Use the example configuration files in Open-ILS/examples/apache/
(for
Apache versions below 2.4) or Open-ILS/examples/apache_24/
(for Apache
versions 2.4 or greater) to configure your Web server for the Evergreen
catalog, staff client, Web services, and administration interfaces. Issue the
following commands as the root Linux account:
Debian Wheezy.
cp Open-ILS/examples/apache/eg.conf /etc/apache2/sites-available/ cp Open-ILS/examples/apache/eg_vhost.conf /etc/apache2/ cp Open-ILS/examples/apache/eg_startup /etc/apache2/ # Now set up SSL mkdir /etc/apache2/ssl cd /etc/apache2/ssl
Ubuntu Trusty, Ubuntu Xenial, and Debian Jessie.
cp Open-ILS/examples/apache_24/eg_24.conf /etc/apache2/sites-available/eg.conf cp Open-ILS/examples/apache_24/eg_vhost_24.conf /etc/apache2/eg_vhost.conf cp Open-ILS/examples/apache/eg_startup /etc/apache2/ # Now set up SSL mkdir /etc/apache2/ssl cd /etc/apache2/ssl
Fedora.
cp Open-ILS/examples/apache_24/eg_24.conf /etc/httpd/conf.d/ cp Open-ILS/examples/apache_24/eg_vhost_24.conf /etc/httpd/eg_vhost.conf cp Open-ILS/examples/apache/eg_startup /etc/httpd/ # Now set up SSL mkdir /etc/httpd/ssl cd /etc/httpd/ssl
The openssl
command cuts a new SSL key for your Apache server. For a
production server, you should purchase a signed SSL certificate, but you can
just use a self-signed certificate and accept the warnings in the staff client
and browser during testing and development. Create an SSL key for the Apache
server by issuing the following command as the root Linux account:
openssl req -new -x509 -days 365 -nodes -out server.crt -keyout server.key
As the root Linux account, edit the eg.conf
file that you copied into
place.
To enable access to the offline upload / execute interface from any workstation on any network, make the following change (and note that you must secure this for a production instance):
Allow from 10.0.0.0/8
with Allow from all
Require host 10.0.0.0/8
with Require all granted
/etc/apache2/
directory
to /etc/httpd/
.
Change the user for the Apache server.
/etc/apache2/envvars
. Change export APACHE_RUN_USER=www-data
to
export APACHE_RUN_USER=opensrf
.
/etc/httpd/conf/httpd.conf
.
Change User apache
to User opensrf
.
As the root Linux account, configure Apache with KeepAlive settings appropriate for Evergreen. Higher values can improve the performance of a single client by allowing multiple requests to be sent over the same TCP connection, but increase the risk of using up all available Apache child processes and memory.
(Debian and Ubuntu): Edit /etc/apache2/apache2.conf
.
KeepAliveTimeout
to 1
.
MaxKeepAliveRequests
to 100
.
(Fedora): Edit /etc/httpd/conf/httpd.conf
.
KeepAliveTimeout
to 1
.
MaxKeepAliveRequests
to 100
.
As the root Linux account, configure the prefork module to start and keep enough Apache servers available to provide quick responses to clients without running out of memory. The following settings are a good starting point for a site that exposes the default Evergreen catalogue to the web:
Debian Wheezy (/etc/apache2/apache2.conf
) and Fedora (/etc/httpd/conf/httpd.conf
).
<IfModule mpm_prefork_module> StartServers 15 MinSpareServers 5 MaxSpareServers 15 MaxClients 75 MaxRequestsPerChild 500 </IfModule>
Ubuntu Trusty, Ubuntu Xenial, Debian Jessie (/etc/apache2/mods-available/mpm_prefork.conf
).
<IfModule mpm_prefork_module> StartServers 15 MinSpareServers 5 MaxSpareServers 15 MaxRequestWorkers 75 MaxConnectionsPerChild 500 </IfModule>
(Ubuntu Trusty, Ubuntu Xenial, Debian Jessie) As the root user, enable the mpm_prefork module:
a2dismod mpm_event a2enmod mpm_prefork
/etc/httpd/eg_vhost.conf
file to change references from the non-existent /etc/apache2/
directory
to /etc/httpd/
.
(Debian Wheezy): As the root Linux account, enable the Evergreen site:
a2dissite default # OPTIONAL: disable the default site (the "It Works" page) a2ensite eg.conf
(Ubuntu Trusty, Ubuntu Xenial, Debian Jessie):
a2dissite 000-default # OPTIONAL: disable the default site (the "It Works" page) a2ensite eg.conf
(Debian and Ubuntu): As the root Linux account, enable Apache to write
to the lock directory; this is currently necessary because Apache
is running as the opensrf
user:
chown opensrf /var/lock/apache2
Learn more about additional Apache options in the following sections: