Mercurial > hg > digilib

annotate doc/src/site/markdown/server-setup.md @ 1686:e46756f0d661

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Config to select page labels and documentation for Manifester.
author Robert Casties <casties@mpiwg-berlin.mpg.de>
date Mon, 26 Mar 2018 19:09:27 +0200
parents 6d5e04a54848
children 7e4396e467de
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1681
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
1 # Server setup for digilib
1658
28df291d4e26 Updated documentation.
Robert Casties <r0bcas7@gmail.com>
parents:
diff changeset
2
28df291d4e26 Updated documentation.
Robert Casties <r0bcas7@gmail.com>
parents:
diff changeset
3 There are a variety of ways to deploy digilib on different server configurations for production sites.
28df291d4e26 Updated documentation.
Robert Casties <r0bcas7@gmail.com>
parents:
diff changeset
4
1681
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
5 Here are some examples and tips.
1658
28df291d4e26 Updated documentation.
Robert Casties <r0bcas7@gmail.com>
parents:
diff changeset
6
28df291d4e26 Updated documentation.
Robert Casties <r0bcas7@gmail.com>
parents:
diff changeset
7 ## nginx as proxy
28df291d4e26 Updated documentation.
Robert Casties <r0bcas7@gmail.com>
parents:
diff changeset
8
28df291d4e26 Updated documentation.
Robert Casties <r0bcas7@gmail.com>
parents:
diff changeset
9 This is an example configuration for `nginx` as a proxy for a single instance
28df291d4e26 Updated documentation.
Robert Casties <r0bcas7@gmail.com>
parents:
diff changeset
10 of digilib (listening on port `8080`) that handles transport encryption and
28df291d4e26 Updated documentation.
Robert Casties <r0bcas7@gmail.com>
parents:
diff changeset
11 restricts access to sensitive data to the gateway of a local network
28df291d4e26 Updated documentation.
Robert Casties <r0bcas7@gmail.com>
parents:
diff changeset
12 (`1.2.3.4`).
28df291d4e26 Updated documentation.
Robert Casties <r0bcas7@gmail.com>
parents:
diff changeset
13
28df291d4e26 Updated documentation.
Robert Casties <r0bcas7@gmail.com>
parents:
diff changeset
14 ```nginx
28df291d4e26 Updated documentation.
Robert Casties <r0bcas7@gmail.com>
parents:
diff changeset
15 server {
28df291d4e26 Updated documentation.
Robert Casties <r0bcas7@gmail.com>
parents:
diff changeset
16 listen 443 ssl http2;
28df291d4e26 Updated documentation.
Robert Casties <r0bcas7@gmail.com>
parents:
diff changeset
17 listen [::]:443 ssl http2;
28df291d4e26 Updated documentation.
Robert Casties <r0bcas7@gmail.com>
parents:
diff changeset
18 server_name digilib.example.org;
28df291d4e26 Updated documentation.
Robert Casties <r0bcas7@gmail.com>
parents:
diff changeset
19
28df291d4e26 Updated documentation.
Robert Casties <r0bcas7@gmail.com>
parents:
diff changeset
20 # this certificate chain shall *not* include the root certificate:
28df291d4e26 Updated documentation.
Robert Casties <r0bcas7@gmail.com>
parents:
diff changeset
21 ssl_certificate /etc/ssl/certs/digilib.example.org.pem;
28df291d4e26 Updated documentation.
Robert Casties <r0bcas7@gmail.com>
parents:
diff changeset
22 ssl_certificate_key /etc/ssl/private/digilib.example.org.key;
28df291d4e26 Updated documentation.
Robert Casties <r0bcas7@gmail.com>
parents:
diff changeset
23
28df291d4e26 Updated documentation.
Robert Casties <r0bcas7@gmail.com>
parents:
diff changeset
24 include /etc/nginx/proxy_params;
28df291d4e26 Updated documentation.
Robert Casties <r0bcas7@gmail.com>
parents:
diff changeset
25
28df291d4e26 Updated documentation.
Robert Casties <r0bcas7@gmail.com>
parents:
diff changeset
26 location ~* .*/(dlConfig|dlRequest).jsp$ {
28df291d4e26 Updated documentation.
Robert Casties <r0bcas7@gmail.com>
parents:
diff changeset
27 allow 1.2.3.4;
28df291d4e26 Updated documentation.
Robert Casties <r0bcas7@gmail.com>
parents:
diff changeset
28 deny all;
28df291d4e26 Updated documentation.
