Difference between revisions of "PubMan 7 7 bugfix"
Jump to navigation
Jump to search
Siedersleben (talk | contribs) |
Siedersleben (talk | contribs) |
||
(22 intermediate revisions by 3 users not shown) | |||
Line 11: | Line 11: | ||
== Coreservice JBoss == | == Coreservice JBoss == | ||
modify to https in escidoc-core.properties | * modify to https in escidoc-core.properties und escidoc-core.custom.properties | ||
# Base URL of the eSciDoc Infrastructure, typically | # Base URL of the eSciDoc Infrastructure, typically | ||
Line 17: | Line 17: | ||
# is running, and the port on which the servlet | # is running, and the port on which the servlet | ||
# container listens for incoming HTTP requests | # container listens for incoming HTTP requests | ||
escidoc-core.baseurl = https:// | escidoc-core.baseurl = https://coreservice.mpdl.mpg.de | ||
modify to https in escidoc-core.properties | * modify to https in escidoc-core.properties | ||
# URL that points to the Admin Tool (used in welcome page) | # URL that points to the Admin Tool (used in welcome page) | ||
# | # | ||
admin-tool.url = /AdminTool?escidocurl=https:// | admin-tool.url = /AdminTool?escidocurl=https://coreservice.mpdl.mpg.de | ||
* add new category to jboss-log4j.xml | |||
<category name="de.escidoc.core.adm.business.admin"> | |||
<priority value="INFO" /> | |||
<appender-ref ref="FILE"/> | |||
</category> | |||
* replace escidoc-core.ear and fedoragsearch.war in WILDFLY_HOME/../deploy from /home/siedersleben/pubman-7.7.4-bugfix | |||
== Core Infrastructure == | == Core Infrastructure == | ||
Line 36: | Line 45: | ||
== PubMan Properties == | == PubMan Properties == | ||
add property (file footer.txt already extsts in ../main | * add property (file footer.txt already extsts in ../main | ||
#file name of html snippet which should be included in footer of every PubMan page, e.g. for Piwik | #file name of html snippet which should be included in footer of every PubMan page, e.g. for Piwik | ||
escidoc.pubman.footer.fileName=footer.txt | escidoc.pubman.footer.fileName=footer.txt | ||
* adapt to https: | |||
# URL of the escidoc-core instance you like to logon to | |||
escidoc.framework_access.login.url=https://coreservice.mpdl.mpg.de | |||
== PubMan Apache== | == PubMan Apache== | ||
===Apache Config=== | |||
SSLEngine on | |||
SSLCipherSuite HIGH:MEDIUM | |||
# Your signed server certificate | |||
SSLCertificateFile /etc/apache2/ssl.crt/ssl.crt | |||
SSLCertificateChainFile /etc/apache2/ssl.crt/ca.crt | |||
# Your private key for encryption | |||
SSLCertificateKeyFile /etc/apache2/ssl.key/ssl.key | |||
# The CA's | |||
SSLCACertificateFile /etc/apache2/ssl.crt/ca.crt | |||
# Force SSLv3 and TLSv1 Only! | |||
SSLProtocol all -SSLv2 | |||
<Files ~ "\.(cgi|shtml|phtml|php3?)$"> | |||
SSLOptions +StdEnvVars | |||
</Files> | |||
SetEnvIf User-Agent ".*MSIE.*" \ | |||
nokeepalive ssl-unclean-shutdown \ | |||
downgrade-1.0 force-response-1.0 | |||
===listen.conf=== | |||
Listen 443 | |||
NameVirtualHost *:443 | |||
== PubMan Wildfly== | == PubMan Wildfly== | ||
== PubMan PidCache == | == PubMan PidCache == | ||
* correct missing component pids | |||
== eSciDoc-OAI-Provider == | == eSciDoc-OAI-Provider == | ||
== AA == | == AA == | ||
siehe CoNE | |||
== Validation Database == | == Validation Database == | ||
Line 60: | Line 101: | ||
escidoc.aa.client.logout.class=de.mpg.escidoc.services.aa.web.client.EscidocAaLogoutClient | escidoc.aa.client.logout.class=de.mpg.escidoc.services.aa.web.client.EscidocAaLogoutClient | ||
adapt to https in cone.properties und auth.properties | |||
# URL of the eSciDoc infrastructure instance (only for eSciDoc authentication) | |||
escidoc.framework_access.framework.url=https://coreservice.mpdl.mpg.de | |||
# URL of the escidoc-core instance you like to logon to (only for eSciDoc authentication) | |||
escidoc.framework_access.login.url=https://coreservice.mpdl.mpg.de | |||
Results-Table needs to be recreated | |||
==eSciDoc Admin== | ==eSciDoc Admin== | ||
* adapt to https protocol | |||
in .../prod.cfg new property framework.host_scheme, remove port from framework.host | |||
# this is the Hostname:Port of the framework to be administered | |||
framework.host="coreservice.mpdl.mpg.de" | |||
framework.host_scheme="https" | |||
in .../lib/util.py | |||
def get_login_url(target=None): | |||
login_url = "%s://%s%s" % (config.get('framework.host_scheme'), config.get('framework.host'), client.LOGIN_PATH) | |||
if target: | |||
login_url = "%s?%s" % (login_url, urllib.urlencode(dict(target=target))) | |||
return login_url | |||
== Data Migration == | == Data Migration == |
Latest revision as of 12:12, 16 October 2014
PubMan 7.7 Bugfix Release[edit]
Affected Servers[edit]
Prepare read only system[edit]
Fedora[edit]
Coreservice Apache[edit]
- adapt coreservice to https protocol
Coreservice JBoss[edit]
- modify to https in escidoc-core.properties und escidoc-core.custom.properties
# Base URL of the eSciDoc Infrastructure, typically # the host name of the machine the servlet container # is running, and the port on which the servlet # container listens for incoming HTTP requests escidoc-core.baseurl = https://coreservice.mpdl.mpg.de
- modify to https in escidoc-core.properties
# URL that points to the Admin Tool (used in welcome page) # admin-tool.url = /AdminTool?escidocurl=https://coreservice.mpdl.mpg.de
- add new category to jboss-log4j.xml
<category name="de.escidoc.core.adm.business.admin"> <priority value="INFO" /> <appender-ref ref="FILE"/> </category>
- replace escidoc-core.ear and fedoragsearch.war in WILDFLY_HOME/../deploy from /home/siedersleben/pubman-7.7.4-bugfix
Core Infrastructure[edit]
Core Properties[edit]
Core Index Properties[edit]
PubMan EAR[edit]
PubMan Properties[edit]
- add property (file footer.txt already extsts in ../main
#file name of html snippet which should be included in footer of every PubMan page, e.g. for Piwik escidoc.pubman.footer.fileName=footer.txt
- adapt to https:
# URL of the escidoc-core instance you like to logon to escidoc.framework_access.login.url=https://coreservice.mpdl.mpg.de
PubMan Apache[edit]
Apache Config[edit]
SSLEngine on SSLCipherSuite HIGH:MEDIUM # Your signed server certificate SSLCertificateFile /etc/apache2/ssl.crt/ssl.crt SSLCertificateChainFile /etc/apache2/ssl.crt/ca.crt # Your private key for encryption SSLCertificateKeyFile /etc/apache2/ssl.key/ssl.key # The CA's SSLCACertificateFile /etc/apache2/ssl.crt/ca.crt # Force SSLv3 and TLSv1 Only! SSLProtocol all -SSLv2 <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0
listen.conf[edit]
Listen 443 NameVirtualHost *:443
PubMan Wildfly[edit]
PubMan PidCache[edit]
- correct missing component pids
eSciDoc-OAI-Provider[edit]
AA[edit]
siehe CoNE
Validation Database[edit]
Migration database[edit]
CoNE[edit]
new property in cone.properties und auth.properties (already prepared)
escidoc.aa.client.logout.class=de.mpg.escidoc.services.aa.web.client.EscidocAaLogoutClient
adapt to https in cone.properties und auth.properties
# URL of the eSciDoc infrastructure instance (only for eSciDoc authentication) escidoc.framework_access.framework.url=https://coreservice.mpdl.mpg.de # URL of the escidoc-core instance you like to logon to (only for eSciDoc authentication) escidoc.framework_access.login.url=https://coreservice.mpdl.mpg.de
Results-Table needs to be recreated
eSciDoc Admin[edit]
- adapt to https protocol
in .../prod.cfg new property framework.host_scheme, remove port from framework.host
# this is the Hostname:Port of the framework to be administered framework.host="coreservice.mpdl.mpg.de" framework.host_scheme="https"
in .../lib/util.py
def get_login_url(target=None): login_url = "%s://%s%s" % (config.get('framework.host_scheme'), config.get('framework.host'), client.LOGIN_PATH) if target: login_url = "%s?%s" % (login_url, urllib.urlencode(dict(target=target))) return login_url