Configure the Apache Web server

  1. Use the example configuration files in Open-ILS/examples/apache/ (for Apache versions below 2.4) or Open-ILS/examples/apache_24/ (for Apache versions 2.4 or greater) to configure your Web server for the Evergreen catalog, staff client, Web services, and administration interfaces. Issue the following commands as the root Linux account:

    Debian Wheezy and Ubuntu Precise. 

    cp Open-ILS/examples/apache/eg.conf       /etc/apache2/sites-available/
    cp Open-ILS/examples/apache/eg_vhost.conf /etc/apache2/
    cp Open-ILS/examples/apache/eg_startup    /etc/apache2/
    # Now set up SSL
    mkdir /etc/apache2/ssl
    cd /etc/apache2/ssl

    Ubuntu Trusty and Debian Jessie. 

    cp Open-ILS/examples/apache_24/eg_24.conf       /etc/apache2/sites-available/eg.conf
    cp Open-ILS/examples/apache_24/eg_vhost_24.conf /etc/apache2/eg_vhost.conf
    cp Open-ILS/examples/apache/eg_startup          /etc/apache2/
    # Now set up SSL
    mkdir /etc/apache2/ssl
    cd /etc/apache2/ssl

    Fedora. 

    cp Open-ILS/examples/apache_24/eg_24.conf       /etc/httpd/conf.d/
    cp Open-ILS/examples/apache_24/eg_vhost_24.conf /etc/httpd/eg_vhost.conf
    cp Open-ILS/examples/apache/eg_startup          /etc/httpd/
    # Now set up SSL
    mkdir /etc/httpd/ssl
    cd /etc/httpd/ssl

  2. The openssl command cuts a new SSL key for your Apache server. For a production server, you should purchase a signed SSL certificate, but you can just use a self-signed certificate and accept the warnings in the staff client and browser during testing and development. Create an SSL key for the Apache server by issuing the following command as the root Linux account:

    openssl req -new -x509 -days 365 -nodes -out server.crt -keyout server.key
  3. As the root Linux account, edit the eg.conf file that you copied into place.

    1. To enable access to the offline upload / execute interface from any workstation on any network, make the following change (and note that you must secure this for a production instance):

      • (Apache 2.2): Replace Allow from 10.0.0.0/8 with Allow from all
      • (Apache 2.4): Replace Require host 10.0.0.0/8 with Require all granted
    2. (Fedora): Change references from the non-existent /etc/apache2/ directory to /etc/httpd/.
  4. Change the user for the Apache server.

    • (Debian and Ubuntu): As the root Linux account, edit /etc/apache2/envvars. Change export APACHE_RUN_USER=www-data to export APACHE_RUN_USER=opensrf.
    • (Fedora): As the root Linux account , edit /etc/httpd/conf/httpd.conf. Change User apache to User opensrf.
  5. Configure Apache with performance settings appropriate for Evergreen:

    • (Debian and Ubuntu): As the root Linux account, edit /etc/apache2/apache2.conf:
    • (Fedora): As the root Linux account, edit /etc/httpd/conf/httpd.conf:

      1. Change KeepAliveTimeout to 1. Higher values reduce the chance of a request timing out unexpectedly, but increase the risk of using up all available Apache child processes.
      2. Optional: Change MaxKeepAliveRequests to 100
      3. (Debian Wheezy, Ubuntu Precise, and Fedora) Update the prefork configuration section to suit your environment. The following settings apply to a busy system:

        <IfModule mpm_prefork_module>
           StartServers           20
           MinSpareServers         5
           MaxSpareServers        15
           MaxClients            150
           MaxRequestsPerChild 10000
        </IfModule>
      4. (Ubuntu Trusty, Debian Jessie) As the root user, edit /etc/apache2/mods-available/mpm_prefork.conf to match the above values. Then, also as the root user, enable the mpm_prefork module by doing:

        a2dismod mpm_event
        a2enmod mpm_prefork
  6. (Fedora): As the root Linux account, edit the /etc/httpd/eg_vhost.conf file to change references from the non-existent /etc/apache2/ directory to /etc/httpd/.
  7. (Debian Wheezy and Ubuntu Precise): As the root Linux account, enable the Evergreen site:

    a2dissite default  # OPTIONAL: disable the default site (the "It Works" page)
    a2ensite eg.conf

    (Ubuntu Trusty, Debian Jessie):

    a2dissite 000-default  # OPTIONAL: disable the default site (the "It Works" page)
    a2ensite eg.conf
  8. (Ubuntu): As the root Linux account, enable Apache to write to the lock directory; this is currently necessary because Apache is running as the opensrf user:

    chown opensrf /var/lock/apache2