other-software.xml
Delivered as text/xml
[ hide source ] | [ make this the default ]
File Contents
<?xml version='1.0' ?>
<!DOCTYPE appendix PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
<!ENTITY % myvars SYSTEM "../variables.ent">
%myvars;
]>
<appendix id="install-more-software">
<title>Install additional supporting software</title>
<authorblurb>
<para>By <ulink url="mailto:joel@aufrecht.org">Joel Aufrecht</ulink></para>
</authorblurb>
<para>This section assumes that the source tarballs for supporting
software are in <computeroutput>/tmp</computeroutput>. It assumes
that you begin each continuous block of commands as root, and you
should end each block as root. It doesn't care which directory
you start in. Text instructions always precede the commands they
refer to.</para>
<sect1 id="openacs-unpack">
<title>Unpack the OpenACS tarball</title>
<para>The OpenACS tarball contains sample configuration files
for some of the packages listed below. In order to access those
files, unpack the tarball now.</para>
<screen>[root root]# <userinput>cd /tmp</userinput>
[root tmp]# <userinput>tar xzf &tarballpath;.tgz</userinput>
<action>cd /tmp
tar xzf &tarballpath;.tgz</action></screen>
<para>If you are installing from a different method and just need the configuration files, you can instead get them from CVS:</para>
<screen>[root root]# <userinput>cd /tmp</userinput>
[root tmp]# <userinput>cvs -d :pserver:anonymous@cvs.openacs.org:/cvsroot co openacs-4/packages/acs-core-docs/www/files/</userinput>
cvs checkout: warning: failed to open /root/.cvspass for reading: No such file or directory
cvs server: Updating openacs-4/packages/acs-core-docs/www/files
U openacs-4/packages/acs-core-docs/www/files/README.TXT
<emphasis>(many lines omitted)</emphasis>
U openacs-4/packages/acs-core-docs/www/files/template-ini.ini
U openacs-4/packages/acs-core-docs/www/files/winnsd.txt
[root tmp]# <userinput>mv openacs-4 &tarballpath;</userinput>
<action>cd /tmp
cvs -d :pserver:anonymous@cvs.openacs.org:/cvsroot co openacs-4/packages/acs-core-docs/www/files/
mv openacs-4 openacs-5.0.0a4</action></screen>
</sect1>
<sect1 id="install-cvs">
<title>Initialize CVS (OPTIONAL)</title>
<indexterm>
<primary>cvs</primary>
<secondary>initializing</secondary>
</indexterm>
<para>CVS is a source control system. Create and initialize a
directory for a local cvs repository.</para>
<screen>[root tmp]# <userinput>mkdir /cvsroot</userinput>
[root tmp]#<userinput> cvs -d /cvsroot init</userinput>
[root tmp]#
<action>mkdir /cvsroot
cvs -d /cvsroot init</action></screen>
</sect1>
<sect1 id="psgml-for-emacs">
<title>Add PSGML commands to emacs init file (OPTIONAL)</title>
<para><indexterm>
<primary>DocBook</primary>
<secondary>emacs configuration for</secondary>
</indexterm>
If you plan to write or edit any documentation with emacs, install a
customized emacs configuration file with DocBook commands in the skeleton
directory, so it will be used for all new users. The file also
fixes the backspace -> help mis-mapping that often occurs in
terminals.</para>
<screen>[root tmp]# <userinput>cp /tmp/&tarballpath;/packages/acs-core-docs/www/files/emacs.txt /etc/skel/.emacs</userinput>
cp: overwrite `/etc/skel/.emacs'? <userinput>y</userinput>
[root tmp]# </screen>
<para>Debian users:</para>
<screen><action>apt-get install psgml</action></screen>
<para>Note: The new nxml mode for emacs, when used in combination with psgml, provides a pretty good set of functionality that makes DocBook editing much less painless. In particular, nxml does syntax testing in real-time so that you can see syntax errors immediately instead of in the output of the xsltproc hours or days later. For Debian, <computeroutput>apt-get install nxml</computeroutput>.</para>
</sect1>
<sect1 id="install-daemontools">
<title>Install Daemontools (OPTIONAL)</title>
<para>Daemontools is a collection of programs for controlling
other processes. We use daemontools to run and monitor AOLserver. It is
installed in /package. These commands install daemontools and
svgroup. svgroup is a script for granting permissions, to allow
users other than root to use daemontools for specific
services.</para>
<orderedlist>
<listitem>
<para>Install Daemontools</para>
<indexterm>
<primary>daemontools</primary>
<secondary>installation</secondary>
</indexterm>
<para><link linkend="daemontools-download">download daemontools</link> and install it.</para>
<itemizedlist>
<listitem>
<para>Red Hat 8</para>
<screen>[root root]# <userinput>mkdir -p /package</userinput>
[root root]# <userinput>chmod 1755 /package/</userinput>
[root root]# <userinput>cd /package/</userinput>
[root package]# <userinput>tar xzf /tmp/daemontools-0.76.tar.gz</userinput>
[root package]# <userinput>cd admin/daemontools-0.76/</userinput>
[root daemontools-0.76]# <userinput>package/install</userinput>
Linking ./src/* into ./compile...
Creating /service...
Adding svscanboot to inittab...
init should start svscan now.
[root root]#
<action>mkdir -p /package
chmod 1755 /package
cd /package
tar xzf /tmp/daemontools-0.76.tar.gz
cd admin/daemontools-0.76
package/install</action></screen>
</listitem>
<listitem>
<para>Red Hat 9, Fedora Core 1-4</para>
<para>Make sure you have the source tarball in
<computeroutput>/tmp</computeroutput>, or <link
linkend="daemontools-download">download it</link>.
</para>
<screen>[root root]# <userinput>mkdir -p /package</userinput>
[root root]# <userinput>chmod 1755 /package/</userinput>
[root root]# <userinput>cd /package/</userinput>
[root package]# <userinput>tar xzf /tmp/daemontools-0.76.tar.gz</userinput>
[root package]# <userinput>cd admin</userinput>
[root admin]# <userinput>wget http://www.qmail.org/moni.csi.hu/pub/glibc-2.3.1/daemontools-0.76.errno.patch</userinput>
--14:19:24-- http://moni.csi.hu/pub/glibc-2.3.1/daemontools-0.76.errno.patch
=> `daemontools-0.76.errno.patch'
Resolving moni.csi.hu... done.
Connecting to www.qmail.org[141.225.11.87]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 355 [text/plain]
100%[====================================>] 355 346.68K/s ETA 00:00
14:19:24 (346.68 KB/s) - `daemontools-0.76.errno.patch' saved [355/355]
[root admin]# <userinput>cd daemontools-0.76</userinput>
[root daemontools-0.76]# <userinput>patch -p1 < ../daemontools-0.76.errno.patch</userinput>
[root daemontools-0.76]# <userinput>package/install</userinput>
Linking ./src/* into ./compile...<emphasis>(many lines omitted)</emphasis>
Creating /service...
Adding svscanboot to inittab...
init should start svscan now.
[root root]#
<action>mkdir -p /package
chmod 1755 /package
cd /package
tar xzf /tmp/daemontools-0.76.tar.gz
cd admin
wget http://moni.csi.hu/pub/glibc-2.3.1/daemontools-0.76.errno.patch
cd daemontools-0.76
patch -p1 < ../daemontools-0.76.errno.patch
package/install</action></screen>
</listitem>
<listitem>
<para>FreeBSD (follow standard install)</para>
<para>Make sure you have the source tarball in
<computeroutput>/tmp</computeroutput>, or <link
linkend="daemontools-download">download it</link>.
</para>
<screen>[root root]# <userinput>mkdir -p /package</userinput>
[root root]# <userinput>chmod 1755 /package/</userinput>
[root root]# <userinput>cd /package/</userinput>
[root package]# <userinput>tar xzf /tmp/daemontools-0.76.tar.gz</userinput>
[root package]# <userinput>cd admin/daemontools-0.76</userinput>
[root daemontools-0.76]# <userinput>package/install</userinput>
Linking ./src/* into ./compile...<emphasis>(many lines omitted)</emphasis>
Creating /service...
Adding svscanboot to inittab...
init should start svscan now.
[root root]#
<action>mkdir -p /package
chmod 1755 /package
cd /package
tar xzf /tmp/daemontools-0.76.tar.gz
cd admin/daemontools-0.76
package/install</action></screen>
</listitem>
<listitem>
<para>Debian</para>
<screen>[root ~]# <userinput>apt-get install daemontools-installer</userinput>
[root ~]# <userinput>build-daemontools</userinput></screen>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>Verify that svscan is running. If it is, you should see
these two processes running:</para>
<screen>[root root]# <userinput>ps -auxw | grep service</userinput>
root 13294 0.0 0.1 1352 272 ? S 09:51 0:00 svscan /service
root 13295 0.0 0.0 1304 208 ? S 09:51 0:00 readproctitle service errors: .......................................
[root root]#</screen>
</listitem>
<listitem>
<para>Install a script to grant non-root users permission to
control daemontools services.</para>
<screen>[root root]# <userinput>cp /tmp/&tarballpath;/packages/acs-core-docs/www/files/svgroup.txt /usr/local/bin/svgroup</userinput>
[root root]# <userinput>chmod 755 /usr/local/bin/svgroup</userinput>
<action>cp /tmp/&tarballpath;/packages/acs-core-docs/www/files/svgroup.txt /usr/local/bin/svgroup
chmod 755 /usr/local/bin/svgroup</action></screen>
</listitem>
</orderedlist>
</sect1>
<sect1 id="install-qmail">
<title>Install qmail (OPTIONAL)</title>
<para>Qmail is a secure, reliable, efficient, simple Mail Transfer Agent. It handles incoming and
outgoing mail. Install qmail if you want your OpenACS server to
send and receive mail, and you don't want to use an alternate
MTA.</para>
<orderedlist>
<listitem>
<formalpara>
<title>Install qmail</title>
<para>QMail is available as standard Debian/Ubuntu package,
rpms for Fedora/Redhat/CenTOS are available from <ulink
url="https://en.wikipedia.org/wiki/Qmail">QMail wiki
page</ulink></para>
</formalpara>
</listitem>
<listitem>
<formalpara>
<para>Replace sendmail with qmail's wrapper.</para>
</formalpara>
<indexterm>
<primary>sendmail</primary>
<secondary>removing</secondary>
</indexterm>
<screen>[root qmail-1.03]# <userinput>rm -f /usr/bin/sendmail /usr/sbin/sendmail</userinput>
[root qmail-1.03]# <userinput>ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail</userinput>
[root qmail-1.03]#
<action>rm -f /usr/bin/sendmail /usr/sbin/sendmail
ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail</action></screen>
<para>Configure qmail - specifically, run the config script to set up files in <computeroutput>/var/qmail/control</computeroutput> specifying the computer's identity and which addresses it should accept mail for. This command will automatically set up qmail correctly if you have correctly set a valid hostname. If not, you'll want to read <computeroutput>/var/qmail/doc/INSTALL.ctl</computeroutput> to find out how to configure qmail.</para>
<screen>[root qmail-1.03]# <userinput>./config-fast <replaceable>yourserver.test</replaceable></userinput>
Your fully qualified hostname is yourserver.test.
Putting yourserver.test into control/me...
Putting yourserver.test into control/defaultdomain...
Putting yourserver.test into control/plusdomain...
Putting yourserver.test into control/locals...
Putting yourserver.test into control/rcpthosts...
Now qmail will refuse to accept SMTP messages except to yourserver.test.
Make sure to change rcpthosts if you add hosts to locals or virtualdomains!
[root qmail-1.03]#
<action>./config-fast <replaceable>yourserver.test</replaceable></action></screen>
<para>All incoming mail that isn't for a specific user is handled by the <computeroutput>alias</computeroutput> user. This includes all root mail. These commands prepare the alias user to receive mail.</para>
<screen>[root qmail-1.03]# <userinput>cd ~alias; touch .qmail-postmaster .qmail-mailer-daemon .qmail-root</userinput>
[root alias]# <userinput>chmod 644 ~alias/.qmail*</userinput>
[root alias]# <userinput>/var/qmail/bin/maildirmake ~alias/Maildir/</userinput>
[root alias]# <userinput>chown -R alias.nofiles /var/qmail/alias/Maildir</userinput>
[root alias]#
<action>cd ~alias; touch .qmail-postmaster .qmail-mailer-daemon .qmail-root
chmod 644 ~alias/.qmail*
/var/qmail/bin/maildirmake ~alias/Maildir/
chown -R alias.nofiles /var/qmail/alias/Maildir</action></screen>
<indexterm>
<primary>qmail</primary>
<secondary>Maildir</secondary>
</indexterm>
<para>Configure qmail to use the Maildir delivery format
(instead of mbox), and install a version of the qmail startup script modified to use Maildir.</para>
<screen>[root alias]# <userinput>echo "./Maildir" > /var/qmail/bin/.qmail</userinput>
[root alias]# <userinput>cp /tmp/&tarballpath;/packages/acs-core-docs/www/files/qmail.rc.txt /var/qmail/rc</userinput>
[root alias]# <userinput>chmod 755 /var/qmail/rc</userinput>
[root alias]#
<action>echo "./Maildir" > /var/qmail/bin/.qmail
cp /tmp/&tarballpath;/packages/acs-core-docs/www/files/qmail.rc.txt /var/qmail/rc
chmod 755 /var/qmail/rc
</action></screen>
<para>Set up the skeleton directory so that new users will
be configured for qmail.</para>
<screen>[root root]# <userinput>/var/qmail/bin/maildirmake /etc/skel/Maildir</userinput>
[root root]# <userinput>echo "./Maildir/" > /etc/skel/.qmail</userinput>
[root root]#
<action>/var/qmail/bin/maildirmake /etc/skel/Maildir
echo "./Maildir/" > /etc/skel/.qmail</action></screen>
<para>As recommended, we will run qmail with daemontools
control files. Create daemontools control directories, set up a daemontools control script, copy the supervise control files, and set permissions. The last line links the control directories to /service, which will cause supervise to detect them and execute the run files, causing qmail to start.</para>
<screen>[root root]# <userinput>mkdir -p /var/qmail/supervise/qmail-send/log</userinput>
[root root]# <userinput>mkdir -p /var/qmail/supervise/qmail-smtpd/log</userinput>
[root root]# <userinput>mkdir /var/log/qmail</userinput>
[root root]# <userinput>chown qmaill /var/log/qmail</userinput>
[root root]# <userinput>cp /tmp/&tarballpath;/packages/acs-core-docs/www/files/qmailctl.txt /var/qmail/bin/qmailctl</userinput>
[root root]# <userinput>chmod 755 /var/qmail/bin/qmailctl</userinput>
[root root]# <userinput>ln -s /var/qmail/bin/qmailctl /usr/bin</userinput>
[root root]# <userinput>cp /tmp/&tarballpath;/packages/acs-core-docs/www/files/qmail-send-run.txt /var/qmail/supervise/qmail-send/run </userinput>
[root root]# <userinput>cp /tmp/&tarballpath;/packages/acs-core-docs/www/files/qmail-send-log-run.txt /var/qmail/supervise/qmail-send/log/run</userinput>
[root root]# <userinput>cp /tmp/&tarballpath;/packages/acs-core-docs/www/files/qmail-smtpd-run.txt /var/qmail/supervise/qmail-smtpd/run</userinput>
[root root]# <userinput>cp /tmp/&tarballpath;/packages/acs-core-docs/www/files/qmail-smtpd-log-run.txt /var/qmail/supervise/qmail-smtpd/log/run</userinput>
[root root]# <userinput>chmod 755 /var/qmail/supervise/qmail-send/run</userinput>
[root root]# <userinput>chmod 755 /var/qmail/supervise/qmail-send/log/run</userinput>
[root root]# <userinput>chmod 755 /var/qmail/supervise/qmail-smtpd/run</userinput>
[root root]# <userinput>chmod 755 /var/qmail/supervise/qmail-smtpd/log/run</userinput>
[root root]# <userinput>ln -s /var/qmail/supervise/qmail-send /var/qmail/supervise/qmail-smtpd /service</userinput>
[root root]# <userinput>ln -s /var/qmail/supervise/qmail-send /var/qmail/supervise/qmail-smtpd /service</userinput>
<action>mkdir -p /var/qmail/supervise/qmail-send/log
mkdir -p /var/qmail/supervise/qmail-smtpd/log
mkdir /var/log/qmail
chown qmaill /var/log/qmail
cp /tmp/&tarballpath;/packages/acs-core-docs/www/files/qmailctl.txt /var/qmail/bin/qmailctl
chmod 755 /var/qmail/bin/qmailctl
ln -s /var/qmail/bin/qmailctl /usr/bin
cp /tmp/&tarballpath;/packages/acs-core-docs/www/files/qmail-send-run.txt /var/qmail/supervise/qmail-send/run
cp /tmp/&tarballpath;/packages/acs-core-docs/www/files/qmail-send-log-run.txt /var/qmail/supervise/qmail-send/log/run
cp /tmp/&tarballpath;/packages/acs-core-docs/www/files/qmail-smtpd-run.txt /var/qmail/supervise/qmail-smtpd/run
cp /tmp/&tarballpath;/packages/acs-core-docs/www/files/qmail-smtpd-log-run.txt /var/qmail/supervise/qmail-smtpd/log/run
chmod 755 /var/qmail/supervise/qmail-send/run
chmod 755 /var/qmail/supervise/qmail-send/log/run
chmod 755 /var/qmail/supervise/qmail-smtpd/run
chmod 755 /var/qmail/supervise/qmail-smtpd/log/run
ln -s /var/qmail/supervise/qmail-send /var/qmail/supervise/qmail-smtpd /service
</action></screen>
<para>Wait ten seconds or so, and then verify that the four qmail processes are running. If uptimes don't rise above 1 second, this may indicate broken scripts that are continuously restarting. In that case, start debugging by checking permissions.</para>
<screen>[root root]# <userinput>qmailctl stat</userinput>
/service/qmail-send: up (pid 32700) 430 seconds
/service/qmail-send/log: up (pid 32701) 430 seconds
/service/qmail-smtpd: up (pid 32704) 430 seconds
/service/qmail-smtpd/log: up (pid 32705) 430 seconds
messages in queue: 0
messages in queue but not yet preprocessed: 0
[root root]#</screen>
<para>Further verify by sending and receiving email. Incoming mail for root is stored in <computeroutput>/var/qmail/alias/Maildir</computeroutput>. </para>
</listitem>
</orderedlist>
</sect1>
<sect1 id="analog-install">
<title>Install Analog web file analyzer</title>
<para>Download the Analog <link linkend="analog-download">source tarball</link> in
<computeroutput>/tmp</computeroutput>. Unpack, compile, and install analog.</para>
<screen>[root aolserver]# <userinput>cd /usr/local/src</userinput>
[root src]# <userinput>tar xzf /tmp/analog-5.32.tar.gz</userinput>
[root src]# <userinput>cd analog-5.32</userinput>
[root analog-5.32]# <userinput>make</userinput>
cd src && make
make[1]: Entering directory `/usr/local/src/analog-5.32/src'
<emphasis>(many lines omitted)</emphasis>
***IMPORTANT: You must read the licence before using analog
***
make[1]: Leaving directory `/usr/local/src/analog-5.32/src'
[root analog-5.32]# <userinput>cd ..</userinput>
[root src]#<userinput> mv analog-5.32 /usr/share/</userinput>
[root src]#
<action>cd /usr/local/src
tar xzf /tmp/analog-5.32.tar.gz
cd analog-5.32
make
cd ..
mv analog-5.32 /usr/share/</action></screen>
<para>See also <xref linkend="analog-setup"/></para>
</sect1>
<sect1 id="install-nspam">
<title>Install nspam</title>
<para><ulink
url="/doc/acs-authentication/ext-auth-install.html"></ulink></para>
</sect1>
<sect1 id="install-full-text-search-tsearch2" xreflabel="Install
Full Text Search using Tsearch2">
<title>Install Full Text Search using Tsearch2</title>
<authorblurb>
<para>By <ulink url="mailto:dave@thedesignexperience.org">Dave
Bauer</ulink>, <ulink url="mailto:joel@aufrecht.org">Joel
Aufrecht</ulink> and <ulink
url="mailto:openacs@sussdorff.de">Malte Sussdorff</ulink> with
help from <ulink
url="http://www.sai.msu.su/~megera/postgres/gist/tsearch/V2/docs/tsearch-V2-intro.html">Tsearch
V2 Introduction by Andrew J. Kopciuch</ulink></para>
</authorblurb>
<sect2 id="install-tsearch2">
<title>Install Tsearch2 module</title>
<indexterm>
<primary>full text search</primary>
<secondary>installation</secondary>
</indexterm>
<para>In earlier versions of PostgreSQL (7.4), tsearch2 was a contrib
module. With PostgreSQL 9.*, it was included in the standard
PostgreSQL package with minor naming changes (e.g. the function
"rank" became "ts_rank"). PostgreSQL 9 included a backward
compatibility module named "tsearch2". Newer OpenACS
installations (at least 5.9.0 or newer) do not
need the compatibility package. In PostgreSQL 10 the tsearch2
compatibility package has been removed.
</para>
<para>
On new OpenACS installations for PostgreSQL, install the
tsearch2-driver package via "/acs-admin/install/" and mount the
search package under "/search" via "/admin/site-map" if
necessary.
</para>
</sect2>
</sect1>
<sect1 id="install-nsopenssl">
<title>Install nsopenssl</title>
<authorblurb>
<para>By <ulink url="mailto:joel@aufrecht.org">Joel Aufrecht</ulink> and <ulink url="mailto:openacs@sussdorff.de">Malte Sussdorff</ulink></para>
</authorblurb>
<para>This AOLserver module is required if you want people to connect to your site via
https. These commands compile nsopenssl and install it,
along with a Tcl helper script to handle https connections.
You will also need ssl certificates. Because those should
be different for each server service, you won't need <link
linkend="ssl-certificates">those instructions</link> until
later. </para>
<sect2 id="install-nsopenssl-aolserver3">
<title>Install on AOLserver3</title>
<para> You will need the <link
linkend="install-aolserver-compile">unpacked Aolserver tarball</link> in
<computeroutput>/usr/local/src/aolserver</computeroutput> and
the <link
linkend="nsopenssl-download">nsopenssl tarball</link> in
<computeroutput>/tmp</computeroutput>.</para>
<para>Red Hat 9 note: see <ulink
url="http://openacs.org/forums/message-view?message_id=92882">this
thread</ulink> for details on compiling nsopenssl.)</para>
<screen>[root bin]#<userinput> cd /usr/local/src/aolserver</userinput>
[root aolserver]# <userinput>wget --passive http://www.scottg.net/download/nsopenssl-2.1.tar.gz</userinput>
[root aolserver]# <userinput>tar xzf nsopenssl-2.1.tar.gz </userinput>
[root aolserver]# <userinput>cd nsopenssl-2.1</userinput>
[root nsopenssl-2.1]# <userinput>make OPENSSL=/usr/local/ssl</userinput>
gcc -I/usr/local/ssl/include -I../aolserver/include -D_REENTRANT=1 -DNDEBUG=1 -g -fPIC -Wall -Wno-unused -mcpu=i686 -DHAVE_CMMSG=1 -DUSE_FIONREAD=1 -DHAVE_COND_EINTR=1 -c -o nsopenssl.o nsopenssl.c
<emphasis>(many lines omitted)</emphasis>
gcc -shared -nostartfiles -o nsopenssl.so nsopenssl.o config.o init.o ssl.o thread.o tclcmds.o -L/usr/local/ssl/lib -lssl -lcrypto
[root nsopenssl-2.1]# <userinput>cp nsopenssl.so /usr/local/aolserver/bin</userinput>
[root nsopenssl-2.1]# <userinput>cp https.tcl /usr/local/aolserver/modules/tcl/</userinput>
[root nsopenssl-2.1]#
<action>cd /usr/local/src/aolserver
wget --passive http://www.scottg.net/download/nsopenssl-2.1.tar.gz
tar xzf nsopenssl-2.1.tar.gz
cd nsopenssl-2.1
make OPENSSL=/usr/local/ssl
cp nsopenssl.so /usr/local/aolserver/bin
cp https.tcl /usr/local/aolserver/modules/tcl/</action></screen>
<para>For Debian (<ulink
url="http://openacs.org/forums/message-view?message_id=93854">more
information</ulink>):</para>
<screen><action>apt-get install libssl-dev
cd /usr/local/src/aolserver
tar xzf /tmp/nsopenssl-2.1.tar.gz
cd nsopenssl-2.1
make OPENSSL=/usr/lib/ssl
cp nsopenssl.so /usr/local/aolserver/bin
cp https.tcl /usr/local/aolserver/modules/tcl/</action></screen>
</sect2>
<sect2 id="install-nsopenssl-aolserver4">
<title>Install on AOLserver4</title>
<para> You will need the AOLserver4 source in <computeroutput>/usr/local/src/aolserver/aolserver</computeroutput> and OpenSSL installed in <computeroutput>/usr/local/ssl</computeroutput> (or at least symlinked there). The use of <computeroutput>INST=/point/to/aolserver</computeroutput> is being replaced with <computeroutput>AOLSERVER=/point/to/aolserver</computeroutput>. We are including both here, because while this module still requires INST, if one just uses AOLSERVER, the default value would be used and could interfere with another existing installation.</para>
<para>FreeBSD note: build nsopenssl with <userinput>gmake install OPENSSL=/usr/local/openssl AOLSERVER=/usr/local/aolserver4r10</userinput>
</para>
<screen>[root bin]#<userinput> cd /usr/local/src/aolserver</userinput>
[root aolserver]# <userinput>cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/aolserver login</userinput>
[root aolserver]# <userinput>cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/aolserver co nsopenssl</userinput>
[root aolserver]# <userinput>cd nsopenssl</userinput>
[root nsopenssl]# <userinput>make OPENSSL=/usr/local/ssl</userinput>
gcc -I/usr/local/ssl/include (many items omitted) -c -o sslcontext.o sslcontext.c
<emphasis>(many lines omitted)</emphasis>
[root nsopenssl-2.1]# <userinput>make install OPENSSL=/usr/local/ssl AOLSERVER=/usr/local/aolserver4r10 INST=/usr/local/aolserver4r10</userinput>
[root nsopenssl-2.1]#
<action>cd /usr/local/src/aolserver
cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/aolserver login
cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/aolserver co nsopenssl
cd nsopenssl
make OPENSSL=/usr/local/ssl
make install OPENSSL=/usr/local/ssl AOLSERVER=/usr/local/aolserver AOLSERVER=/usr/local/aolserver4r10</action></screen>
<para>If you have problems starting your server with nsopenssl.so due to missing libssl.so.0.9.7 (or lower), you have to create symlinks
<screen>
[root nsopenssl]# <userinput>cd /usr/local/aolserver/lib</userinput>
[root lib]# <userinput>ln -s /usr/local/ssl/lib/libssl.so.0.9.7 libssl.so.0.9.7</userinput>
[root lib]# <userinput>ln -s /usr/local/ssl/lib/libcrypto.so.0.9.7 libcrypto.so.0.9.7</userinput>
[root lib]#
<action>cd /usr/local/aolserver/lib
ln -s /usr/local/ssl/lib/libssl.so.0.9.7 libssl.so.0.9.7
ln -s /usr/local/ssl/lib/libcrypto.so.0.9.7 libcrypto.so.0.9.7
</action>
</screen>
</para>
<para>SSL support must be enabled separately in each OpenACS
server (<xref linkend="ssl-certificates"/>. </para>
<para>If your ports for SSL are privileged (below 1024), you
will have to start AOLserver with prebinds for both your HTTP
and your HTTPS port (usually by adding <computeroutput>-b
<replaceable>your_ip:your_http_port</replaceable>,<replaceable>your_ip:your_https_port</replaceable></computeroutput>
to the nsd call. If you are using daemontools, this can be
changed in your <computeroutput>etc/daemontools/run
file</computeroutput>).</para>
<para>To enable SSL support in your server, make sure your
etc/config.tcl file has a section on "OpenSSL 3 with AOLserver4". If
that section is not present, try looking at the README file in
<computeroutput>/usr/local/src/aolserver/nsopenssl</computeroutput>.</para>
</sect2>
</sect1>
<sect1 id="install-tclwebtest">
<title>Install tclwebtest.</title>
<para>Download the <link linkend="source-tclwebtest">tclwebtest
source</link>, unpack it, and put it an appropriate
place. (tclwebtest 1.0 will be required for auto-tests in OpenACS 5.1. When it exists, the cvs command here will be replaced with http://prdownloads.sourceforge.net/tclwebtest/tclwebtest-0.3.tar.gz?download.) As root:</para>
<screen><action>cd /tmp
cvs -z3 -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/tclwebtest co tclwebtest
#wget http://umn.dl.sourceforge.net/sourceforge/tclwebtest/tclwebtest-1.0.tar.gz
#tar xvzf tclwebtest-1-0.tar.gz
mv tclwebtest-0.3 /usr/local/
ln -s /usr/local/tclwebtest-0.3 /usr/local/tclwebtest
ln -s /usr/local/tclwebtest/tclwebtest /usr/local/bin
</action></screen>
</sect1>
<sect1 id="install-php">
<title>Install PHP for use in AOLserver</title>
<authorblurb>
<para>By <ulink url="mailto:openacs@sussdorff.de">Malte Sussdorff</ulink></para>
</authorblurb>
