Difference between revisions of "Third-party software integration: Apache"

From OpenKM Documentation
Jump to: navigation, search
(Red Hat / CentOS)
Line 43: Line 43:
 
  [warn] NameVirtualHost *:80 has no VirtualHosts
 
  [warn] NameVirtualHost *:80 has no VirtualHosts
 
you have to change the virtual host definition from <VirtualHost *> to <VirtualHost *:80>}}
 
you have to change the virtual host definition from <VirtualHost *> to <VirtualHost *:80>}}
 
If you don't want to show the '''/OpenKM''' context, try this as your VirtualHost configuration:
 
 
<source lang="apache">
 
<VirtualHost *>
 
  ServerName openkm.your-domain.com
 
  ProxyPass / ajp://localhost:8009/OpenKM/
 
  ProxyPassReverse / http://openkm.your-domain.com/OpenKM/
 
  ErrorLog /var/log/apache2/your-domain.com-error.log
 
  CustomLog /var/log/apache2/your-domain.com-access.log combined
 
 
  RewriteEngine on
 
  RewriteCond %{REQUEST_URI} /OpenKM*
 
  RewriteRule ^(/.*)$ http://localhost:8080$1 [P]
 
 
  RequestHeader edit X-GWT-Module-Base ^(http://openkm.your-domain)/frontend/(.*)$ $1/OpenKM/frontend/$2
 
</VirtualHost>
 
</source>
 
 
You need also set the configuration parameter '''system.apache.request.header.fix''' to on (true). Note than in OpenKM 5.1 the configuration is stored in database and the OpenKM.cfg configuration only make sense in the database (Hibernate) configuration parameters.
 
  
 
{{Note|If you see an error like:
 
{{Note|If you see an error like:
Line 102: Line 82:
  
 
Now you can access your OpenKM installation from http://openkm.your-domain.com/. Another advantage of using Apache is that you can log OpenKM access and generate web statistics.
 
Now you can access your OpenKM installation from http://openkm.your-domain.com/. Another advantage of using Apache is that you can log OpenKM access and generate web statistics.
 
== SSL in Debian / Ubuntu ==
 
$ sudo mkdir /etc/apache2/ssl
 
$ sudo /usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem
 
$ sudo a2enmod ssl
 
 
Ensure ports 443 is listen in /etc/apache2/ports.conf
 
 
Do the same task related to port 80 but changing the configuration file /etc/apache2/sites-available/openkm.conf with this content:
 
 
<source lang="apache">
 
<VirtualHost *:443>
 
    ServerName openkm.your-domain.com
 
    RedirectMatch ^/$ /OpenKM
 
    <Location /OpenKM>
 
        ProxyPass ajp://127.0.0.1:8009/OpenKM
 
        ProxyPassReverse http://openkm.your-domain.com/OpenKM
 
    </Location>
 
    ErrorLog /var/log/apache2/openkm.your-domain.com-error.log
 
    CustomLog /var/log/apache2/openkm.your-domain.com-access.log combined
 
 
    SSLEngine on
 
    SSLCertificateFile /etc/apache2/ssl/apache.pem
 
</VirtualHost>
 
</source>
 
  
 
== Red Hat / CentOS ==
 
== Red Hat / CentOS ==
Line 151: Line 106:
  
 
  $ sudo /etc/init.d/httpd restart
 
  $ sudo /etc/init.d/httpd restart
 
== SSL in Red Hat / CentOS ==
 
 
$ sudo yum install mod_ssl openssl crypto-utils
 
 
Generate private keys ( for more information visit [http://www.linuxtopia.org/online_books/rhel5/rhel5_administration/rhel5_s1-httpd-secure-server.html Apache HTTP Secure Server Configuration])
 
 
$ genkey your-domain.com
 
 
{{Note|Normally you want to generate self-certificate and not sending to Certify Authority. Is good practice put some password on private key, but in this case each time you restart apache service it'll be demanded.}}
 
 
During the process will be generated two files at
 
SSLCertificateFile /etc/pki/tls/certs/your-domain.com.cert
 
SSLCertificateKeyFile /etc/pki/tls/private/your-domain.com.key
 
 
Must modify the /etc/httpd/conf.d/openkm.conf file
 
<source lang="apache">
 
<VirtualHost *:443>
 
  ServerName your-domain.com
 
  ProxyPass / ajp://localhost:8009/OpenKM/
 
  ProxyPassReverse / http://your-domain.com/OpenKM/
 
  ErrorLog /var/log/your-domain.com-error.log
 
  CustomLog /var/log/your-domain.com-access.log combined
 
 
  RewriteEngine on
 
  RewriteCond %{REQUEST_URI} /OpenKM*
 
  RewriteRule ^(/.*)$ http://localhost:8080$1 [P]
 
  ProxyPassReverse / http://localhost:8080/
 
 
  SSLEngine on
 
  SSLCertificateFile /etc/pki/tls/certs/your-domain.com.cert
 
  SSLCertificateKeyFile /etc/pki/tls/private/your-domain.com.key
 
</VirtualHost>
 
</source>
 
 
Finally must modify SSLCertificateFile and SSLCertificateKeyFile values in file /etc/httpd/conf.d/ssl.conf
 
<source lang="apache">
 
SSLCertificateFile /etc/pki/tls/certs/your-domain.com.cert
 
SSLCertificateKeyFile /etc/pki/tls/private/your-domain.com.key
 
</source>
 
 
Now you can access your OpenKM installation from http://openkm.your-domain.com/. Another advantage of using Apache is that you can log OpenKM access and generate web statistics.
 
