Personal tools
Document Actions
Apache SSL Linux
How-To Install Zope/Plone with Apache/SSL on Linux
This is a simple how-to for the average administrator showing how to install zope/plone with apache/ssl (incl. mod_gzip, mod_proxy, mod_rewrite, ...) on a Linux system.
Prerequisites
- Running Linux system
- C/C++ development environment
- Header files
Installation
Do this as a normal user.
- Download the latest software
- Apache: http://httpd.apache.org/download.cgi => apache_1.3.27.tar.gz
- mod_ssl: http://www.modssl.org/ => mod_ssl-2.8.12-1.3.27.tar.gz
- mod_gzip: http://prdownloads.sourceforge.net/mod-gzip => mod_gzip.so.gz
- OpenSSL: http://www.openssl.org/source/ => openssl-0.9.7.tar.gz
- Zope: http://www.zope.org/Products/Zope/2.6.1/Zope-2.6.1-linux2-x86.tgz/view => Zope-2.6.1-linux2-x86.tgz
- CMF: http://cmf.zope.org/download/CMF-1.3 => CMF-1.3.tar.gz
- Plone: http://prdownloads.sourceforge.net/plone => CMFPlone?-1.0.tar.gz
The following configuration assumes that these files are located in the user's home directory.
- Configure OpenSSL
su gzip -d -c openssl-0.9.7.tar.gz | tar xvf - mv openssl-0.9.7 /usr/local/openssl cd /usr/local/openssl ./config make exit cd ~ - Configure and install the SSL-aware Apache
gzip -d -c apache_1.3.27.tar.gz | tar xvf - gzip -d -c mod_ssl-2.8.12-1.3.27.tar.gz | tar xvf - cd mod_ssl-2.8.12-1.3.27 ./configure --with-apache=../apache_1.3.27 \ --with-ssl=/usr/local/openssl \ --prefix=/usr/local/apache \ --enable-module=rewrite \ --enable-module=proxy cd .. cd apache_1.3.27 make make certificate TYPE=custom su make install exit cd .. rm -rf apache_1.3.27 rm -rf mod_ssl-2.8.12-1.3.27 - Copy mod_gzip to the right location, unpack, and set rights and owner
cp mod_gzip.so.gz /usr/local/apache/libexec cd /usr/local/apache/libexec gzip -d mod_gzip.so.gz chown root:root mod_gzip.so chmod u=rwx,g=rx,o=rx mod_gzip.so - Fire up your SSL-aware Apache and try it out
/usr/local/apache/bin/apachectl startssl netscape http://127.0.0.1:8080/ netscape https://127.0.0.1:8443/ /usr/local/apache/bin/apachectl stop - Change httpd.conf (to be defined by Werner...)
..... - Install Zope
Use the description in the Zope-Book (http://www.zope.org/Documentation/Books/ZopeBook/2_6Edition/InstallingZope.stx) and follow the instructions contained in
doc/INSTALL.txtto complete this.su gzip -d -c Zope-2.6.1-linux2-x86.tgz | tar xvf - mv Zope-2.6.1-linux2-x86 /usr/local/zope cd /usr/local/zope ./install -u wwwrun bin/python zpasswd.py inituser Username: admin Password: Verify password: Please choose a format from: SHA - SHA-1 hashed password (default) CRYPT - UNIX-style crypt password CLEARTEXT - no protection Encoding: SHA Domain restrictions: su chown root:root var chmod o+t var ./start -X -u wwwrun -w 127.0.0.1:8080Test Zope (http://localhost:8080/). Login to Zope and do a Shutdown
- Install CMF
Follow the instructions contained in
INSTALL.txtto complete this.exit cd ~ gzip -d -c CMF-1.3.tar.gz | tar xvf - mv CMF-1.3/CMFCalendar /usr/local/zope/lib/python/Products/CMFCalendar mv CMF-1.3/CMFCore /usr/local/zope/lib/python/Products/CMFCore mv CMF-1.3/CMFDefault /usr/local/zope/lib/python/Products/CMFDefault mv CMF-1.3/CMFTopic /usr/local/zope/lib/python/Products/CMFTopic rm -rf CMF-1.3 - Install Plone
gzip -d -c CMFPlone-1.0.tar.gz | tar xvf - mv CMFPlone-1.0/ActivePak /usr/local/zope/lib/python/Products/ActivePak mv CMFPlone-1.0/CMFPlone /usr/local/zope/lib/python/Products/CMFPlone mv CMFPlone-1.0/DCWorkflow /usr/local/zope/lib/python/Products/DCWorkflow mv CMFPlone-1.0/Formulator /usr/local/zope/lib/python/Products/Formulator mv CMFPlone-1.0/i18n /usr/local/zope/lib/python/Products/i18n rm -rf CMFPlone-1.0Restart Zope.
su cd /usr/local/zope ./start -X -u wwwrun -w 127.0.0.1:8080Go to the management interface (http://localhost:8080/manage). You should now find "Plone Site" in the list of products to add. This means Plone has installed succesfully.