<para>To be able to use PHP software with AOLserver (and OpenACS), you have to install PHP with AOLserver support. Get the latest version from <ulink url="http://www.php.net">www.php.net</ulink>. For convenience we get version 4.3.4 from a mirror</para>
<screen>[root root]# <userinput>cd /usr/local/src</userinput>
[root src]# <userinput>wget http://de3.php.net/distributions/php-4.3.4.tar.gz</userinput>
[root src]# <userinput>tar xfz php-4.3.4.tar.gz</userinput>
[root src]# <userinput>cd php-4.3.4</userinput>
[root php-4.3.4]# <userinput>cd php-4.3.4</userinput>
[root php-4.3.4]# <userinput> ./configure --with-aolserver=/usr/local/aolserver/ --with-pgsql=/usr/local/pgsql --without-mysql</userinput>
[root php-4.3.4]# <userinput>make install</userinput>
</screen>
<para>Once installed you can enable this by configuring your config file. Make sure your config file supports php (it should have a php section with it). Furthermore, add <userinput>index.php</userinput> as the last element to your <computeroutput>directoryfile</computeroutput> directive.</para>
</sect1>
<sect1 id="install-squirrelmail">
<title>Install Squirrelmail for use as a webmail system for OpenACS</title>
<authorblurb>
<para>By <ulink url="mailto:openacs@sussdorff.de">Malte Sussdorff</ulink></para>
</authorblurb>
<para>This section is work in progress. It will detail how you can install Squirrelmail as a webmail frontend for OpenACS, thereby neglecting the need to have a separate webmail package within OpenACS</para>
<screen>[$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]# <userinput>cd www</userinput>
[$OPENACS_SERVICE_NAME www]# <userinput>wget http://cesnet.dl.sourceforge.net/sourceforge/squirrelmail/squirrelmail-1.4.4.tar.gz</userinput>
[$OPENACS_SERVICE_NAME www]# <userinput>tar xfz squirrelmail-1.4.4.tar.gz</userinput>
[$OPENACS_SERVICE_NAME www]# <userinput>mv squirrelmail-1.4.4 mail</userinput>
[$OPENACS_SERVICE_NAME www]# <userinput>cd mail/config</userinput>
[$OPENACS_SERVICE_NAME www]# <userinput>./conf.pl</userinput>
</screen>
<para>Now you are about to configure Squirrelmail. The configuration heavily depends on your setup, so no instructions are given here.</para>
</sect1>
<sect1 id="install-pam-radius">
<title>Install PAM Radius for use as external authentication</title>
<authorblurb>
<para>By <ulink url="mailto:openacs@sussdorff.de">Malte Sussdorff</ulink></para>
</authorblurb>
<para>This step by step guide is derived from the installation instructions which you can find at <replaceable>yourdomain.com</replaceable>/doc/acs-authentication/ext-auth-pam-install.html. It is build upon PAM 0.77 (tested) and does not work on RedHat Linux Enterprise 3 (using PAM 0.75). It makes use of the ns_pam module written by Mat Kovach. The instructions given in here do work with PAM LDAP accordingly and differences will be shown at the end of the file.</para>
<orderedlist>
<listitem id="install-ns_pam">
<formalpara>
<title>Install ns_pam</title>
<para>Download and install ns_pam</para>
</formalpara>
<screen>[root aolserver]# <userinput>cd /usr/local/src/aolserver/</userinput>
[root aolserver]# <userinput>wget http://braindamage.alal.com/software/ns_pam-0.1.tar.gz</userinput>
[root aolserver]# <userinput>tar xvfz ns_pam-0.1.tar.gz</userinput>
[root aolserver]# <userinput>cd ns_pam-0.1</userinput>
[root ns_pam-0.1]# <userinput>make install INST=/usr/local/aolserver</userinput>
[root ns_pam-0.1]#
<action>cd /usr/local/src/aolserver/
wget http://braindamage.alal.com/software/ns_pam-0.1.tar.gz
tar xvfz ns_pam-0.1.tar.gz
cd ns_pam-0.1
make install INST=/usr/local/aolserver
</action>
</screen>
</listitem>
<listitem id="configure-ns_pam">
<formalpara>
<title>Configure ns_pam</title>
<para>Configure AOLserver for ns_pam</para>
</formalpara>
<para>To enable ns_pam in AOLServer you will first have to edit your config.tcl file and enable the loading of the ns_pam module and configure the aolservers pam configuration file.</para>
<itemizedlist>
<listitem><para>
Change <emphasis>config.tcl</emphasis>. Remove the
<emphasis>#</emphasis> in front of <computeroutput>ns_param
nspam ${bindir}/nspam.so</computeroutput> to enable the loading
of the ns_pam module.
</para></listitem>
<listitem><para>
Change <emphasis>config.tcl</emphasis>. Replace
<computeroutput>pam_domain</computeroutput> in the section
<computeroutput>ns/server/${server}/module/nspam</computeroutput>
with <userinput>aolserver</userinput>
</para></listitem>
<listitem><para>Create <emphasis>/etc/pam.d/aolserver</emphasis>.
