digilib: doc/src/site/markdown/server-setup.md annotate

annotate doc/src/site/markdown/server-setup.md @ 1683:53ba1e2ea3f6

Manifester servlet sends manifest.json file from directory. Sends file instead of auto-generated manifest. Solution a) of issue #11.

author	Robert Casties <casties@mpiwg-berlin.mpg.de>
date	Thu, 22 Mar 2018 20:16:02 +0100
parents	6d5e04a54848
children	7e4396e467de

rev	line source
1681 6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	1 # Server setup for digilib
1658 28df291d4e26 Updated documentation. Robert Casties <r0bcas7@gmail.com> parents: diff changeset	2
28df291d4e26 Updated documentation. Robert Casties <r0bcas7@gmail.com> parents: diff changeset	3 There are a variety of ways to deploy digilib on different server configurations for production sites.
28df291d4e26 Updated documentation. Robert Casties <r0bcas7@gmail.com> parents: diff changeset	4
1681 6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	5 Here are some examples and tips.
1658 28df291d4e26 Updated documentation. Robert Casties <r0bcas7@gmail.com> parents: diff changeset	6
28df291d4e26 Updated documentation. Robert Casties <r0bcas7@gmail.com> parents: diff changeset	7 ## nginx as proxy
28df291d4e26 Updated documentation. Robert Casties <r0bcas7@gmail.com> parents: diff changeset	8
28df291d4e26 Updated documentation. Robert Casties <r0bcas7@gmail.com> parents: diff changeset	9 This is an example configuration for `nginx` as a proxy for a single instance
28df291d4e26 Updated documentation. Robert Casties <r0bcas7@gmail.com> parents: diff changeset	10 of digilib (listening on port `8080`) that handles transport encryption and
28df291d4e26 Updated documentation. Robert Casties <r0bcas7@gmail.com> parents: diff changeset	11 restricts access to sensitive data to the gateway of a local network
28df291d4e26 Updated documentation. Robert Casties <r0bcas7@gmail.com> parents: diff changeset	12 (`1.2.3.4`).
28df291d4e26 Updated documentation. Robert Casties <r0bcas7@gmail.com> parents: diff changeset	13
28df291d4e26 Updated documentation. Robert Casties <r0bcas7@gmail.com> parents: diff changeset	14 ```nginx
28df291d4e26 Updated documentation. Robert Casties <r0bcas7@gmail.com> parents: diff changeset	15 server {
28df291d4e26 Updated documentation. Robert Casties <r0bcas7@gmail.com> parents: diff changeset	16 listen 443 ssl http2;
28df291d4e26 Updated documentation. Robert Casties <r0bcas7@gmail.com> parents: diff changeset	17 listen [::]:443 ssl http2;
28df291d4e26 Updated documentation. Robert Casties <r0bcas7@gmail.com> parents: diff changeset	18 server_name digilib.example.org;
28df291d4e26 Updated documentation. Robert Casties <r0bcas7@gmail.com> parents: diff changeset	19
28df291d4e26 Updated documentation. Robert Casties <r0bcas7@gmail.com> parents: diff changeset	20 # this certificate chain shall not include the root certificate:
28df291d4e26 Updated documentation. Robert Casties <r0bcas7@gmail.com> parents: diff changeset	21 ssl_certificate /etc/ssl/certs/digilib.example.org.pem;
28df291d4e26 Updated documentation. Robert Casties <r0bcas7@gmail.com> parents: diff changeset	22 ssl_certificate_key /etc/ssl/private/digilib.example.org.key;
28df291d4e26 Updated documentation. Robert Casties <r0bcas7@gmail.com> parents: diff changeset	23
28df291d4e26 Updated documentation. Robert Casties <r0bcas7@gmail.com> parents: diff changeset	24 include /etc/nginx/proxy_params;
28df291d4e26 Updated documentation. Robert Casties <r0bcas7@gmail.com> parents: diff changeset	25
28df291d4e26 Updated documentation. Robert Casties <r0bcas7@gmail.com> parents: diff changeset	26 location ~* .*/(dlConfig\|dlRequest).jsp$ {
28df291d4e26 Updated documentation. Robert Casties <r0bcas7@gmail.com> parents: diff changeset	27 allow 1.2.3.4;
28df291d4e26 Updated documentation. Robert Casties <r0bcas7@gmail.com> parents: diff changeset	28 deny all;
28df291d4e26 Updated documentation. Robert Casties <r0bcas7@gmail.com> parents: diff changeset	29 proxy_pass http://localhost:8080;
28df291d4e26 Updated documentation. Robert Casties <r0bcas7@gmail.com> parents: diff changeset	30 }
28df291d4e26 Updated documentation. Robert Casties <r0bcas7@gmail.com> parents: diff changeset	31
28df291d4e26 Updated documentation. Robert Casties <r0bcas7@gmail.com> parents: diff changeset	32 location / {
28df291d4e26 Updated documentation. Robert Casties <r0bcas7@gmail.com> parents: diff changeset	33 proxy_pass http://localhost:8080;
28df291d4e26 Updated documentation. Robert Casties <r0bcas7@gmail.com> parents: diff changeset	34 }
28df291d4e26 Updated documentation. Robert Casties <r0bcas7@gmail.com> parents: diff changeset	35 }
28df291d4e26 Updated documentation. Robert Casties <r0bcas7@gmail.com> parents: diff changeset	36 ```
28df291d4e26 Updated documentation. Robert Casties <r0bcas7@gmail.com> parents: diff changeset	37
1681 6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	38 ### Resources
1658 28df291d4e26 Updated documentation. Robert Casties <r0bcas7@gmail.com> parents: diff changeset	39
28df291d4e26 Updated documentation. Robert Casties <r0bcas7@gmail.com> parents: diff changeset	40 - the [nginx documentation](nginx.org/en/docs/)
1681 6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	41
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	42 ## Apache as proxy and load-balancer
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	43
