Difference between revisions of "Adito notes"

From Amahi Wiki
Jump to: navigation, search
 
(18 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 +
====Alternate Install Option====
 +
After running the configuration, do the following:
 +
* Modify conf/webserver.properties.  Change port 7443 to 443
 +
* Add the following lines to *-myadito.conf after ServerAlias and save:
 +
redirect permanent / https://myadito:443
 +
* Restart httpd
 +
* Run ant start
 +
* https://myadito or myadito will allow access
 +
 +
 +
To create certificate used by Apache and Adito, accomplish the following:
 +
*openssl genrsa -out server.key 1024
 +
*openssl req -new -key server.key -x509 -days 1000 -out server.crt
 +
*openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -name "adito"
 +
** Password required for PKCS12, must be at least 6 in length
 +
* When doing adito config, import instead of creating a new cert. 
 +
** Set type to PKCS12
 +
** Password will be one chosen above for cert
 +
** Name or alias is adito
 +
 +
This will ensure apache and adito use the same cert.  Not sure if type matters, X.509 or PKCS12.
 +
 +
 +
----
 +
 +
====root====
 +
* yum -y install ant mod_ssl java-1.6.0-openjdk-devel
 +
* export JAVA_HOME=/usr/lib/jvm/jre-1.6.0-openjdk
 +
* create a webapp (myadito)
 +
* cd /var/hda/web-apps/myadito
 +
* chmod -R 777 .
 +
====user====
 +
* wget http://superb-east.dl.sourceforge.net/sourceforge/adito/adito-0.9.1-bin.tar.gz
 +
* tar -xf adito-0.9.1-bin.tar.gz
 +
* mv adito-0.9.1/ server/
 +
* cd server/
 +
* ant install
 +
* run the configuration at http://hda:28080/
 +
* do not configure https or 443 - try 7443 and http only
 +
* once done: ant start
 +
* the server should start - at http://hda:7443
 +
 +
* then try to make a proxy to it:
 +
 +
====root====
 +
* in the /etc/httpd/conf.d/*-myadito.conf file, add:
 +
 +
        ProxyPass / http://localhost:7443/
 +
        ProxyPassReverse / http://localhost:7443/
 +
 +
* then service httpd restart
 +
* that should work as http ONLY
 +
 +
----
 +
 +
for https traffic from the net to apache:
 +
 +
* yum install -y mod_ssl
 +
* change port of the virtualhost to 443
 +
 +
----
 +
 +
options to play with:
 +
 +
 +
        SSLProxyEngine On
 +
        ProxyRemote https://myadito:443/ https://localhost:7443/
 +
 +
        ProxyRequests Off
 +
        ProxyPreserveHost Off
 +
 +
        ProxyPass / https://localhost:7443/
 +
        ProxyPassReverse / https://localhost:7443/
 +
 +
'''not all of them at the same time!!'''
 +
 +
 +
----
 +
 +
old:
 +
 
* create a webapp (my-adito)
 
* create a webapp (my-adito)
 
* cd to it (cd /var/hda/web-apps/my-adito/
 
* cd to it (cd /var/hda/web-apps/my-adito/
Line 13: Line 94:
 
----
 
----
  
Summary of Manual Install
+
some guide for f10:
  
*I did an actual install on a VirtualBox F10 32-bit VM with Amahi.  As root, I did an install, activated the service, and logged in once to ensure everything worked (see [http://wiki.amahi.org/adito] http://wiki.amahi.org/wiki).  Once finished, stopped the service and compared the install version with the original source version.  Files that were different are listed below:
+
http://www.extrahip.net/node/17
 +
 
 +
----
 +
 
 +
== Summary of Manual Install ==
 +
 
 +
*'''Concept:'''  Adito requires Apache Ant to install and root access.  The intent is to find a way to patch the source and do everything at the user level.  In order to make this a one-click install, the patch would include predefined admin and links pertinent to the Amahi HDA.
 +
 
 +
*I did an actual install on a VirtualBox F10 32-bit VM with Amahi.  As root, I did an install, activated the service, and logged in once to ensure everything worked (see http://wiki.amahi.org/index.php/adito).  Once finished, stopped the service and compared the install version with the original source version.  Files that were different are listed below:
  
 
  server/conf: default.keystore.jks
 
  server/conf: default.keystore.jks
Line 38: Line 127:
 
  server/logs: wrapper.log
 
  server/logs: wrapper.log
 
  server/tmp: availableCipherSuites.txt
 
  server/tmp: availableCipherSuites.txt
  server/tmp: extensions (this is a directory of files)
+
  server/tmp: extensions ''(this is a directory of files)''
  server/tmp: org  (this is a directory of files)
+
  server/tmp: org  ''(this is a directory of files)''
  
* I then made a patch with the different files and started a clean VM.  I followed the steps below to do the install:
+
* I then made a patch with the different files and started a clean VM.  I followed the steps below to do the install without Apache Ant, but still using root access:
  
 
  yum -y install java-1.6.0-openjdk-devel
 
  yum -y install java-1.6.0-openjdk-devel
Line 52: Line 141:
 
  mv adito-0.9.1/ server/
 
  mv adito-0.9.1/ server/
 
  cd server
 
  cd server
  wget adito-0.9.1-patch.zip (this is a zip file of changed files between source and install)
+
  wget adito-0.9.1-patch.zip ''(this is an archive of changed files between source and install)''
 
  wget adito-0.9.1-patch.zip
 
  wget adito-0.9.1-patch.zip
 
  unzip adito-0.9.1-patch.zip
 
  unzip adito-0.9.1-patch.zip
Line 62: Line 151:
 
  /var/hda/web-apps/myadito/server/install/platforms/linux/adito start
 
  /var/hda/web-apps/myadito/server/install/platforms/linux/adito start
  
Once it started, I used FF and went to https://localhost.  The service only runs for about 10 sec, then shuts down, so have to be quick.  Once I got the
+
Once it started, I used FF and went to https://localhost.  The service only runs for about 10 sec, then shuts down, so have to be quick.  Once I got the 'secure connection failed', I chose 'add exception.'  I then did 'get certificate' and the 'confirm exception' button was greyed out.  There was no certificate info available and I could not proceed.  By this time, the service had also shut down.
 +
 
 +
I do not know why it shuts down, but it could be related to the certificate problem.  There is guidance on the Adito wiki (http://adito.wiki.sourceforge.net/ssl_certificate_management) which provides some direction on manually creating a certificate.

Latest revision as of 14:41, 20 June 2009

Alternate Install Option

After running the configuration, do the following:

  • Modify conf/webserver.properties. Change port 7443 to 443
  • Add the following lines to *-myadito.conf after ServerAlias and save:
redirect permanent / https://myadito:443


To create certificate used by Apache and Adito, accomplish the following:

  • openssl genrsa -out server.key 1024
  • openssl req -new -key server.key -x509 -days 1000 -out server.crt
  • openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -name "adito"
    • Password required for PKCS12, must be at least 6 in length
  • When doing adito config, import instead of creating a new cert.
    • Set type to PKCS12
    • Password will be one chosen above for cert
    • Name or alias is adito

This will ensure apache and adito use the same cert. Not sure if type matters, X.509 or PKCS12.



root

  • yum -y install ant mod_ssl java-1.6.0-openjdk-devel
  • export JAVA_HOME=/usr/lib/jvm/jre-1.6.0-openjdk
  • create a webapp (myadito)
  • cd /var/hda/web-apps/myadito
  • chmod -R 777 .

user

  • then try to make a proxy to it:

root

  • in the /etc/httpd/conf.d/*-myadito.conf file, add:
       ProxyPass / http://localhost:7443/
       ProxyPassReverse / http://localhost:7443/
  • then service httpd restart
  • that should work as http ONLY

for https traffic from the net to apache:

  • yum install -y mod_ssl
  • change port of the virtualhost to 443

options to play with:


       SSLProxyEngine On
       ProxyRemote https://myadito:443/ https://localhost:7443/
       ProxyRequests Off
       ProxyPreserveHost Off
       ProxyPass / https://localhost:7443/
       ProxyPassReverse / https://localhost:7443/

not all of them at the same time!!



old:

  • create a webapp (my-adito)
  • cd to it (cd /var/hda/web-apps/my-adito/
  • chmod -R 777 .
  • wget http://superb-east.dl.sourceforge.net/sourceforge/adito/adito-0.9.1-bin.tar.gz
  • tar -xjf adito-0.9.1-bin.tar.gz
  • mv adito-0.9.1/ server/
  • cd into server
  • cp conf/wrapper.conf.base conf/wrapper.conf
  • copy a valid, pre-configured database set of files to the db/ dir
  • chmod 777 install/platforms/linux/x86-64/wrapper
  • ./install/platforms/linux/x86-64/wrapper /var/hda/web-apps/myadito/server/conf/wrapper.conf wrapper.pidfile=my.pid wrapper.daemonize=FALSE

some guide for f10:

http://www.extrahip.net/node/17


Summary of Manual Install

  • Concept: Adito requires Apache Ant to install and root access. The intent is to find a way to patch the source and do everything at the user level. In order to make this a one-click install, the patch would include predefined admin and links pertinent to the Amahi HDA.
  • I did an actual install on a VirtualBox F10 32-bit VM with Amahi. As root, I did an install, activated the service, and logged in once to ensure everything worked (see http://wiki.amahi.org/index.php/adito). Once finished, stopped the service and compared the install version with the original source version. Files that were different are listed below:
server/conf: default.keystore.jks
server/conf/prefs/system/extensions: prefs.properties
server/conf/prefs/system/extensions/versions: prefs.properties
server/conf/prefs/system: prefs.properties
server/conf/repository/keystore: default.keystore.jks
server/conf/repository/PKI: aditoadmin.prv
server/conf/repository/PKI: aditoadmin.pub
server/conf: webserver.properties
server/conf: wrapper.conf
server/db: explorer_configuration.backup
server/db: explorer_configuration.data
server/db: explorer_configuration.log
server/db: explorer_configuration.properties
server/db: explorer_configuration.script
server/db: upgrade.log
server/db: versions.log
server/lib: tools.jar
server/logs: 2009_06_15.request.log
server/logs: adito.log
server/logs: wrapper.log
server/tmp: availableCipherSuites.txt
server/tmp: extensions (this is a directory of files)
server/tmp: org  (this is a directory of files)
  • I then made a patch with the different files and started a clean VM. I followed the steps below to do the install without Apache Ant, but still using root access:
yum -y install java-1.6.0-openjdk-devel
cd /var/hda/web-apps/
mkdir myadito
cd myadito
wget http://superb-west.dl.sourceforge.net/sourceforge/adito/adito-0.9.1-bin.tar.gz 
tar -xf adito-0.9.1-bin.tar.gz
rm -f adito-0.9.1-bin.tar.gz
mv adito-0.9.1/ server/
cd server
wget adito-0.9.1-patch.zip (this is an archive of changed files between source and install)
wget adito-0.9.1-patch.zip
unzip adito-0.9.1-patch.zip
rm -f adito-0.9.1-patch.zip
chmod a+x /var/hda/web-apps/myadito/server/install/platforms/linux/adito
chmod a+x /var/hda/web-apps/myadito/server/install/platforms/linux/x86/wrapper
chmod a+x /var/hda/web-apps/myadito/server/install/platforms/linux/x86-64/wrapper
export WRAPPER_CONF="/var/hda/web-apps/myadito/server/conf/wrapper.conf"
/var/hda/web-apps/myadito/server/install/platforms/linux/adito start

Once it started, I used FF and went to https://localhost. The service only runs for about 10 sec, then shuts down, so have to be quick. Once I got the 'secure connection failed', I chose 'add exception.' I then did 'get certificate' and the 'confirm exception' button was greyed out. There was no certificate info available and I could not proceed. By this time, the service had also shut down.

I do not know why it shuts down, but it could be related to the certificate problem. There is guidance on the Adito wiki (http://adito.wiki.sourceforge.net/ssl_certificate_management) which provides some direction on manually creating a certificate.