/ - Diff - Metacat - Ecoinformatics Redmine

     NameVirtualHost *:80
     <VirtualHost *:80>
             DocumentRoot /var/lib/tomcat6/webapps/metacat
             ServerName <your_hostname_here>
             ScriptAlias /metacat/cgi-bin/ /var/lib/tomcat6/webapps/metacat/cgi-bin/
             <Directory "/var/lib/tomcat6/webapps/metacat/cgi-bin/">
                     AllowOverride All
                     Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                     Order allow,deny
                     Allow from all
             </Directory>
             <IfModule mod_jk.c>
                     JkMount /metacat ajp13
                     JkMount /metacat/* ajp13
                     JkMount /metacat/metacat ajp13
                     JkMount /*.jsp ajp13
                     JkUnMount /metacat/cgi-bin/* ajp13
             		JkOptions +ForwardURICompatUnparsed
             </IfModule>
            	AllowEncodedSlashes On
     		AcceptPathInfo      On
     </VirtualHost>

     <IfModule mod_ssl.c>
     NameVirtualHost *:443
     <VirtualHost *:443>
             DocumentRoot /var/lib/tomcat6/webapps/metacat
             ScriptAlias /metacat/cgi-bin/ /var/lib/tomcat6/webapps/metacat/cgi-bin/
             <Directory "/var/lib/tomcat6/webapps/metacat/cgi-bin/">
                     AllowOverride All
                     Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                     Order allow,deny
                     Allow from all
             </Directory>
             <IfModule mod_jk.c>
                     JkMount /metacat ajp13
                     JkMount /metacat/* ajp13
                     JkMount /metacat/metacat ajp13
                     JkMount /*.jsp ajp13
                     JkUnMount /metacat/cgi-bin/* ajp13
                     JkOptions +ForwardURICompatUnparsed
             </IfModule>
             AllowEncodedSlashes On
             AcceptPathInfo      On
             #   SSL Engine Switch:
             #   Enable/Disable SSL for this virtual host.
             SSLEngine on
             SSLOptions +StrictRequire +StdEnvVars +ExportCertData
             #   A self-signed (snakeoil) certificate can be created by installing
             #   the ssl-cert package. See
             #   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
             #   If both key and certificate are stored in the same file, only the
             #   SSLCertificateFile directive is needed.
             SSLCertificateFile /etc/ssl/certs/<your_cert_name>.crt
             SSLCertificateKeyFile /etc/ssl/private/<your_cert_name>.key
             SSLCertificateChainFile /etc/ssl/certs/<CA chain file>.crt
             #   Certificate Authority (CA):
             #   Set the CA certificate verification path where to find CA
             #   certificates for client authentication or alternatively one
             #   huge file containing all of them (file must be PEM encoded)
             #   Note: Inside SSLCACertificatePath you need hash symlinks
             #         to point to the certificate files. Use the provided
             #         Makefile to update the hash symlinks after changes.
             # Use the correct DataONE chain for validating client certificates
             # see: https://repository.dataone.org/software/tools/trunk/ca
             SSLCACertificatePath /etc/ssl/certs/
             #SSLCACertificateFile /etc/ssl/certs/DataONECAChain.crt
             SSLVerifyClient optional
             SSLVerifyDepth  10
             #   Client Authentication (Type):
             #   Client certificate verification type and depth.  Types are
             #   none, optional, require and optional_no_ca.  Depth is a
             #   number which specifies how deeply to verify the certificate
             #   issuer chain before deciding the certificate is not valid.
             <Location /metacat/servlet/replication>
                     SSLVerifyClient require
                     SSLVerifyDepth  10
             </Location>
     		# disable SSL v2 and v3
     		# intermediate configuration from https://mozilla.github.io/server-side-tls/ssl-config-generator/
     		SSLProtocol             all -SSLv2 -SSLv3
     		SSLCipherSuite          ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
     		SSLHonorCipherOrder     on
     </VirtualHost>
     </IfModule>

       <CONTEXT_DIR>/WEB_INF/metacat.properties
     Where ``<CONTEXT_DIR>`` is the directory in which the Metacat application code
     lives (e.g., ``/var/lib/tomcat6/webapps/metacat``). The path is a combination
     of the Web application directory (e.g., ``/var/lib/tomcat6/webapps/``) and
     lives (e.g., ``/var/lib/tomcat7/webapps/metacat``). The path is a combination
     of the Web application directory (e.g., ``/var/lib/tomcat7/webapps/``) and
     the Metacat context directory (e.g., ``metacat``). Both values depend upon how your
     system was set up during installation.

