Prénom Nom - Correlyce Diffusion

Corrélyce diffusion
Procédure d’installation de la plate-forme Corréé
Titre du
document
Nom du
document
Date
État
Auteur(s)
Observations
Procédure d’installation de la plate-forme Corréé
correlyce-diffusion_doc_install_081111.pdf
8 novembre 2011
Évolutif
Version
Statut
Jean-Christophe Pérennes
Diffusion
Document validé avec la version 0.7.8 du code
1.0
Validé
Sommaire
1.
2.
Origine du document ........................................................................................................ 3
L'installation des serveurs ldap ......................................................................................... 3
2.1.
2.2.
2.3.
2.4.
2.5.
3.
Les commandes ......................................................................................................................... 3
Fichier de configuration slapd.conf du Master ........................................................................... 4
Fichier de configuration slapd.conf du Slave ............................................................................. 6
Fichier de configuration de l'hôte virtuel ldap1.correex.fr .......................................................... 8
Mise en place SSL ..................................................................................................................... 9
L'installation des applicatifs pour correex ......................................................................... 9
3.1. Exim............................................................................................................................................ 9
3.1.1.
Installation de Exim : ........................................................................................................ 9
3.1.2.
Configuration de Exim :: ................................................................................................... 9
3.1.3.
Test d'exim...................................................................................................................... 10
3.2. Sympa ........................................................................................................................................ 10
3.2.1.
Installation de Sympa ....................................................................................................... 10
3.2.2.
Configuration de Sympa ............................................................................................... 10
3.2.3.
Récupération des listes existantes .................................................................................. 14
3.2.4.
Bugs sympa ..................................................................................................................... 14
3.3. Mysql .......................................................................................................................................... 14
3.3.1.
Installation de Mysql......................................................................................................... 14
3.3.2.
Configuration de Mysql .................................................................................................... 14
3.4. Php ............................................................................................................................................. 17
3.4.1.
Installer Php5 ................................................................................................................... 17
3.4.2.
Modules complémentaires à installer .......................................................................... 17
3.5. PhpMyAdmin .............................................................................................................................. 17
3.5.1.
Installer PhpMyAdmin ...................................................................................................... 17
3.5.2.
Utilisateurs et bases à sauvegarder................................................................................. 17
3.5.3.
Paramétrage d'apache ..................................................................................................... 17
3.6. Apache 2 .................................................................................................................................... 17
3.6.1.
Installer Apache ............................................................................................................... 17
3.6.2.
Modules complémentaires à installer............................................................................... 17
Ce document est diffusé sous licence Creative Commons Attribution - Pas d'Utilisation Commerciale - Partage
à l'Identique 3.0 non transposé.
Pour accéder à une copie de cette licence, merci de vous rendre à l'adresse suivante &(url_licence) ou
envoyez un courrier à Creative Commons, 444 Castro Street, Suite 900, Mountain View, California, 94041,
USA.
3.7. Java 1.5 ...................................................................................................................................... 18
3.7.1.
Installer Java .................................................................................................................... 18
3.7.2.
Utilisation de Java 1.5 par défaut..................................................................................... 18
3.8. Tomcat 5.5 ................................................................................................................................. 18
3.8.1.
Installer Tomcat 5.5.......................................................................................................... 18
3.8.2.
Configuration de Tomcat 5.5 ............................................................................................ 18
3.8.3.
Configuration du tas de la JVM .................................................................................... 25
3.9. Configuration d'Apache .............................................................................................................. 26
3.9.1.
Configuration des modules pré-installés .......................................................................... 26
3.9.2.
Configuration de l'hôte virtuel........................................................................................... 28
3.9.3.
Configuration des ports .................................................................................................... 29
3.9.4.
Configuration des certificats ............................................................................................. 30
3.9.5.
Applications Tomcat ......................................................................................................... 30
3.1. Application web .......................................................................................................................... 30
CRDP de l’Académie d’Aix-Marseille
G. Puimatto, JC Pérennes Novembre 2011
page 2
1. ORIGINE DU DOCUMENT
Ce document d’installation a été établi dans le cadre du projet Correex, pour permettre à
l’hébergeur exploitant de réaliser les opérations d’installation.
Il a été validé par le CRDP, qui assure l’exploitation de Correex et la société Jaguar
Networks, qui en assure l’hébergement.
Ce document est valide pour la version 0.7.8 du code Corréé.
Il devra bénéficier de nouveaux enrichissements pour les versions ultérieures.
Dans ce qui suit, le nom de la plate-forme a été remplacé par Correex, désignation
générique des implémentations du code Corréé dans le cadre du dispositif Corrélyce
Diffusion.
2. L'INSTALLATION DES SERVEURS LDAP
2.1. Les commandes
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
apt-get install slapd ldap-utils
/etc/init.d/slapd stop
cd /etc/ldap/schema/
mkdir corree
cd /etc/ldap/schema/corree/
cp /home/crdpadmin/corree/init/ldap/schema/corree/* .
chmod 644 *
vi /etc/ldap/slapd.conf
chown root:openldap slapd.conf
chmod 640 slapd.conf
slapadd -b 'dc=corree,dc=fr' -l /home/crdpadmin/corree.fr.ldif
/etc/init.d/slapd start
Pour deboggage si nécessaire
cd /var/lib/ldap
rm -R *
/etc/init.d/slapd start ou slapd -d 16383
/etc/init.d/slapd stop
chown -R openldap.openldap /var/lib/ldap
chmod -R 600 /var/lib/ldap
apt-get install php5-ldap phpldapadmin
vi /etc/phpldapadmin/config.php
Document technique du projet Correlyce - Diffusion
Correlyce est une marque déposée par la Région PACA
page 3
2.2. Fichier de configuration slapd.conf du Master
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
# This is the main slapd configuration file. See slapd.conf(5) for more
# info on the configuration options.
#######################################################################
# Global Directives:
# Features to permit
#allow bind_v2
# Schema and objectClass definitions
#include
/etc/ldap/schema/core.schema
#include
/etc/ldap/schema/cosine.schema
#include
/etc/ldap/schema/nis.schema
#include
/etc/ldap/schema/inetorgperson.schema
include
include
include
include
/etc/ldap/schema/corree/core_corree.schema
/etc/ldap/schema/corree/cosine_corree.schema
/etc/ldap/schema/corree/inetorgperson_corree.schema
/etc/ldap/schema/corree/ENT_corree.schema
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile
/var/run/slapd/slapd.pid
# List of arguments that were passed to the server
argsfile
/var/run/slapd/slapd.args
# Read slapd.conf(5) for possible values
loglevel
0
# Where the dynamically loaded modules are stored
modulepath
/usr/lib/ldap
moduleload
back_bdb
# The maximum number of entries that is returned for a search operation
sizelimit 500
# The tool-threads parameter sets the actual amount of cpu's that is used
# for indexing.
tool-threads 1
#######################################################################
# Specific Backend Directives for bdb:
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
backend
bdb
#checkpoint 512 30
#######################################################################
# Specific Backend Directives for 'other':
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
#backend
<other>
CRDP de l’Académie d’Aix-Marseille
G. Puimatto, JC Pérennes Novembre 2011
page 4
#
#
#
#
#
#
#
#
#
#
#
#######################################################################
# Specific Directives for database #1, of type bdb:
# Database specific directives apply to this databasse until another
# 'database' directive occurs
database
bdb
# Where the database file are physically stored for database #1
directory
"/var/lib/ldap"
#replica
uri=ldap://78.153.226.118:389
binddn="cn=admin,dc=corree,dc=fr"
bindmethod=simple
# #credentials = "$cour13_"
#
# replogfile
/var/lib/ldap/replog
#
# # For the Debian package we use 2MB as default but be sure to update this
# # value if you have plenty of RAM
# dbconfig set_cachesize 0 2097152 0
#
# # Sven Hartge reported that he had to set this value incredibly high
# # to get slapd running at all. See http://bugs.debian.org/303057
# # for more information.
#
# # Number of objects that can be locked at the same time.
# dbconfig set_lk_max_objects 1500
# # Number of locks (both requested and granted)
# dbconfig set_lk_max_locks 1500
# # Number of lockers
# dbconfig set_lk_max_lockers 1500
#
# # Save the time that the entry gets modified, for database #1
# lastmod
on
#
# # Where to store the replica logs for database #1
# # replogfile
/var/lib/ldap/replog
#
# # The base of your directory in database #1
# suffix "dc=corree,dc=fr"
# moduleload syncprov
# rootdn "cn=admin,dc=corree,dc=fr"
# rootpw "$cour13_"
#
# index objectClass
pres,eq
# index cn
pres,eq,sub
# index sn
pres,eq,sub
# index givenname
eq
# index uid
eq
# index l
eq
# index ENTPersonLogin
eq,sub
# index ENTPersonStructRattach eq
# index ENTAuxEnsClasses
eq
# index ENTAuxEnsGroupes
eq
# index ENTEleveClasses
eq
# index ENTEleveGroupes
eq
# index ENTStructureUAI
eq
# index ENTStructureSIREN
eq
#
Document technique du projet Correlyce - Diffusion
Correlyce est une marque déposée par la Région PACA
page 5
#
#
#
#
#
index entryCSN,entryUUID eq
overlay syncprov
syncprov-checkpoint 50 5
syncprov-sessionlog 50
2.3. Fichier de configuration slapd.conf du Slave
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
# This is the main slapd configuration file. See slapd.conf(5) for more
# info on the configuration options.
#######################################################################
# Global Directives:
# Features to permit
#allow bind_v2
# Schema and objectClass definitions
#include
/etc/ldap/schema/core.schema
#include
/etc/ldap/schema/cosine.schema
#include
/etc/ldap/schema/nis.schema
#include
/etc/ldap/schema/inetorgperson.schema
include
include
include
include
/etc/ldap/schema/corree/core_corree.schema
/etc/ldap/schema/corree/cosine_corree.schema
/etc/ldap/schema/corree/inetorgperson_corree.schema
/etc/ldap/schema/corree/ENT_corree.schema
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile
/var/run/slapd/slapd.pid
# List of arguments that were passed to the server
argsfile
/var/run/slapd/slapd.args
# Read slapd.conf(5) for possible values
loglevel
0
# Where the dynamically loaded modules are stored
modulepath
/usr/lib/ldap
moduleload
back_bdb
# The maximum number of entries that is returned for a search operation
sizelimit 500
# The tool-threads parameter sets the actual amount of cpu's that is used
# for indexing.
tool-threads 1
#######################################################################
# Specific Backend Directives for bdb:
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
backend
bdb
#checkpoint 512 30
#######################################################################
# Specific Backend Directives for 'other':
CRDP de l’Académie d’Aix-Marseille
G. Puimatto, JC Pérennes Novembre 2011
page 6
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
#backend
<other>
#######################################################################
# Specific Directives for database #1, of type bdb:
# Database specific directives apply to this databasse until another
# 'database' directive occurs
database
bdb
# Where the database file are physically stored for database #1
directory
"/var/lib/ldap"
#updatedn
cn=admin,dc=corree,dc=fr
#updateref
ldap://78.153.226.117:389
# For the Debian package we use 2MB as default but be sure to update this
# value if you have plenty of RAM
dbconfig set_cachesize 0 2097152 0
# Sven Hartge reported that he had to set this value incredibly high
# to get slapd running at all. See http://bugs.debian.org/303057
# for more information.
# Number
dbconfig
# Number
dbconfig
# Number
dbconfig
of objects that can be locked at the same time.
set_lk_max_objects 1500
of locks (both requested and granted)
set_lk_max_locks 1500
of lockers
set_lk_max_lockers 1500
# Save the time that the entry gets modified, for database #1
lastmod
on
# Where to store the replica logs for database #1
#replogfile
/var/lib/ldap/replog
# The base of your directory in database #1
suffix "dc=corree,dc=fr"
rootdn "cn=admin,dc=corree,dc=fr"
rootpw "$cour13_"
#updateref
index
index
index
index
index
index
index
index
index
index
index
index
index
index
ldap://78.153.226.117
objectClass
pres,eq
cn
pres,eq,sub
sn
pres,eq,sub
givenname
eq
uid
eq
l
eq
ENTPersonLogin
eq,sub
ENTPersonStructRattach eq
ENTAuxEnsClasses
eq
ENTAuxEnsGroupes
eq
ENTEleveClasses
eq
ENTEleveGroupes
eq
ENTStructureUAI
eq
ENTStructureSIREN
eq
Document technique du projet Correlyce - Diffusion
Correlyce est une marque déposée par la Région PACA
page 7
#
# index entryCSN,entryUUID eq
#
# syncrepl rid=123
#
provider=ldap://78.153.226.117:389
#
type=refreshOnly
#
interval=00:00:01:00
#
searchbase="dc=corree,dc=fr"
#
filter="(objectClass=*)"
#
scope=sub
#
attrs="*,+"
#
schemachecking=off
#
bindmethod=simple
#
binddn="cn=admin,dc=corree,dc=fr"
#
credentials="$cour13_"
2.4. Fichier de configuration de l'hôte virtuel ldap1.correex.fr
NameVirtualHost *:443
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/apache2/certs_tbs/ldap1.correex.fr.pem
SSLCertificateKeyFile /etc/apache2/certs_tbs/ldap1.correex.fr.key
SSLCertificateChainFile /etc/apache2/certs_tbs/chain.crt
SSLCipherSuite HIGH
SSLProtocol all -SSLv2
ServerName ldap1.correex.fr
ServerAlias ldap1.correex.fr
ServerAdmin [email protected]
DocumentRoot /var/www-https/
ErrorLog /var/log/apache2/error.ldap1.correex.fr.log
CustomLog /var/log/apache2/access.ldap1.correex.fr.log combined
RewriteEngine On
RewriteRule ^/$ /phpldapadmin/\? [R]
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from 194.254.139.209
</Directory>
</VirtualHost>
Indications complémentaires
Activer les modes ssl, rewrite, alias
Attention certificats dans /etc/apache2/cert_tbs
Supprimer l'écoute de l'hôte virtuels sur le port 80 d'apache.
CRDP de l’Académie d’Aix-Marseille
G. Puimatto, JC Pérennes Novembre 2011
page 8
2.5. Mise en place SSL
•
Génération de la clé et de la demande de certificat du server
(cn=ldap1.correex.fr)
openssl genrsa 2048 > slapd-key.pem
openssl req -new -key slapd-key.pem > slapd-csr .pem
•
Obtenir certificat seveur auprès d'une autorité de certification slap-crt.pem
•
récupérer La chaine de certification myca-cacert.pem
•
Modifier le fichier /etc/default/slapd
SLAPD_SERVICES="ldap:/// ldaps:///"
•
Modifier le fichier /etc/ldap/slapd.conf pour y ajouter avant le backend:
TLSCertificateFile /etc/ssl/certs/slapd-crt.pem
TLSCertificateKeyFile /etc/ldap/slapd-key.pem
TLSCACertificateFile /etc/ssl/certs/myca-cacert.pem
3. L'INSTALLATION DES APPLICATIFS POUR CORREEX
3.1. Exim
3.1.1.
Installation de Exim :
# apt-get install exim4
3.1.2.
Configuration de Exim ::
Il est possible de configurer Exim en modifiant directement le fichier de configuration
(/etc/exim4/update-exim4.conf.conf)ou par interface graphique (accessible par dpkg-reconfigure
exim4-config)
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
/etc/exim4/update-exim4.conf.conf
Edit this file and /etc/mailname by hand and execute update-exim4.conf
yourself or use 'dpkg-reconfigure exim4-config'
Please note that this is _not_ a dpkg-conffile and that automatic changes
to this file might happen. The code handling this will honor your local
changes, so this is usually fine, but will break local schemes that mess
around with multiple versions of the file.
update-exim4.conf uses this file to determine variable values to generate
exim configuration macros for the configuration file.
Most settings found in here do have corresponding questions in the
Debconf configuration, but not all of them.
This is a Debian specific file
dc_eximconfig_configtype='internet'
dc_other_hostnames='correex.fr'
dc_local_interfaces='127.0.0.1;192.168.0.10'
Document technique du projet Correlyce - Diffusion
Correlyce est une marque déposée par la Région PACA
page 9
#
#
#
#
#
#
#
#
#
#
dc_readhost=''
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets=''
dc_smarthost=''
CFILEMODE='644'
dc_use_split_config='false'
dc_hide_mailname='true'
dc_mailname_in_oh='true'
dc_localdelivery='mail_spool'
3.1.3.
Test d'exim
host mx1.correex.fr
exim -bt [email protected]
mail [email protected]
tail /var/log/exim4/mainlog
3.2. Sympa
L’utilisation de Sympa est une spécificité de la plate-forme Courdecol13.
Les plates-formes Corrééx doivent disposer d’un accès à un gestionnaire de liste de
diffusion, permettant notamment la diffusion des informations aux administrateurs, aux
superviseurs, aux usagers et aux personnes s’étant inscrites sur l’interface publique du
site.
En fonction des applicatifs exploités par l’organisation qui conduit l’installation, de son
système d’information et de ses règles de fonctionnement propres, on pourra disposer d’un
serveur de listes spécifiques, pouvant être Sympa ou un autre.
3.2.1.
Installation de Sympa
# # apt-get install sympa libapache2-mod-fastcgi
3.2.2.
Configuration de Sympa
Il est possible de configurer Sympa en modifiant directement le fichier de configuration
(/etc/sympa/sympa.conf)ou par interface graphique (accessible par dpkg-reconfigure -plow sympa)
## Configuration file for Sympa
## many parameters are optional (defined in src/Conf.pm)
## refer to the documentation for a detailed list of parameters
###\\\\ Directories and file location ////###
## Directory containing mailing lists subdirectories
home
/var/lib/sympa/expl
## Directory for configuration files ; it also contains scenari/ and templates/ directories
etc
/etc/sympa
## File containing Sympa PID while running.
## Sympa also locks this file to ensure that it is not running more than once. Caution :
user sympa need to write access without special privilegee.
pidfile /var/run/sympa/sympa.pid
CRDP de l’Académie d’Aix-Marseille
G. Puimatto, JC Pérennes Novembre 2011
page 10
## Umask used for file creation by Sympa
umask 027
## The main spool containing various specialized spools
## All spool are created at runtime by sympa.pl
spool /var/spool/sympa
## Incoming spool
queue /var/spool/sympa/msg
## Bounce incoming spool
queuebounce
/var/spool/sympa/bounce
###\\\\ Syslog ////###
## The syslog facility for sympa
## Do not forget to edit syslog.conf
syslog `/bin/cat /etc/sympa/facility`
## Communication mode with syslogd is either unix (via Unix sockets) or inet (use of UDP)
log_socket_type unix
## Log intensity
## 0 : normal, 2,3,4 for debug
log_level
0
###\\\\ General definition ////###
## Main robot hostname
domain
correex.fr
## Listmasters email list comma separated
## Sympa will associate listmaster privileges to these email addresses (mail and web
interfaces). Some error reports may also be sent to these addresses.
listmaster
[email protected],[email protected]
## Local part of sympa email adresse
## Effective address will be [EMAIL]@[HOST]
email sympa
## Default lang (cs | de | el | en_US | fr | hu | it | ja_JP | nl | oc | pt_BR | tr)
lang
fr
## Who is able to create lists
## This parameter is a scenario, check sympa documentation about scenarios if you want to
define one
create_list
public_listmaster
## Secret used by Sympa to make MD5 fingerprint in web cookies secure
## Should not be changed ! May invalid all user password
cookie `/bin/cat /etc/sympa/cookie`
###\\\\ Errors management ////###
## Bouncing email rate for warn list owner
#bounce_warn_rate
20
## Bouncing email rate for halt the list (not implemented)
## Not yet used in current version, Default is 50
#bounce_halt_rate
50
Document technique du projet Correlyce - Diffusion
Correlyce est une marque déposée par la Région PACA
page 11
## Task name for expiration of old bounces
#expire_bounce_task
daily
## Welcome message return-path
## If set to unique, new subcriber is removed if welcome message bounce
#welcome_return_path
unique
###\\\\ MTA related ////###
## Path to the MTA (sendmail, postfix, exim or qmail)
## should point to a sendmail-compatible binary (eg: a binary named 'sendmail' is
distributed with Postfix)
sendmail
/usr/sbin/sendmail
## Maximum number of recipients per call to Sendmail. The nrcpt_by_domain.conf file allows a
different tuning per destination domain.
nrcpt 25
## Max. number of different domains per call to Sendmail
avg
10
## Max. number of Sendmail processes (launched by Sympa) running simultaneously
## Proposed value is quite low, you can rise it up to 100, 200 or even 300 with powerfull
systems.
maxsmtp 40
###\\\\ Pluggin ////###
## Path to the antivirus scanner engine
## supported antivirus : McAfee/uvscan, Fsecure/fsav, Sophos, AVP and Trend Micro/VirusWall
#antivirus_path /usr/local/uvscan/uvscan
## Antivirus pluggin command argument
#antivirus_args --secure --summary --dat /usr/local/uvscan
###\\\\ S/MIME pluggin ////###
## Path to OpenSSL
## Sympa knowns S/MIME if openssl is installed
#openssl
/usr/local/bin/openssl
## The directory path use by OpenSSL for trusted CA certificates
#capath /etc/sympa/ssl.crt
## This parameter sets the all-in-one file where you can assemble the Certificates of
Certification Authorities (CA)
#cafile /usr/local/apache/conf/ssl.crt/ca-bundle.crt
## User CERTs directory
ssl_cert_dir
/var/lib/sympa/x509-user-certs
## Password used to crypt lists private keys
#key_passwd
your_password
###\\\\ Database ////###
## Database type (mysql | Pg | Oracle | Sybase | SQLite)
## be carefull to the case
#db_type
mysql
## Name of the database
## with SQLite, the name of the DB corresponds to the DB file
#db_name
sympa
CRDP de l’Académie d’Aix-Marseille
G. Puimatto, JC Pérennes Novembre 2011
page 12
## The host hosting your sympa database
#db_host
localhost
## Database user for connexion
#db_user
sympa
## Database password (associated to the db_user)
## What ever you use a password or not, you must protect the SQL server (is it a not a
public internet service ?)
#db_passwd
your_passwd
## Database private extention to user table
## You need to extend the database format with these fields
#db_additional_user_fields
age,address
## Database private extention to subscriber table
## You need to extend the database format with these fields
#db_additional_subscriber_fields
billing_delay,subscription_expiration
###\\\\ Web interface ////###
css_path
/usr/lib/cgi-bin/sympa/css
css_url https://www.correex.fr/wws/css
## Sympa's main page URL
wwsympa_url http://correex.fr/wws
## web interface color : dark
dark_color
#006666
## web interface color : selected_color
selected_color #996666
## web interface color : light
light_color
#cccc66
## web_interface color : shaded
shaded_color
#66cccc
## web_interface color : background
bg_color
#ffffcc
## Supported languages for the user interface
supported_lang fr,en_US
#-- Database configuration begin
# DO NOT REMOVE SURROUNDING COMMENTS
# DO NOT EDIT BY HAND
# USE dpkg-reconfigure -plow sympa TO RECONFIGURE
## Database driver (DBD)
db_type
mysql
## Name of your database
db_name
sympa
## Your database hostname
db_host
localhost
## Username to connect to the DB
db_user
sympa
Document technique du projet Correlyce - Diffusion
Correlyce est une marque déposée par la Région PACA
page 13
## Password for the user
db_passwd
cour13##
#-- Database configuration end
3.2.3.
Récupération des listes existantes
En cas de réinstallation ou de mise à jour de Sympa, penser à
/var/lib/sympa/expl.
3.2.4.
sauvegarder le répertoire
Bugs sympa
Si vous recevez un mail du type :
Could
Could
Could
Could
not
not
not
not
lock
lock
lock
lock
/var/run/sympa/sympa.pid, process is probably already running
/var/run/sympa/archived.pid, process is probably already running
/var/run/sympa/task_manager.pid, process is probably already running
/var/run/sympa/bounced.pid, process is probably already running
Il faut arrêter sympa, suppr imer ces fichiers et redémarrer sympa.
Si sympa n'envoie pas le msessage à la liste alors qu'il a été validé, procédure à suivre avant de
redémarrer exim :
## router/400_exim4-config_system_aliases
.ifndef SYSTEM_ALIASES_PIPE_TRANSPORT
SYSTEM_ALIASES_PIPE_TRANSPORT = address_pipe
.endif
3.3. Mysql
3.3.1.
Installation de Mysql
# apt-get install mysql-server-5.0
3.3.2.
Configuration de Mysql
/etc/mysql/my.cnf
#
#
#
#
#
#
#
#
#
#
#
#
#
The MySQL database server configuration file.
You can copy this to one of:
- "/etc/mysql/my.cnf" to set global options,
- "~/.my.cnf" to set user-specific options.
One can use all long options that the program supports.
Run program with --help to get a list of available options and with
--print-defaults to see which it would actually understand and use.
For explanations see
http://dev.mysql.com/doc/mysql/en/server-system-variables.html
# This will be passed to all mysql clients
# It has been reported that passwords should be enclosed with ticks/quotes
# escpecially if they contain "#" chars...
# Remember to edit /etc/mysql/debian.cnf when changing the socket location.
[client]
CRDP de l’Académie d’Aix-Marseille
G. Puimatto, JC Pérennes Novembre 2011
page 14
port
socket
= 3306
= /var/run/mysqld/mysqld.sock
# Here is entries for some specific programs
# The following values assume you have at least 32M ram
# This was formally known as [safe_mysqld]. Both versions are currently parsed.
[mysqld_safe]
socket
= /var/run/mysqld/mysqld.sock
nice
=0
[mysqld]
#
# * Basic Settings
#
user
= mysql
pid-file
= /var/run/mysqld/mysqld.pid
socket
= /var/run/mysqld/mysqld.sock
port
= 3306
basedir
= /usr
datadir
= /var/lib/mysql
tmpdir
= /tmp
language
= /usr/share/mysql/english
skip-external-locking
default-character-set=utf8
default-storage-engine=INNODB
lower_case_table_names=1
#
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address
= 127.0.0.1
#
# * Fine Tuning
#
key_buffer
= 16M
max_allowed_packet
= 16M
thread_stack
= 128K
thread_cache_size
=8
# This replaces the startup script and checks MyISAM tables if needed
# the first time they are touched
myisam-recover
= BACKUP
#max_connections
= 100
#table_cache
= 64
#thread_concurrency
= 10
#
# * Query Cache Configuration
#
query_cache_limit
= 1M
query_cache_size
= 16M
#
# * Logging and Replication
#
# Both location gets rotated by the cronjob.
# Be aware that this log type is a performance killer.
#log
= /var/log/mysql/mysql.log
#
# Error logging goes to syslog. This is a Debian improvement :)
#
# Here you can see queries with especially long duration
#log_slow_queries
= /var/log/mysql/mysql-slow.log
#long_query_time = 2
#log-queries-not-using-indexes
#
Document technique du projet Correlyce - Diffusion
Correlyce est une marque déposée par la Région PACA
page 15
# The following can be used as easy to replay backup logs or for replication.
# note: if you are setting up a replication slave, see README.Debian about
#
other settings you may need to change.