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	44 This is an example configuration for [Apache](https://httpd.apache.org/) as a proxy and load balancer for two instances of
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	45 digilib (one running on localhost, port 8080 and another on otherserver, port 8080), using SSL and http/2:
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	46
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	47 ```
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	48 <VirtualHost *:443>
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	49 # HTTP/2 protocol (Apache 2.4.29 and later)
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	50 Protocols h2 http/1.1
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	51 ServerName digilib.example.com
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	52 SSLCertificateFile /etc/ssl/private/digilib-cert.pem
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	53 SSLCertificateKeyFile /etc/ssl/private/digilib-key.pem
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	54 SSLEngine on
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	55
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	56 DocumentRoot /var/www
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	57 <Directory />
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	58 Options FollowSymLinks
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	59 AllowOverride None
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	60 </Directory>
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	61 <Directory /var/www/>
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	62 Options Indexes FollowSymLinks MultiViews
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	63 AllowOverride None
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	64 Order allow,deny
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	65 allow from all
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	66 </Directory>
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	67
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	68 ErrorLog ${APACHE_LOG_DIR}/digilib-ssl-error.log
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	69 LogLevel warn
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	70 CustomLog ${APACHE_LOG_DIR}/digilib-ssl-access.log combined
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	71
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	72 # do not forward-proxy!
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	73 ProxyRequests off
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	74 # set proxy proto header
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	75 RequestHeader set X-Forwarded-Proto "https"
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	76 # digilib instances
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	77 <Proxy balancer://digilibs>
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	78 BalancerMember http://127.0.0.1:8080
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	79 BalancerMember http://otherserver.example.com:8080
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	80 </Proxy>
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	81 # balance by busy-ness
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	82 ProxyPass /digitallibrary balancer://digilibs/digitallibrary lbmethod=bybusyness
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	83 ProxyPassReverse /digitallibrary balancer://digilibs/digitallibrary
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	84
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	85 # balancer-manager frontend (be careful!)
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	86 <Location /balancer-manager>
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	87 SetHandler balancer-manager
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	88 Require host localhost
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	89 </Location>
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	90 </VirtualHost>
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	91 ```
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	92
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	93 ## Jetty behind a proxy
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	94
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	95 When you are using [Jetty](https://www.eclipse.org/jetty/) as servlet container behind an Apache or nginx proxy
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	96 then you should make sure that Jetty processes the `X-Forwarded-*` headers from the proxy server to derive the
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	97 correct request URL for the servlets.
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	98
6d5e04a54848 updated server-setup documentation. fixed broken link. Robert Casties <casties@mpiwg-berlin.mpg.de> parents: 1658 diff changeset	99 Please see [this information for Jetty 9.4](http://www.eclipse.org/jetty/documentation/9.4.x/configuring-connectors.html#_proxy_load_balancer_connection_configuration) or [this information for Jetty 8 and earlier versions](https://wiki.eclipse.org/Jetty/Tutorial/Apache#Configuring_mod_proxy_http).

Mercurial > hg > digilib

annotate doc/src/site/markdown/server-setup.md @ 1683:53ba1e2ea3f6