Changes between Version 18 and Version 19 of InstallDiscoveryBrowse

Timestamp:

11/10/07 09:22:08 (12 years ago)

Author:

pjkersha

Comment:

--

InstallDiscoveryBrowse

@@ -162 +162 @@
 
 == Step 10: Edit local settings ==
-You will need to configure which port you are using to serve the pylons applications. The default is `8080`. To change it edit the file called `development.ini` (in the `/etc/ndg/ows_server/conf directory`) and change the port number in this section to the port you want to use (or leave it if you want 8080).
+You will need to configure which port you are using to serve the pylons applications. The default is `8080`. To change it edit the file called `development.ini` (in the `/etc/ndg/ows_server/conf` directory) and change the port number in this section to the port you want to use (or leave it if you want 8080).
 
 {{{
@@ -179 +179 @@
 
 === Security Settings ===
+==== Virtual Hosting of the Discovery Service over http and https ====
+Paste, the Discovery application server runs over http but pages for Single Sign On require https for the secure transfer of user credentials.  One way to achieve this is to run `paste` on a port hidden inside the firewall exposing it to the outside using Virtual Hosting e.g. with Apache.  The service running on a particular port is exposed outside on 80 (http) and 443 (https):
+
+{{{
+http://localhost:8080 -> http://your-site-discovery-url
+http://localhost:8080 -> https://your-site-discovery-url
+}}}
+Note that the same `your-site-discovery-url` is used in both cases. 
+
+Example `.conf` file configurations for Apache2 are shown below for http and https proxies:
+{{{
+ServerName localhost
+NameVirtualHost *:80
+
+<VirtualHost *:80>
+  DocumentRoot /var/www/html
+  ServerName localhost
+
+  # NDG Discovery
+  ProxyPass / http://localhost:8080/
+  ProxyPassReverse / http://localhost:8080/
+  ProxyPreserveHost On
+  <Proxy *>
+      Order deny,allow
+      Allow from all
+  </Proxy>
+</VirtualHost>
+}}}
+
+https Virtual Host ...
+
+{{{
+ServerName localhost
+NameVirtualHost *:443
+
+<VirtualHost *:443>
+  DocumentRoot /var/www/secure
+  ServerName localhost
+  SSLEngine On
+  SSLCertificateFile /etc/apache2/ssl/crt/server.crt
+  SSLCertificateKeyFile /etc/apache2/ssl/key/server.key
+  SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
+
+  # NDG LoginService
+  ProxyPass / http://localhost:8080/
+  ProxyPassReverse / http://localhost:8080/
+  ProxyPreserveHost On
+  <Proxy *>
+      Order deny,allow
+      Allow from all
+  </Proxy>
+</VirtualHost>
+}}}
+
+Details may vary according to the version of Apache you use.  Please check the relevant Apache documentation for correct settings.  The example uses a redirect to `localhost`.  To expose outside, use `your-site-discovery-url`.
+
+In the discovery config file, `/etc/ndg/ows_server/conf/ndgDiscovery.config`, the `server` field should be assigned `http://your-site-discovery-url` and `sslServer` to `https://your-site-discovery-url`:
+{{{
+[DEFAULT]
+#
+# the following is the server on which this browse/discovery instance runs!
+server: http://<your-site-discovery-url>
+.
+.
+.
+[NDG_SECURITY]
+sslServer: https://<your-site-discovery-url>
+}}}
+
+==== WS-Security Settings ====
 Create a Discovery Service certificate and private key to enable it communicate securely with security services.  First, generate a new private key:
 {{{
@@ -204 +274 @@
 When you receive the signed certificate copy it into `/etc/ndg/ows_server/conf/certs/discovery.crt`. Once you have the certificate, the certificate request file `discovery.csr` can be removed.
 
-The new certificate and private key should be referenced in the discovery config file as follows:
+The new certificate and private key should be referenced in the discovery config file (`/etc/ndg/ows_server/conf/ndgDiscovery.config`) as follows:
 {{{
 # WS-Security signature handler