       * In order to use the Metacat Registry (and for a more robust Web-serving environment in general), the Apache Web server should be installed with Tomcat and the two should be integrated. See the installing Apache for more information.
     * `Java 6`_ (Note: Java 5 is deprecated)
     * `Java 7`_ (Note: Java 6 is deprecated)
     .. _PostgreSQL: http://www.postgresql.org/
-...
     .. _Apache HTTPD Server: http://httpd.apache.org/
     .. _Java 6: http://www.oracle.com/technetwork/java/javaee/overview/index.html
     .. _Java 7: http://www.oracle.com/technetwork/java/javase/downloads/jre7-downloads-1880261.html
     System requirements for running Metacat:
-...
 . Download Metacat from the `Metacat Download Page`_ and extract the archive
 . ``sudo mkdir /var/metacat; sudo chown -R <tomcat_user> /var/metacat``
 . ``sudo cp <metacat_package_dir>/metacat.war <tomcat_app_dir>``
 . ``sudo /etc/init.d/tomcat6 restart``
 . ``sudo /etc/init.d/tomcat7 restart``
 . Configure Metacat through the Web interface
     .. _Metacat Download Page: http://knb.ecoinformatics.org/software/metacat/
-...
     File               Description
     ================== =====================================================================
     metacat.war        The Metacat Web archive file (WAR)
     metacat-site       Sample Web definition file used by Apache on Ubuntu/Debian
     metacat-site.conf       Sample Web definition file used by Apache on Ubuntu/Debian
                        Linux systems.
     metacat-site-ssl   Sample SSL definition file used by Apache on Ubuntu/Debian
     metacat-site-ssl.conf   Sample SSL definition file used by Apache on Ubuntu/Debian
                        Linux systems.
     jk.conf            Sample JkMount configuration file used by Apache on
                        Ubuntu/Debian Linux systems.
-...
     also highly recommend that you install Apache Web server, as it provides a more
     robust Web-serving environment and is required by some Metacat functionality.
     * `Java 6`_
     * `Java 7`_
     * `Apache Tomcat`_
     * `Apache HTTPD Server`_ (Highly Recommended)
     * PostgreSQL_ Database (or Oracle_)
     * `Apache Ant`_ (if building from Source)
     Java 6
     Java 7
     ......
     To run Metacat, you should use Java 6 (Java 5 is deprecated and will not be
     supported after Metacat version 1.9.2). Make sure that the JAVA_HOME
     To run Metacat, you should use Java 7. Make sure that the JAVA_HOME
     environment variable is properly set and that both ``java`` and ``javac``
     are on your PATH.
     To install Java if you are running Ubuntu_/Debian, you can download the appropriate self-extracting installer::
     To install Java if you are running Ubuntu_/Debian, you can install using apt-get::
       wget http://download.oracle.com/otn-pub/java/jdk/6u30-b12/jdk-6u30-linux-x64.bin
     and follow these commands to install::
       sudo mkdir -p /opt/java/64
       sudo mv jdk-6u30-linux-x64.bin /opt/java/64
       cd /opt/java/64
       sudo chmod +x jdk-6u30-linux-x64.bin
       sudo ./jdk-6u30-linux-x64.bin
       sudo update-alternatives --install "/usr/bin/java" "java" "/opt/java/64/jdk1.6.0_30/bin/java" 1
       sudo apt-get install openjdk-7-jdk
     You must accept the license agreement during the install process.
     If you are not using Ubuntu_/Debian, you can get Java from the Oracle_ website and install using the RPM or other installer (Windows).
     .. _Ubuntu: http://www.ubuntu.com/
     Apache Tomcat
     .............
     We recommend that you install Tomcat 6 into the directory of your choice.
     We recommend that you install Tomcat 6 or 7 into the directory of your choice.
     Included with the Metacat download is a Tomcat-friendly start-up script that
     should be installed as well.
-...
     If you are running Ubuntu_/Debian, get Tomcat by typing::
       sudo apt-get install tomcat6
       sudo apt-get install tomcat7
     Otherwise, get Tomcat from the `Apache Tomcat`_ page.
-...
     For DataONE deployments edit::
     	/etc/tomcat6/catalina.properties
     	/etc/tomcat7/catalina.properties
     to include::
-...
       sudo a2dismod jk
       sudo a2enmod jk
 . Apache needs to know about the Metacat site. The helper file named "metacat-site" has rules that tell Apache which traffic to route to Metacat. Set up Metacat site by dropping the metacat-site file into the sites-available directory and running a2ensite to enable the site:
 . Apache needs to know about the Metacat site. The helper file named "metacat-site.conf" has rules that tell Apache which traffic to route to Metacat. Set up Metacat site by dropping the metacat-site file into the sites-available directory and running a2ensite to enable the site:
     ::
       sudo cp <metacat_helper_dir>/metacat-site <apache_install_dir>/sites-available
       sudo a2ensite metacat-site
       sudo cp <metacat_helper_dir>/metacat-site.conf <apache_install_dir>/sites-available
       sudo a2ensite metacat-site.conf
 . Disable the default Apache site configuration:
-...
         sudo chown -R <tomcat_user> /var/metacat
 .  Install the Metacat WAR in the Tomcat web-application directory. For instructions on downloading the Metacat WAR, please see Downloading Metacat.  Typically, Tomcat will look for its application files (WAR files) in the <tomcat_home>/webapps directory (e.g., /usr/share/tomcat6/webapps). Your instance of Tomcat may be configured to look in a different directory. We will refer to the Tomcat application directory as <tomcat_app_dir>.  NOTE: The name of the WAR file (e.g., metacat.war) provides the application context, which appears in the URL of the Metacat (e.g., http://yourserver.com/metacat/). To change the context, simply change the name of the WAR file to the desired name before copying it.  To install the Metacat WAR:
 .  Install the Metacat WAR in the Tomcat web-application directory. For instructions on downloading the Metacat WAR, please see Downloading Metacat.  Typically, Tomcat will look for its application files (WAR files) in the <tomcat_home>/webapps directory (e.g., /usr/share/tomcat7/webapps). Your instance of Tomcat may be configured to look in a different directory. We will refer to the Tomcat application directory as <tomcat_app_dir>.  NOTE: The name of the WAR file (e.g., metacat.war) provides the application context, which appears in the URL of the Metacat (e.g., http://yourserver.com/metacat/). To change the context, simply change the name of the WAR file to the desired name before copying it.  To install the Metacat WAR:
       ::
-...
       ::
         sudo /etc/init.d/tomcat6 restart
         sudo /etc/init.d/tomcat7 restart
     Congratulations! You have now installed Metacat. If everything is installed
     correctly, you should see the Authentication Configuration screen (Figure 2.1)
-...
       ::
         /etc/init.d/tomcat6 stop
         /etc/init.d/tomcat7 stop
 . Back up the existing Metacat installation. Although not required, we highly recommend that you back up your existing Metacat to a backup directory (<backup_dir>) before installing a new one. You can do so by typing:
-...
       ::
         /etc/init.d/tomcat6 restart
         /etc/init.d/tomcat7 restart
 . Run your new Metacat servlet. Go to a Web browser and visit your installed
-...
       ::
         sudo cp <metacat_package_directory>/authority.war /usr/share/tomcat6/webapps
         sudo cp <metacat_package_directory>/authority.war /usr/share/tomcat7/webapps
 . Set up the LSID server by dropping the authority file into Apache's
        sites-available directory and running a2ensite to enable the site:
-...
       ::
         /etc/init.d/tomcat6 restart
         /etc/init.d/tomcat7 restart
 . If you are running Tomcat behind the Apache server (the recommended
        configuration), set up and enable the authority service site configurations by
-...
     Before you can install and run Metacat, you must ensure that a recent Java SDK,
     PostgreSQL and Tomcat are installed, configured, and running correctly.
     * `Java 6`_
     * `Java 7`_
     * `Apache Tomcat`_
     * PostgreSQL_ Database
     Java 6
     Java 7
     ......
     To run Metacat, you must have Java 6. (Java 5 is deprecated). Make sure that
     To run Metacat, you must have Java 7. Make sure that
     the JAVA_HOME environment variable is properly set and that both java and javac
     are on your PATH.
     To download and install Java:
 . Browse to: http://java.sun.com/javase/downloads/widget/jdk6.jsp and follow
        the instructions to download JDK 6.
 . Browse to: http://www.oracle.com/technetwork/java/javase/downloads/jre7-downloads-1880261.html and follow
        the instructions to download JDK 7.
 . Run the downloaded installer to install Java.
-...
       ::
         System Variable: JAVA_HOME C:\Program Files\Java\jdk1.6.0_18
         System Variable: JAVA_HOME C:\Program Files\Java\jdk1.7.0_79
         (or whichever version you downloaded)
     Apache Tomcat
     .............
     We recommend that you install Tomcat version 6.  To download and install Tomcat:
     We recommend that you install Tomcat version 7.  To download and install Tomcat:
 . Browse to: http://tomcat.apache.org/
 . Download the Tomcat core zip file

