. The choices are: +# Style Date Timestamptz +# ---------------------------------------------------------------- +# ISO 1999-07-17 1999-07-17 07:09:18+01 +# SQL 17/07/1999 17/07/1999 07:09:19 BST +# POSTGRES 17-07-1999 Sat 17 Jul 07:09:19 1999 BST +# GERMAN 17.07.1999 17.07.1999 07:09:19 BST +# +# It is also possible to specify month-day or day-month ordering in date +# input and output. Americans tend to use month-day; Europeans use +# day-month. Specify European or US, or specify the order with DMY, MDY or +# YMD. This is used for interpreting date input, even if the output format +# is ISO. Separate the two parameters by a comma with no spaces. +datestyle = 'ISO,US' +#timezone = unknown # actually, defaults to TZ environment setting +#australian_timezones = false +#extra_float_digits = 0 # min -15, max 2 +#client_encoding = sql_ascii # actually, defaults to database encoding + +# These settings are initialized by initdb -- they may be changed +#lc_messages = 'C' # locale for system error message strings +#lc_monetary = 'C' # locale for monetary formatting +#lc_numeric = 'C' # locale for number formatting +#lc_time = 'C' # locale for time formatting + +# - Other Defaults - + +#explain_pretty_print = true +dynamic_library_path = '/usr/share/postgresql:/usr/lib/postgresql:/usr/lib/postgresql/lib' +#max_expr_depth = 10000 # min 10 + + +#--------------------------------------------------------------------------- +# LOCK MANAGEMENT +#--------------------------------------------------------------------------- + +#deadlock_timeout = 1000 # in milliseconds +#max_locks_per_transaction = 64 # min 10, ~260*max_connections bytes each + + +#--------------------------------------------------------------------------- +# VERSION/PLATFORM COMPATIBILITY +#--------------------------------------------------------------------------- + +# - Previous Postgres Versions - + +#add_missing_from = true +#regex_flavor = advanced # advanced, extended, or basic +#sql_inheritance = true + +# - Other Platforms & Clients - + +#transform_null_equals = false Index: openacs-dist/debian/debian/usr/share/doc/dotlrn/init.d/aolserver4 =================================================================== RCS file: /usr/local/cvsroot/openacs-dist/debian/debian/usr/share/doc/dotlrn/init.d/aolserver4,v diff -u --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ openacs-dist/debian/debian/usr/share/doc/dotlrn/init.d/aolserver4 12 Sep 2006 13:51:44 -0000 1.1 @@ -0,0 +1,69 @@ +#!/bin/sh +# +# Start the AOLServer HTTP server. +# + +NAME=dotlrn +USER=www-data +GROUP=www-data +ADDRESS=0.0.0.0 +PORT=80 +PATH=/bin:/usr/bin:/sbin:/usr/sbin +DAEMON=/usr/sbin/aolserver4-nsd +PIDFILE=/var/run/aolserver4/$NAME.pid +CONF=/etc/aolserver4/aolserver4.tcl + +trap "" 1 + +[ -f $DAEMON ] || exit 0 + +start() +{ + echo -n "Starting web server: $NAME" + + start-stop-daemon --start --quiet --exec $DAEMON --pidfile $PIDFILE --oknodo -- \ + -u $USER -g $GROUP -b $ADDRESS:$PORT -s $NAME -t $CONF >/dev/null 2>&1 + if [ $? != 0 ]; then + echo " ... failed" + exit 1 + else + echo "." + fi +} + +stop() +{ + echo -n "Stopping web server: $NAME" + start-stop-daemon --stop --quiet --pidfile $PIDFILE --oknodo >/dev/null 2>&1 + if [ $? != 0 ]; then + echo " ... failed" + exit 2 + else + echo "." + fi +} + + +case "$1" in + start) + start + ;; + + stop) + stop + ;; + + reload|force-reload|restart) + stop + sleep 2 + start + ;; + + *) + echo "Usage: /etc/init.d/$NAME {start|stop|restart|reload|force-reload}" + exit 1 + ;; +esac + +exit 0 + Index: openacs-dist/debian/debian/usr/share/doc/dotlrn/postgresql/pg_hba.conf =================================================================== RCS file: /usr/local/cvsroot/openacs-dist/debian/debian/usr/share/doc/dotlrn/postgresql/Attic/pg_hba.conf,v diff -u --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ openacs-dist/debian/debian/usr/share/doc/dotlrn/postgresql/pg_hba.conf 12 Sep 2006 13:51:44 -0000 1.1 @@ -0,0 +1,100 @@ +# PostgreSQL Client Authentication Configuration File +# =================================================== +# +# Refer to the PostgreSQL Administrator's Guide, chapter "Client +# Authentication" for a complete description. A short synopsis +# follows. +# +# This file controls: which hosts are allowed to connect, how clients +# are authenticated, which PostgreSQL user names they can use, which +# databases they can access. Records take one of seven forms: +# +# local DATABASE USER METHOD [OPTION] +# host DATABASE USER IP-ADDRESS IP-MASK METHOD [OPTION] +# hostssl