#server-id
=1
#log_bin
= /var/log/mysql/mysql-bin.log
expire_logs_days
= 10
max_binlog_size
= 100M
#binlog_do_db
= include_database_name
#binlog_ignore_db
= include_database_name
#
# * BerkeleyDB
#
# Using BerkeleyDB is now discouraged as its support will cease in 5.1.12.
skip-bdb
#
# * InnoDB
#
# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
# Read the manual for more InnoDB related options. There are many!
# You might want to disable InnoDB to shrink the mysqld process by circa 100MB.
#skip-innodb
#
# * Security Features
#
# Read the manual, too, if you want chroot!
# chroot = /var/lib/mysql/
#
# For generating SSL certificates I recommend the OpenSSL GUI "tinyca".
#
# ssl-ca=/etc/mysql/cacert.pem
# ssl-cert=/etc/mysql/server-cert.pem
# ssl-key=/etc/mysql/server-key.pem
[mysqldump]
quick
quote-names
max_allowed_packet
= 16M
[mysql]
#no-auto-rehash # faster start of mysql but no tab completition
default-character-set=utf8
[isamchk]
key_buffer
= 16M
#
#
#
#
#
#
#
#
#
#
* NDB Cluster
See /usr/share/doc/mysql-server-*/README.Debian for more information.
The following configuration is read by the NDB Data Nodes (ndbd processes)
not from the NDB Management Nodes (ndb_mgmd processes).
[MYSQL_CLUSTER]
ndb-connectstring=127.0.0.1
#
# * IMPORTANT: Additional settings that can override those from this file!
# The files must end with '.cnf', otherwise they'll be ignored.
#
!includedir /etc/mysql/conf.d/
CRDP de l’Académie d’Aix-Marseille
G. Puimatto, JC Pérennes Novembre 2011
page 16
3.4. Php
3.4.1.
Installer Php5
# apt-get install php5
3.4.2.
#
#
#
#
#
#
#
#
apt-get
apt-get
apt-get
apt-get
Modules complémentaires à installer
install
install
install
install
php5-curl
php5-gd
php5-ldap
php5-mcrypt
3.5. PhpMyAdmin
3.5.1.
Installer PhpMyAdmin
# apt-get install PhpMyAdmin
3.5.2.
Utilisateurs et bases à sauvegarder
Eléments à sauvegarder en cas d’intervention sur une plate-forme existante
•
Utilisateur corree → base correedb et spipactus
•
Utilisateur sympa → base sympa
•
Jeu de caractères pour MySQL: UTF-8 Unicode (utf8)
•
Chaque base est de type innoDb et d'interclassement utf8_general_ci
3.5.3.
Paramétrage d'apache
•
Supprimer l'accès sur la déclaration de l'hôte virtuel port 80
•
Supprimer le lien de /etc/apache2/conf.d
•
Déclaration ssl → voir le fichier de conf de l'hôte viruels
3.6. Apache 2
3.6.1.
Installer Apache
# apt-get install apache2
3.6.2.
Modules complémentaires à installer
# apt-get install apache2-mpm-prefork
Document technique du projet Correlyce - Diffusion
Correlyce est une marque déposée par la Région PACA
page 17
#
#
#
#
#
apt-get
apt-get
apt-get
apt-get
a2enmod
install
install
install
install
rewrite
libapache2-mod-fastcgi
libapache2-mod-jk
libapache2-mod-php5
libapache2-mod-python
3.7. Java 1.5
3.7.1.
Installer Java
Le paquet java n’étant pas libre, il faut ajouter des sources spécifiques aux dépôts. Pour ce faire, il
faut modifier le fichier /etc/apt/sources.list pour y ajouter les adresses suivantes
deb http://ftp2.fr.debian.org/debian/ lenny main contrib non-free
deb-src http://ftp.fr.debian.org/debian/ lenny main contrib non-free
Installation
# apt-get install sun-java5-jdk
3.7.2.
Utilisation de Java 1.5 par défaut
# vi /root/.bash_profile
JAVA_HOME=/usr/lib/jvm/java-1.5.0-sun
export JAVA_HOME
PATH=$JAVA_HOME/bin:$PATH
export PATH
export LANG=fr_FR@euro
3.8. Tomcat 5.5
3.8.1.
Installer Tomcat 5.5
# apt-get install tomcat5.5 tomcat5.5-admin tomcat5.5-webapps
3.8.2.
Configuration de Tomcat 5.5
# vi /var/lib/tomcat5,5/conf/server.xml
<!-- Server Configuration File for Tomcat 5.5 on Debian
You can find a more complete example in /usr/share/doc/tomcat5.5/examples/
-->
<!-- Note that component elements are nested corresponding to their
parent-child relationships with each other -->
<!-- A "Server" is a singleton element that represents the entire JVM,
which may contain one or more "Service" instances. The Server
CRDP de l’Académie d’Aix-Marseille
G. Puimatto, JC Pérennes Novembre 2011
page 18
listens for a shutdown command on the indicated port.
Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" or "Loggers" at this level.
-->
<Server port="8005" shutdown="SHUTDOWN">
<!-- Comment these entries out to disable JMX MBeans support used for the
administration web application -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" />
<Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.storeconfig.StoreConfigLifecycleListener"/>
<!-- Global JNDI resources -->
<GlobalNamingResources>
<!-- Test entry for demonstration purposes -->
<Environment name="simpleValue" type="java.lang.Integer" value="30"/>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users -->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<!-- A "Service" is a collection of one or more "Connectors" that share
a single "Container" (and therefore the web applications visible
within that Container). Normally, that Container is an "Engine",
but this is not required.
Note: A "Service" is not itself a "Container", so you may not
define subcomponents such as "Valves" or "Loggers" at this level.
-->
<!-- Define the Tomcat Stand-Alone Service -->
<Service name="Catalina">
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Each Connector passes requests on to the
associated "Container" (normally an Engine) for processing.
By default, a non-SSL HTTP/1.1 Connector is established on port 8180.
You can also enable an SSL HTTP/1.1 Connector on port 8443 by
following the instructions below and uncommenting the second Connector
entry. SSL support requires the following steps (see the SSL Config
HOWTO in the Tomcat 5 documentation bundle for more detailed
instructions):
* If your JDK version 1.3 or prior, download and install JSSE 1.0.2 or
later, and put the JAR files into "$JAVA_HOME/jre/lib/ext".
* Execute:
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix)
with a password value of "changeit" for both the certificate and
the keystore itself.
By default, DNS lookups are enabled when a web application calls
request.getRemoteHost(). This can have an adverse impact on
Document technique du projet Correlyce - Diffusion
Correlyce est une marque déposée par la Région PACA
page 19
performance, so you can disable it by setting the
"enableLookups" attribute to "false". When DNS lookups are disabled,
request.getRemoteHost() will return the String version of the
IP address of the remote client.
