APLAWS is normally installed on a four server high-availability configuration. The web server will contain Apache and Squid reverse proxy server, and serve as the front end. Two or more application servers will run the actual APLAWS codebase, normally using Resin. The database server will have either a Postgres or an Oracle database installed. The details of each server configuration is detailed below, however this guide will not cover OS installation or Oracle database installation. There are many steps involved in conducting a full production installation of APLAWS. While we try to cover everything in as much detail as possible it is recommended that you have a RedHat engineer either conduct the installtion or check the installation after completion. Here is what you have to do to conduct a full production installation of APLAWS. As you can see there are many steps involved, and many things can go wrong during the process. Configure the database server. Install the database Create the user and the tablespace/database Set up the application server Ensure that you can connect to the database via psql or sqlplus. InstallIBMJava2-JRE and IBM-JAVA2-JDK. Install resin-xxx.rpm Install aplaws-xxx.noarch.rpm and aplaws-servlet-resin-xxx.rpm no the application server. Configure the APLAWS instance and ensure that it is serving pages. Configure the web server Configure Apache virtual hosts so that it is connecting to the Resin instances via s-run. Configure Squid to serv as a reverse proxy. APLAWS will run on PostgreSQL or Oracle database servers. You will need to install the following RPMS rh-postgresql-7.3.4-8 rh-postgresql-jdbc-7.3.4-8 rh-postgresql-libs-7.3.4-8 rh-postgresql-server-7.3.4-8 After installing a PostgreSQL database server you will need to edit the configuration to enable TCP connections from the application servers. Edit /var/lib/pgpsql/data/postgres.confto set tcpip_socket to true. # tcpip_socket = false tcpip_socket = true Add parameters to the end of /var/lib/pgpsql/data/pg_hba.confto allow connections from the application server. The second line is an example configuration for an app server with the IP 172.16.68.0 and a netmask 255.255.255.0. You can set the policy to be md5 or trust. For more information please consult the Postgres Manual. # Put your actual configuration here # ---------------------------------- # # CAUTION: The default configuration allows any local user to connect # using any PostgreSQL user name, including the superuser, over either # Unix-domain sockets or TCP/IP. If you are on a multiple-user # machine, the default configuration is probably too liberal for you. # Change it to use something other than "trust" authentication. # # If you want to allow non-local connections, you need to add more # "host" records. Also, remember TCP/IP connections are only enabled # if you enable "tcpip_socket" in postgresql.conf. # TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD #local all all trust #host all all 127.0.0.1 255.255.255.255 trust # Using sockets credentials for improved security. Not available everywhere, # but works on Linux, *BSD (and probably some others) local all all ident sameuser host all all 172.16.68.0 255.255.255.0 md5 host all all 127.0.0.1 255.255.255.255 md5 Once the configuration is complete you will need to start the database as the root user. # service rhdb start As the postgres user, you will need to enable plpgsql for your databse. Then you will need to create an Unicode database and a user for your APLAWS installation. # su - postgres $ createlang plpgsql template1 $ createuser aplaws $ createdb -E unicode aplaws At this point you should test your installation by logging into the database. You will need to install the following RPMS on the application server. rh-postgresql-7.3.4-8 rh-postgresql-jdbc-7.3.4-8 rh-postgresql-libs-7.3.4-8 Test that you can connect to the database server. $ psql -h database server-U aplaws aplaws You will need to install the following RPMS on the application server. IBMJava2-SDK IBMJava2-JRE resin (not versions 2.0 or 2.3) aplaws-xxx.noarch.rpm aplaws-servlet-resin-xxx.noarch.rpm For IBMJava and resin you do not need to do anything beyond simple rpm -Uvh. You will need to install the two RPMs projectname-x.x.x-x.noarch.rpm, and projectname-servlet-resin-x.x.x-x.noarch.rpmtogether as the two are interdependent. projectname-x.x.x-x.noarch.rpmwill install your code in /var/www/ projectnamewhere it will be used by your application server. This RPM also installs the init file /etc/init.d/ projectname, the configuration script /usr/sbin/ projectname-configure.pl, and the log directory /var/log/ projectname. The servlet RPM will install configuration files and wrapper scripts for controlling the servlet container. Specifically it will install the following files: /usr/share/ projectname/bin/resin/run-apache.sh.in /usr/share/ projectname/bin/resin/run-resin.sh.in /usr/share/ projectname/bin/resin/run.sh.in /usr/share/ projectname/conf/resin /usr/share/projectname/conf/resin/httpd-resin-vhost.conf.in /usr/share/ projectname/conf/resin/resin-back.conf.in /usr/share/ projectname/conf/resin/resin-front.conf.in These files are templates for your installation. When you run the command /usr/sbin/ projectname-configure.plcopies of these files will be placed in /var/www/ projectname/confand /var/www/ projectname/bin. They will also be edited to reflect the parameters you set in /etc/ projectname.cfg Once the RPMs are installed you will need to edit the configuration file for your server. The template for the config file is /etc/ projectname.cfg-resin. Copy this file to /etc/ projectname.cfgand edit the parameters much like how you edited config.vars. Some of the parameters are not in config.varsand you will need to change the values depending on how your Resin and HTTP servers are set up. Below is an example of a configuration file for a production installation with two Resin application servers and one Apache front end. The values you need to change in addition to what what you find in config.varsis emphasised with additional comments. The Resin servers are called resin1.example.com and resin2.example.com and the Apache server is called apache.example.com. The hostnames for the servers need to be exactly as they appear when you run the hostnamecommand. If you want to change the default behavior of hostnameto return the short name or the fully qualified domain name here is what you can do: Edit /etc/sysconfig/networkand change HOSTNAME to be the fully qualified domain name. You can also use the gui tools netconfigand redhat-config-networkto do this. These changes will only take effect after the machine has been restarted. To change it at runtime pass an argument to hostnameas root. $ hostname resin1.example.comYou can test this by running hostnamewith no arguments. ########################################## # APLAWS Master configuration file # ######################################### servlet-container = resin ## This is set to servlet23 by default but should be resin servlet-webxml = resin # NB: all hostnames used should be # the fully qualified name as returned # by the 'hostname' command with no arguments. #################################### # UNIX system level configuration # Installation directory for resin ## This should be the directory of your Resin installation resin-home = /opt/resin/2.1.8 # Installation directory for this app app-home = /var/www/aplaws # Directory containing the base runtime & config files runtime-home = /usr/share/aplaws # UNIX accounts to run as user = servlet group = servlet # Whereever you installed JDK 1.3.1 # java-home = /usr/j2se # java-home = /usr/java/jdk1.3.1 ## The java-home should point to $JAVA_HOME java-home = /opt/IBMJava2-131 # Userinputly tell java to use more memory # # For Sun's JDK, on a machine with 1GB #jre-args = -J-client -J-Xss128k -J-Xms512m -J-Xmx512m -J-XX:NewSize=128m -J-XX:MaxNewSize=128m # # For IBM's JDK on a machine with 256MB #jre-args = -J-Xms128m -J-Xmx128m jre-args = -J-Xms1536m -J-Xmx1536m # The hostname of the front end apache box apache = apache.example.com # The hostnames of the back end resin boxes resin = resin1.example.com resin = resin2.example.com # The SRUN ports for apache to talk to the resin # boxes. The 'hostname:port' pair designates which # srun port each resin instance listens on. # If there is a firewall, between the resin and # apache boxes, a second 'hostname:port' pair # specifies the host and port of the firewall # # eg1. no firewall srun = resin1.example.com:6802 srun = resin2.example.com:6802 # eg2. with firewall #srun = resin1.example.com:6082, firewall:6802 #srun = resin2.example.com:6082, firewall:6803 # Turn on http listening on either apache # or resin boxes. Only need http port on # the resin boxes for debugging purposes http = apache.example.com:80 # Only for debugging http = resin1.example.com:8080 http = resin2.example.com:8080 # ACS initialization file admin-answer = 6 admin-email = admin@example.com admin-forename = Administrator admin-password = 123456 admin-question = 12345 admin-surname = Account cache-expiry = 900 cache-peers = "http://resin1.example.com:8080" caching-active = yes db-pass = aplaws_xyz db-pool = 150 db-user = aplaws debug-mode = false default-locale = en_US default-scheme = http developer-support = false dispatcher-context-path = dispatcher-servlet-path = dmi-active = false dmi-data-model-file = "/WEB-INF/sql/ccm-core/default/dmi/dmi-create.sql" dmi-xml-files = { "core-dmi.xml", "/WEB-INF/sql/ccm-core" } host-name = apache.example.com hostname = apache.example.com jdbc-url = jdbc:postgresql://postgres.example.com/aplaws log-dir = /var/log/aplaws log-level = warn log-size = 1000000 login-stylesheet = login_en.xsl lucene-index-location = /var/www/aplaws/lib/lucene-index permissionsDMLChecking = false search-intermedia-enabled = false search-lucene-enabled = true search-lucene-indexer-id = 2 server-name = apache.example.com server-port = 80 sitename = APLAWS smtp-host = localhost state-dir = /var/www/aplaws/lib subsite-dispatcher-class = com.arsdigita.ui.login.SubsiteDispatcher xslt-engine = Saxon xslt-timeout = 60000 # WCT CMS Initialization File content-digest-sender = article-digest@example.com forms-content-digest-sender = forms-digest@foo.com inso_filter_works = 0 publish-to-fs-servers = "http://resin1.example.com/", "http://resin2.example.com/" publish-to-fs-source = "http://resin2.example.com/" publish-to-fs-this-server = "http://resin2.example.com/" search-engine = lucene # Version: $Id: installing-aplaws.sgml 287 2005-02-22 00:29:02Z sskracic $ $Date: 2004/01/23 $ adminCanEditPosts = true authorCanEditPosts = true digestUserEmail = digests replyHostName = apache.example.com # Navigation initialization file default-content-section-url = "/content/" # System Properties project-name = aplaws Once you have edited /etc/ projectname.cfg-resinyou can run /usr/sbin/ projectname-configure.plto generate the config files and the run scripts for your server to use. Make sure that you do not get errors after you run this command. /usr/sbin/ projectname-configure.plcopies files from /usr/share/ projectname/bin/resin/and replaces the parameter values with what you have set in the configuration file and places them in /var/www/ projectname/conf. It also generates the wrapper run scripts in /var/www/ projectname/bin. bash-2.03# /usr/sbin/aplaws-configure.pl /etc/aplaws.cfg Reading /etc/aplaws.cfg Wrote /var/www/aplaws/dist/WEB-INF/resources/enterprise.init Wrote /var/www/aplaws/dist/WEB-INF/web.xml Wrote /var/www/aplaws/bin/run-resin.sh Wrote /var/www/aplaws/conf/resin.conf Wrote /var/www/aplaws/bin/run.sh Here is a list of the files and how they are modified. /var/www/aplaws/dist/WEB-INF/resources/enterprise.init: Initialization file used for the APLAWS server. Contains settings for the individual APLAWS packages such as database connection parameters, content types, and stylesheet engine, i.e. the paramters after # ACS initialization filein aplaws.cfg. /var/www/aplaws/dist/WEB-INF/web.xml:: Configured to work with Resin set by the line: servlet-container = resinin aplaws.cfg. /var/www/aplaws/bin/run-resin.sh: Wrapper script for starting and stopping Resin. Contains information such as JAVA_HOME, RESIN_HOM, and JVM setting (e.g. app-home, runtime-home, java-home, jre-args). /var/www/aplaws/conf/resin.conf: Configuration for the Resin servlet container. Contains information such as s-run port number, http port number, and maximum number of processes (i.e. srun, http. Once the configuration files and the wrapper scripts are written you can start, stop, and restart your sever using /etc/init.d/ projectname. The log files are located in your specified directory, by default /var/log/ projectname. You should tail -f /var/log/ projectname/*.logto monitor the progress of your server startup. When you restart the server the command will pause for a number of seconds to wait for the application server to completely exit. Once you are happy with your installation you should set APLAWS to startup automatically at reboot by running chkconfig aplaws on. You will need to install the following software to your webserver. resin source (tar.gz) apache apache-devel squid aplaws-xxx.noarch.rpm aplaws-servlet-resin-xxx.noarch.rpm You need Resin sources and apache-devel package because you will need to compile