          sudo cp <hostname>-apache.key /etc/ssl/private
 . Apache needs to be configured to request a client certificate when the
        replication API is utilized. The helper file named "metacat-site-ssl" has default
        replication API is utilized. The helper file named "metacat-site-ssl.conf" has default
        rules that configure Apache for SSL and client certificate authentication.
        Set up these SSL settings by copying the metacat-site-ssl file into the ``sites-available``
        Set up these SSL settings by copying the metacat-site-ssl.conf file into the ``sites-available``
        directory, editing pertinent values to match your system and running
        ``a2ensite`` to enable the site. (Note: some settings in metacat-site-ssl need to be
        ``a2ensite`` to enable the site. (Note: some settings in metacat-site-ssl.conf need to be
        changed to match the specifics of your system and Metacat deployment.)
        ::
          sudo cp <metacat_helper_dir>/metacat-site-ssl <apache_install_dir>/sites-available
          sudo a2ensite metacat-site-ssl
          sudo cp <metacat_helper_dir>/metacat-site-ssl.conf <apache_install_dir>/sites-available
          sudo a2ensite metacat-site-ssl.conf
 . Enable the ssl module:
-...
        ::
          sudo /etc/init.d/tomcat6 restart
          sudo /etc/init.d/tomcat7 restart
        where the ``<remotehostfilename>`` is the name of the certificate file