Select "Plone Site" from the drop down list. The following form prompts you for some information about your Plone site:
- Id required: is the id of the Plone site and is a short name containing a restricted character set (just alphanumeric characters is recommended), this will be URL to your Plone site.
- Title: is the name of the Plone site that will appear on all pages
- Membership source: if you are unsure what this means, leave it at the default "Create a new...". You either have choice of adding an user folder inside your Plone site or using one in a higher folder.
- Description: a description of the site
- Site type: lets you define a different type of site, for example a custom site of skin. This manual assumes you have used the Default value.
After "Add Plone Site" has been clicked, a new site will be created. This might take a few seconds as it loads up all the information.
- Configure VirtualHostMonster?
Go to the Root Folder, select "Virtual Host Monster" and add it. The following form prompts you for some information:
- Id: VHM
You don't have to configure the VirtualHostMonster?. All the rewriting is done by Apache's mod_proxy.
- Create startup script for Apache (draft! must be tested!)
#!/bin/sh ### BEGIN INIT INFO # Provides: apache httpd # Required-Start: $local_fs $remote_fs $network # X-UnitedLinux-Should-Start: $named $time postgresql sendmail mysql ypclient dhcp radiusd # Required-Stop: $local_fs $remote_fs $network # X-UnitedLinux-Should-Stop: # Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Short-Description: Apache httpd # Description: Start the httpd daemon Apache ### END INIT INFO case "$1" in 'start') /usr/local/apache/bin/apachectl startssl >/dev/null 2>&1 </dev/null echo "apache started" RETVAL=$? ;; 'stop') /usr/local/apache/bin/apachectl stop echo "apache stopped" RETVAL=$? ;; 'status') if [ .... ] ; then ...... echo "apache is running..." else echo "apache not running." RETVAL=1 fi ;; 'restart') $0 stop && sleep 3 $0 start RETVAL=$? ;; *) echo "Usage: /etc/rc.d/init.d/apache {start|stop|restart|status}" RETVAL=1 ;; esac exit $RETVAL - Create startup script for Zope (draft! must be tested!)
#!/bin/bash # # /etc/rc.d/init.d/zope # # Starts the zope daemon # processname: zope # Source function library. . /etc/rc.d/init.d/functions case "$1" in start) # Check if zope is already running if [ ! -f /var/lock/subsys/zope ] ; then echo -n 'Starting zope daemon: ' /home/zope/zope/startd 2> /dev/null i=0 while [ $i -lt 30 ]; do [ -f /home/zope/zope/var/Z2.pid ] && break sleep 1 && echo -n "." let i=i+1 done if [ $i -ge 30 ] ; then echo "Time out." exit 1 else cat /home/zope/zope/var/Z2.pid > /var/lock/subsys/zope touch /var/lock/subsys/zope cat /home/zope/zope/var/Z2.pid > /var/run/zope.pid touch /var/run/zope echo " OK" fi else echo "zope already running." fi echo ;; stop) echo -n 'Stopping zope daemon: ' [ -f /home/zope/zope/var/Z2.pid ] && kill `cat /home/zope/zope/var/Z2.pid` rm -f /var/lock/subsys/zope rm -f /home/zope/zope/var/Z2.pid rm -f /home/zope/zope/var/pcgi.soc rm -f /home/zope/zope/var/zProcessManager.pid echo " OK" echo ;; reload|restart) $0 stop $0 start ;; status) if [ -f /home/zope/zope/var/Z2.pid ] ; then cat /home/zope/zope/var/Z2.pid > /var/lock/subsys/zope touch /var/lock/subsys/zope cat /home/zope/zope/var/Z2.pid > /var/run/zope.pid touch /var/run/zope echo "zope (pid `head -1 /var/run/zope.pid`) is running..." else echo "zope not running." fi ;; *) echo "Usage: /etc/rc.d/init.d/zope {start|stop|restart|reload|status}" exit 1 esac - Test everything
..... to be defined .....
Open issues
- mod_gzip and https not yet working
- test startup scripts
- apachectl startssl: passphrase is still being asked...
- phollands (May 8, 2003 12:03 pm; Comment #1) Editor Remark Requested
- The really critical http.conf information is missing from this document .... section 6 says ....
Change httpd.conf (to be defined by Werner...)
But it never was defined - So I'm off to look for an authoritive source elsewhere. If you have one please email me.