-->
<!-- Define a non-SSL HTTP/1.1 Connector on port 8180 -->
<Connector port="8080" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" URIEncoding="UTF-8"/>
<!-- Note : To disable connection timeouts, set connectionTimeout value
to 0 -->
<!-- Note : To use gzip compression you could set the following properties :
compression="on"
compressionMinSize="2048"
noCompressionUserAgents="gozilla, traviata"
compressableMimeType="text/html,text/xml"
-->
<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
<!-<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
URIEncoding="UTF-8"
truststoreFile="/var/lib/tomcat5.5/keys/.keystore"
truststorePass="correex"
keystoreFile="/var/lib/tomcat5.5/keys/.keystore"
keystorePass="correex" />
-->
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009"
enableLookups="false" redirectPort="8443" protocol="AJP/1.3" />
<!-- Define a Proxied HTTP/1.1 Connector on port 8082 -->
<!-- See proxy documentation for more information about using this. -->
<!-<Connector port="8082"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" acceptCount="100" connectionTimeout="20000"
proxyPort="80" disableUploadTimeout="true" />
-->
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
on to the appropriate Host (virtual host). -->
<!-- You should set jvmRoute to support load-balancing via AJP ie :
<Engine name="Standalone" defaultHost="localhost" jvmRoute="jvm1">
-->
<!-- Define the top level container in our container hierarchy -->
<Engine name="Catalina" defaultHost="localhost">
<!-- The request dumper valve dumps useful debugging information about
CRDP de l’Académie d’Aix-Marseille
G. Puimatto, JC Pérennes Novembre 2011
page 20
the request headers and cookies that were received, and the response
headers and cookies that were sent, for all requests received by
this instance of Tomcat. If you care only about requests to a
particular virtual host, or a particular application, nest this
element inside the corresponding <Host> or <Context> entry instead.
For a similar mechanism that is portable to all Servlet 2.4
containers, check out the "RequestDumperFilter" Filter in the
example application (the source for this filter may be found in
"$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").
Request dumping is disabled by default. Uncomment the following
element to enable it. -->
<!-<Valve className="org.apache.catalina.valves.RequestDumperValve"/>
-->
<!-- Because this Realm is here, an instance will be shared globally -->
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
<!-- Comment out the old realm but leave here for now in case we
need to go back quickly -->
<!-<Realm className="org.apache.catalina.realm.MemoryRealm" />
-->
<!-- Replace the above Realm with one of the following to get a Realm
stored in a database and accessed via JDBC -->
<!-<Realm className="org.apache.catalina.realm.JDBCRealm"
driverName="org.gjt.mm.mysql.Driver"
connectionURL="jdbc:mysql://localhost/authority"
connectionName="test" connectionPassword="test"
userTable="users" userNameCol="user_name" userCredCol="user_pass"
userRoleTable="user_roles" roleNameCol="role_name" />
-->
<!-<Realm className="org.apache.catalina.realm.JDBCRealm"
driverName="oracle.jdbc.driver.OracleDriver"
connectionURL="jdbc:oracle:thin:@ntserver:1521:ORCL"
connectionName="scott" connectionPassword="tiger"
userTable="users" userNameCol="user_name" userCredCol="user_pass"
userRoleTable="user_roles" roleNameCol="role_name" />
-->
<!-<Realm className="org.apache.catalina.realm.JDBCRealm"
driverName="sun.jdbc.odbc.JdbcOdbcDriver"
connectionURL="jdbc:odbc:CATALINA"
userTable="users" userNameCol="user_name" userCredCol="user_pass"
userRoleTable="user_roles" roleNameCol="role_name" />
-->
<!-- Define the default virtual host
Note: XML Schema validation will not work with Xerces 2.2.
Document technique du projet Correlyce - Diffusion
Correlyce est une marque déposée par la Région PACA
page 21
-->
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
<!-- Defines a cluster for this node,
By defining this element, means that every manager will be changed.
So when running a cluster, only make sure that you have webapps in there
that need to be clustered and remove the other ones.
A cluster has the following parameters:
className = the fully qualified name of the cluster class
clusterName = a descriptive name for your cluster, can be anything
mcastAddr = the multicast address, has to be the same for all the nodes
mcastPort = the multicast port, has to be the same for all the nodes
mcastBindAddr = bind the multicast socket to a specific address
mcastTTL = the multicast TTL if you want to limit your broadcast
mcastSoTimeout = the multicast readtimeout
mcastFrequency = the number of milliseconds in between sending a "I'm alive"
heartbeat
mcastDropTime = the number a milliseconds before a node is considered "dead" if
no heartbeat is received
tcpThreadCount = the number of threads to handle incoming replication requests,
optimal would be the same amount of threads as nodes
tcpListenAddress = the listen address (bind address) for TCP cluster request on this host,
in case of multiple ethernet cards.
auto means that address becomes
InetAddress.getLocalHost().getHostAddress()
tcpListenPort = the tcp listen port
tcpSelectorTimeout = the timeout (ms) for the Selector.select() method in case
the OS
has a wakup bug in java.nio. Set to 0 for no timeout
printToScreen = true means that managers will also print to std.out
expireSessionsOnShutdown = true means that
useDirtyFlag = true means that we only replicate a session after
setAttribute,removeAttribute has been called.
false means to replicate the session after each request.
false means that replication would work for the following piece
of code: (only for SimpleTcpReplicationManager)
<%
HashMap map = (HashMap)session.getAttribute("map");
map.put("key","value");
%>
replicationMode = can be either 'pooled', 'synchronous' or 'asynchronous'.
* Pooled means that the replication happens using several
sockets in a synchronous way. Ie, the data gets replicated, then the request return. This is
the same as the 'synchronous' setting except it uses a pool of sockets, hence it is
CRDP de l’Académie d’Aix-Marseille
G. Puimatto, JC Pérennes Novembre 2011
page 22
multithreaded. This is the fastest and safest configuration. To use this, also increase the
nr of tcp threads that you have dealing with replication.
* Synchronous means that the thread that executes the
request, is also the
thread the replicates the data to the other nodes, and will
not return until all
nodes have received the information.
* Asynchronous means that there is a specific 'sender' thread
for each cluster node,
so the request thread will queue the replication request into
a "smart" queue,
and then return to the client.
The "smart" queue is a queue where when a session is added to
the queue, and the same session
already exists in the queue from a previous request, that
session will be replaced
in the queue instead of replicating two requests. This almost
never happens, unless there is a
large network delay.
-->
<!-When configuring for clustering, you also add in a valve to catch all the
requests
coming in, at the end of the request, the session may or may not be replicated.
A session is replicated if and only if all the conditions are met:
1. useDirtyFlag is true or setAttribute or removeAttribute has been called AND
2. a session exists (has been created)
3. the request is not trapped by the "filter" attribute
The filter attribute is to filter out requests that could not modify the
session,
hence we don't replicate the session after the end of this request.
The filter is negative, ie, anything you put in the filter, you mean to filter
out,
ie, no replication will be done on requests that match one of the filters.
The filter attribute is delimited by ;, so you can't escape out ; even if you
wanted to.
filter=".*\.gif;.*\.js;" means that we will not replicate the session after
requests with the URI
ending with .gif and .js are intercepted.
The deployer element can be used to deploy apps cluster wide.
Currently the deployment only deploys/undeploys to working members in the
cluster
so no WARs are copied upons startup of a broken node.
The deployer watches a directory (watchDir) for WAR files when
watchEnabled="true"
When a new war file is added the war gets deployed to the local instance,
and then deployed to the other instances in the cluster.
