[open-ils-commits] [GIT] Evergreen ILS branch master updated. d4f6bf89576e470f16214f5848b0782e4bec8573
Evergreen Git
git at git.evergreen-ils.org
Thu Mar 14 16:10:41 EDT 2013
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Evergreen ILS".
The branch, master has been updated
via d4f6bf89576e470f16214f5848b0782e4bec8573 (commit)
from 67fe98a9185ace222fe8051519cb23e4b5e42fd0 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit d4f6bf89576e470f16214f5848b0782e4bec8573
Author: Dan Scott <dscott at laurentian.ca>
Date: Wed Jan 16 22:13:41 2013 -0500
Support Apache 2.4 configuration directives
Apache 2.4 uses a different server-side include syntax, but we can
direct it to use the old syntax via the SSILegacySyntax directive.
2.4 also uses different access control syntax: "Require all granted"
instead of "Allow from all", for example.
Accordingly, create a parallel examples/apache_24 directory that
contains sample Apache configuration files suitable for Apache 2.4 and
higher.
Also, amend the README to reflect Apache 2.4 and higher.
Signed-off-by: Dan Scott <dscott at laurentian.ca>
Signed-off-by: Ben Shum <bshum at biblio.org>
diff --git a/Open-ILS/examples/apache_24/eg.conf b/Open-ILS/examples/apache_24/eg.conf
new file mode 100644
index 0000000..c7b8be9
--- /dev/null
+++ b/Open-ILS/examples/apache_24/eg.conf
@@ -0,0 +1,147 @@
+# :vim set syntax apache
+
+LogLevel info
+# - log locally
+CustomLog /var/log/apache2/access.log combined
+ErrorLog /var/log/apache2/error.log
+# - log to syslog
+# CustomLog "|/usr/bin/logger -p local7.info" common
+# ErrorLog "|logger -p local7.error"
+
+
+# ----------------------------------------------------------------------------------
+# Set up Perl
+# ----------------------------------------------------------------------------------
+
+# - needed by CGIs
+PerlRequire /etc/apache2/startup.pl
+PerlChildInitHandler OpenILS::WWW::Reporter::child_init
+PerlChildInitHandler OpenILS::WWW::SuperCat::child_init
+PerlChildInitHandler OpenILS::WWW::AddedContent::child_init
+PerlChildInitHandler OpenILS::WWW::PasswordReset::child_init
+PerlChildInitHandler OpenILS::WWW::AutoSuggest::child_init
+
+# ----------------------------------------------------------------------------------
+# Set some defaults for our working directories
+# ----------------------------------------------------------------------------------
+<Directory /openils/var/web>
+ Require all granted
+</Directory>
+
+
+# ----------------------------------------------------------------------------------
+# XUL directory
+# ----------------------------------------------------------------------------------
+<Directory /openils/var/web/xul>
+ Options Indexes FollowSymLinks
+ AllowOverride None
+ Require all granted
+</Directory>
+
+
+# ----------------------------------------------------------------------------------
+# Remove the language portion from the URL
+# ----------------------------------------------------------------------------------
+AliasMatch ^/opac/.*/skin/(.*)/(.*)/(.*) /openils/var/web/opac/skin/$1/$2/$3
+AliasMatch ^/opac/.*/extras/slimpac/(.*) /openils/var/web/opac/extras/slimpac/$1
+AliasMatch ^/opac/.*/extras/selfcheck/(.*) /openils/var/web/opac/extras/selfcheck/$1
+
+
+
+# ----------------------------------------------------------------------------------
+# System config CGI scripts go here
+# ----------------------------------------------------------------------------------
+Alias /cgi-bin/offline/ "/openils/var/cgi-bin/offline/"
+<Directory "/openils/var/cgi-bin/offline">
+ AddHandler cgi-script .cgi .pl
+ AllowOverride None
+ Options None
+ Require host 10.0.0.0/8
+ Options FollowSymLinks ExecCGI Indexes
+</Directory>
+
+
+# ----------------------------------------------------------------------------------
+# Updates folder
+# ----------------------------------------------------------------------------------
+Alias /updates/ "/openils/var/updates/pub/"
+<Directory "/openils/var/updates/pub">
+ <Files check>
+ ForceType cgi-script
+ </Files>
+ <Files update.rdf>
+ ForceType cgi-script
+ </Files>
+ <Files manualupdate.html>
+ ForceType cgi-script
+ </Files>
+ <Files download>
+ ForceType cgi-script
+ </Files>
+ AllowOverride None
+ Options None
+ Options ExecCGI
+ Require all granted
+</Directory>
+
+
+# ----------------------------------------------------------------------------------
+# OPTIONAL: Set how long the client will cache our content. Change to suit
+# ----------------------------------------------------------------------------------
+ExpiresActive On
+ExpiresDefault "access plus 1 month"
+ExpiresByType text/html "access plus 18 hours"
+ExpiresByType application/xhtml+xml "access plus 18 hours"
+ExpiresByType application/x-javascript "access plus 18 hours"
+ExpiresByType application/javascript "access plus 18 hours"
+ExpiresByType text/css "access plus 50 minutes"
+
+# ----------------------------------------------------------------------------------
+# Set up our SSL virtual host
+# ----------------------------------------------------------------------------------
+#Listen 443
+NameVirtualHost *:443
+<VirtualHost *:443>
+ DocumentRoot "/openils/var/web"
+ ServerName localhost:443
+ ServerAlias 127.0.0.1:443
+ SSLEngine on
+ SSLHonorCipherOrder On
+ SSLCipherSuite ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM
+
+ # If you don't have an SSL cert, you can create self-signed
+ # certificate and key with:
+ # openssl req -new -x509 -nodes -out server.crt -keyout server.key
+ SSLCertificateFile ssl/server.crt
+ SSLCertificateKeyFile ssl/server.key
+
+ # - absorb the shared virtual host settings
+ Include eg_vhost.conf
+
+ # help IE along with SSL pages
+ SetEnvIf User-Agent ".*MSIE [1-5].*" \
+ nokeepalive ssl-unclean-shutdown \
+ downgrade-1.0 force-response-1.0
+
+ SetEnvIf User-Agent ".*MSIE [6-9].*" \
+ ssl-unclean-shutdown
+
+</VirtualHost>
+
+# ----------------------------------------------------------------------------------
+# Set up our main virtual host
+# Port 80 comes after 443 to avoid "unknown protocol speaking not SSL to HTTPS port!?"
+# errors, per http://wiki.apache.org/httpd/InternalDummyConnection
+# ----------------------------------------------------------------------------------
+
+# Commented to avoid warnings from duplicate "NameVirtualHost: *80" directives
+#NameVirtualHost *:80
+<VirtualHost *:80>
+ ServerName localhost:80
+ ServerAlias 127.0.0.1:80
+ DocumentRoot /openils/var/web/
+ DirectoryIndex index.xml index.html index.xhtml
+ # - absorb the shared virtual host settings
+ Include eg_vhost.conf
+</VirtualHost>
+
diff --git a/Open-ILS/examples/apache_24/eg_vhost.conf b/Open-ILS/examples/apache_24/eg_vhost.conf
new file mode 100644
index 0000000..2257bf8
--- /dev/null
+++ b/Open-ILS/examples/apache_24/eg_vhost.conf
@@ -0,0 +1,725 @@
+# ----------------------------------------------------------------------------------
+# This is the global Evergreen virtual host config. Anything you want published
+# through all virtual hosts (port 80, port 443, etc.) should live in here.
+# ----------------------------------------------------------------------------------
+
+# ----------------------------------------------------------------------------------
+# Point / to the opac - if you have a custom skin or locale, point at it here
+# ----------------------------------------------------------------------------------
+RedirectMatch 301 ^/$ /opac/en-US/skin/default/xml/index.xml
+
+# ----------------------------------------------------------------------------------
+# Point / to the IP address redirector
+# ----------------------------------------------------------------------------------
+#<LocationMatch ^/$>
+# SetHandler perl-script
+# PerlHandler OpenILS::WWW::Redirect
+# Options +ExecCGI
+# PerlSendHeader On
+# #PerlSetVar OILSRedirectSkin "default"
+# # OILSRedirectDepth defaults to the depth of the branch that the OPAC was directed to
+# #PerlSetVar OILSRedirectDepth "0"
+# #PerlSetVar OILSRedirectLocale "en-US"
+# # Use the template-toolkit opac
+# #PerlSetVar OILSRedirectTpac "true"
+# allow from all
+#</LocationMatch>
+
+
+# ----------------------------------------------------------------------------------
+# Assign a default locale to the accessible OPAC
+# ----------------------------------------------------------------------------------
+RedirectMatch 301 ^/opac/extras/slimpac/start.html$ /opac/en-US/extras/slimpac/start.html
+RedirectMatch 301 ^/opac/extras/slimpac/advanced.html$ /opac/en-US/extras/slimpac/advanced.html
+
+# ----------------------------------------------------------------------------------
+# Configure the gateway
+# ----------------------------------------------------------------------------------
+OSRFGatewayConfig /openils/conf/opensrf_core.xml
+# Translator memcache server. Default is localhost
+# OSRFTranslatorCacheServer 127.0.0.1:11211
+
+
+# ----------------------------------------------------------------------------------
+# Added content plugin
+# ----------------------------------------------------------------------------------
+<Location /opac/extras/ac/>
+ SetHandler perl-script
+ PerlHandler OpenILS::WWW::AddedContent
+ Options +ExecCGI
+ PerlSendHeader On
+ Require all granted
+</Location>
+
+# Autosuggest for searches
+<Location /opac/extras/autosuggest>
+ SetHandler perl-script
+ PerlHandler OpenILS::WWW::AutoSuggest
+ PerlSendHeader On
+ Require all granted
+</Location>
+
+# Flattener service
+<Location /opac/extras/flattener>
+ SetHandler perl-script
+ PerlHandler OpenILS::WWW::FlatFielder
+ PerlSendHeader On
+ Require all granted
+</Location>
+
+# ----------------------------------------------------------------------------------
