Difference between revisions of "Adito notes"

From Amahi Wiki
Jump to: navigation, search
 
(20 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 +
====Alternate Install Option====
 +
After running the configuration, do the following:
 +
* Modify conf/webserver.properties.  Change port 7443 to 443
 +
* Add the following lines to *-myadito.conf after ServerAlias and save:
 +
redirect permanent / https://myadito:443
 +
* Restart httpd
 +
* Run ant start
 +
* https://myadito or myadito will allow access
 +
 +
 +
To create certificate used by Apache and Adito, accomplish the following:
 +
*openssl genrsa -out server.key 1024
 +
*openssl req -new -key server.key -x509 -days 1000 -out server.crt
 +
*openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -name "adito"
 +
** Password required for PKCS12, must be at least 6 in length
 +
* When doing adito config, import instead of creating a new cert. 
 +
** Set type to PKCS12
 +
** Password will be one chosen above for cert
 +
** Name or alias is adito
 +
 +
This will ensure apache and adito use the same cert.  Not sure if type matters, X.509 or PKCS12.
 +
 +
 +
----
 +
 +
====root====
 +
* yum -y install ant mod_ssl java-1.6.0-openjdk-devel
 +
* export JAVA_HOME=/usr/lib/jvm/jre-1.6.0-openjdk
 +
* create a webapp (myadito)
 +
* cd /var/hda/web-apps/myadito
 +
* chmod -R 777 .
 +
====user====
 +
* wget http://superb-east.dl.sourceforge.net/sourceforge/adito/adito-0.9.1-bin.tar.gz
 +
* tar -xf adito-0.9.1-bin.tar.gz
 +
* mv adito-0.9.1/ server/
 +
* cd server/
 +
* ant install
 +
* run the configuration at http://hda:28080/
 +
* do not configure https or 443 - try 7443 and http only
 +
* once done: ant start
 +
* the server should start - at http://hda:7443
 +
 +
* then try to make a proxy to it:
 +
 +
====root====
 +
* in the /etc/httpd/conf.d/*-myadito.conf file, add:
 +
 +
        ProxyPass / http://localhost:7443/
 +
        ProxyPassReverse / http://localhost:7443/
 +
 +
* then service httpd restart
 +
* that should work as http ONLY
 +
 +
----
 +
 +
for https traffic from the net to apache:
 +
 +
* yum install -y mod_ssl
 +
* change port of the virtualhost to 443
 +
 +
----
 +
 +
options to play with:
 +
 +
 +
        SSLProxyEngine On
 +
        ProxyRemote https://myadito:443/ https://localhost:7443/
 +
 +
        ProxyRequests Off
 +
        ProxyPreserveHost Off
 +
 +
        ProxyPass / https://localhost:7443/
 +
        ProxyPassReverse / https://localhost:7443/
 +
 +
'''not all of them at the same time!!'''
 +
 +
 +
----
 +
 +
old:
 +
 
* create a webapp (my-adito)
 
* create a webapp (my-adito)
 
* cd to it (cd /var/hda/web-apps/my-adito/
 
* cd to it (cd /var/hda/web-apps/my-adito/
Line 13: Line 94:
 
----
 
----
  
Summary of Manual Install
+
some guide for f10:
  
*I did an actual install on a VirtualBox F10 32-bit VM with Amahi.  I did an install, activated the service, and logged in once to ensure everything worked.  Once finished, stopped the service and compared the install version with the original source version.  Files that were different are listed below:
+
http://www.extrahip.net/node/17
 +
 
 +
----
 +
 
 +
== Summary of Manual Install ==
 +
 
 +
*'''Concept:'''  Adito requires Apache Ant to install and root access.  The intent is to find a way to patch the source and do everything at the user level.  In order to make this a one-click install, the patch would include predefined admin and links pertinent to the Amahi HDA.
 +
 