     wish to appear in the registry.
     Once you have saved your changes, you must restart Tomcat for them to come
     into effect. To restart Tomcat, type: ``sudo /etc/init.d/tomcat6 restart`` or an
     into effect. To restart Tomcat, type: ``sudo /etc/init.d/tomcat7 restart`` or an
     equivalent command appropriate to your operating system.
     .. figure:: images/screenshots/image037.jpg

       ::
         /etc/init.d/tomcat6 restart
         /etc/init.d/tomcat7 restart
     Navigate to Metacat's Configuration utility  and select the Configure Skins
     option. Your custom skin should appear as a choice in the skins list. Change

     <IfModule mod_ssl.c>
     NameVirtualHost *:443
     <VirtualHost *:443>
             DocumentRoot /var/lib/tomcat6/webapps/metacat
             ScriptAlias /metacat/cgi-bin/ /var/lib/tomcat6/webapps/metacat/cgi-bin/
             <Directory "/var/lib/tomcat6/webapps/metacat/cgi-bin/">
                     AllowOverride All
                     Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                     Order allow,deny
                     Allow from all
             </Directory>
             <IfModule mod_jk.c>
                     JkMount /metacat ajp13
                     JkMount /metacat/* ajp13
                     JkMount /metacat/metacat ajp13
                     JkMount /*.jsp ajp13
                     JkUnMount /metacat/cgi-bin/* ajp13
                     JkOptions +ForwardURICompatUnparsed
             </IfModule>
             AllowEncodedSlashes On
             AcceptPathInfo      On
             #   SSL Engine Switch:
             #   Enable/Disable SSL for this virtual host.
             SSLEngine on
             SSLOptions +StrictRequire +StdEnvVars +ExportCertData
             #   A self-signed (snakeoil) certificate can be created by installing
             #   the ssl-cert package. See
             #   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
             #   If both key and certificate are stored in the same file, only the
             #   SSLCertificateFile directive is needed.
             SSLCertificateFile /etc/ssl/certs/<your_cert_name>.crt
             SSLCertificateKeyFile /etc/ssl/private/<your_cert_name>.key
             SSLCertificateChainFile /etc/ssl/certs/<CA chain file>.crt
             #   Certificate Authority (CA):
             #   Set the CA certificate verification path where to find CA
             #   certificates for client authentication or alternatively one
             #   huge file containing all of them (file must be PEM encoded)
             #   Note: Inside SSLCACertificatePath you need hash symlinks
             #         to point to the certificate files. Use the provided
             #         Makefile to update the hash symlinks after changes.
             # Use the correct DataONE chain for validating client certificates
             # see: https://repository.dataone.org/software/tools/trunk/ca
             SSLCACertificatePath /etc/ssl/certs/
             #SSLCACertificateFile /etc/ssl/certs/DataONECAChain.crt
             SSLVerifyClient optional
             SSLVerifyDepth  10
             #   Client Authentication (Type):
             #   Client certificate verification type and depth.  Types are
             #   none, optional, require and optional_no_ca.  Depth is a
             #   number which specifies how deeply to verify the certificate
             #   issuer chain before deciding the certificate is not valid.
             <Location /metacat/servlet/replication>
                     SSLVerifyClient require
                     SSLVerifyDepth  10
             </Location>
     		# disable SSL v2 and v3
     		# intermediate configuration from https://mozilla.github.io/server-side-tls/ssl-config-generator/
     		SSLProtocol             all -SSLv2 -SSLv3
     		SSLCipherSuite          ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
     		SSLHonorCipherOrder     on
     </VirtualHost>
     </IfModule>

     NameVirtualHost *:80
     <VirtualHost *:80>
             DocumentRoot /var/lib/tomcat6/webapps/metacat
             ServerName <your_hostname_here>
             ScriptAlias /metacat/cgi-bin/ /var/lib/tomcat6/webapps/metacat/cgi-bin/
             <Directory "/var/lib/tomcat6/webapps/metacat/cgi-bin/">
                     AllowOverride All
                     Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                     Order allow,deny
                     Allow from all
             </Directory>
             <IfModule mod_jk.c>
                     JkMount /metacat ajp13
                     JkMount /metacat/* ajp13
                     JkMount /metacat/metacat ajp13
                     JkMount /*.jsp ajp13
                     JkUnMount /metacat/cgi-bin/* ajp13
             		JkOptions +ForwardURICompatUnparsed
             </IfModule>
            	AllowEncodedSlashes On
     		AcceptPathInfo      On
     </VirtualHost>

src/scripts/debian/workers.properties
1		workers.tomcat_home=/usr/share/tomcat6
2		workers.java_home=/usr/lib/jvm/java-1.6.0-sun
	1	workers.tomcat_home=/usr/share/tomcat7
	2	workers.java_home=/usr/lib/jvm/java-7-openjdk-amd64
3	3
4	4	worker.list=ajp13
5	5	worker.ajp13.port=8009

Project

General

Profile

Metacat

Revision 9386

Added by ben leinfelder about 9 years ago