+# Replace broken cover images with a transparent GIF by default
+# ----------------------------------------------------------------------------------
+RewriteEngine ON
+RewriteRule ^/opac/extras/ac/jacket/(small|medium|large)/$ \
+ /opac/images/blank.png [P,L]
+
+# ----------------------------------------------------------------------------------
+# Add the row ID (RID) and date so we can make unAPI happy
+# ----------------------------------------------------------------------------------
+RewriteCond %{QUERY_STRING} (^r|&r)=(\d+)
+RewriteRule . - [E=OILS_OPAC_RID:%2,E=OILS_TIME_YEAR:%{TIME_YEAR}]
+
+# ----------------------------------------------------------------------------------
+# Pull the locale from the URL
+# ----------------------------------------------------------------------------------
+RewriteCond %{REQUEST_URI} ^/opac/(.*?)/
+RewriteRule . - [E=locale:%1]
+
+# ----------------------------------------------------------------------------------
+# For sanity reasons, default indexes to Off
+# ----------------------------------------------------------------------------------
+Options -Indexes
+
+# ----------------------------------------------------------------------------------
+# Configure the OPAC
+# ----------------------------------------------------------------------------------
+<LocationMatch /opac/>
+ SSILegacyExprParser on
+ AddType application/xhtml+xml .xml
+
+ # - configure mod_xmlent
+ XMLEntStripPI "yes"
+ XMLEntEscapeScript "no"
+ XMLEntStripComments "yes"
+ XMLEntContentType "text/html; charset=utf-8"
+ # forces quirks mode which we want for now
+ XMLEntStripDoctype "yes"
+
+ # - set up the include handlers
+ Options +Includes
+ AddOutputFilter INCLUDES .xsl
+ AddOutputFilter INCLUDES;XMLENT .xml
+
+ SetEnvIf Request_URI ".*" OILS_OPAC_BASE=/opac/
+
+ # This gives you the option to configure a different host to serve OPAC images from
+ # Specify the hostname (without protocol) and path to the images. Protocol will
+ # be determined at runtime
+ #SetEnvIf Request_URI ".*" OILS_OPAC_IMAGES_HOST=static.example.org/opac/
+
+ # In addition to loading images from a static host, you can also load CSS and/or
+ # Javascript from a static host or hosts. Protocol will be determined at runtime
+ # and/or by configuration options immediately following.
+ #SetEnvIf Request_URI ".*" OILS_OPAC_CSS_HOST=static.example.org/opac/
+ #SetEnvIf Request_URI ".*" OILS_OPAC_JS_HOST=static.example.org/opac/
+
+ # If you are not able to serve static content via https and
+ # wish to force http:// (and are comfortable with mixed-content
+ # warnings in client browsers), set this:
+ #SetEnvIf Request_URI ".*" OILS_OPAC_STATIC_PROTOCOL=http
+
+ # If you would prefer to fall back to your non-static servers for
+ # https pages, avoiding mixed-content warnings in client browsers
+ # and are willing to accept some increased server load, set this:
+ #SetEnvIf Request_URI ".*" OILS_OPAC_BYPASS_STATIC_FOR_HTTPS=yes
+
+ # Specify a ChiliFresh account to integrate their services with the OPAC
+ #SetEnv OILS_CHILIFRESH_ACCOUNT
+ #SetEnv OILS_CHILIFRESH_PROFILE
+ #SetEnv OILS_CHILIFRESH_URL http://chilifresh.com/on-site/js/evergreen.js
+ #SetEnv OILS_CHILIFRESH_HTTPS_URL https://secure.chilifresh.com/on-site/js/evergreen.js
+
+ # Specify the initial script URL for Novelist (containing account credentials, etc.)
+ #SetEnv OILS_NOVELIST_URL
+ #
+
+ # Uncomment to force SSL any time a patron is logged in. This protects
+ # authentication tokens. Left commented out for backwards compat for now.
+ #SetEnv OILS_OPAC_FORCE_LOGIN_SSL 1
+
+ # If set, the skin uses the combined JS file at $SKINDIR/js/combined.js
+ #SetEnv OILS_OPAC_COMBINED_JS 1
+
+</LocationMatch>
+
+<Location /opac/>
+ # ----------------------------------------------------------------------------------
+ # Some mod_deflate fun
+ # ----------------------------------------------------------------------------------
+ <IfModule mod_deflate.c>
+ SetOutputFilter DEFLATE
+
+ BrowserMatch ^Mozilla/4 gzip-only-text/html
+ BrowserMatch ^Mozilla/4\.0[678] no-gzip
+ BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
+
+ SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
+
+ <IfModule mod_headers.c>
+ Header append Vary User-Agent env=!dont-vary
+ </IfModule>
+ </IfModule>
+
+</Location>
+
+<Location //opac/>
+ # ----------------------------------------------------------------------------------
+ # Some mod_deflate fun
+ # ----------------------------------------------------------------------------------
+ <IfModule mod_deflate.c>
+ SetOutputFilter DEFLATE
+
+ BrowserMatch ^Mozilla/4 gzip-only-text/html
+ BrowserMatch ^Mozilla/4\.0[678] no-gzip
+ BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
+
+ SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
+
+ <IfModule mod_headers.c>
+ Header append Vary User-Agent env=!dont-vary
+ </IfModule>
+ </IfModule>
+
+</Location>
+
+# ----------------------------------------------------------------------------------
+# Force SSL on the OPAC's "My Account" page
+# ----------------------------------------------------------------------------------
+<LocationMatch .*/myopac.xml>
+ SSLRequireSSL
+</LocationMatch>
+
+<LocationMatch /opac/extras/>
+ SSILegacyExprParser on
+ # Force to en-US for now to satisfy bbags.xml
+ SetEnv locale en-US
+ Options +Includes
+ AddOutputFilter INCLUDES .xml
+ AddType application/xhtml+xml .xml
+</LocationMatch>
+
+RewriteCond %{QUERY_STRING} locale=([^&]*)
+RewriteRule ^/opac/[a-z]{2}-[A-Z]{2}/extras/slimpac/(.*)$ /opac/%1/extras/slimpac/$1? [redirect]
+<LocationMatch /opac/[a-z]{2}-[A-Z]{2}/extras/slimpac/>
+ AddOutputFilter INCLUDES;XMLENT .html
+</LocationMatch>
+
+# ----------------------------------------------------------------------------------
+# Run server-side XUL and XHTML through xmlent to load the correct XML entities
+# ----------------------------------------------------------------------------------
+RewriteCond %{HTTP:Accept-Language} ^([a-z]{2}-[A-Z]{2})$
+# Default to en-US if we haven't matched a locale of the form xx-YY
+RewriteRule .? - [S=4]
+RewriteRule ^/xul/ - [E=locale:en-US]
+RewriteRule ^/reports/ - [E=locale:en-US]
+RewriteRule .? - [E=locale:en-US]
+RewriteRule .? - [S=3]
+# Otherwise, set our real locale
+RewriteRule ^/xul/ - [E=locale:%{HTTP:Accept-Language}]
+RewriteRule ^/reports/ - [E=locale:%{HTTP:Accept-Language}]
+RewriteRule .? - [E=locale:%{HTTP:Accept-Language}]
+
+<LocationMatch /xul/.*\.x?html$>
+ SSILegacyExprParser on
+ Options +Includes
+ XMLEntEscapeScript "no"
+ XMLEntStripComments "yes"
+ XMLEntStripPI "yes"
+ XMLEntStripDoctype "yes"
+ XMLEntContentType "text/html; charset=utf-8"
+ AddOutputFilter INCLUDES;XMLENT .xhtml
+ AddOutputFilter INCLUDES;XMLENT .html
+ SetEnv no-gzip
+ Require all granted
+</LocationMatch>
+
+
+<LocationMatch /xul/.*\.xul$>
+ SSILegacyExprParser on
+ Options +Includes
+ XMLEntContentType "application/vnd.mozilla.xul+xml"
+ AddOutputFilter INCLUDES;XMLENT .xul
+ SetEnv no-gzip
+ Require all granted
+</LocationMatch>
+
+# ----------------------------------------------------------------------------------
+# Self-serve password interface
+# ----------------------------------------------------------------------------------
+<Location /opac/password>
+ SetHandler perl-script
+ PerlHandler OpenILS::WWW::PasswordReset::password_reset
+ Options +ExecCGI
+ PerlSendHeader On
+ Require all granted
+
+ # Force clients to use HTTPS
+ RewriteCond %{HTTPS} !=on [NC]
+ RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
+</Location>
+
+# ----------------------------------------------------------------------------------
+# Supercat feeds
+# ----------------------------------------------------------------------------------
+<Location /opac/extras/oisbn>
+ SetHandler perl-script
+ PerlHandler OpenILS::WWW::SuperCat::oisbn
+ Options +ExecCGI
+ PerlSendHeader On
+ Require all granted
+</Location>
+<Location /opac/extras/supercat>
+ SetHandler perl-script
+ PerlHandler OpenILS::WWW::SuperCat::supercat
+ Options +ExecCGI
+ PerlSendHeader On
+ Require all granted
+</Location>
+<Location /opac/extras/unapi>
+ SetHandler perl-script
+ PerlHandler OpenILS::WWW::SuperCat::unapi
+ Options +ExecCGI
+ PerlSendHeader On
+ Require all granted
+</Location>
+<Location /opac/extras/feed/bookbag>
+ SetHandler perl-script
+ PerlHandler OpenILS::WWW::SuperCat::bookbag_feed
+ Options +ExecCGI
+ PerlSendHeader On
+ Require all granted
+</Location>
+<Location /opac/extras/opensearch>
+ SetHandler perl-script
+ PerlHandler OpenILS::WWW::SuperCat::opensearch_feed
+ Options +ExecCGI
+ PerlSendHeader On
+ Require all granted
+</Location>
+<Location /opac/extras/sru>
+ SetHandler perl-script
+ PerlHandler OpenILS::WWW::SuperCat::sru_search
+ Options +ExecCGI
+ PerlSendHeader On
+ Require all granted
+</Location>
+<Location /opac/extras/sru_auth>
+ SetHandler perl-script
+ PerlHandler OpenILS::WWW::SuperCat::sru_auth_search
+ Options +ExecCGI
+ PerlSendHeader On
+ Require all granted
+</Location>
+<Location /opac/extras/feed/freshmeat>
+ SetHandler perl-script
+ PerlHandler OpenILS::WWW::SuperCat::changes_feed
+ Options +ExecCGI
+ PerlSendHeader On
+ Require all granted
+</Location>
+<Location /opac/extras/browse>
+ SetHandler perl-script
+ PerlHandler OpenILS::WWW::SuperCat::string_browse
+ Options +ExecCGI
+ PerlSendHeader On
+ Require all granted
+</Location>
+<Location /opac/extras/startwith>
+ SetHandler perl-script
+ PerlHandler OpenILS::WWW::SuperCat::string_startwith
+ Options +ExecCGI
+ PerlSendHeader On
+ Require all granted
+</Location>
+
+# ----------------------------------------------------------------------------------
+# Module for displaying OpenSRF API documentation
+# ----------------------------------------------------------------------------------
+<Location /opac/extras/docgen.xsl>
+ AddOutputFilter INCLUDES .xsl
+</Location>
+
+# ----------------------------------------------------------------------------------
+# Module for processing staff-client offline scripts lives here
+# ----------------------------------------------------------------------------------
+<Directory "/openils/var/cgi-bin/offline">
+ AddHandler cgi-script .pl
+ AllowOverride None
+ Options +ExecCGI
+ Require all granted
+</Directory>
+
+
+# ----------------------------------------------------------------------------------
+# XXX Note, it's important to explicitly set the JSON encoding style
+# (OSRFGatewayLegacyJSON), since the default encoding style will likely change
+# with OpenSRF 1.0
+# ----------------------------------------------------------------------------------
+# OpenSRF JSON legacy gateway
+# ----------------------------------------------------------------------------------
+<Location /gateway>
+ SetHandler osrf_json_gateway_module
+ OSRFGatewayLegacyJSON "true"
+ Require all granted
+</Location>
+# ----------------------------------------------------------------------------------
+# New-style OpenSRF JSON gateway
+# ----------------------------------------------------------------------------------
+<Location /osrf-gateway-v1>
+ SetHandler osrf_json_gateway_module
+ OSRFGatewayLegacyJSON "false"
+ Require all granted
+</Location>
+
+# ----------------------------------------------------------------------------------
+# OpenSRF-over-HTTP translator
+# (http://open-ils.org/dokuwiki/doku.php?id=opensrf_over_http)
+# ----------------------------------------------------------------------------------
+<Location /osrf-http-translator>
+ SetHandler osrf_http_translator_module
+ Require all granted
+</Location>
+
+# ----------------------------------------------------------------------------------
+# The exporter lives here
+# ----------------------------------------------------------------------------------
+<Location /exporter>
+ SetHandler perl-script
+ AuthType Basic
+ AuthName "Exporter Login"
+ PerlOptions +GlobalRequest
+ PerlSetVar OILSProxyPermissions "STAFF_LOGIN"
+ PerlAuthenHandler OpenILS::WWW::Proxy::Authen
+ require valid-user
+ PerlHandler OpenILS::WWW::Exporter
+ Options +ExecCGI
+ PerlSendHeader On
+ Require all granted
+</Location>
+
+<Location /opac/extras/merge_template>
+ SetHandler perl-script
+ AuthType Basic
+ AuthName "Batch Update Login"
+ PerlOptions +GlobalRequest
+ PerlSetVar OILSProxyPermissions "STAFF_LOGIN"
+ PerlAuthenHandler OpenILS::WWW::Proxy::Authen
+ require valid-user
+ PerlHandler OpenILS::WWW::TemplateBatchBibUpdate
+ PerlSendHeader On
+ Options +ExecCGI
+ Require all granted
+</Location>
+
+<Location /opac/extras/circ>
+ AuthType Basic
+ AuthName "Circ Extras Login"
+ PerlOptions +GlobalRequest
+ PerlSetVar OILSProxyPermissions "STAFF_LOGIN"
+ PerlAuthenHandler OpenILS::WWW::Proxy::Authen
+ require valid-user
+ Options +ExecCGI
+ PerlSendHeader On
+ Require all granted
+</Location>
+
+<Location /collections>
+ SetHandler perl-script
+ AuthType Basic
+ AuthName "Collections Login"
+ PerlOptions +GlobalRequest
+ PerlSetVar OILSProxyPermissions "money.collections_tracker.create"
+ PerlAuthenHandler OpenILS::WWW::Proxy::Authen
+ require valid-user
+ Options +ExecCGI
+ PerlSendHeader On
+ Require all granted
+</Location>
+
+
+# ----------------------------------------------------------------------------------
+# Reporting output lives here
+# ----------------------------------------------------------------------------------
+<Location /reporter/>
+ AuthType Basic
+ AuthName "Report Login"
+ PerlOptions +GlobalRequest
+ PerlSetVar OILSProxyPermissions "VIEW_REPORT_OUTPUT"
+ PerlAuthenHandler OpenILS::WWW::Proxy::Authen
+ require valid-user
+ Options +ExecCGI
+ PerlSendHeader On
+ Require all granted
+</Location>
+
+# ----------------------------------------------------------------------------------
+# Selfcheck interface
+# ----------------------------------------------------------------------------------
+<LocationMatch .*/selfcheck.xml>
+ AuthType Basic
+ AuthName "Self-check Login"
+ PerlOptions +GlobalRequest
+ PerlSetVar OILSProxyPermissions "STAFF_LOGIN"
+ PerlAuthenHandler OpenILS::WWW::Proxy::Authen
+ require valid-user
+ Options +ExecCGI
+ PerlSendHeader On
+ Require all granted
+</LocationMatch>
+
+
+# ----------------------------------------------------------------------------------
+# Reports GUI
+# ----------------------------------------------------------------------------------
+<LocationMatch /reports>
+ SSILegacyExprParser on
+ Options +Includes
+ AddOutputFilter INCLUDES;XMLENT .xhtml
+</LocationMatch>
+
+<LocationMatch /reports/fm_IDL.xml>
+ IDLChunkStripPI "yes"
+ IDLChunkEscapeScript "no"
+ IDLChunkStripComments "yes"
+ IDLChunkStripDoctype "yes"
+ IDLChunkContentType "application/xml; charset=utf-8"
+ AddOutputFilter INCLUDES;IDLCHUNK .xml
+</LocationMatch>
+
+# ----------------------------------------------------------------------------------
+# EDI Message viewer
+# ----------------------------------------------------------------------------------
+<Location /edi>
+ SetHandler perl-script
+ PerlHandler OpenILS::WWW::EDI
+ Options +ExecCGI
+ PerlSendHeader On
+ Require all granted
+</Location>
+
+# ----------------------------------------------------------------------------------
+# XML-RPC gateway
+# ----------------------------------------------------------------------------------
+<Location /xml-rpc>
+ SetHandler perl-script
+ PerlHandler OpenILS::WWW::XMLRPCGateway
+ Options +ExecCGI
+ PerlSendHeader On
+ Require all granted
+</Location>
+
+# ----------------------------------------------------------------------------------
+# Conify - next-generation Evergreen administration interface
+# ----------------------------------------------------------------------------------
+RewriteRule ^/conify/([a-z]{2}-[A-Z]{2})/global/(.*)$ /conify/global/$2 [E=locale:$1,L]
+<Location /conify>
+ SSILegacyExprParser on
+ Options +Includes
+ XMLEntStripPI "yes"
+ XMLEntEscapeScript "no"
+ XMLEntStripComments "no"
+ XMLEntContentType "text/html; charset=utf-8"
+ AddOutputFilter INCLUDES;XMLENT .html
+
+ AuthType Basic
+ AuthName "Dojo Admin Login"
+ PerlOptions +GlobalRequest
+ PerlSetVar OILSProxyPermissions "STAFF_LOGIN"
+ PerlAuthenHandler OpenILS::WWW::Proxy::Authen
+ require valid-user
+ Options +ExecCGI
+ PerlSendHeader On
+ Require all granted
+</Location>
+
+<Location /vandelay-upload>
+ SetHandler perl-script
+ PerlHandler OpenILS::WWW::Vandelay::spool_marc
+ Options +ExecCGI
+ Require all granted
+</Location>
+
+# OpenURL 0.1 searching based on OpenSearch
+RewriteMap openurl prg:/openils/bin/openurl_map.pl
+RewriteCond %{QUERY_STRING} (^.*$)
+RewriteRule ^/openurl$ ${openurl:%1} [NE,PT]
+
+
+
+# General Evergreen web template processor
+<Location /eg>
+ SetHandler perl-script
+ PerlHandler OpenILS::WWW::EGWeb
+ Options +ExecCGI
+ PerlSendHeader On
+ Require all granted
+
+ PerlSetVar OILSWebBasePath "/eg"
+ PerlSetVar OILSWebWebDir "/openils/var/web"
+ PerlSetVar OILSWebDefaultTemplateExtension "tt2"
+
+ # Enable Template-Toolkit error debugging messages (apache error log)
+ PerlSetVar OILSWebDebugTemplate "true"
+
+ # -------------------------------------------------------
+ # Media Prefix. In the 3rd example, the protocol (http) is enforced
+ #PerlSetVar OILSWebMediaPrefix "/media"
+ #PerlSetVar OILSWebMediaPrefix "static.example.com/media"
+ #PerlSetVar OILSWebMediaPrefix "http://static.example.com/media"
+
+ # Locale messages files:
+ #
+ # These appear in pairs; the first represents the user agent
+ # Accept-Language header locale, and the second represents
+ # the fully-qualified path for the corresponding PO file that
+ # contains the messages.
+ #
+ # If you enable two or more locales, then users will be able to
+ # select their preferred locale from a locale picker in the TPAC.
+ #
+ #PerlAddVar OILSWebLocale "en"
+ #PerlAddVar OILSWebLocale "/openils/var/data/locale/messages.en.po"
+ #PerlAddVar OILSWebLocale "en_ca"
+ #PerlAddVar OILSWebLocale "/openils/var/data/locale/en-CA.po"
+ #PerlAddVar OILSWebLocale "fr_ca"
+ #PerlAddVar OILSWebLocale "/openils/var/data/locale/fr-CA.po"
+
+ # Set the default locale: defaults to en-US
+ #PerlAddVar OILSWebDefaultLocale "fr_ca"
+
+ # Templates will be loaded from the following paths in reverse order.
+ PerlAddVar OILSWebTemplatePath "/openils/var/templates"
+ #PerlAddVar OILSWebTemplatePath "/openils/var/templates_localskin"
+
+ #-------------------------------------------------
+ # Added Content Configuration
+ #-------------------------------------------------
+ # Content Cafe
+ #SetEnv OILS_CONTENT_CAFE_USER MYUSER
+ #SetEnv OILS_CONTENT_CAFE_PASS MYPASS
+
+ # LibraryThing
+ #SetEnv OILS_LIBRARYTHING_URL http://ltfl.librarything.com/forlibraries/widget.js?id=MYID
+ #SetEnv OILS_LIBRARYTHING_HTTPS_URL https://ltfl.librarything.com/forlibraries/widget.js?id=MYID
+
+ # ChiliFresh
+ #SetEnv OILS_CHILIFRESH_ACCOUNT
+ #SetEnv OILS_CHILIFRESH_URL http://chilifresh.com/on-site/js/evergreen.js
+ #SetEnv OILS_CHILIFRESH_HTTPS_URL https://secure.chilifresh.com/on-site/js/evergreen.js
+ #-------------------------------------------------
+
+ <IfModule mod_deflate.c>
+ SetOutputFilter DEFLATE
+ BrowserMatch ^Mozilla/4 gzip-only-text/html
+ BrowserMatch ^Mozilla/4\.0[678] no-gzip
+ BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
+ SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
+ <IfModule mod_headers.c>
+ Header append Cache-Control "public"
+ Header append Vary User-Agent env=!dont-vary
+ </IfModule>
+ </IfModule>
+</Location>
+<LocationMatch ^/(images|css|js)/>
+ # should pick up the default expire time from eg.conf...
+ <IfModule mod_deflate.c>
+ SetOutputFilter DEFLATE
+ BrowserMatch ^Mozilla/4 gzip-only-text/html
+ BrowserMatch ^Mozilla/4\.0[678] no-gzip
+ BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
+ SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
+ <IfModule mod_headers.c>
+ Header append Cache-Control "public"
+ Header append Vary User-Agent env=!dont-vary
+ </IfModule>
+ </IfModule>
+</LocationMatch>
+<Location /eg/opac>
+ PerlSetVar OILSWebContextLoader "OpenILS::WWW::EGCatLoader"
+ # Expire the HTML quickly since we're loading dynamic data for each page
+ ExpiresActive On
+ ExpiresByType text/html "access plus 5 seconds"
+</Location>
+<Location /eg/kpac>
+ PerlSetVar OILSWebContextLoader "OpenILS::WWW::EGKPacLoader"
+ PerlSetVar KPacConfigFile "/openils/conf/kpac.xml.example"
+ ExpiresActive On
+ ExpiresByType text/html "access plus 5 seconds"
+</Location>
+
+# Note: the template processor will decline handling anything it does not
+# have an explicit configuration for, which means it will fall back to
+# Apache to serve the file. However, in the interest of speed, go ahead
+# and tell Apache to avoid asking OpenILS::WWW::EGWeb for static content.
+# Add more exemptions as needed.