and install mod_caucho. You should use Apache and Squid that comes with your Advanced Server. Even though you will not be serving pages out of Resin on the web server, you need to install the aplaws packages because Apache will be serving static files directly from the file system to improve performance. First install resin in /optby untaring the source distribution. Run the following command to install mod_caucho. $ ./configure --with-apache /usr/sbin If you have problems with this section, or have a non-standard Apache installation consult the manual Resin with Apache on Unix. You do not need to configure virtual hosting and mod_caucho manually. Installing and configuring the APLAWs RPMs will do this for you. Follow the instructions at and configure and install the RPMs. When you run the script /usr/sbin/aplaws-configure.pl /etc/aplaws.cfgconfiguration files will be written to the file system. Here is a list of affected files and highlights of the changes. /etc/httpd/httpd.conf: Adds a directive to include the vhost configuration file /var/www/aplaws/conf/httpd-resin-vhost.conf. /var/www/aplaws/conf/httpd-resin-vhost.conf: Sets the DocumentRoot to be /var/www/aplaws/distand the CauchoConfigFile for mod_caucho as /var/www/aplaws/dist/resin-apache.conf. resin-apache.conf: Sets the location of the application server by defining the IP and the s-run port that the resin server is listening on. At this point you should be able to retrive pages from application server via Apache. Test the connection by running wget http://localhostor using telnet. In this section you will configure Squid to be the web accelerator for Apache. This step is not required but strongly recommended as it will significantly increase the performance of your site. For virtual hosting to work correctly (particularly with IE) we need to run both Apache and SQUID on the same machine and port number. This means we must tell apache on only bind to 127.0.0.1 and SQUID to only bind to the machines public ip address. In /etc/httpd/conf/httpd.conf uncomment and change BindAddress * to BindAddress 127.0.0.1 Next, uncomment and change Listen 80 To Listen 127.0.0.1:80 Then go down to the <IfDefine HAVE_SSL> block containin the two Listen statements and add Listen 127.0.0.1:443 In /etc/squid/squid.conf change # http_port 3128 To http_port 192.168.168.199:80 The default SQUID config doesn't cache urls with query parameters in them. This is only for compatability with badly written CGI scripts that don't send cache control headers. We do things properly so we need to change this behaviour. So in the squid config, comment out #hierarchy_stoplist cgi-bin ? #acl QUERY urlpath_regex cgi-bin \? #no_cache deny QUERY Turn on referers and useragents so that log analysis is useful useragent_log /var/log/squid/agent.log referer_log /var/log/squid/referer.log You'll need our custom version of SQUID compiled with --enable-referer-logand --enable-agent-log options. Next we add some access control rules to allow public users to access the cache. Add the following lines near the other block of acl definitions: acl accel_host dst 127.0.0.1/255.255.255.255 acl accel_host dst 192.168.168.199/255.255.255.255 acl accel_port port 80 If the firewall in front of the SQUID server has a different IP address to the network interface you need to add that in as well. acl accel_host dst 193.132.194.147/255.255.255.255 Then, allow access to requests matching these acls. Comment out #http_access deny all Add in http_access deny !accel_host http_access deny !accel_port http_access allow all Set the main hostname visible_hostname www.stoke.gov.uk SQUID limits HTTP file uploads to 1 MB in size, so we need to increase this to at least 20 MB otherwise CMS file storage is rather limited in usefulness: request_body_max_size 20 MB Finally, tell SQUID to be an accellerator for the apache server: httpd_accel_host 127.0.0.1 httpd_accel_port 80 Finally for virtual hosting to work, we set httpd_accel_single_host on httpd_accel_uses_host_header on This configuration separates the IP and port that Squid listens to from the Apache port. So if you do wget -S http://localhostyou are connecting to Apache, if you do wget -S http:// your-external-ipyou are connecting to Squid. This difference will helpful in determining the point of failure if you have problems Once you are happy with your installation you should set Apache and Squid to startup automatically at reboot by using chkconfig.