When a war file is deleted from the watchDir the war is undeployed locally
and cluster wide
-->
<!-<Cluster className="org.apache.catalina.cluster.tcp.SimpleTcpCluster"
managerClassName="org.apache.catalina.cluster.session.DeltaManager"
expireSessionsOnShutdown="false"
useDirtyFlag="true"
notifyListenersOnReplication="true">
<Membership
className="org.apache.catalina.cluster.mcast.McastService"
Document technique du projet Correlyce - Diffusion
Correlyce est une marque déposée par la Région PACA
page 23
mcastAddr="228.0.0.4"
mcastPort="45564"
mcastFrequency="500"
mcastDropTime="3000"/>
<Receiver
className="org.apache.catalina.cluster.tcp.ReplicationListener"
tcpListenAddress="auto"
tcpListenPort="4001"
tcpSelectorTimeout="100"
tcpThreadCount="6"/>
<Sender
className="org.apache.catalina.cluster.tcp.ReplicationTransmitter"
replicationMode="pooled"
ackTimeout="15000"/>
<Valve className="org.apache.catalina.cluster.tcp.ReplicationValve"
filter=".*\.gif;.*\.js;.*\.jpg;.*\.png;.*\.htm;.*\.html;.*\.css;.*\.txt;"/>
<Deployer className="org.apache.catalina.cluster.deploy.FarmWarDeployer"
tempDir="/tmp/war-temp/"
deployDir="/tmp/war-deploy/"
watchDir="/tmp/war-listen/"
watchEnabled="false"/>
<ClusterListener
className="org.apache.catalina.cluster.session.ClusterSessionListener"/>
</Cluster>
-->
<!-- Normally, users must authenticate themselves to each web app
individually. Uncomment the following entry if you would like
a user to be authenticated the first time they encounter a
resource protected by a security constraint, and then have that
user identity maintained across *all* web applications contained
in this virtual host. -->
<!-<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->
<!-- Access log processes all requests for this virtual host. By
default, log files are created in the "logs" directory relative to
$CATALINA_HOME. If you wish, you can specify a different
directory with the "directory" attribute. Specify either a relative
(to $CATALINA_HOME) or absolute path to the desired directory.
-->
<!-<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs" prefix="localhost_access_log." suffix=".txt"
pattern="common" resolveHosts="false"/>
-->
<!-- Access log processes all requests for this virtual host. By
default, log files are created in the "logs" directory relative to
$CATALINA_HOME. If you wish, you can specify a different
directory with the "directory" attribute. Specify either a relative
(to $CATALINA_HOME) or absolute path to the desired directory.
This access log implementation is optimized for maximum performance,
but is hardcoded to support only the "common" and "combined" patterns.
-->
<!--
CRDP de l’Académie d’Aix-Marseille
G. Puimatto, JC Pérennes Novembre 2011
page 24
<Valve className="org.apache.catalina.valves.FastCommonAccessLogValve"
directory="logs" prefix="localhost_access_log." suffix=".txt"
pattern="common" resolveHosts="false"/>
-->
<!-- Access log processes all requests for this virtual host. By
default, log files are created in the "logs" directory relative to
$CATALINA_HOME. If you wish, you can specify a different
directory with the "directory" attribute. Specify either a relative
(to $CATALINA_HOME) or absolute path to the desired directory.
This access log implementation is optimized for maximum performance,
but is hardcoded to support only the "common" and "combined" patterns.
This valve use NIO direct Byte Buffer to asynchornously store the
log.
-->
<!-<Valve className="org.apache.catalina.valves.ByteBufferAccessLogValve"
directory="logs" prefix="localhost_access_log." suffix=".txt"
pattern="common" resolveHosts="false"/>
-->
</Host>
</Engine>
</Service>
</Server>
Vi /var/lib/tomcat5.5/conf/tomcat-users.xml
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="manager"/>
<role rolename="admin"/>
<user username="root" password="123456crdp;:!" roles="admin,manager"/>
</tomcat-users>
3.8.3.
Configuration du tas de la JVM
Vi /etc/default/tomcat5.5
# Run Tomcat as this user ID. Not setting this or leaving it blank will use the
# default of tomcat55.
#TOMCAT5_USER=tomcat55
# The home directory of the Java development kit (JDK). You need at least
# JDK version 1.4. If JAVA_HOME is not set, some common directories for
# the Sun JDK, various J2SE 1.4 versions, and the free runtimes
# java-gcj-compat-dev and kaffe are tried.
#JAVA_HOME=/usr/lib/jvm/java-6-sun
# Directory for per-instance configuration files and webapps. It contain the
# directories conf, logs, webapps, work and temp. See RUNNING.txt for details.
# Default: /var/lib/tomcat5.5
#CATALINA_BASE=/var/lib/tomcat5.5
# Arguments to pass to the Java virtual machine (JVM).
JAVA_OPTS="-Djava.awt.headless=true -Xmx512M"
Document technique du projet Correlyce - Diffusion
Correlyce est une marque déposée par la Région PACA
page 25
# Java compiler to use for translating JavaServer Pages (JSPs). You can use all
# compilers that are accepted by Ant's build.compiler property.
#JSP_COMPILER=jikes
# Use the Java security manager? (yes/no, default: yes)
# WARNING: Do not disable the security manager unless you understand
# the consequences!
# NOTE: java-gcj-compat-dev currently doesn't support a security
# manager.
#TOMCAT5_SECURITY=yes
3.9. Configuration d'Apache
3.9.1.
Configuration des modules pré-installés
vi /etc/libapache2-mod-jk/workers.properties
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
workers.properties This file is a simplified version of the workers.properties supplied
with the upstream sources. The jni inprocess worker (not build in the
debian package) section and the ajp12 (deprecated) section are removed.
As a general note, the characters $( and ) are used internally to define
macros. Do not use them in your own configuration!!!
Whenever you see a set of lines such as:
x=value
y=$(x)\something
the final value for y will be value\something
Normaly all you will need to do is un-comment and modify the first three
properties, i.e. workers.tomcat_home, workers.java_home and ps.
Most of the configuration is derived from these.
When you are done updating workers.tomcat_home, workers.java_home and ps
you should have 3 workers configured:
- An ajp13 worker that connects to localhost:8009
- A load balancer worker
# OPTIONS ( very important for jni mode )
#
# workers.tomcat_home should point to the location where you
# installed tomcat. This is where you have your conf, webapps and lib
# directories.
#
workers.tomcat_home=/usr/share/tomcat5
#
# workers.java_home should point to your Java installation. Normally
# you should have a bin and lib directories beneath it.
#
workers.java_home=/usr/lib/jvm/java-1.5.0-sun
CRDP de l’Académie d’Aix-Marseille
G. Puimatto, JC Pérennes Novembre 2011
page 26
#
# You should configure your environment slash... ps=\ on NT and / on UNIX
# and maybe something different elsewhere.
#
ps=/
#
#------ ADVANCED MODE -----------------------------------------------#--------------------------------------------------------------------#
#
#------ worker list -----------------------------------------#--------------------------------------------------------------------#
#
# The workers that your plugins should create and work with
#
worker.list=ajp13_worker
#
#------ ajp13_worker WORKER DEFINITION -----------------------------#--------------------------------------------------------------------#
#
# Defining a worker named ajp13_worker and of
# Note that the name and the type do not have
#
worker.ajp13_worker.port=8009
worker.ajp13_worker.host=localhost
worker.ajp13_worker.type=ajp13
#
# Specifies the load balance factor when used
# a load balancing worker.
# Note:
# ----> lbfactor must be > 0
# ----> Low lbfactor means less work done by
worker.ajp13_worker.lbfactor=1
type ajp13
to match.
with
the worker.