<screen>
[root ns_pam]#<userinput>cp /var/lib/aolserver/<replaceable>service0</replaceable>/packages/acs-core-docs/www/files/pam-aolserver.txt /etc/pam.d/aolserver</userinput>
</screen></para>
</listitem>
</itemizedlist>
</listitem>
<listitem id="configure-pam-radius">
<formalpara>
<title>Configure PAM Radius</title>
<para>Configure and install PAM Radius</para>
</formalpara>
<para>You have to make sure that pam_radius v.1.3.16 or higher is installed, otherwise you will have to install it.</para>
<screen>[root ns_pam]# <userinput>cd /usr/local/src/</userinput>
[root src]# <userinput>wget ftp://ftp.freeradius.org/pub/radius/pam_radius-1.3.16.tar</userinput>
[root src]# <userinput>tar xvf pam_radius-1.3.16</userinput>
[root src]# <userinput>cd pam_radius</userinput>
[root pam_radius]# <userinput>make</userinput>
[root pam_radius]# <userinput>cp pam_radius_auth.so /lib/security/</userinput>
[root pam_radius]#
<action>cd /usr/local/src
wget ftp://ftp.freeradius.org/pub/radius/pam_radius-1.3.16.tar
tar xvf pam_radius-1.3.16
cd pam_radius
make
cp pam_radius_auth.so /lib/security/
</action>
</screen>
<para>Next you have to add the configuration lines to your Radius configuration file (/etc/rddb/server). For AOLserver to be able to access this information you have to change the access rights to this file as well.</para>
<screen>[root pam_radius]# <userinput>echo "radius.<replaceable>yourdomain.com</replaceable>:1645 <replaceable>your_radius_password</replaceable> >>/etc/rddb/server</userinput>
[root src]# <userinput>chown <replaceable>service0</replaceable>:web /etc/rddb/server</userinput>
</screen>
</listitem>
</orderedlist>
</sect1>
<sect1 id="install-ldap-radius">
<title>Install LDAP for use as external authentication</title>
<authorblurb>
<para>By <ulink url="mailto:openacs@sussdorff.de">Malte Sussdorff</ulink></para>
</authorblurb>
<para>This step by step guide on how to use LDAP for external authentication using the LDAP bind command, which differs from the approach usually taken by auth-ldap. Both will be dealt with in these section</para>
<orderedlist>
<listitem id="install-openldap">
<formalpara>
<title>Install openldap</title>
<para>Download and install ns_ldap</para>
</formalpara>
<screen>[root aolserver]# <userinput>cd /usr/local/src/</userinput>
[root src]# <userinput>wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.2.17.tgz</userinput>
[root src]# <userinput>tar xvfz openldap-2.2.17.tgz</userinput>
[root src]# <userinput>cd openldap-2.2.17</userinput>
[root src]# <userinput>./configure --prefix=/usr/local/openldap</userinput>
[root openldap]# <userinput>make install</userinput>
[root openldap]#
<action>cd /usr/local/src/
wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.2.17.tgz
tar xvfz openldap-2.2.17.tgz
cd openldap-2.2.17
./configure --prefix=/usr/local/openldap --disable-slapd
make install
</action>
</screen>
</listitem>
<listitem id="install-ns_ldap">
<formalpara>
<title>Install ns_ldap</title>
<para>Download and install ns_ldap</para>
</formalpara>
<screen>[root aolserver]# <userinput>cd /usr/local/src/aolserver/</userinput>
[root aolserver]# <userinput>wget http://www.sussdorff.de/resources/nsldap.tgz</userinput>
[root aolserver]# <userinput>tar xfz nsldap.tgz</userinput>
[root aolserver]# <userinput>cd nsldap</userinput>
[root ns_pam-0.1]# <userinput>make install LDAP=/usr/local/openldap INST=/usr/local/aolserver</userinput>
[root ns_pam-0.1]#
<action>cd /usr/local/src/aolserver/
wget http://www.sussdorff.de/resources/nsldap.tgz
tar xfz nsldap.tgz
cd nsldap
make install LDAP=/usr/local/openldap INST=/usr/local/aolserver
</action>
</screen>
</listitem>
<listitem id="configure-ns_ldap">
<formalpara>
<title>Configure ns_ldap for traditional use</title>
<para>Traditionally OpenACS has supported ns_ldap for authentication by storing the OpenACS password in an encrypted field within the LDAP server called "userPassword". Furthermore, a CN field was used for searching for the username, usually userID or something similar. This field is identical to the <emphasis>username</emphasis>stored in OpenACS. Therefore, the login will only work if you change login method to make use of the username instead.</para>
</formalpara>
<itemizedlist>
<listitem><para>
Change <emphasis>config.tcl</emphasis>. Remove the <emphasis>#</emphasis> in front of <computeroutput>ns_param nsldap ${bindir}/nsldap.so</computeroutput> to enable the loading of the ns_ldap module.
</para></listitem>
</itemizedlist>
</listitem>
<listitem id="configure-ns_ldap-bind">
<formalpara>
<title>Configure ns_ldap for use with LDAP bind</title>
<para>LDAP authentication usually is done by trying to bind (aka login) a user with the LDAP server. The password of the user is not stored in any field of the LDAP server, but kept internally. The latest version of ns_ldap supports this method with the <emphasis>ns_ldap bind</emphasis> command. All you have to do to enable this is to configure auth_ldap to make use of the BIND authentication instead. Alternatively you can write a small script on how to calculate the username out of the given input (e.g. if the OpenACS username is malte.fb03.tu, the LDAP request can be translated into "ou=malte,ou=fb03,o=tu" (this example is encoded in auth_ldap and you just have to comment it out to make use of it).</para>
</formalpara>
</listitem>
</orderedlist>
</sect1>
<xi:include href="aolserver.xml" xmlns:xi="http://www.w3.org/2001/XInclude">
<xi:fallback>Section Missing</xi:fallback>
</xi:include>
</appendix>
