Leopard Server Install
From cosign wiki
(→Changes from before that I got hung up on:) |
(→Build and install cosign:) |
||
Line 64: | Line 64: | ||
=== Build and install cosign:=== | === Build and install cosign:=== | ||
- | + | [[Building and Installing on Mac OS X]] | |
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
=== Background info on the Makefile change:=== | === Background info on the Makefile change:=== | ||
When I just did a straight "configure, then make", the module built with only one architecture, i386. The problem is, that Leopard is now 64-bit aware across the board, and Apache (httpd) is built with 4 architectures (ppc7400, ppc64, i386, x86_64). Since httpd was running on 64-bit hardware, it was running using the x86_64 arch, and since the cosign module built with the i386 arch, it wouldn't load the module. I worked around this primarily with the CFLAGS and LDFLAGS environment modules shown above, but found that some of the .o files that make up the final module were still just getting compiled as i386, so I had to modify the Makefile to force those into x86_64 as well. It's quite possible there's a better way to do it, but this worked, so I wanted to share it. | When I just did a straight "configure, then make", the module built with only one architecture, i386. The problem is, that Leopard is now 64-bit aware across the board, and Apache (httpd) is built with 4 architectures (ppc7400, ppc64, i386, x86_64). Since httpd was running on 64-bit hardware, it was running using the x86_64 arch, and since the cosign module built with the i386 arch, it wouldn't load the module. I worked around this primarily with the CFLAGS and LDFLAGS environment modules shown above, but found that some of the .o files that make up the final module were still just getting compiled as i386, so I had to modify the Makefile to force those into x86_64 as well. It's quite possible there's a better way to do it, but this worked, so I wanted to share it. |
Revision as of 12:35, 30 March 2009
Contents |
Changes from before that I got hung up on:
- Web directory changed from /etc/httpd to /etc/apache2
- Had to modify a Makefile in the Cosign distribution to build it (details below)
- Edits made Mar 09 to reflect what to do with the signed certificate and instructions to update the umwebCA.pem file
Full procedure I used (in chicken-scratch format):
- In Server Admin, select the hostname of the server
- Click the Certificates tab
- Click the + button
Common Name: lsa-mac-dev1.lsait.lsa.umich.edu Org: University of Michigan OU: LSA IT City: Ann Arbor State: Michigan (leave the others as defaults)
- Click Save
Open a web-browser to here:
https://webservices.itcs.umich.edu/
and choose the Request an SSL certificate option (you'll be filling it out momentarily) Back in Server Admin:
- Select the cert you just created
- Under the gearwheel menu, choose Generate CSR
- Drag the certificate icon to the webpage's CSR box
- Fill out the form, being sure to choose umwebCA as the signer
When you get the signed certificate back from the UMWeb Certificate Authority, return to Server Admin and:
- Select the self-signed cert in Server Admin you created earlier
- Under the gearwheel menu, choose 'Add Signed or Renewed Certificate from Certificate Authority' and add the signed certificate you received
In Server Admin, start the Web Service
- Click the Sites button, and select the default site (*)
- On the Options tab, allow 'CGI Execution'
- On the Logging tab, set both the access and error logs to archive every 7 days
- Click Save
- cd /etc/apache2
- sudo mkdir cosign
- cd cosign
- sudo vi site_conf
BEGINNING OF FILE CosignHostname weblogin.umich.edu CosignRedirect https://weblogin.umich.edu/ CosignPostErrorRedirect https://weblogin.umich.edu/post_error.html CosignService lsa-hpc CosignCrypto /etc/certificates/lsa-mac-dev1.lsait.lsa.umich.edu.crtkey /etc/certificates/lsa-mac-dev1.lsait.lsa.umich.edu.crtkey /etc/apache2/cosign/CAcerts CosignHttpOnly on ### Our site is HTTP - if yours is HTTPS, remove this line <Location /> CosignProtected on </Location> <Location /unprotected> CosignProtected off </Location> END OF FILE
- cd /etc/apache2/sites
- Add this line to your site, anywhere inside the <VirtualHost> block
- Include "/etc/apache2/cosign/site_conf"
Build and install cosign:
Building and Installing on Mac OS X
Background info on the Makefile change:
When I just did a straight "configure, then make", the module built with only one architecture, i386. The problem is, that Leopard is now 64-bit aware across the board, and Apache (httpd) is built with 4 architectures (ppc7400, ppc64, i386, x86_64). Since httpd was running on 64-bit hardware, it was running using the x86_64 arch, and since the cosign module built with the i386 arch, it wouldn't load the module. I worked around this primarily with the CFLAGS and LDFLAGS environment modules shown above, but found that some of the .o files that make up the final module were still just getting compiled as i386, so I had to modify the Makefile to force those into x86_64 as well. It's quite possible there's a better way to do it, but this worked, so I wanted to share it.