+<LocationMatch ^/eg/.*(\.js|\.html|\.xhtml|\.xml|\.jpg|\.png|\.gif)$>
+ SetHandler None
+</LocationMatch>
+
+# ----------------------------------------------------------------------------------
+# Some mod_deflate logging setup
+# ----------------------------------------------------------------------------------
+<IfModule mod_deflate.c>
+ DeflateFilterNote Input instream
+ DeflateFilterNote Output outstream
+ DeflateFilterNote Ratio ratio
+
+ LogFormat '"%r" %{outstream}n/%{instream}n (%{ratio}n%%)' deflate
+ CustomLog /var/log/apache2/deflate_log deflate
+
+ # There are problems with XMLENT and mod_deflate - so lets disable it
+ # This is where we don't have a pre-existing LocationMatch directive earlier
+ <LocationMatch /opac/.*\.xml$>
+ SetEnv no-gzip
+ </LocationMatch>
+ <LocationMatch /opac/[a-z]{2}-[A-Z]{2}/extras/slimpac/.*\.html$>
+ SetEnv no-gzip
+ </LocationMatch>
+ <LocationMatch /reports/.*\.xhtml$>
+ SetEnv no-gzip
+ </LocationMatch>
+ <LocationMatch /conify/.*\.html$>
+ SetEnv no-gzip
+ </LocationMatch>
+</IfModule>
+
+
+<Location /IDL2js>
+
+ SetHandler perl-script
+ PerlHandler OpenILS::WWW::IDL2js
+ Options +ExecCGI
+ PerlSendHeader On
+ Require all granted
+
+ <IfModule mod_headers.c>
+ Header append Cache-Control "public"
+ </IFModule>
+
+ <IfModule mod_deflate.c>
+ SetOutputFilter DEFLATE
+ BrowserMatch ^Mozilla/4 gzip-only-text/html
+ BrowserMatch ^Mozilla/4\.0[678] no-gzip
+ BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
+ SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
+ <IfModule mod_headers.c>
+ Header append Vary User-Agent env=!dont-vary
+ </IfModule>
+ </IfModule>
+</Location>
+
+# Uncomment the following to force SSL for everything. Note that this defeats caching
+# and you will suffer a performance hit.
+#RewriteCond %{HTTPS} off
+#RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NE,R,L]
diff --git a/docs/installation/server_installation.txt b/docs/installation/server_installation.txt
index 6765cbd..2b75fbf 100644
--- a/docs/installation/server_installation.txt
+++ b/docs/installation/server_installation.txt
@@ -193,10 +193,11 @@ chown -R opensrf:opensrf /openils
Configure the Apache Web server
-------------------------------
-1. Use the example configuration files in `Open-ILS/examples/apache/` to
-configure your Web server for the Evergreen catalog, staff client, Web
-services, and administration interfaces. Issue the following commands as the
-*root* Linux account:
+1. Use the example configuration files in `Open-ILS/examples/apache/` (for
+Apache versions below 2.4) or `Open-ILS/examples/apache_24/` (for Apache
+versions 2.4 or greater) to configure your Web server for the Evergreen
+catalog, staff client, Web services, and administration interfaces. Issue the
+following commands as the *root* Linux account:
+
.Debian and Ubuntu
[source,bash]
@@ -209,7 +210,7 @@ mkdir /etc/apache2/ssl
cd /etc/apache2/ssl
------------------------------------------------------------------------------
+
-.Fedora
+.Fedora 17
[source,bash]
------------------------------------------------------------------------------
cp Open-ILS/examples/apache/eg.conf /etc/httpd/conf.d/
@@ -220,6 +221,17 @@ mkdir /etc/httpd/ssl
cd /etc/httpd/ssl
------------------------------------------------------------------------------
+
+.Fedora 18
+[source,bash]
+------------------------------------------------------------------------------
+cp Open-ILS/examples/apache_24/eg.conf /etc/httpd/conf.d/
+cp Open-ILS/examples/apache_24/eg_vhost.conf /etc/httpd/
+cp Open-ILS/examples/apache/startup.pl /etc/httpd/
+# Now set up SSL
+mkdir /etc/httpd/ssl
+cd /etc/httpd/ssl
+------------------------------------------------------------------------------
++
2. The `openssl` command cuts a new SSL key for your Apache server. For a
production server, you should purchase a signed SSL certificate, but you can
just use a self-signed certificate and accept the warnings in the staff client
@@ -233,9 +245,11 @@ openssl req -new -x509 -days 365 -nodes -out server.crt -keyout server.key
+
3. As the *root* Linux account, edit the `eg.conf` file that you copied into
place.
- a. Replace `Allow from 10.0.0.0/8` with `Allow from all` (to enable
- access to the offline upload / execute interface from any workstation on
- any network - note that you must secure this for a production instance)
+ a. To enable access to the offline upload / execute interface from any
+ workstation on any network, make the following change (and note that
+ you *must* secure this for a production instance):
+ * (Apache 2.2): Replace `Allow from 10.0.0.0/8` with `Allow from all`
+ * (Apache 2.4): Replace `Require host 10.0.0.0/8` with `Require all granted`
b. (Fedora): Change references from the non-existent `/etc/apache2/` directory
to `/etc/httpd/`.
4. Change the user for the Apache server.
-----------------------------------------------------------------------
Summary of changes:
.../{apache/eg.conf.in => apache_24/eg.conf} | 44 +++----
.../eg_vhost.conf.in => apache_24/eg_vhost.conf} | 136 +++++++-------------
docs/installation/server_installation.txt | 30 +++-
3 files changed, 91 insertions(+), 119 deletions(-)
copy Open-ILS/examples/{apache/eg.conf.in => apache_24/eg.conf} (82%)
copy Open-ILS/examples/{apache/eg_vhost.conf.in => apache_24/eg_vhost.conf} (87%)
hooks/post-receive
--
Evergreen ILS
More information about the open-ils-commits
mailing list