Forum OpenACS Q&A: Re: OpenACS5 install on Mac OS X
Hello all,
While talking to Carl Blessius, I mentioned the fact that I installed dotLRN 2.0.2, AOLServer 4 (+ nsopenssl 3.0 beta), PostgreSQL 7.4.2 on Panther Server and he asked me to post the details of what I had to do in order to make everything work, so here it goes...
First things first, so I downloaded PostgreSQL 7.4.2 and compile it:
Once the compilation and installation is done, doing and initdb -D /usr/local/pgsql/data yeld some strange error about the shared memory not being enough ... So, you have to edit /etc/rc and change the following parameters to read:$ ./configure --without-readline; make; sudo make install
(note: I just took the current parameters and multiplied by 10 except in shmmin where I made it 12. Why? I saw this after a google search ... it works fine for me! Of course DO THIS AT YOUR OWN RISK!!!).sysctl -w kern.sysv.shmmax=41943040 sysctl -w kern.sysv.shmmin=12 sysctl -w kern.sysv.shmmni=320 sysctl -w kern.sysv.shmseg=80 sysctl -w kern.sysv.shmall=10240
Restarting the server after changing those parameters enabled me to run initdb. So, in response from the question of Mark, I didn't recompile bison or added anything else.
After that, I went on and got the AOLServer 4.0.1 sources and the additional required modules, like nscache, nssha1, nspostgres, nsopenssl 3.0 beta 17 and tDOM 0.7.8. For all these modules, I just followed the instructions from the OpenACS installation docs.
So far everything was going well ... I then downloaded dotLRN 2.0.2 and installed it in ~/Development/openacs/dotlrn/ for my development work. I am not following the standard /var/lib/aolserver/service0/ from the docs ... that's only because ... no reason in particular 😉.
I then created my SSL certificates (self-signed):
And then came the tricky part of dealing with a completely new configuration part for nsopenssl ... This is the extract from my configuration ... I still need to look more into it to make sure all is correct but it works TM:$ openssl genrsa -des3 -out server.key 1024 $ openssl rsa -in server.key -out server.pem $ openssl req -new -key server.key -out server.csr [ ... fill in all the details ... ] $ openssl x509 -req -in server.csr -signkey server.key -out server.crt [ ... fill in some more details and make sure you are signing the correct stuff ... ] $ sudo mkdir -p /usr/local/aolserver/servers/dotlrn/modules/nsopenssl/server/ $ sudo cp server* /usr/local/aolserver/servers/dotlrn/modules/nsopenssl/server/ $ sudo mkdir /usr/local/aolserver/servers/dotlrn/modules/nsopenssl/ca-client $ sudo cp /private/etc/certs/ca.crt /usr/local/aolserver/servers/dotlrn/modules/nsopenssl/ca-client/
And of course, to start AOLServer 4 and to get to bind to all the different ports, you need to invoque it differently... My start command looks like:#--------------------------------------------------------------------- # # OpenSSL # #--------------------------------------------------------------------- ns_section "ns/server/${server}/module/nsopenssl/sslcontexts" ns_param vs1_users_ctx "SSL context used for regular user access" ns_param vs1_admins_ctx "SSL context used for administrator access" ns_section "ns/server/${server}/module/nsopenssl/defaults" ns_param server vs1_users_ctx ns_section "ns/server/${server}/module/nsopenssl/sslcontext/vs1_users_ctx" ns_param Role server ns_param CertFile server/server.crt ns_param KeyFile server/server.pem ns_param CADir ca-client/dir ns_param CAFile ca-client/ca-client.crt ns_param Protocols "SSLv3, TLSv1" ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" ns_param PeerVerify false ns_param PeerVerifyDepth 3 ns_param Trace false ns_section "ns/server/${server}/module/nsopenssl/sslcontext/vs1_admins_ctx" ns_param Role server ns_param CertFile server/server.crt ns_param KeyFile server/server.pem ns_param CADir ca-client/dir ns_param CAFile ca-client/ca-client.crt #ns_param Protocols "All" ns_param Protocols "SSLv3, TLSv1" ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" ns_param PeerVerify false ns_param PeerVerifyDepth 3 ns_param Trace false # SSL drivers. Each driver defines a port and a named SSL context to associate # with it. ns_section "ns/server/${server}/module/nsopenssl/ssldrivers" ns_param vs1_users_drv "Driver for vs1 regular user access" ns_param vs1_admins_drv "Driver for vs1 administrator access" ns_section "ns/server/${server}/module/nsopenssl/ssldriver/vs1_users_drv" ns_param sslcontext vs1_users_ctx ns_param port 443 ns_param hostname $hostname ns_param address $address ns_section "ns/server/${server}/module/nsopenssl/ssldriver/vs1_admins_drv" ns_param sslcontext vs1_admins_ctx ns_param port 7002 ns_param hostname $hostname ns_param address $address
The content of bind.txt is:sudo /usr/local/aolserver/bin/nsd-postgres -u admin -B /usr/local/aolserver/bin/bind.txt -t ~/Development/openacs/dotlrn/etc/config.tcl
Where XXX.XXX.XXX.XXX is the IP address that AOLServer is binding to.$ cat bind.txt XXX.XXX.XXX.XXX:80 XXX.XXX.XXX.XXX:443
I think this is all it took ... It's up and running and the next step for me is to look into something like inittab for AOLServer on Panther Server and test that ... but that will be at some other stage 😊.
Hope this is helpful to someone ...
/B