LibreCCM
/
libreccm-legacy
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
libreccm-legacy/ccm-zes-aplaws/doc/deployment/installing-aplaws.sgml

833 lines
31 KiB
Plaintext
Raw Blame History

<chapter id="ch-installing-aplaws">
<title>Installing APLAWS</title>
<para>APLAWS is normally installed on a four server
high-availability configuration. The web server will contain
Apache and Squid reverse proxy server, and serve as the front
end. Two or more application servers will run the actual APLAWS
codebase, normally using Resin. The database server will have
either a Postgres or an Oracle database installed. The details of
each server configuration is detailed below, however this guide
will not cover OS installation or Oracle database
installation.</para>
<note>
<title>Caution</title>
<para>
There are many steps involved in conducting a full production
installation of APLAWS. While we try to cover everything in as much
detail as possible it is recommended that you have a RedHat engineer
either conduct the installtion or check the installation after
completion.
</para>
</note>
<sect1 id="s1-quick-install-guide">
<title>Quick Guide for the Impatient</title>
<para>Here is what you have to do to conduct a full production
installation of APLAWS. As you can see there are many steps
involved, and many things can go wrong during the
process.</para>
<para>
<orderedlist>
<listitem>
<para>Configure the database server.
<itemizedlist>
<listitem>
<para>Install the database</para>
</listitem>
<listitem>
<para>Create the user and the
tablespace/database</para>
</listitem>
</itemizedlist></para>
</listitem>
<listitem>
<para>Set up the application server
<itemizedlist>
<listitem>
<para>Ensure that you can connect to the database via
psql or sqlplus.</para>
</listitem>
<listitem>
<para>InstallIBMJava2-JRE and IBM-JAVA2-JDK.</para>
</listitem>
<listitem>
<para>Install resin-xxx.rpm</para>
</listitem>
<listitem>
<para>Install aplaws-xxx.noarch.rpm and
aplaws-servlet-resin-xxx.rpm no the application
server.</para>
</listitem>
<listitem>
<para>Configure the APLAWS instance and ensure that
it is serving pages.</para>
</listitem>
</itemizedlist></para>
</listitem>
<listitem>
<para>Configure the web server
<itemizedlist>
<listitem>
<para>Configure Apache virtual hosts so that it is
connecting to the Resin instances via s-run.</para>
</listitem>
<listitem>
<para>Configure Squid to serv as a reverse
proxy.</para>
</listitem>
</itemizedlist></para>
</listitem>
</orderedlist>
</para>
</sect1>
<sect1 id="s1-database-server">
<title>Setting up the database server</title>
<para>APLAWS will run on PostgreSQL or Oracle database
servers.</para>
<sect2 id="s2-postgres-setup">
<title>Installing PostgreSQL server</title>
<para>You will need to install the following RPMS
<itemizedlist>
<listitem>
<para>rh-postgresql-7.3.4-8</para>
</listitem>
<listitem>
<para>rh-postgresql-jdbc-7.3.4-8</para>
</listitem>
<listitem>
<para>rh-postgresql-libs-7.3.4-8</para>
</listitem>
<listitem>
<para>rh-postgresql-server-7.3.4-8</para>
</listitem>
</itemizedlist></para>
</sect2>
<sect2 id="s2-pg-tcp-connection">
<title>Enabling TCP Connection</title>
<para>After installing a PostgreSQL database server you will
need to edit the configuration to enable TCP connections from
the application servers.</para>
<sect3 id="s3-postgres_conf">
<title>
<filename>postgres.conf</filename>
</title>
<para>Edit
<filename>/var/lib/pgpsql/data/postgres.conf</filename>to
set tcpip_socket to true.
<screen>
<computeroutput>
# tcpip_socket = false
tcpip_socket = true
</computeroutput>
</screen></para>
</sect3>
<sect3 id="s3-pg_hba_conf">
<title>
<filename>pg_hba.conf</filename>
</title>
<para>Add parameters to the end of
<filename>/var/lib/pgpsql/data/pg_hba.conf</filename>to
allow connections from the application server. The second
line is an example configuration for an app server with the
IP 172.16.68.0 and a netmask 255.255.255.0. You can set the
policy to be md5 or trust. For more information please
consult the
<ulink url="http://postgresql.org">Postgres Manual</ulink>.
<screen>
<computeroutput>
# Put your actual configuration here
# ----------------------------------
#
# CAUTION: The default configuration allows any local user to connect
# using any PostgreSQL user name, including the superuser, over either
# Unix-domain sockets or TCP/IP. If you are on a multiple-user
# machine, the default configuration is probably too liberal for you.
# Change it to use something other than "trust" authentication.
#
# If you want to allow non-local connections, you need to add more
# "host" records. Also, remember TCP/IP connections are only enabled
# if you enable "tcpip_socket" in postgresql.conf.
# TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD
#local all all trust
#host all all 127.0.0.1 255.255.255.255 trust
# Using sockets credentials for improved security. Not available everywhere,
# but works on Linux, *BSD (and probably some others)
local all all ident sameuser
host all all 172.16.68.0 255.255.255.0 md5
host all all 127.0.0.1 255.255.255.255 md5
</computeroutput>
</screen>
</para>
</sect3>
<sect3 id="s3-pg-start-database">
<title>Database Startup</title>
<para>Once the configuration is complete you will need to
start the database as the root user.</para>
<screen><computeroutput># service rhdb start</computeroutput></screen>
</sect3>
<sect3 id="s3-pg-createdatabase">
<title>Create User and Database</title>
<para>As the postgres user, you will need to enable plpgsql
for your databse. Then you will need to create an Unicode
database and a user for your APLAWS installation.</para>
<screen><computeroutput>
# su - postgres
$ createlang plpgsql template1
$ createuser aplaws
$ createdb -E unicode aplaws
</computeroutput></screen>
<para>At this point you should test your installation by
logging into the database.</para>
</sect3>
<sect3 id="s3-pg-client">
<title>Client Installation</title>
<para>You will need to install the following RPMS on the
application server.
<itemizedlist>
<listitem>
<para>rh-postgresql-7.3.4-8</para>
</listitem>
<listitem>
<para>rh-postgresql-jdbc-7.3.4-8</para>
</listitem>
<listitem>
<para>rh-postgresql-libs-7.3.4-8</para>
</listitem>
</itemizedlist></para>
<para>Test that you can connect to the database server.
<screen><computeroutput>
$ psql -h <userinput>database server</userinput>-U aplaws aplaws
</computeroutput></screen></para>
</sect3>
</sect2>
</sect1>
<sect1 id="s1-application-server-setup">
<title>Setting up the application server</title>
<sect2 id="s2-app-software">
<title>Required Software</title>
<para>You will need to install the following RPMS on the
application server.
<itemizedlist>
<listitem>
<para>IBMJava2-SDK</para>
</listitem>
<listitem>
<para>IBMJava2-JRE</para>
</listitem>
<listitem>
<para>resin (not versions 2.0 or 2.3)</para>
</listitem>
<listitem>
<para>aplaws-xxx.noarch.rpm</para>
</listitem>
<listitem>
<para>aplaws-servlet-resin-xxx.noarch.rpm</para>
</listitem>
</itemizedlist></para>
<para>For IBMJava and resin you do not need to do anything
beyond simple
<command>rpm -Uvh</command>.</para>
</sect2>
<sect2 id="s2-app-install-rpm-project">
<title>Installing the RPMs</title>
<para>You will need to install the two RPMs
<filename>
<replaceable>
projectname</replaceable>-x.x.x-x.noarch.rpm</filename>, and
<filename>
<replaceable>
projectname</replaceable>-servlet-resin-x.x.x-x.noarch.rpm</filename>together
as the two are interdependent.
<filename>
<replaceable>
projectname</replaceable>-x.x.x-x.noarch.rpm</filename>will
install your code in
<filename>/var/www/
<replaceable>projectname</replaceable></filename>where it
will be used by your application server. This RPM also
installs the init file
<filename>/etc/init.d/
<replaceable>projectname</replaceable></filename>, the
configuration script
<filename>/usr/sbin/
<replaceable>
projectname</replaceable>-configure.pl</filename>, and the
log directory
<filename>/var/log/
<replaceable>projectname</replaceable>.</filename></para>
</sect2>
<sect2 id="s2-web-install-rpm-servlet">
<title>Installing the Project RPMs</title>
<para>The servlet RPM will install configuration files and
wrapper scripts for controlling the servlet container.
Specifically it will install the following files:
<itemizedlist>
<listitem>
<para>
<filename>/usr/share/
<replaceable>
projectname</replaceable>/bin/resin/run-apache.sh.in</filename>
</para>
</listitem>
<listitem>
<para>
<filename>/usr/share/
<replaceable>
projectname</replaceable>/bin/resin/run-resin.sh.in</filename>
</para>
</listitem>
<listitem>
<para>
<filename>/usr/share/
<replaceable>
projectname</replaceable>/bin/resin/run.sh.in</filename>
</para>
</listitem>
<listitem>
<para>
<filename>/usr/share/
<replaceable>
projectname</replaceable>/conf/resin</filename>
</para>
</listitem>
<listitem>
<para>
<filename>/usr/share/<replaceable>projectname</replaceable>/conf/resin/httpd-resin-vhost.conf.in</filename>
</para>
</listitem>
<listitem>
<para>
<filename>/usr/share/
<replaceable>
projectname</replaceable>/conf/resin/resin-back.conf.in</filename>
</para>
</listitem>
<listitem>
<para>
<filename>/usr/share/
<replaceable>
projectname</replaceable>/conf/resin/resin-front.conf.in</filename>
</para>
</listitem>
</itemizedlist></para>
<para>These files are templates for your installation. When
you run the command
<command>/usr/sbin/
<replaceable>
projectname</replaceable>-configure.pl</command>copies of
these files will be placed in
<filename>/var/www/
<replaceable>projectname</replaceable>/conf</filename>and
<filename>/var/www/
<replaceable>projectname</replaceable>/bin</filename>. They
will also be edited to reflect the parameters you set in
<filename>/etc/
<replaceable>projectname</replaceable>.cfg</filename></para>
</sect2>
<sect2 id="s2-app-project-dot-cfg">
<title>The
<filename>
<replaceable>projectname</replaceable>.cfg</filename></title>
<para>Once the RPMs are installed you will need to edit the
configuration file for your server. The template for the
config file is
<filename>/etc/
<replaceable>projectname</replaceable>.cfg-resin</filename>.
Copy this file to
<filename>/etc/
<replaceable>projectname</replaceable>.cfg</filename>and edit
the parameters much like how you edited
<filename>config.vars</filename>. Some of the parameters are
not in
<filename>config.vars</filename>and you will need to change
the values depending on how your Resin and HTTP servers are
set up. Below is an example of a configuration file for a
production installation with two Resin application servers
and one Apache front end. The values you need to change in
addition to what what you find in
<filename>config.vars</filename>is emphasised with additional
comments. The Resin servers are called resin1.example.com and
resin2.example.com and the Apache server is called
apache.example.com.</para>
<note>
<title>
<command>hostname</command>
</title>
<para>The hostnames for the servers need to be exactly as
they appear when you run the
<command>hostname</command>command. If you want to change
the default behavior of
<command>hostname</command>to return the short name or the
fully qualified domain name here is what you can do:</para>
<para>Edit
<filename>/etc/sysconfig/network</filename>and change
HOSTNAME to be the fully qualified domain name. You can
also use the gui tools
<command>netconfig</command>and
<command>redhat-config-network</command>to do this. These
changes will only take effect after the machine has been
restarted. To change it at runtime pass an argument to
<command>hostname</command>as root.
