Leopard Server Install

From cosign wiki

Revision as of 16:07, 6 March 2008 by Amw (Talk | contribs)
(diff) ←Older revision | Current revision (diff) | Newer revision→ (diff)
Jump to: navigation, search

Changes from before that I got hung up on:

Web directory changed from /etc/httpd to /etc/apache2 Had to modify a Makefile in the Cosign distribution to build it (details below)

Full procedure I used (in chicken-scratch format):

In Server Admin, select the hostname of the server Click the Certificates tab Click the + button 

Common Name: lsa-mac-dev1.lsait.lsa.umich.edu
Org: University of Michigan
OU: LSA IT
City: Ann Arbor
State: Michigan
(leave the others as defaults)

Click Save

Open a web-browser to here: 

https://webservices.itcs.umich.edu/

and choose the Request an SSL certificate option (you'll be filling it out momentarily) Back in Server Admin: Select the cert you just created Under the gearwheel menu, choose Generate CSR Drag the certificate icon to the webpage's CSR box Fill out the form, being sure to choose umwebCA as the signer


In Server Admin, start the Web Service Click the Sites button, and select the default site (*) - On the Options tab, allow 'CGI Execution' - On the Logging tab, set both the access and error logs to archive every 7 days Click Save

cd /etc/apache2 sudo mkdir cosign cd cosign sudo vi site_conf 

BEGINNING OF FILE
CosignHostname weblogin.umich.edu
CosignRedirect https://weblogin.umich.edu/
CosignPostErrorRedirect https://weblogin.umich.edu/post_error.html
CosignService lsa-hpc
CosignCrypto /etc/certificates/lsa-mac-dev1.lsait.lsa.umich.edu.crtkey /etc/certificates/lsa-mac-dev1.lsait.lsa.umich.edu.crtkey   /etc/apache2/cosign/CAcerts
CosignHttpOnly on  ### Our site is HTTP - if yours is HTTPS, remove this line

<Location />
CosignProtected on
</Location>

<Location /unprotected>
CosignProtected off
</Location>
END OF FILE

cd /etc/apache2/sites

  1. Add this line to your site, anywhere inside the <VirtualHost> block 
      Include "/etc/apache2/cosign/site_conf"
          1. Build and install cosign:

Download the latest version from http://weblogin.org/ setenv CFLAGS "-arch x86_64" # Be sure to use your correct arch here setenv LDFLAGS "-Wl,-arch -Wl,x86_64" # Be sure to use your correct arch here ./configure --enable-apache2=/usr/sbin/apxs Modify filters/apache2/Makefile and add the following to the end of the CFLAGS line: 

   -Wc,-arch -Wc,x86_64

make sudo cp -R CAcerts /etc/apache2/cosign cd filters/apache2/ sudo /usr/sbin/apxs -i -a -n 'cosign' mod_cosign.la

sudo mkdir -p /var/cosign/filter sudo chown www /var/cosign/filter cd /etc/apache2/cosign/CAcerts sudo c_rehash .

                1. Background info on the Makefile change:

When I just did a straight "configure, then make", the module built with only one architecture, i386. The problem is, that Leopard is now 64-bit aware across the board, and Apache (httpd) is built with 4 architectures (ppc7400, ppc64, i386, x86_64). Since httpd was running on 64-bit hardware, it was running using the x86_64 arch, and since the cosign module built with the i386 arch, it wouldn't load the module. I worked around this primarily with the CFLAGS and LDFLAGS environment modules shown above, but found that some of the .o files that make up the final module were still just getting compiled as i386, so I had to modify the Makefile to force those into x86_64 as well. It's quite possible there's a better way to do it, but this worked, so I wanted to share it.

Retrieved from "http://webservices.itcs.umich.edu/mediawiki/cosign/index.php/Leopard_Server_Install"
Personal tools