Chapter 12. Configure the Apache Web server

  1. Use the example configuration files in Open-ILS/examples/apache/ (for Apache versions below 2.4) or Open-ILS/examples/apache_24/ (for Apache versions 2.4 or greater) to configure your Web server for the Evergreen catalog, staff client, Web services, and administration interfaces. Issue the following commands as the root Linux account:

    Debian Wheezy. 

    cp Open-ILS/examples/apache/eg.conf       /etc/apache2/sites-available/
    cp Open-ILS/examples/apache/eg_vhost.conf /etc/apache2/
    cp Open-ILS/examples/apache/eg_startup    /etc/apache2/
    # Now set up SSL
    mkdir /etc/apache2/ssl
    cd /etc/apache2/ssl

    Ubuntu Trusty, Ubuntu Xenial, and Debian Jessie. 

    cp Open-ILS/examples/apache_24/eg_24.conf       /etc/apache2/sites-available/eg.conf
    cp Open-ILS/examples/apache_24/eg_vhost_24.conf /etc/apache2/eg_vhost.conf
    cp Open-ILS/examples/apache/eg_startup          /etc/apache2/
    # Now set up SSL
    mkdir /etc/apache2/ssl
    cd /etc/apache2/ssl

    Fedora. 

    cp Open-ILS/examples/apache_24/eg_24.conf       /etc/httpd/conf.d/
    cp Open-ILS/examples/apache_24/eg_vhost_24.conf /etc/httpd/eg_vhost.conf
    cp Open-ILS/examples/apache/eg_startup          /etc/httpd/
    # Now set up SSL
    mkdir /etc/httpd/ssl
    cd /etc/httpd/ssl

  2. The openssl command cuts a new SSL key for your Apache server. For a production server, you should purchase a signed SSL certificate, but you can just use a self-signed certificate and accept the warnings in the staff client and browser during testing and development. Create an SSL key for the Apache server by issuing the following command as the root Linux account:

    openssl req -new -x509 -days 365 -nodes -out server.crt -keyout server.key
  3. As the root Linux account, edit the eg.conf file that you copied into place.

    1. To enable access to the offline upload / execute interface from any workstation on any network, make the following change (and note that you must secure this for a production instance):

      • (Apache 2.2): Replace Allow from 10.0.0.0/8 with Allow from all
      • (Apache 2.4): Replace Require host 10.0.0.0/8 with Require all granted
    2. (Fedora): Change references from the non-existent /etc/apache2/ directory to /etc/httpd/.
  4. Change the user for the Apache server.

    • (Debian and Ubuntu): As the root Linux account, edit /etc/apache2/envvars. Change export APACHE_RUN_USER=www-data to export APACHE_RUN_USER=opensrf.
    • (Fedora): As the root Linux account , edit /etc/httpd/conf/httpd.conf. Change User apache to User opensrf.
  5. As the root Linux account, configure Apache with KeepAlive settings appropriate for Evergreen. Higher values can improve the performance of a single client by allowing multiple requests to be sent over the same TCP connection, but increase the risk of using up all available Apache child processes and memory.

    • (Debian and Ubuntu): Edit /etc/apache2/apache2.conf.

      1. Change KeepAliveTimeout to 1.
      2. Change MaxKeepAliveRequests to 100.
    • (Fedora): Edit /etc/httpd/conf/httpd.conf.

      1. Change KeepAliveTimeout to 1.
      2. Change MaxKeepAliveRequests to 100.
  6. As the root Linux account, configure the prefork module to start and keep enough Apache servers available to provide quick responses to clients without running out of memory. The following settings are a good starting point for a site that exposes the default Evergreen catalogue to the web:

    Debian Wheezy (/etc/apache2/apache2.conf) and Fedora (/etc/httpd/conf/httpd.conf). 

    <IfModule mpm_prefork_module>
       StartServers         15
       MinSpareServers       5
       MaxSpareServers      15
       MaxClients           75
       MaxRequestsPerChild 500
    </IfModule>

    Ubuntu Trusty, Ubuntu Xenial, Debian Jessie (/etc/apache2/mods-available/mpm_prefork.conf). 

    <IfModule mpm_prefork_module>
       StartServers            15
       MinSpareServers          5
       MaxSpareServers         15
       MaxRequestWorkers       75
       MaxConnectionsPerChild 500
    </IfModule>

  7. (Ubuntu Trusty, Ubuntu Xenial, Debian Jessie) As the root user, enable the mpm_prefork module:

    a2dismod mpm_event
    a2enmod mpm_prefork
  8. (Fedora): As the root Linux account, edit the /etc/httpd/eg_vhost.conf file to change references from the non-existent /etc/apache2/ directory to /etc/httpd/.
  9. (Debian Wheezy): As the root Linux account, enable the Evergreen site:

    a2dissite default  # OPTIONAL: disable the default site (the "It Works" page)
    a2ensite eg.conf

    (Ubuntu Trusty, Ubuntu Xenial, Debian Jessie):

    a2dissite 000-default  # OPTIONAL: disable the default site (the "It Works" page)
    a2ensite eg.conf
  10. (Ubuntu): As the root Linux account, enable Apache to write to the lock directory; this is currently necessary because Apache is running as the opensrf user:

    chown opensrf /var/lock/apache2

Learn more about additional Apache options in the following sections: