You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

This page is under construction

Software

  • Apache httpd 2.2 (from stock RHEL httpd RPM)
  • mod_ssl (from stock RHEL mod_ssl RPM)
  • mod_auth_kerb (from stock RHEL mod_auth_kerb RPM)
  • Tomcat 6.0
  • JDK 6.0
  • Shibboleth IdP 2.1
  • terracotta 3.1

Install and configure Apache httpd

Install needed RPMs
  • Use stock httpd RPM install (standard NIST install)
  • Install mod_ssl and mod_auth_kerb RPMs: 
    # yum install mod_ssl
# yum install mod_auth_kerb
Configure
  • In /etc/httpd/conf/httpd.conf, set ServerName: 
    ServerName idp.mit.edu:80
    and set the UseCanonicalName option to On: 
    UseCanonicalName On
  • In /etc/httpd/conf.d/ssl.conf, set the SSLRandomSeed options: 
    SSLRandomSeed startup file:/dev/urandom 1024
SSLRandomSeed connect file:/dev/urandom 1024
    within the VirtualHost block, set the ServerName: 
    ServerName idp.mit.edu:443
    set the SSL cipher suite: 
    SSLCipherSuite HIGH:MEDIUM:EXP:!aNULL:!SSLv2:+SHA1:+MD5:+HIGH:+MEDIUM:+EXP
    set the server certificate, key, and CA paths: 
    SSLCertificateFile /etc/pki/tls/certs/idp-staging.mit.edu-cert.pem
SSLCertificateKeyFile /etc/pki/tls/private/idp-staging.mit.edu-key.pem
SSLCertificateChainFile /etc/pki/tls/certs/EquifaxCA.pem
SSLCACertificateFile /etc/pki/tls/certs/mitCAclient.pem
    set the SSL options: 
    SSLOptions +StrictRequire
    configure custom logging: 
     CustomLog logs/ssl_request_log \
          "%t %h %{HTTPS}x %{SSL_PROTOCOL}x %{SSL_CIPHER}x %{SSL_CIPHER_USEKEYSIZE}x %{SSL_CLIENT_VERIFY}x \"%r\" %b"
    ensure that all access is via SSL: 
    <Directory />
    SSLRequireSSL
</Directory>
    ensure that all rewrite rules are inherited: 
    RewriteEngine On
RewriteOptions inherit

Install Tomcat

  • Download current Tomcat 6.0 binary distribution (tested with 6.0.20, available in /mit/touchstone/downloads/apache-tomcat-6.0.20.tar.gz.
  • cd /usr/local
  • tar xzf /path/to/apache-tomcat-6.0.20.tar.gz
  • rm -f tomcat
  • ln -s apache-tomcat-6.0.20.tar.gz tomcat
  • Create the tomcat user, and change the ownership of the tomcat tree: 
    # groupadd -g 52 tomcat
# useradd -u 52 -g tomcat -c "Tomcat User" -d /usr/local/tomcat tomcat
# chown -R tomcat:tomcat /usr/local/apache-tomcat-6.0.20
  • No labels