If you are upgrading, you do not need to reconfigure your Apache installation unless you want to add the ExtraView Spell Check utility.
However, if you have upgraded your version of Tomcat, you will need to verify that the paths in your extraview.conf and httpd.conf files match the current paths to Tomcat – see the section “Configure Apache” below for instructions.
If you are upgrading, ExtraView now supports compressed javascript files. There is a configuration change needed to your Apache setup in order to take advantage of this – please see the section entitled Configuring Apache to Use JavaScript Compression at the bottom of this page.
Installation of Apache
The following steps will install Apache 2.4 into the directory /httpd-2.4.28.
cd
gunzip httpd-2.4.28.tar.gz
tar xvf httpd-2.4.28.tar
cd httpd-2.4.28
./configure –prefix=/httpd-2.4.28 –enable-mods-shared=most –enable-ssl=shared
make
make install
The Apache web server is now installed in the directory /httpd-2.4.28. You can su to root and start/stop the apache server using the following commands:
/httpd-2.4.28/bin/apachectl start
/httpd-2.4.28/bin/apachectl stop
If you enter the URL of the server into a browser, for example http://server.domain.com, you should get the Apache test page.
Compile the Tomcat Connector
For Linux
cd
gunzip tomcat-connectors-1.2.32-src.tar.gz
tar xvf tomcat-connectors-1.2.32-src.tar
cd tomcat-connectors-1.2.32-src
cd native
./configure –with-apxs=/httpd-2.4.28/bin/apxs
make
make install
mod_jk.so
will be installed in /httpd-2.4.28/modules
cd
cp workers.properties /httpd_2.4.28/conf
Edit the Apache configuration file httpd.conf
vi /httpd-2.4.28/conf/httpd.conf
old line –> #ServerName new.host.name:80
new line –> ServerName extraview.yourcompany.com
Remember to use the URL of your server
old line –> ServerAdmin you@your.address
new line –> ServerAdmin serveradmin@yourcompany.com
Remember to use the email address of your administrator.
At the end of the file add the following line:
Include conf/extraview.conf
Save and exit httpd.conf
Copy the extraview.conf file:
cp /extraview.conf /httpd-2.4.28/conf
Edit the extraview.conf file and set the correct paths
ServerName extraview.yourcompany.com
ServerAdmin serveradmin@yourcompany.com
DocumentRoot /usr/local/extraview/apache-tomcat-7.0.22/webapps/evj/
<Directory /usr/local/extraview/apache-tomcat-7.0.22/webapps/evj>
Options Indexes FollowSymLinks
</Directory>
Alias /evj/ “/usr/local/extraview/apache-tomcat-7.0.22/webapps/evj/”
JkWorkersFile /usr/local/extraview/httpd-2.4.28/conf/workers.properties
Locate the line at the bottom of the extraview.conf file that refers to mod_jk.so and make any needed changes to match your mod_jk file that you either compiled or downloaded:
LoadModule jk_module modules/mod_jk-apache-2.2.4.so
The Apache configuration file, extraview.conf
should look like the following:
ServerName extraview.yourcompany.com
ServerAdmin serveradmin@yourcompany.com
DocumentRoot /usr/local/extraview/apache-tomcat-7.0.22/webapps/evj/
<Directory "/usr/local/extraview/apache-tomcat-7.0.22/webapps/evj">
AllowOverride None
Options Indexes FollowSymLinks
Require all granted
</Directory>
<Location "/evj/WEB-INF/">
Require all denied
</Location>
This assumes the location of Apache Tomcat and the ExtraView installation will be altered to suit those of your installation.
Configuring Apache with SSL
Note: If you are planning to use apache with SSL, you must complete some additional configuration steps.
You must have openssl installed on your machine, version openssl-0.9.6g or higher. This can be downloaded from http://www.openssl.org/. If you have openssl installed on the machine, you can check the version: openssl version To create a test certificate, follow the instructions below (http://www.apache-ssl.org/#FAQ).
-
Create the key and request. To create a test certificate, follow the instructions below (http://www.apache-ssl.org/#FAQ). Create the key and request. This creates a certificate signing request and a private key. When asked for “Common Name (i.e. your websites domain name)”, give the exact domain name of your web server (e.g. www.my-server.dom). The certificate belongs to this server name and browsers complain if the name doesn’t match.
openssl req -new > new.cert.csr
-
Remove the passphrase from the key (optional). This removes the passphrase from the private key. You MUST understand what this means; server.key should be only readable by the apache server and the administrator. You should delete the .rnd file because it contains the entropy information for creating the key and could be used for cryptographic attacks against your private key.
openssl rsa -in privkey.pem -out new.cert.key
-
Convert request into signed certificate. This creates a self-signed certificate that you can use until you get a “real” one from a certificate authority. (Which is optional; if you know your users, you can tell them to install the certificate into their browsers). Note that this certificate expires after one year; you can increase -days 365 if you don’t want this.
openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.cert.key -days 365
After creating your test certificate, you must place the server.crt and server.key files where Apache can find them. This is configured in the folder /usr/local/extraview/httpd-2.4.28/conf/certs.
mkdir /httpd-2.4.28/conf/certs
mv new.cert.cert /httpd-2.4.28/conf/certs
mv new.cert.key /httpd-2.4.28/conf/certs
Edit the /httpd-2.4.28/conf/httpd.conf file to enable ssl as follows:
Find the line: # Secure (SSL/TLS) connections and uncomment the line below it:
include conf/extra/httpd-ssl.conf
Edit the /httpd-2.4.28/conf/extra/httpd-ssl.conf file as follows:
Find the line #SSLCertificateFile. Uncomment it and enter the correct path:
/usr/local/extraview/httpd-2.4.28/conf/certs/new.cert.cert
Find the line #SSLCertificateKeyFile Uncomment it and enter the correct path:
/usr/local/extraview/httpd-2.4.28/conf/certs/new.cert.key
You can su to root and start/stop the apache ssl server using the following commands:
/httpd-2.4.28/bin/apachectl start
/httpd_2.4.28/bin/apachectl stop
If you enter the URL of server into a browser using the https protocol, for example https://server.domain.com, you should get the Apache test page.
Now edit the conf file to set up SSL.
vi /httpd-2.4.28/conf/extra/httpd-ssl.conf
Search for:
ServerName www.example.com:443
ServerAdmin you@example.com
Comment these lines out.
At the bottom of the file, paste in the following lines:
ServerName extraview.yourcompany.com
ServerAdmin you@example.com
DocumentRoot /usr/local/extraview/apache-tomcat-7.0.22/webapps/evj/
<Directory /usr/local/extraview/apache-tomcat-7.0.22/webapps/evj>
Options Indexes FollowSymLinks
Order allow,deny
Allow from all
</Directory>
<Location “/evj/WEB-INF/”>
Order deny,allow deny from all
</Location>
Alias /evj/ “/usr/local/extraview/apache-tomcat-7.0.22/webapps/evj/”
Edit these lines to reflect the correct ServerName, ServerAdmin and correct directory paths for DocumentRoot, Directory and Alias lines.
If you wish, you can edit the log paths:
ErrorLog “/usr/local/extraview/httpd-2.4.28/logs/error_log”
TransferLog “/usr/local/extraview/httpd-2.4.28/logs/access_log”
CustomLog “/usr/local/extraview/httpd-2.4.28/logs/ssl_request_log” “%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x “%r” %b”
Configuring the ExtraView Spell Checker
This is configured when you are installing a new ExtraView installation. If you are upgrading ExtraView, you can add this capability by modifying the ev.conf file supplied. See the page Spell Checker for instructions.
Advanced Apache Configuration Options
Internet Explorer Patch
Internet Explorer users of ExtraView will benefit from the following configuration. This greatly improves performance for these users. Find the section:
#BrowserMatch “.*MSIE.*”
# nokeepalive ssl-unclean-shutdown
# downgrade-1.0 force-response-1.0
and replace with the following:
BrowserMatch “.*MSIE [1-5].*”
nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0
BrowserMatch “.*MSIE [6-9].*”
ssl-unclean-shutdown
Using Drag-and-Drop File Upload with SSL Enabled
If your users are utilizing the drag-and-drop file upload for attachments, document fields and image fields, make sure that the Apache configuration has a ServerName or ServerAlias for the SSL virtual host that matches the hostname you are using. For example, you can customize this fragment to get the desired behavior.
ServerName mydomain.com
ServerAlias www.mydomain.com
. . .
</VirtualHost>
Configuring Apache to Use JavaScript Compression
ExtraView ships with its JavaScript files in both a compressed and a non-compressed format. There may be a considerable speed advantage to using the compressed JavaScript files, especially if your users do not have access to a high bandwidth network. To enable the delivery of compressed JavaScript to your user’s computers, set these directives in your extraview.conf file:
Within the <VIrtualHost></VirtualHost> section:
#LoadModule rewrite_module modules/mod_rewrite.so
Remove the comment character (#
) at the beginning of the line.
Lastly, look for the line:
#LoadModule headers_module modules/mod_headers.so
and remove the comment character (#
) from the beginning of the line. The Apache server must be restarted after these changes.
Securing Apache
The extraview.conf delivered with ExtraView contains a section that restricts access to the folders on the filesystem of the server that contain the ExtraView application.
<Location “/evj/WEB-INF/”>
Require all denied
</Location>
This default setting is predefined to work when configured to use a URL that looks like http://yourserver.yourdomain.com/evj/ExtraView to access ExtraView. If you have additional or different Apache configurations that perform redirection, URL rewriting or URL forwarding, it is important to test for a secure system to ensure that users do not have the ability to get a directory listing of the evj/WEB-INF folder or folders and the files they contain, as these files may contain sensitive information. Consult Apache documentation for additional details.