Changes between Version 18 and Version 19 of InstallDiscoveryBrowse


Ignore:
Timestamp:
11/10/07 09:22:08 (12 years ago)
Author:
pjkersha
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • InstallDiscoveryBrowse

    v18 v19  
    162162 
    163163== Step 10: Edit local settings == 
    164 You will need to configure which port you are using to serve the pylons applications. The default is `8080`. To change it edit the file called `development.ini` (in the `/etc/ndg/ows_server/conf directory`) and change the port number in this section to the port you want to use (or leave it if you want 8080). 
     164You will need to configure which port you are using to serve the pylons applications. The default is `8080`. To change it edit the file called `development.ini` (in the `/etc/ndg/ows_server/conf` directory) and change the port number in this section to the port you want to use (or leave it if you want 8080). 
    165165 
    166166{{{ 
     
    179179 
    180180=== Security Settings === 
     181==== Virtual Hosting of the Discovery Service over http and https ==== 
     182Paste, the Discovery application server runs over http but pages for Single Sign On require https for the secure transfer of user credentials.  One way to achieve this is to run `paste` on a port hidden inside the firewall exposing it to the outside using Virtual Hosting e.g. with Apache.  The service running on a particular port is exposed outside on 80 (http) and 443 (https): 
     183 
     184{{{ 
     185http://localhost:8080 -> http://your-site-discovery-url 
     186http://localhost:8080 -> https://your-site-discovery-url 
     187}}} 
     188Note that the same `your-site-discovery-url` is used in both cases.  
     189 
     190Example `.conf` file configurations for Apache2 are shown below for http and https proxies: 
     191{{{ 
     192ServerName localhost 
     193NameVirtualHost *:80 
     194 
     195<VirtualHost *:80> 
     196  DocumentRoot /var/www/html 
     197  ServerName localhost 
     198 
     199  # NDG Discovery 
     200  ProxyPass / http://localhost:8080/ 
     201  ProxyPassReverse / http://localhost:8080/ 
     202  ProxyPreserveHost On 
     203  <Proxy *> 
     204      Order deny,allow 
     205      Allow from all 
     206  </Proxy> 
     207</VirtualHost> 
     208}}} 
     209 
     210https Virtual Host ... 
     211 
     212{{{ 
     213ServerName localhost 
     214NameVirtualHost *:443 
     215 
     216<VirtualHost *:443> 
     217  DocumentRoot /var/www/secure 
     218  ServerName localhost 
     219  SSLEngine On 
     220  SSLCertificateFile /etc/apache2/ssl/crt/server.crt 
     221  SSLCertificateKeyFile /etc/apache2/ssl/key/server.key 
     222  SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire 
     223 
     224  # NDG LoginService 
     225  ProxyPass / http://localhost:8080/ 
     226  ProxyPassReverse / http://localhost:8080/ 
     227  ProxyPreserveHost On 
     228  <Proxy *> 
     229      Order deny,allow 
     230      Allow from all 
     231  </Proxy> 
     232</VirtualHost> 
     233}}} 
     234 
     235Details may vary according to the version of Apache you use.  Please check the relevant Apache documentation for correct settings.  The example uses a redirect to `localhost`.  To expose outside, use `your-site-discovery-url`. 
     236 
     237In the discovery config file, `/etc/ndg/ows_server/conf/ndgDiscovery.config`, the `server` field should be assigned `http://your-site-discovery-url` and `sslServer` to `https://your-site-discovery-url`: 
     238{{{ 
     239[DEFAULT] 
     240# 
     241# the following is the server on which this browse/discovery instance runs! 
     242server: http://<your-site-discovery-url> 
     243. 
     244. 
     245. 
     246[NDG_SECURITY] 
     247sslServer: https://<your-site-discovery-url> 
     248}}} 
     249 
     250==== WS-Security Settings ==== 
    181251Create a Discovery Service certificate and private key to enable it communicate securely with security services.  First, generate a new private key: 
    182252{{{ 
     
    204274When you receive the signed certificate copy it into `/etc/ndg/ows_server/conf/certs/discovery.crt`. Once you have the certificate, the certificate request file `discovery.csr` can be removed. 
    205275 
    206 The new certificate and private key should be referenced in the discovery config file as follows: 
     276The new certificate and private key should be referenced in the discovery config file (`/etc/ndg/ows_server/conf/ndgDiscovery.config`) as follows: 
    207277{{{ 
    208278# WS-Security signature handler