#
# Specify the size of the open connection cache.
#worker.ajp13_worker.cachesize
#
#------ DEFAULT LOAD BALANCER WORKER DEFINITION ---------------------#--------------------------------------------------------------------#
#
# The loadbalancer (type lb) workers perform wighted round-robin
# load balancing with sticky sessions.
# Note:
# ----> If a worker dies, the load balancer will check its state
#
once in a while. Until then all work is redirected to peer
#
workers.
worker.loadbalancer.type=lb
worker.loadbalancer.balance_workers=ajp13_worker
Document technique du projet Correlyce - Diffusion
Correlyce est une marque déposée par la Région PACA
page 27
vi /etc/apache2/conf.d/jk
# JkWorkersFile /etc/libapache2-mod-jk/workers.properties
# JkLogFile /var/log/apache2/mod_jk.log
# JkLogLevel info
3.9.2.
Configuration de l'hôte virtuel
vi /etc/apache2/sites-available/www.correex.fr
NameVirtualHost *:80
NameVirtualHost *:443
<VirtualHost *:80>
ServerName www.correex.fr
ServerAlias correex.fr
ServerAdmin [email protected]
DocumentRoot /var/www/
ErrorLog /var/log/apache2/error.www.correex.fr.log
CustomLog /var/log/apache2/access.www.correex.fr.log combined
RewriteEngine On
RewriteRule ^/$ /correex/ [R]
RewriteRule ^/correex$ /correex/ [R]
JkMount /correex/* ajp13_worker
JkMount /cas/* ajp13_worker
JkMount /oai/* ajp13_worker
JkMount /oaicat/* ajp13_worker
JkMount /correetest/* ajp13_worker
<Location /actus/ecrire>
Order deny,allow
#Deny from all
#Allow from 194.254.139.66
Allow from all
</Location>
</VirtualHost>
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/apache2/certs/correex_tbs.crt
SSLCertificateKeyFile /etc/apache2/certs/correex.key
SSLCertificateChainFile /etc/apache2/certs/chain.crt
SSLCipherSuite HIGH
SSLProtocol all -SSLv2
ServerName www.correex.fr
ServerAlias www.correex.fr
ServerAdmin [email protected]
DocumentRoot /var/www-https/
ErrorLog /var/log/apache2/error.www.correex.fr.log
CustomLog /var/log/apache2/access.www.correex.fr.log combined
Alias /wwsicons /usr/share/sympa/icons
ScriptAlias /wws /usr/lib/cgi-bin/sympa/wwsympa.fcgi
RewriteEngine On
RewriteRule ^/$ /correex/\? [R]
JkMount /correex/* ajp13_worker
JkMount /cas/* ajp13_worker
CRDP de l’Académie d’Aix-Marseille
G. Puimatto, JC Pérennes Novembre 2011
page 28
JkMount
JkMount
JkMount
JkMount
/oai/* ajp13_worker
/oaicat/* ajp13_worker
/admin/* ajp13_worker
/manager/* ajp13_worker
<Location /wws>
#AddDefaultCharset ISO-8859-15
</Location>
#
Alias /phpmyadmin/ "/usr/share/phpmyadmin/"
<Location /phpmyadmin/>
Order deny,allow
Deny from all
Allow from 194.254.139.66 194.254.139.209
</Location>
#Location /phpldapadmin/>
#
Order deny,allow
#
Deny from all
#
Allow from 194.254.139.66 194.254.139.209
#</Location>
<Location /trac>
SetHandler mod_python
PythonInterpreter main_interpreter
PythonPath "['/usr/lib/python2.5/site-packages']+sys.path"
PythonHandler trac.web.modpython_frontend
PythonOption TracEnv /var/local/trac/courdecol
PythonOption TracUriRoot /trac
PythonOption TracLocale fr_FR.ISO-8859-1
#PythonOption TracLocale fr_FR.iso885915@euro
Order deny,allow
Deny from all
Allow from 194.254.139.66/32 194.254.139.209
AuthType Basic
AuthName "Trac"
AuthBasicProvider "ldap"
AuthLDAPURL
"ldap://78.153.226.117/ou=personnes,dc=corree,dc=fr?uid?one?(objectClass=inetOrgPerson)"
authzldapauthoritative Off
require valid-user
</Location>
</VirtualHost>
3.9.3.
Configuration des ports
# vi /etc/apache2/ports.conf
#
#
#
#
#
#
If you just change the port or add more ports here, you will likely also
have to change the VirtualHost statement in
/etc/apache2/sites-enabled/000-default
This is also true if you have upgraded from before 2.2.9-3 (i.e. from
Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
README.Debian.gz
Document technique du projet Correlyce - Diffusion
Correlyce est une marque déposée par la Région PACA
page 29
#NameVirtualHost *:80
Listen 80
<IfModule mod_ssl.c>
# SSL name based virtual hosts are not yet supported, therefore no
# NameVirtualHost statement here
Listen 443
</IfModule>
3.9.4.
Configuration des certificats
Les certificats se trouvent dans /etc/apache2/certs.
3.9.5.
Applications Tomcat
Il s'agit des applications de Corréé, des serveurs oai et cas.
Recopier le contenu du répertoire /var/lib/tomcat5.5/webapps/
# chown -R www-data:nogroup /var/lib/tomcat5.5/webapps/
# chmod -R 700 /var/lib/tomcat5.5/webapps/
3.1.
Application web
Il s'agit d'un cms spip.
L’outil de génération de métadonnées LOMPADFR n’est plus utilisé, au profit du service
www.coredu.fr. Il reste disponible, mais exploite un format de métadonnées qui n’est pas conforme
à l’évolution de la norme LOMFR.
Recopier le répertoire /var/www/
# chown -R www-data:nogroup /var/www/
# chmod -R 700 /var/www/
Ce document est diffusé sous licence Creative Commons Attribution - Pas d'Utilisation
Commerciale - Partage à l'Identique 3.0 non transposé.
Pour accéder à une copie de cette licence, merci de vous rendre à l'adresse suivante
&(url_licence) ou envoyez un courrier à Creative Commons, 444 Castro Street, Suite 900,
Mountain View, California, 94041, USA.
CRDP de l’Académie d’Aix-Marseille
G. Puimatto, JC Pérennes Novembre 2011
page 30