Forum OpenACS Q&A: Re: OpenACS5 install on Mac OS X

Collapse
Posted by Bruno Mattarollo on

Hello all,

While talking to Carl Blessius, I mentioned the fact that I installed dotLRN 2.0.2, AOLServer 4 (+ nsopenssl 3.0 beta), PostgreSQL 7.4.2 on Panther Server and he asked me to post the details of what I had to do in order to make everything work, so here it goes...

First things first, so I downloaded PostgreSQL 7.4.2 and compile it:

$ ./configure --without-readline; make; sudo make install
Once the compilation and installation is done, doing and initdb -D /usr/local/pgsql/data yeld some strange error about the shared memory not being enough ... So, you have to edit /etc/rc and change the following parameters to read:
sysctl -w kern.sysv.shmmax=41943040
sysctl -w kern.sysv.shmmin=12
sysctl -w kern.sysv.shmmni=320
sysctl -w kern.sysv.shmseg=80
sysctl -w kern.sysv.shmall=10240
(note: I just took the current parameters and multiplied by 10 except in shmmin where I made it 12. Why? I saw this after a google search ... it works fine for me! Of course DO THIS AT YOUR OWN RISK!!!).
Restarting the server after changing those parameters enabled me to run initdb. So, in response from the question of Mark, I didn't recompile bison or added anything else.

After that, I went on and got the AOLServer 4.0.1 sources and the additional required modules, like nscache, nssha1, nspostgres, nsopenssl 3.0 beta 17 and tDOM 0.7.8. For all these modules, I just followed the instructions from the OpenACS installation docs.

So far everything was going well ... I then downloaded dotLRN 2.0.2 and installed it in ~/Development/openacs/dotlrn/ for my development work. I am not following the standard /var/lib/aolserver/service0/ from the docs ... that's only because ... no reason in particular 😉.

I then created my SSL certificates (self-signed):

$  openssl genrsa -des3 -out server.key 1024
$  openssl rsa -in server.key -out server.pem
$  openssl req -new -key server.key -out server.csr
    [ ... fill in all the details ... ]
$  openssl x509 -req -in server.csr -signkey server.key -out server.crt
    [ ... fill in some more details and make sure you are signing the correct stuff ... ]
$  sudo mkdir -p /usr/local/aolserver/servers/dotlrn/modules/nsopenssl/server/
$ sudo cp server* /usr/local/aolserver/servers/dotlrn/modules/nsopenssl/server/
$ sudo mkdir /usr/local/aolserver/servers/dotlrn/modules/nsopenssl/ca-client
$ sudo cp /private/etc/certs/ca.crt /usr/local/aolserver/servers/dotlrn/modules/nsopenssl/ca-client/
And then came the tricky part of dealing with a completely new configuration part for nsopenssl ... This is the extract from my configuration ... I still need to look more into it to make sure all is correct but it works TM:
#---------------------------------------------------------------------
#
# OpenSSL
#
#---------------------------------------------------------------------

ns_section "ns/server/${server}/module/nsopenssl/sslcontexts"
ns_param vs1_users_ctx        "SSL context used for regular user access"
ns_param vs1_admins_ctx       "SSL context used for administrator access"

ns_section "ns/server/${server}/module/nsopenssl/defaults"
ns_param server               vs1_users_ctx

ns_section "ns/server/${server}/module/nsopenssl/sslcontext/vs1_users_ctx"
ns_param Role                  server
ns_param CertFile              server/server.crt
ns_param KeyFile               server/server.pem
ns_param CADir                 ca-client/dir
ns_param CAFile                ca-client/ca-client.crt
ns_param Protocols             "SSLv3, TLSv1"
ns_param CipherSuite           "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
ns_param PeerVerify            false
ns_param PeerVerifyDepth       3
ns_param Trace                 false

ns_section "ns/server/${server}/module/nsopenssl/sslcontext/vs1_admins_ctx"
ns_param Role                  server
ns_param CertFile              server/server.crt
ns_param KeyFile               server/server.pem
ns_param CADir                 ca-client/dir
ns_param CAFile                ca-client/ca-client.crt
#ns_param Protocols             "All"
ns_param Protocols             "SSLv3, TLSv1"
ns_param CipherSuite           "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
ns_param PeerVerify            false
ns_param PeerVerifyDepth       3
ns_param Trace                 false

# SSL drivers. Each driver defines a port and a named SSL context to associate
# with it.

ns_section "ns/server/${server}/module/nsopenssl/ssldrivers"
ns_param vs1_users_drv            "Driver for vs1 regular user access"
ns_param vs1_admins_drv           "Driver for vs1 administrator access"

ns_section "ns/server/${server}/module/nsopenssl/ssldriver/vs1_users_drv"
ns_param sslcontext            vs1_users_ctx
ns_param port                  443
ns_param hostname              $hostname
ns_param address               $address

ns_section "ns/server/${server}/module/nsopenssl/ssldriver/vs1_admins_drv"
ns_param sslcontext            vs1_admins_ctx
ns_param port                  7002
ns_param hostname              $hostname
ns_param address               $address
And of course, to start AOLServer 4 and to get to bind to all the different ports, you need to invoque it differently... My start command looks like:
sudo /usr/local/aolserver/bin/nsd-postgres -u admin -B /usr/local/aolserver/bin/bind.txt -t ~/Development/openacs/dotlrn/etc/config.tcl
The content of bind.txt is:
$ cat bind.txt
XXX.XXX.XXX.XXX:80
XXX.XXX.XXX.XXX:443
Where XXX.XXX.XXX.XXX is the IP address that AOLServer is binding to.

I think this is all it took ... It's up and running and the next step for me is to look into something like inittab for AOLServer on Panther Server and test that ... but that will be at some other stage 😊.

Hope this is helpful to someone ...

/B