 +
*I did an actual install on a VirtualBox F10 32-bit VM with Amahi.  As root, I did an install, activated the service, and logged in once to ensure everything worked (see http://wiki.amahi.org/index.php/adito).  Once finished, stopped the service and compared the install version with the original source version.  Files that were different are listed below:
  
 
  server/conf: default.keystore.jks
 
  server/conf: default.keystore.jks
Line 38: Line 127:
 
  server/logs: wrapper.log
 
  server/logs: wrapper.log
 
  server/tmp: availableCipherSuites.txt
 
  server/tmp: availableCipherSuites.txt
  server/tmp: extensions (this is a directory of files)
+
  server/tmp: extensions ''(this is a directory of files)''
  server/tmp: org  (this is a directory of files)
+
  server/tmp: org  ''(this is a directory of files)''
  
* I then made a patch with the different files and started a clean VM.  I followed the steps below to do the install:
+
* I then made a patch with the different files and started a clean VM.  I followed the steps below to do the install without Apache Ant, but still using root access:
  
 
  yum -y install java-1.6.0-openjdk-devel
 
  yum -y install java-1.6.0-openjdk-devel
Line 52: Line 141:
 
  mv adito-0.9.1/ server/
 
  mv adito-0.9.1/ server/
 
  cd server
 
  cd server
  wget adito-0.9.1-patch.zip (this is a zip file of changed files between source and install)
+
  wget adito-0.9.1-patch.zip ''(this is an archive of changed files between source and install)''
 
  wget adito-0.9.1-patch.zip
 
  wget adito-0.9.1-patch.zip
 
  unzip adito-0.9.1-patch.zip
 
  unzip adito-0.9.1-patch.zip
Line 62: Line 151:
 
  /var/hda/web-apps/myadito/server/install/platforms/linux/adito start
 
  /var/hda/web-apps/myadito/server/install/platforms/linux/adito start
  
Once it started, I used FF and went to https://localhost.  The service only runs for about 10 sec, then shuts down, so have to be quick.  Once I got the
+
Once it started, I used FF and went to https://localhost.  The service only runs for about 10 sec, then shuts down, so have to be quick.  Once I got the 'secure connection failed', I chose 'add exception.'  I then did 'get certificate' and the 'confirm exception' button was greyed out.  There was no certificate info available and I could not proceed.  By this time, the service had also shut down.
 +
 
 +
I do not know why it shuts down, but it could be related to the certificate problem.  There is guidance on the Adito wiki (http://adito.wiki.sourceforge.net/ssl_certificate_management) which provides some direction on manually creating a certificate.

Latest revision as of 14:41, 20 June 2009

Alternate Install Option

After running the configuration, do the following:

  • Modify conf/webserver.properties. Change port 7443 to 443
  • Add the following lines to *-myadito.conf after ServerAlias and save:
redirect permanent / https://myadito:443


To create certificate used by Apache and Adito, accomplish the following:

  • openssl genrsa -out server.key 1024
  • openssl req -new -key server.key -x509 -days 1000 -out server.crt
  • openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -name "adito"
    • Password required for PKCS12, must be at least 6 in length
  • When doing adito config, import instead of creating a new cert.
    • Set type to PKCS12
    • Password will be one chosen above for cert
    • Name or alias is adito

This will ensure apache and adito use the same cert. Not sure if type matters, X.509 or PKCS12.



root

  • yum -y install ant mod_ssl java-1.6.0-openjdk-devel
  • export JAVA_HOME=/usr/lib/jvm/jre-1.6.0-openjdk
  • create a webapp (myadito)
  • cd /var/hda/web-apps/myadito
  • chmod -R 777 .

user

  • then try to make a proxy to it:

root

  • in the /etc/httpd/conf.d/*-myadito.conf file, add:
       ProxyPass / http://localhost:7443/
       ProxyPassReverse / http://localhost:7443/
  • then service httpd restart
  • that should work as http ONLY

for https traffic from the net to apache:

  • yum install -y mod_ssl
  • change port of the virtualhost to 443

options to play with:


       SSLProxyEngine On
       ProxyRemote https://myadito:443/ https://localhost:7443/
       ProxyRequests Off
       ProxyPreserveHost Off
       ProxyPass / https://localhost:7443/
       ProxyPassReverse / https://localhost:7443/

not all of them at the same time!!



old:

  • create a webapp (my-adito)
  • cd to it (cd /var/hda/web-apps/my-adito/
  • chmod -R 777 .
  • wget http://superb-east.dl.sourceforge.net/sourceforge/adito/adito-0.9.1-bin.tar.gz
  • tar -xjf adito-0.9.1-bin.tar.gz
  • mv adito-0.9.1/ server/
  • cd into server
  • cp conf/wrapper.conf.base conf/wrapper.conf
  • copy a valid, pre-configured database set of files to the db/ dir
  • chmod 777 install/platforms/linux/x86-64/wrapper
  • ./install/platforms/linux/x86-64/wrapper /var/hda/web-apps/myadito/server/conf/wrapper.conf wrapper.pidfile=my.pid wrapper.daemonize=FALSE

some guide for f10:

http://www.extrahip.net/node/17


Summary of Manual Install

  • Concept: Adito requires Apache Ant to install and root access. The intent is to find a way to patch the source and do everything at the user level. In order to make this a one-click install, the patch would include predefined admin and links pertinent to the Amahi HDA.
  • I did an actual install on a VirtualBox F10 32-bit VM with Amahi. As root, I did an install, activated the service, and logged in once to ensure everything worked (see http://wiki.amahi.org/index.php/adito). Once finished, stopped the service and compared the install version with the original source version. Files that were different are listed below:
server/conf: default.keystore.jks
server/conf/prefs/system/extensions: prefs.properties
server/conf/prefs/system/extensions/versions: prefs.properties
server/conf/prefs/system: prefs.properties
server/conf/repository/keystore: default.keystore.jks
server/conf/repository/PKI: aditoadmin.prv
server/conf/repository/PKI: aditoadmin.pub
server/conf: webserver.properties
server/conf: wrapper.conf
server/db: explorer_configuration.backup
server/db: explorer_configuration.data
server/db: explorer_configuration.log
server/db: explorer_configuration.properties
server/db: explorer_configuration.script
server/db: upgrade.log
server/db: versions.log
server/lib: tools.jar
server/logs: 2009_06_15.request.log
server/logs: adito.log
server/logs: wrapper.log
server/tmp: availableCipherSuites.txt
server/tmp: extensions (this is a directory of files)
server/tmp: org  (this is a directory of files)
  • I then made a patch with the different files and started a clean VM. I followed the steps below to do the install without Apache Ant, but still using root access:
yum -y install java-1.6.0-openjdk-devel
cd /var/hda/web-apps/
mkdir myadito
cd myadito
wget http://superb-west.dl.sourceforge.net/sourceforge/adito/adito-0.9.1-bin.tar.gz 
tar -xf adito-0.9.1-bin.tar.gz
rm -f adito-0.9.1-bin.tar.gz
mv adito-0.9.1/ server/
cd server
wget adito-0.9.1-patch.zip (this is an archive of changed files between source and install)
wget adito-0.9.1-patch.zip
unzip adito-0.9.1-patch.zip
rm -f adito-0.9.1-patch.zip
chmod a+x /var/hda/web-apps/myadito/server/install/platforms/linux/adito
chmod a+x /var/hda/web-apps/myadito/server/install/platforms/linux/x86/wrapper
chmod a+x /var/hda/web-apps/myadito/server/install/platforms/linux/x86-64/wrapper
export WRAPPER_CONF="/var/hda/web-apps/myadito/server/conf/wrapper.conf"
/var/hda/web-apps/myadito/server/install/platforms/linux/adito start

Once it started, I used FF and went to https://localhost. The service only runs for about 10 sec, then shuts down, so have to be quick. Once I got the 'secure connection failed', I chose 'add exception.' I then did 'get certificate' and the 'confirm exception' button was greyed out. There was no certificate info available and I could not proceed. By this time, the service had also shut down.

I do not know why it shuts down, but it could be related to the certificate problem. There is guidance on the Adito wiki (http://adito.wiki.sourceforge.net/ssl_certificate_management) which provides some direction on manually creating a certificate.