<screen>$ hostname resin1.example.com</screen>You can test
this by running
<command>hostname</command>with no arguments.</para>
</note>
<screen><computeroutput>
##########################################
# APLAWS Master configuration file #
#########################################
servlet-container = resin
## This is set to servlet23 by default but should be resin
<userinput>servlet-webxml = resin</userinput>
# NB: all hostnames used should be
# the fully qualified name as returned
# by the 'hostname' command with no arguments.
####################################
# UNIX system level configuration
# Installation directory for resin
## This should be the directory of your Resin installation
<userinput>resin-home = /opt/resin/2.1.8</userinput>
# Installation directory for this app
app-home = /var/www/aplaws
# Directory containing the base runtime &amp; config files
runtime-home = /usr/share/aplaws
# UNIX accounts to run as
user = servlet
group = servlet
# Whereever you installed JDK 1.3.1
# java-home = /usr/j2se
# java-home = /usr/java/jdk1.3.1
## The java-home should point to $JAVA_HOME
<userinput>java-home = /opt/IBMJava2-131</userinput>
# Userinputly tell java to use more memory
#
# For Sun's JDK, on a machine with 1GB
#jre-args = -J-client -J-Xss128k -J-Xms512m -J-Xmx512m -J-XX:NewSize=128m -J-XX:MaxNewSize=128m
#
# For IBM's JDK on a machine with 256MB
#jre-args = -J-Xms128m -J-Xmx128m
<userinput>jre-args = -J-Xms1536m -J-Xmx1536m</userinput>
# The hostname of the front end apache box
<userinput>apache = apache.example.com</userinput>
# The hostnames of the back end resin boxes
<userinput>resin = resin1.example.com</userinput>
<userinput>resin = resin2.example.com</userinput>
# The SRUN ports for apache to talk to the resin
# boxes. The 'hostname:port' pair designates which
# srun port each resin instance listens on.
# If there is a firewall, between the resin and
# apache boxes, a second 'hostname:port' pair
# specifies the host and port of the firewall
#
# eg1. no firewall
<userinput>srun = resin1.example.com:6802</userinput>
<userinput>srun = resin2.example.com:6802</userinput>
# eg2. with firewall
<userinput>#srun = resin1.example.com:6082, firewall:6802</userinput>
<userinput>#srun = resin2.example.com:6082, firewall:6803</userinput>
# Turn on http listening on either apache
# or resin boxes. Only need http port on
# the resin boxes for debugging purposes
<userinput>http = apache.example.com:80</userinput>
# Only for debugging
<userinput>http = resin1.example.com:8080</userinput>
<userinput>http = resin2.example.com:8080</userinput>
# ACS initialization file
admin-answer = 6
admin-email = admin@example.com
admin-forename = Administrator
admin-password = 123456
admin-question = 12345
admin-surname = Account
cache-expiry = 900
<userinput>cache-peers = "http://resin1.example.com:8080"</userinput>
caching-active = yes
db-pass = aplaws_xyz
db-pool = 150
db-user = aplaws
debug-mode = false
default-locale = en_US
default-scheme = http
developer-support = false
dispatcher-context-path =
dispatcher-servlet-path =
dmi-active = false
dmi-data-model-file = "/WEB-INF/sql/ccm-core/default/dmi/dmi-create.sql"
dmi-xml-files = { "core-dmi.xml", "/WEB-INF/sql/ccm-core" }
<userinput>host-name = apache.example.com</userinput>
<userinput>hostname = apache.example.com</userinput>
jdbc-url = jdbc:postgresql://postgres.example.com/aplaws
log-dir = /var/log/aplaws
log-level = warn
log-size = 1000000
login-stylesheet = login_en.xsl
lucene-index-location = /var/www/aplaws/lib/lucene-index
permissionsDMLChecking = false
search-intermedia-enabled = false
search-lucene-enabled = true
search-lucene-indexer-id = 2
<userinput>server-name = apache.example.com</userinput>
server-port = 80
sitename = APLAWS
smtp-host = localhost
state-dir = /var/www/aplaws/lib
subsite-dispatcher-class = com.arsdigita.ui.login.SubsiteDispatcher
xslt-engine = Saxon
xslt-timeout = 60000
# WCT CMS Initialization File
content-digest-sender = article-digest@example.com
forms-content-digest-sender = forms-digest@foo.com
inso_filter_works = 0
<userinput>publish-to-fs-servers = "http://resin1.example.com/", "http://resin2.example.com/"</userinput>
<userinput>publish-to-fs-source = "http://resin2.example.com/"</userinput>
<userinput>publish-to-fs-this-server = "http://resin2.example.com/"</userinput>
search-engine = lucene
# Version: $Id: installing-aplaws.sgml 287 2005-02-22 00:29:02Z sskracic $ $Date: 2004/01/23 $
adminCanEditPosts = true
authorCanEditPosts = true
digestUserEmail = digests
<userinput>replyHostName = apache.example.com</userinput>
# Navigation initialization file
default-content-section-url = "/content/"
# System Properties
project-name = aplaws
</computeroutput>
</screen>
</sect2>
<sect2 id="s2-app-aplaws-configure-dot-pl">
<title>
<command>/usr/sbin/ <replaceable>projectname</replaceable>-configure.pl</command>
</title>
<para>Once you have edited
<filename>/etc/
<replaceable>
projectname</replaceable>.cfg-resin</filename>you can run
<command>/usr/sbin/
<replaceable>
projectname</replaceable>-configure.pl</command>to generate
the config files and the run scripts for your server to use.
Make sure that you do not get errors after you run this
command.
<command>/usr/sbin/
<replaceable>
projectname</replaceable>-configure.pl</command>copies files
from
<filename>/usr/share/
<replaceable>
projectname</replaceable>/bin/resin/</filename>and replaces
the parameter values with what you have set in the
configuration file and places them in
<filename>/var/www/
<replaceable>projectname</replaceable>/conf</filename>. It
also generates the wrapper run scripts in
<filename>/var/www/
<replaceable>projectname</replaceable>/bin</filename>.
<screen>
<computeroutput>
bash-2.03# /usr/sbin/aplaws-configure.pl /etc/aplaws.cfg Reading /etc/aplaws.cfg
Wrote /var/www/aplaws/dist/WEB-INF/resources/enterprise.init
Wrote /var/www/aplaws/dist/WEB-INF/web.xml
Wrote /var/www/aplaws/bin/run-resin.sh
Wrote /var/www/aplaws/conf/resin.conf
Wrote /var/www/aplaws/bin/run.sh
</computeroutput>
</screen></para>
<para>Here is a list of the files and how they are modified.
<itemizedlist>
<listitem>
<para>
<filename>
/var/www/aplaws/dist/WEB-INF/resources/enterprise.init</filename>:
Initialization file used for the APLAWS server. Contains
settings for the individual APLAWS packages such as
database connection parameters, content types, and
stylesheet engine, i.e. the paramters after
<command># ACS initialization file</command>in
<filename>aplaws.cfg</filename>.</para>
</listitem>
<listitem>
<para>
<filename>
/var/www/aplaws/dist/WEB-INF/web.xml:</filename>:
Configured to work with Resin set by the line:
<command>servlet-container = resin</command>in
<filename>aplaws.cfg</filename>.</para>
</listitem>
<listitem>
<para>
<filename>/var/www/aplaws/bin/run-resin.sh</filename>:
Wrapper script for starting and stopping Resin. Contains
information such as JAVA_HOME, RESIN_HOM, and JVM setting
(e.g.
<command>app-home</command>,
<command>runtime-home</command>,
<command>java-home</command>,
<command>jre-args</command>).</para>
</listitem>
<listitem>
<para>
<filename>/var/www/aplaws/conf/resin.conf</filename>:
Configuration for the Resin servlet container. Contains
information such as s-run port number, http port number,
and maximum number of processes (i.e.
<command>srun</command>,
<command>http</command>.</para>
</listitem>
</itemizedlist></para>
</sect2>
<sect2 id="s2-starting-the-server">
<title>Starting the server</title>
<para>Once the configuration files and the wrapper scripts
are written you can start, stop, and restart your sever using
<command>/etc/init.d/
<replaceable>projectname</replaceable></command>. The log
files are located in your specified directory, by default
<filename>/var/log/
<replaceable>projectname</replaceable></filename>. You should
<command>tail -f /var/log/
<replaceable>projectname</replaceable>/*.log</command>to
monitor the progress of your server startup.</para>
<note>
<title>
<command>/etc/init.d/
<replaceable>
projectname</replaceable></command>restart</title>
<para>When you restart the server the command will pause
for a number of seconds to wait for the application server
to completely exit.</para>
</note>
<para>Once you are happy with your installation you should
set APLAWS to startup automatically at reboot by running
<command>chkconfig aplaws on</command>.</para>
</sect2>
</sect1>
<sect1 id="s1-web-server">
<title>Configuring the Web Server</title>
<sect2 id="s2-web-software">
<title>Required Software</title>
<para>You will need to install the following software to your
webserver.
<itemizedlist>
<listitem><para>resin source (tar.gz)</para></listitem>
<listitem><para>apache</para></listitem>
<listitem><para>apache-devel</para></listitem>
<listitem><para>squid</para></listitem>
<listitem><para>aplaws-xxx.noarch.rpm</para></listitem>
<listitem><para>aplaws-servlet-resin-xxx.noarch.rpm</para></listitem>
</itemizedlist>
</para>
<para>You need Resin sources and apache-devel package because
you will need to compile and install mod_caucho. You should
use Apache and Squid that comes with your Advanced Server.
Even though you will not be serving pages out of Resin on the
web server, you need to install the aplaws packages because
Apache will be serving static files directly from the file
system to improve performance.</para>
</sect2>
<sect2 id="s2-web-mod_caucho">
<title>mod_caucho</title>
<para>First install resin in
<filename>/opt</filename>by untaring the source distribution.
Run the following command to install mod_caucho.
<screen><computeroutput>$ ./configure --with-apache /usr/sbin</computeroutput></screen></para>
<note>
<title>Reference</title>
<para>If you have problems with this section, or have a
non-standard Apache installation consult the manual
<ulink url="http://caucho.com/resin/ref/cse-apache-unix.xtp">
Resin with Apache on Unix</ulink>.</para>
</note>
</sect2>
<sect2 id="s2-web-aplaws-package">
<title>Installing the APLAWS RPMs</title>
<para>You do not need to configure virtual hosting and
mod_caucho manually. Installing and configuring the APLAWs
RPMs will do this for you. Follow the instructions at
<xref linkend="s2-install-rpm-servlet" />and configure and
install the RPMs. When you run the script
<command>/usr/sbin/aplaws-configure.pl
/etc/aplaws.cfg</command>configuration files will be written
to the file system. Here is a list of affected files and
highlights of the changes.
<itemizedlist>
<listitem>
<para>
<filename>/etc/httpd/httpd.conf</filename>: Adds a
directive to include the vhost configuration file
<filename>
/var/www/aplaws/conf/httpd-resin-vhost.conf</filename>.</para>
</listitem>
<listitem>
<para>
<filename>
/var/www/aplaws/conf/httpd-resin-vhost.conf</filename>:
Sets the DocumentRoot to be
<filename>/var/www/aplaws/dist</filename>and the
CauchoConfigFile for mod_caucho as
<filename>
/var/www/aplaws/dist/resin-apache.conf</filename>.</para>
</listitem>
<listitem>
<para>
<filename>resin-apache.conf</filename>: Sets the location
of the application server by defining the IP and the
s-run port that the resin server is listening on.</para>
</listitem>
</itemizedlist></para>
<note>
<title>Check</title>
<para>At this point you should be able to retrive pages
from application server via Apache. Test the connection by
running
<command>wget http://localhost</command>or using
<command>telnet</command>.</para>
</note>
</sect2>
<sect2 id="s2-web-squid">
<title>Configuring SQUID</title>
<para>In this section you will configure Squid to be the web
accelerator for Apache. This step is not required but
strongly recommended as it will significantly increase the
performance of your site.</para>
<para>For virtual hosting to work correctly (particularly
with IE) we need to run both Apache and SQUID on the same
machine and port number. This means we must tell apache on
only bind to 127.0.0.1 and SQUID to only bind to the machines
public ip address.</para>
<sect3 id="s3-web-port-settings">
<title>Setting the Listen ports on Apache and Squid</title>
<para>In /etc/httpd/conf/httpd.conf uncomment and change
<screen><computeroutput>BindAddress *</computeroutput></screen>
to
<screen><computeroutput>BindAddress 127.0.0.1</computeroutput></screen>
Next, uncomment and change
<screen><computeroutput>Listen 80</computeroutput></screen>
To
<screen><computeroutput>Listen 127.0.0.1:80</computeroutput></screen>
Then go down to the &lt;IfDefine
HAVE_SSL&gt; block containin the two Listen statements and
add
<screen><computeroutput>Listen 127.0.0.1:443</computeroutput></screen>
In /etc/squid/squid.conf change
<screen><computeroutput># http_port 3128</computeroutput></screen>
To
<screen><computeroutput>http_port 192.168.168.199:80</computeroutput></screen>
</para>
</sect3>
<sect3 id="s3-web-squid-acl">
<title>Configuring permissions for Squid</title>
<para>The default SQUID config doesn't cache urls with
query parameters in them. This is only for compatability
with badly written CGI scripts that don't send cache
control headers. We do things properly so we need to change
this behaviour. So in the squid config, comment out
<screen><computeroutput>
#hierarchy_stoplist cgi-bin ?
#acl QUERY urlpath_regex cgi-bin \?
#no_cache deny QUERY
</computeroutput></screen>
Turn on referers and useragents so that
log analysis is useful
<screen><computeroutput>
useragent_log /var/log/squid/agent.log
referer_log /var/log/squid/referer.log
</computeroutput></screen>
You'll need our custom version of SQUID
compiled with
<command>--enable-referer-log</command>and
<command>--enable-agent-log options</command>.</para>
<para>Next we add some access control rules to allow public
users to access the cache. Add the following lines near the
other block of acl definitions:
<screen><computeroutput>
acl accel_host dst 127.0.0.1/255.255.255.255
acl accel_host dst 192.168.168.199/255.255.255.255
acl accel_port port 80
</computeroutput></screen>
If the firewall in front of the SQUID
server has a different IP address to the network interface
you need to add that in as well.
<screen><computeroutput>acl accel_host dst 193.132.194.147/255.255.255.255</computeroutput></screen>
Then, allow access to requests matching
these acls. Comment out
<screen><computeroutput>#http_access deny all</computeroutput></screen>
Add in
<screen><computeroutput>
http_access deny !accel_host
http_access deny !accel_port
http_access allow all
</computeroutput></screen>
</para>
</sect3>
<sect3 id="s3-web-squid-misc">
<title>Configureing Squid for HTTP Acceleration</title>
<para>Set the main hostname
<screen><computeroutput>visible_hostname www.stoke.gov.uk</computeroutput></screen>
SQUID limits HTTP file uploads to 1 MB in
size, so we need to increase this to at least 20 MB
otherwise CMS file storage is rather limited in usefulness:
<screen><computeroutput>request_body_max_size 20 MB</computeroutput></screen>
Finally, tell SQUID to be an accellerator
for the apache server:
<screen><computeroutput>httpd_accel_host 127.0.0.1 httpd_accel_port 80</computeroutput></screen>
Finally for virtual hosting to work, we set
<screen><computeroutput>
httpd_accel_single_host on
httpd_accel_uses_host_header on
</computeroutput></screen>
</para>
<note>
<title>Test</title>
<para>This configuration separates the IP and port that
Squid listens to from the Apache port. So if you do
<command>wget -S http://localhost</command>you are
connecting to Apache, if you do
<command>wget -S http://
<userinput>your-external-ip</userinput></command>you are
connecting to Squid. This difference will helpful in
determining the point of failure if you have
problems</para>
</note>
<para>Once you are happy with your installation you should
set Apache and Squid to startup automatically at reboot by using
<command>chkconfig</command>. </para>
</sect3>
</sect2>
</sect1>
</chapter>
Reference in New Issue View Git Blame Copy Permalink