Child pages
  • Readying a Variations server for Variations-Web - 6.*

This space has moved to IU's Confluence.
It is located at https://uisapp2.iu.edu/confluence-prd/display/iulV3/

Skip to end of metadata
Go to start of metadata

This page is a work in progress.  Please use Readying a Variations server for Variations-Web - 6.0 instead.

Readying a Variations server for Variations-Web - 6.*

This page describes the steps that need to be taken in order to run any part of Variations-Web including the web player and the access manager. These instructions assume that you will be installing Variations-Web on the the same system where the Variations server and its various components (e.g. Perl, Apache, etc.) are already running.

These instructions are written assuming the system's operating system is Red Hat Enterprise Linux 6. Starting with RHEL6, Tomcat packages are provided by the Red Hat repositories. If you are not running RHEL6 or choose to install Tomcat manually, then use the instructions for installing Tomcat here.

Contents

Apache

Configure SSL for Apache

HTTPS using SSL authentication is needed in order to protect private information including user profiles and group/course membership information.

  1. Find the DNS hostname that refers to Apache
    • You can find the IP apache is using by looking at the Listen statement in the Apache conf file: /etc/httpd/conf/httpd.conf.
  2. Ensure that the SSL certificate for Apache is valid by making sure that the Subject Common Name (CN) is the same as the full hostname HTTPS requests will be coming to
    • You can see the CN using: openssl x509 -in /etc/pki/tls/certs/localhost.crt -noout -text
    • If it is not valid create a new one (follow the process at your institution or create a self-signed certificate)
      • You can create a self-signed certificate by deleting the one that exists at /etc/pki/tls/certs/localhost.crt then running sudo make testcert in /etc/pki/tls/certs . When prompted for the Common Name, fill in the DNS hostname (the certificate will NOT work if an IP address is used for the Common Name.)

Configure mod_proxy_ajp

Edit /etc/httpd/conf/httpd.conf by appending the following:

<Proxy *>
	AddDefaultCharset Off
        Order deny,allow
        Allow from all
</Proxy>

ProxyPass /variations-ws-server/ ajp://localhost:8009/variations-ws-server/
ProxyPass /variations-ui-web/ ajp://localhost:8009/variations-ui-web/
ProxyPass /variations-mgmt-web/ ajp://localhost:8009/variations-mgmt-web/
ProxyPassReverse /variations-ws-server/ ajp://localhost:8009/variations-ws-server/
ProxyPassReverse /variations-ui-web/ ajp://localhost:8009/variations-ui-web/
ProxyPassReverse /variations-mgmt-web/ ajp://localhost:8009/variations-mgmt-web/

After installing and configuring mod_proxy_ajp, you will need to restart apache: sudo /etc/init.d/httpd restart

Tomcat

Install SSL Certificate

If your SSL certificate is self-signed, then in order for the Web UI and Access Manager connect to the Web Services you will need to add it to the trusted certificates of the newly installed JDK. Run the following as root, adjusting the JDK path (both the keytool program and keystore) if necessary:

$JAVA_HOME/bin/keytool -import  -trustcacerts -alias apacheLocalhostCA \
-file /etc/pki/tls/certs/localhost.crt -keystore $JAVA_HOME/jre/lib/security/cacerts \
-storepass changeit -keypass changeit

Install and Configure Tomcat

Do the following steps as root, adjusting tomcat's filename if necessary:

  1. Install tomcat 6: yum install tomcat6
  2. Edit /usr/share/tomcat6/conf/tomcat6.confby appending the following contents:

    JAVA_OPTS="${JAVA_OPTS} -Xmx1024m -Dcom.sun.management.jmxremote -XX:MaxPermSize=256m"
    
  3. Edit /usr/share/tomcat6/conf/server.xml
    • Change the redirectPort attribute in the 8009 AJP connector tag to 443.
  4. For Variations webapps to connect to the Variations Web Services, you need to create a user with role "wsconsumer" by adding the following lines to /usr/share/tomcat6/conf/tomcat-users.xml(replace client_auth_username and actual_password with your own values, which you will later also put in Variations webapp config files):

    <role rolename="wsconsumer"/>
    <user username="client_auth_username" password="actual_password" roles="wsconsumer"/>
    

Starting Tomcat

To start tomcat, run sudo /etc/init.d/tomcat6 start. Check that tomcat has started up properly by opening a browser and navigating to http://tomcat.host:8080/ (where tomcat.host is the hostname where tomcat is running). If tomcat is running, an empty page will be displayed.

Variations Server Access for Webapps

The Variations Web Services need to connect to the Variations server to access metadata and user profiles. The Web Services require a superuser connection to Variations. Access control to this information is handled by the Variations server access policy file and an access policy file bundled with the Web Services.

  1. Create an account that can access your Variations server by making a service or guest account through your institution. Do not use a personal account. If your institution does not provide this capability, then you can create a system account on the Variations server and turn on system authentication in Variations.
  2. Add the user to the Variations server Administrators group using the varGroup.sh command.
  • No labels