DATABASE USER IP-ADDRESS IP-MASK METHOD [OPTION] +# hostnossl DATABASE USER IP-ADDRESS IP-MASK METHOD [OPTION] +# host DATABASE USER IP-ADDRESS/CIDR-MASK METHOD [OPTION] +# hostssl DATABASE USER IP-ADDRESS/CIDR-MASK METHOD [OPTION] +# hostnossl DATABASE USER IP-ADDRESS/CIDR-MASK METHOD [OPTION] +# +# (The uppercase quantities should be replaced by actual values.) +# The first field is the connection type: "local" is a Unix-domain socket, +# "host" is either a plain or SSL-encrypted TCP/IP socket, "hostssl" is an +# SSL-encrypted TCP/IP socket, and "hostnossl" is a plain TCP/IP socket. +# DATABASE can be "all", "sameuser", "samegroup", a database name (or +# a comma-separated list thereof), or a file name prefixed with "@". +# USER can be "all", an actual user name or a group name prefixed with +# "+", an include file prefixed with "@" or a list containing either. +# IP-ADDRESS and IP-MASK specify the set of hosts the record matches. +# CIDR-MASK is an integer between 0 and 32 (IPv6) or 128(IPv6) +# inclusive, that specifies the number of significant bits in the +# mask, so an IPv4 CIDR-MASK of 8 is equivalent to an IP-MASK of +# 255.0.0.0, and an IPv6 CIDR-MASK of 64 is equivalent to an IP-MASK +# of ffff:ffff:ffff:ffff::. METHOD can be "trust", "reject", "md5", +# "crypt", "password", "krb5", "ident", or "pam". Note that +# "password" uses clear-text passwords; "md5" is preferred for +# encrypted passwords. OPTION is the ident map or the name of the PAM +# service. +# +# INCLUDE FILES: +# If you use include files for users and/or databases (see PostgreSQL +# documentation, section 19.1), these files must be placed in the +# database directory. Usually this is /var/lib/postgres/data/, but +# that can be changed in /etc/postgresql/postmaster.conf with the +# POSTGRES_DATA variable. Putting them in /etc/postgresql/ will NOT +# work since the configuration files are only symlinked from +# POSTGRES_DATA. +# +# This file is read on server startup and when the postmaster receives +# a SIGHUP signal. If you edit the file on a running system, you have +# to SIGHUP the postmaster for the changes to take effect, or use +# "pg_ctl reload". +# +# Upstream default configuration +# +# The following configuration is the upstream default, which allows +# unrestricted access to amy database by any user on the local machine. +# +# TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD +# +#local all all trust +# IPv4-style local connections: +#host all all 127.0.0.1 255.255.255.255 trust +# IPv6-style local connections: +# +# Put your actual configuration here +# ---------------------------------- +# +# This default configuration allows any local user to connect as himself +# without a password, either through a Unix socket or through TCP/IP; users +# on other machines are denied access. +# +# If you want to allow non-local connections, you need to add more +# "host" records before the final line that rejects all TCP/IP connections. +# Also, remember TCP/IP connections are only enabled if you enable +# "tcpip_socket" in /etc/postgresql/postgresql.conf. +# +# DO NOT DISABLE! +# If you change this first entry you will need to make sure the postgres user +# can access the database using some other method. The postgres user needs +# non-interactive access to all databases during automatic maintenance +# (see the vacuum command and the /usr/lib/postgresql/bin/do.maintenance +# script). +# +# TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD +# Database administrative login by UNIX sockets +local all postgres ident sameuser +# +# All other connections by UNIX sockets +local all all ident sameuser +# +# All IPv4 connections from localhost +host all all 127.0.0.1 255.255.255.255 ident sameuser +# +# All IPv6 localhost connections +host all all ::1 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff ident sameuser +host all all ::ffff:127.0.0.1/128 ident sameuser +# +# reject all other connection attempts +host all all 0.0.0.0 0.0.0.0 reject + Index: openacs-dist/debian/debian/usr/share/doc/dotlrn/postgresql/postgresql.conf =================================================================== RCS file: /usr/local/cvsroot/openacs-dist/debian/debian/usr/share/doc/dotlrn/postgresql/Attic/postgresql.conf,v diff -u --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ openacs-dist/debian/debian/usr/share/doc/dotlrn/postgresql/postgresql.conf 12 Sep 2006 13:51:44 -0000 1.1 @@ -0,0 +1,276 @@ +# ----------------------------- +# PostgreSQL configuration file +# ----------------------------- +# +# This file consists of lines of the form: +# +# name = value +# +# (The '=' is optional.) White space may be used. Comments are introduced +# with '#' anywhere on a line. The complete list of option names and +# allowed values can be found in the PostgreSQL documentation. The +# commented-out settings shown in this file represent the default values. +# +# Any option can also be given as a command line switch to the +# postmaster, e.g. 'postmaster -c log_connections=on'. Some options +# can be changed at run-time with the 'SET' SQL command. +# +# This file is read on postmaster startup and when the postmaster +# receives a SIGHUP. If you edit the file on a running system, you have +# to SIGHUP the postmaster for the changes to take effect, or use +# "pg_ctl reload". + + +#--------------------------------------------------------------------------- +# CONNECTIONS AND AUTHENTICATION +#--------------------------------------------------------------------------- + +# - Connection Settings - + +tcpip_socket = true +max_connections = 100 + # note: increasing max_connections costs about 500 bytes of shared + # memory per connection slot, in addition to costs from shared_buffers + # and max_locks_per_transaction. +superuser_reserved_connections = 2 +port = 5432 +#unix_socket_directory = '' +#unix_socket_group = '' +#unix_socket_permissions = 0777 # octal +#virtual_host = '' # what interface to listen on; defaults to any +#rendezvous_name = '' # defaults to the computer name + +# - Security & Authentication - + +#authentication_timeout = 60 # 1-600, in seconds +#ssl = false +#password_encryption = true +#krb_server_keyfile = '' +#db_user_namespace = false + + +#--------------------------------------------------------------------------- +# RESOURCE USAGE (except WAL) +#--------------------------------------------------------------------------- + +# - Memory - + +#shared_buffers = 1000 # min 16, at least max_connections*2, 8KB each +#sort_mem = 1024 # min 64, size in KB +#vacuum_mem = 8192 # min 1024, size in KB + +# - Free Space Map - + +#max_fsm_pages = 20000 # min max_fsm_relations*16, 6 bytes each +#max_fsm_relations = 1000 # min 100, ~50 bytes each + +# - Kernel Resource Usage - + +#max_files_per_process = 1000 # min 25 +#preload_libraries = '' + + +#--------------------------------------------------------------------------- +# WRITE AHEAD LOG +#--------------------------------------------------------------------------- + +# - Settings - + +# A special note on FSYNC: +# FSYNC only affects writes to the WAL (Write-Ahead Log). Turning it +# off will give some increase in performance, but at the risk of data- +# corruption in the event of power failure or other disaster. It is on +# by default. I strongly recommend you not to turn it off. +#fsync = true # turns forced synchronization on or off +#wal_sync_method = fsync # the default varies across platforms: + # fsync, fdatasync, open_sync, or open_datasync + # open_sync and open_dsync are synonymous in + # Linux. fdatasync is less expensive than + # fsync, but does not sync file metadata +#wal_buffers = 8 # min 4, 8KB each + +# - Checkpoints - + +#checkpoint_segments = 3 # in logfile segments, min 1, 16MB each +#checkpoint_timeout = 300 # range 30-3600, in seconds +#checkpoint_warning = 30 # 0 is off, in seconds +#commit_delay = 0 # range 0-100000, in microseconds +#commit_siblings = 5 # range 1-1000 + + +#--------------------------------------------------------------------------- +# QUERY TUNING +#--------------------------------------------------------------------------- + +# - Planner Method Enabling - + +#enable_hashagg = true +#enable_hashjoin = true +#enable_indexscan = true +#enable_mergejoin = true +#enable_nestloop = true +#enable_seqscan = true +#enable_sort = true +#enable_tidscan = true + +# - Planner Cost Constants - + +#effective_cache_size = 1000 # typically 8KB each +#random_page_cost = 4 # units are one sequential page fetch cost +#cpu_tuple_cost = 0.01 # (same) +#cpu_index_tuple_cost = 0.001 # (same) +#cpu_operator_cost = 0.0025 # (same) + +# - Genetic Query Optimizer - + +#geqo = true +#geqo_threshold = 11 +#geqo_effort = 1 +#geqo_generations = 0 +#geqo_pool_size = 0 # default based on tables in statement, + # range 128-1024 +#geqo_selection_bias = 2.0 # range 1.5-2.0 + +# - Other Planner Options - + +#default_statistics_target = 10 # range 1-1000 +#from_collapse_limit = 8 +#join_collapse_limit = 8 # 1 disables collapsing of explicit JOINs + + +#--------------------------------------------------------------------------- +# ERROR REPORTING AND LOGGING +#--------------------------------------------------------------------------- + +# - Syslog - + +syslog = 0 # range 0-2; 0=stdout; 1=both; 2=syslog +#syslog_facility = 'LOCAL0' +#syslog_ident = 'postgres' + +# - When to Log - + +#client_min_messages = notice # Values, in order of decreasing detail: + # debug5, debug4, debug3, debug2, debug1, + # log, info, notice, warning, error + +#log_min_messages = notice # Values, in order of decreasing detail: + # debug5, debug4, debug3, debug2, debug1, + # info, notice, warning, error, log, fatal, + # panic + +#log_error_verbosity = default # terse, default, or verbose messages + +#log_min_error_statement = panic # Values in order of increasing severity: + # debug5, debug4, debug3, debug2, debug1, + # info, notice, warning, error, panic(off) + +#log_min_duration_statement = -1 # Log all statements whose + # execution time exceeds the value, in + # milliseconds. -1 disables. Zero logs + # all statements. + +silent_mode = false # DO NOT USE without Syslog! + +# - What to Log - + +#debug_print_parse = false +#debug_print_rewritten = false +#debug_print_plan = false +#debug_pretty_print = false +log_connections = true +#log_duration = false +log_pid = true +#log_statement = false +log_timestamp = true +#log_hostname = false +#log_source_port = false + + +#--------------------------------------------------------------------------- +# RUNTIME STATISTICS +#--------------------------------------------------------------------------- + +# - Statistics Monitoring - + +#log_parser_stats = false +#log_planner_stats = false +#log_executor_stats = false +#log_statement_stats = false + +# - Query/Index Statistics Collector - + +stats_start_collector = true +#stats_command_string = false +#stats_block_level = false +stats_row_level = true +#stats_reset_on_server_start = true + + +#--------------------------------------------------------------------------- +# CLIENT CONNECTION DEFAULTS +#--------------------------------------------------------------------------- + +# - Statement Behavior - + +#search_path = '$user,public' # schema names +#default_transaction_isolation = 'read committed' +#default_transaction_read_only = false +#statement_timeout = 0 # 0 is disabled, in milliseconds + +# - Locale and Formatting - + +# How (by default) to present dates to the frontend; the user can override +# this setting for his own session. The choices are: +# Style Date Timestamptz +# ---------------------------------------------------------------- +# ISO 1999-07-17 1999-07-17 07:09:18+01 +# SQL 17/07/1999 17/07/1999 07:09:19 BST +# POSTGRES 17-07-1999 Sat 17 Jul 07:09:19 1999 BST +# GERMAN 17.07.1999 17.07.1999 07:09:19 BST +# +# It is also possible to specify month-day or day-month ordering in date +# input and output. Americans tend to use month-day; Europeans use +# day-month. Specify European or US, or specify the order with DMY, MDY or +# YMD. This is used for interpreting date input, even if the output format +# is ISO. Separate the two parameters by a comma with no spaces. +datestyle = 'ISO,US' +#timezone = unknown # actually, defaults to TZ environment setting +#australian_timezones = false +#extra_float_digits = 0 # min -15, max 2 +#client_encoding = sql_ascii # actually, defaults to database encoding + +# These settings are initialized by initdb -- they may be changed +#lc_messages = 'C' # locale for system error message strings +#lc_monetary = 'C' # locale for monetary formatting +#lc_numeric = 'C' # locale for number formatting +#lc_time = 'C' # locale for time formatting + +# - Other Defaults - + +#explain_pretty_print = true +dynamic_library_path = '/usr/share/postgresql:/usr/lib/postgresql:/usr/lib/postgresql/lib' +#max_expr_depth = 10000 # min 10 + + +#--------------------------------------------------------------------------- +# LOCK MANAGEMENT +#--------------------------------------------------------------------------- + +#deadlock_timeout = 1000 # in milliseconds +#max_locks_per_transaction = 64 # min 10, ~260*max_connections bytes each + + +#--------------------------------------------------------------------------- +# VERSION/PLATFORM COMPATIBILITY +#--------------------------------------------------------------------------- + +# - Previous Postgres Versions - + +#add_missing_from = true +#regex_flavor = advanced # advanced, extended, or basic +#sql_inheritance = true + +# - Other Platforms & Clients - + +#transform_null_equals = false