Robert Casties <r0bcas7@gmail.com>
parents:
diff changeset
29 proxy_pass http://localhost:8080;
28df291d4e26 Updated documentation.
Robert Casties <r0bcas7@gmail.com>
parents:
diff changeset
30 }
28df291d4e26 Updated documentation.
Robert Casties <r0bcas7@gmail.com>
parents:
diff changeset
31
28df291d4e26 Updated documentation.
Robert Casties <r0bcas7@gmail.com>
parents:
diff changeset
32 location / {
28df291d4e26 Updated documentation.
Robert Casties <r0bcas7@gmail.com>
parents:
diff changeset
33 proxy_pass http://localhost:8080;
28df291d4e26 Updated documentation.
Robert Casties <r0bcas7@gmail.com>
parents:
diff changeset
34 }
28df291d4e26 Updated documentation.
Robert Casties <r0bcas7@gmail.com>
parents:
diff changeset
35 }
28df291d4e26 Updated documentation.
Robert Casties <r0bcas7@gmail.com>
parents:
diff changeset
36 ```
28df291d4e26 Updated documentation.
Robert Casties <r0bcas7@gmail.com>
parents:
diff changeset
37
1681
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
38 ### Resources
1658
28df291d4e26 Updated documentation.
Robert Casties <r0bcas7@gmail.com>
parents:
diff changeset
39
28df291d4e26 Updated documentation.
Robert Casties <r0bcas7@gmail.com>
parents:
diff changeset
40 - the [nginx documentation](nginx.org/en/docs/)
1681
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
41
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
42 ## Apache as proxy and load-balancer
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
43
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
44 This is an example configuration for [Apache](https://httpd.apache.org/) as a proxy and load balancer for two instances of
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
45 digilib (one running on localhost, port 8080 and another on otherserver, port 8080), using SSL and http/2:
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
46
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
47 ```
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
48 <VirtualHost *:443>
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
49 # HTTP/2 protocol (Apache 2.4.29 and later)
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
50 Protocols h2 http/1.1
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
51 ServerName digilib.example.com
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
52 SSLCertificateFile /etc/ssl/private/digilib-cert.pem
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
53 SSLCertificateKeyFile /etc/ssl/private/digilib-key.pem
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
54 SSLEngine on
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
55
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
56 DocumentRoot /var/www
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
57 <Directory />
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
58 Options FollowSymLinks
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
59 AllowOverride None
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
60 </Directory>
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
61 <Directory /var/www/>
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
62 Options Indexes FollowSymLinks MultiViews
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
63 AllowOverride None
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
64 Order allow,deny
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
65 allow from all
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
66 </Directory>
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
67
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
68 ErrorLog ${APACHE_LOG_DIR}/digilib-ssl-error.log
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
69 LogLevel warn
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
70 CustomLog ${APACHE_LOG_DIR}/digilib-ssl-access.log combined
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
71
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
72 # do not forward-proxy!
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
73 ProxyRequests off
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
74 # set proxy proto header
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
75 RequestHeader set X-Forwarded-Proto "https"
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
76 # digilib instances
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
77 <Proxy balancer://digilibs>
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
78 BalancerMember http://127.0.0.1:8080
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
79 BalancerMember http://otherserver.example.com:8080
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
80 </Proxy>
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
81 # balance by busy-ness
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
82 ProxyPass /digitallibrary balancer://digilibs/digitallibrary lbmethod=bybusyness
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
83 ProxyPassReverse /digitallibrary balancer://digilibs/digitallibrary
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
84
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
85 # balancer-manager frontend (be careful!)
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
86 <Location /balancer-manager>
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
87 SetHandler balancer-manager
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
88 Require host localhost
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
89 </Location>
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
90 </VirtualHost>
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
91 ```
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
92
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
93 ## Jetty behind a proxy
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
94
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
95 When you are using [Jetty](https://www.eclipse.org/jetty/) as servlet container behind an Apache or nginx proxy
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
96 then you should make sure that Jetty processes the `X-Forwarded-*` headers from the proxy server to derive the
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
97 correct request URL for the servlets.
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
98
6d5e04a54848 updated server-setup documentation. fixed broken link.
Robert Casties <casties@mpiwg-berlin.mpg.de>
parents: 1658
diff changeset
99 Please see [this information for Jetty 9.4](http://www.eclipse.org/jetty/documentation/9.4.x/configuring-connectors.html#_proxy_load_balancer_connection_configuration) or [this information for Jetty 8 and earlier versions](https://wiki.eclipse.org/Jetty/Tutorial/Apache#Configuring_mod_proxy_http).