  
 
== Mac OS X ==
 
== Mac OS X ==
Line 237: Line 150:
 
* [http://www.workingwith.me.uk/articles/scripting/mod_rewrite mod_rewrite, a beginner’s guide]
 
* [http://www.workingwith.me.uk/articles/scripting/mod_rewrite mod_rewrite, a beginner’s guide]
 
* [http://www.thebuzzmedia.com/using-apache-virtual-hosts-and-proxypass-together/ Using Apache Virtual Hosts and ProxyPass Together]
 
* [http://www.thebuzzmedia.com/using-apache-virtual-hosts-and-proxypass-together/ Using Apache Virtual Hosts and ProxyPass Together]
* [http://pgt.de/2011/01/27/apache-configuration-for-gwt-applications Apache configuration for GWT applications]
 
  
 
[[Category: Installation Guide]]
 
[[Category: Installation Guide]]
[[Category:OKM Network]]
 

Revision as of 10:46, 14 December 2011

Expose OpenKM directly from JBoss can be dangerous if you need the application to be accessed from Internet. Also this 8080 may be closed by a firewall. For these reasons, is a good idea expose your OpenKM installation through the standard web port 80. In the following steps we explain how to configure Apache to handle these request and forward to JBoss application server using the AJP13 protocol.

From the Apache documentation: The AJP13 protocol is packet-oriented. A binary format was presumably chosen over the more readable plain text for reasons of performance. The web server communicates with the servlet container over TCP connections. To cut down on the expensive process of socket creation, the web server will attempt to maintain persistent TCP connections to the servlet container, and to reuse a connection for multiple request/response cycles.

Debian / Ubuntu

The first thing in to install the required Apache software. From Debian / Ubuntu you can install Apache with a single command:

$ sudo aptitude install apache2

Edit the file called /etc/apache2/apache2.conf and configure a ServerName to prevent warnings in the Apache startup process:

ServerRoot "/etc/apache2"
ServerName "your-domain.com"

Enable the proxy module, needed to forward petitions to JBoss:

$ sudo a2enmod proxy_ajp

Now create the configuration file /etc/apache2/sites-available/openkm.conf with this content:

<VirtualHost *>
    ServerName openkm.your-domain.com
    RedirectMatch ^/$ /OpenKM
    <Location /OpenKM>
        ProxyPass ajp://127.0.0.1:8009/OpenKM
        ProxyPassReverse http://openkm.your-domain.com/OpenKM
    </Location>
    ErrorLog /var/log/apache2/your-domain.com-error.log
    CustomLog /var/log/apache2/your-domain.com-access.log combined
</VirtualHost>

The VirtualHost ServerName must be other than ServerName in the main Apache configuration. Enable this site configuration:

$ sudo a2ensite openkm.conf

Nota advertencia.png If after restart Apache you see a warning like:
[warn] NameVirtualHost *:80 has no VirtualHosts
you have to change the virtual host definition from <VirtualHost *> to <VirtualHost *:80>


Nota clasica.png If you see an error like:
Invalid command 'RewriteEngine', perhaps misspelled or defined by a module not included in the server configuration

you need to enable this Apache module:

$ sudo a2enmod rewrite
$ sudo a2enmod proxy_http
$ sudo a2enmod headers

You have to enable explicitly the proxy access editing the Apache configuration file /etc/apache2/mods-available/proxy.conf:

<IfModule mod_proxy.c>
  #turning ProxyRequests on and allowing proxying from all may allow
  #spammers to use your proxy to send email.

  ProxyRequests Off

  <Proxy *>
    AddDefaultCharset off
    Order deny,allow
    Allow from all
    Deny from all
    #Allow from .example.com
  </Proxy>

  # Enable/disable the handling of HTTP/1.1 "Via:" headers.
  # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
  # Set to one of: Off | On | Full | Block

  ProxyVia On
</IfModule>

Finally restart Apache:

$ sudo /etc/init.d/apache2 restart

Now you can access your OpenKM installation from http://openkm.your-domain.com/. Another advantage of using Apache is that you can log OpenKM access and generate web statistics.

Red Hat / CentOS

Here you can use the yum application manager to install Apache:

$ sudo yum install httpd

Now create the file /etc/httpd/conf.d/openkm.conf with this content:

<VirtualHost *:80>
    ServerName openkm.your-domain.com
    RedirectMatch ^/$ /OpenKM
    <Location /OpenKM>
        ProxyPass ajp://127.0.0.1:8009/OpenKM
        ProxyPassReverse http://openkm.your-domain.com/OpenKM
    </Location>
    ErrorLog /var/log/apache2/your-domain.com-error.log
    CustomLog /var/log/apache2/your-domain.com-access.log combined
</VirtualHost>

After that, restart Apache to make effective this configuration.

$ sudo /etc/init.d/httpd restart

Mac OS X

Edit the file called /etc/apache2/apache2.conf and configure a ServerName, enable proxy modules and mod_proxy:

ServerRoot "/usr"
ServerName "your-domain.com"
LoadModule proxy_module libexec/apache2/mod_proxy.so
LoadModule proxy_ajp_module libexec/apache2/mod_proxy_ajp.so
<IfModule mod_proxy.c>
       ProxyRequests Off
       <Proxy "*">
               AddDefaultCharset off
               Allow from all
               Deny from all
               Order Deny,Allow
       </Proxy>
       ProxyVia On
</IfModule>


Now create the configuration file /etc/apache2/sites/openkm.conf with this content:

<VirtualHost *:80>
   ServerName openkm.your-domain.com
   RedirectMatch ^/$ /OpenKM
   <Location /OpenKM>
       ProxyPass ajp://127.0.0.1:8009/OpenKM
       ProxyPassReverse http://openkm.your-domain.com/OpenKM
   </Location>
   ErrorLog /var/log/apache2/your-domain.com-error.log
   CustomLog /var/log/apache2/your-domain.com-access.log combined
</VirtualHost>

Finally restart apache

More info

For more info, visit: