Versions Compared

Old Version 16

changes.mady.by.user Brian F Knoll

Saved on

compared with

New Version 17

changes.mady.by.user Brian F Knoll

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Attach the amit-dsl locker:
    Code Block
    attach amit-dsl

  2. Make sure the dependencies are met:
    Code Block
    yum install curl-devel httpd-devel openssl-devel

  3. Install the Shibboleth Packages from the AMIT DSL AFS locker:
    Code Block
    rpm -i /mit/amit-dsl/Public/Shibboleth/x86_64/*.rpm

  4. Copy the Touchstone Shibboleth configuration files into place:
    Code Block
    cp /mit/amit-dsl/Public/Touchstone/config-SP/* /etc/shibboleth

  5. Run the gen-shib.sh script to configure Shibboleth for Touchstone:
    Code Block
    cd /etc/shibboleth
./gen-shib.sh
cd

  6. Add the following lines to the /etc/httpd/conf.d/shibd.conf file:
    Code Block
    <Location /shibverify>
  AuthType shibboleth
  require shibboleth
  ShibRequireSessionWith MIT-WAYF-staging
  ShibRequireSession On
  require valid-user
</Location>

<Location /bamboo>
  AuthType shibboleth
  require shibboleth
  ShibRequireSessionWith MIT-WAYF-staging
  ShibRequireSession On
  require valid-user
</Location>

<Location /bamboo/mitLogin.jsp>
  AuthType shibboleth
  require shibboleth
  ShibRequireSessionWith MIT-WAYF-staging
  ShibRequireSession On
  require valid-user
</Location>

<Location /examples>
  AuthType shibboleth
  require shibboleth
  ShibRequireSessionWith MIT-WAYF-staging
  ShibRequireSession On
  require valid-user
</Location>

  7. Create the Bamboo home directory:
    Code Block
    mkdir /usr/local/bamboo
chown -R www:www /usr/local/bamboo

  8. In the MySQL client, create the database and grant the proper permissions:
    Code Block
    create database bamboo;
grant select, insert, update, delete, create, drop, index, alter, create temporary tables, lock tables on bamboo.* to 'bamboo'@'localhost' identified by '<DB Password';

  9. Extract the Tomcat 6 tarball into the /usr/local directory, and create the symlink:
    Code Block
    cd /usr/local
tar xzvf /mit/amit-dsl/Public/Java/apache-tomcat-6.0.18.tar.gz
ln -s apache-tomcat-6.0.18 tomcat

  10. Copy the Tomcat init script into the /etc/init.d directory and enable it:
    Code Block
    cp /mit/amit-dsl/Public/Java/tomcat /etc/init.d
chmod a+rx /etc/init.d/tomcat
chkconfig --levels 2345 tomcat on

  11. Enable MySQL and Shibboleth at boot time:
    Code Block
    
chkconfig --levels 2345 mysqld on
chkconfig --levels 2345 shibd on

  12. Place the war files in the webapps directory. Please note that the bamboo war file should be renamed to "bamboo.war" prior to placement:
    Code Block
    mv atlassian-bamboo-2.1.4.war bamboo.war
cp /mit/amit-dsl/Public/Bamboo/bamboo.war /usr/local/tomcat/webapps
cp /mit/amit-dsl/Public/Java/monitor.war /usr/local/tomcat/webapps
cp /mit/amit-dsl/Public/Shibverify/shibverify.war /usr/local/tomcat/webapps

  13. Create the VirtualHost block in the /etc/httpd/conf/httpd.conf file:
    Code Block
    <VirtualHost *:80>
	ServerAdmin amit@mit.edu
	ProxyPass /bamboo/ http://localhost:8080/bamboo/
	ProxyPassReverse /bamboo/ http://localhost:8080/bamboo/
	ProxyPass /bamboo http://localhost:8080/bamboo/
	ProxyPassReverse /bamboo http://localhost:8080/bamboo/
	ServerName build-stage.mit.edu
	RewriteEngine On
	RewriteRule ^/(.*)  https://<Server Name>.mit.edu/$1 [L,R,QSA]
</VirtualHost>
    Be sure to change the host names and any other values to ones that are correct for your installation.

  14. Configure the Virtual Host settings inside the Apache SSL config by adding the following block to the /etc/httpd/conf.d/ssl.conf file:
    Code Block
    ServerAdmin amit@mit.edu
ServerName <Server Name>.mit.edu
    Be sure to change the host names and any other values to ones that are correct for your installation.

  15. Create the bamboo.conf file in the /etc/httpd/conf.d directory, with the following contents:
    Code Block
    LoadModule proxy_ajp_module modules/mod_proxy_ajp.so

RewriteEngine On

RewriteCond    %{HTTPS} off [NC]
RewriteRule    ^/(.*)                https://%{HTTP_HOST}/$1/

RewriteCond    %{HTTP_HOST} !.*\.mit\.edu$ [NC]
RewriteRule    ^/(.*)                https://%{HTTP_HOST}.mit.edu/$1/   [R=301,QSA]

RewriteCond    %{REQUEST_FILENAME}  -d
RewriteRule    ^(/?.*[^/])$           https://%{HTTP_HOST}/$1/  [R=301,QSA]

RewriteCond    %{REQUEST_FILENAME}  !-d
RewriteCond    %{REQUEST_FILENAME}  !-f
RewriteRule    ^(/?.*[^/])$           https://%{HTTP_HOST}/$1/  [R=301,QSA]

ProxyRequests Off
ProxyPreserveHost Off

<Proxy *>
	Order deny,allow
	Allow from all
	RewriteCond %{LA-U:REMOTE_USER} (.+)
	RewriteRule . - [E=RU:%1]
	RequestHeader add Remote-User %{RU}e
</Proxy>

ProxyPass /bamboo/ ajp://localhost:8009/bamboo/
ProxyPassReverse /bamboo/ http://localhost:8009/bamboo/

ProxyPass /bamboo-manager/ ajp://localhost:8009/bamboo-manager/
ProxyPassReverse /bamboo-manager/ http://localhost:8009/bamboo-manager/

ProxyPass /bamboo-monitor/ ajp://localhost:8009/bamboo-monitor/
ProxyPassReverse /bamboo-monitor/ http://localhost:8009/bamboo-monitor/

ProxyPass /defltws/ ajp://localhost:8010/defltws/
ProxyPassReverse /defltws/ http://localhost:8010/defltws/

ProxyPass /defltws-manager/ ajp://localhost:8010/defltws-manager/
ProxyPassReverse /defltws-manager/ http://localhost:8010/defltws-manager/

ProxyPass /defltws-monitor/ ajp://localhost:8010/defltws-monitor/
ProxyPassReverse /defltws-monitor/ http://localhost:8010/defltws-monitor/

ProxyPass /shibverify/ ajp://localhost:8009/shibverify/
ProxyPassReverse /shibverify/ http://localhost:8009/shibverify/

<Location /defltws>
	SSLVerifyClient require
</Location>