Il sito dedicato all'informatica ideato da Iasparra Francesco
Configurazione di Apache2
Installazione di Apache2:
aptitude install apache2
Installazione del modulo SP di Shibboleth2:
aptitude install libapache2-mod-shib2
Installazione del modulo JK di Tomcat:
aptitude install libapache2-mod-jk
Abilitare i moduli di Apache2:
a2enmod rewrite a2enmod headers a2enmod shib2 a2enmod jk
Creare un certificato contenente chiave pubblica e privata per acesso https e posizionarlo nella cartella:
/etc/apache2/apache1.pem
Modificare il file /etc/apache2/ports.conf nel seguente modo:
NameVirtualHost *:80 NameVirtualHost *:443 Listen 80 Listen 443
Modificare il file /etc/apache2/mods-available/jk.load
JkWorkersFile /etc/apache2/worker.properties JkShmFile /var/log/apache2/mod_jk.shm JkLogFile /var/log/apache2/mod_jk.log JkLogLevel error JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
Creare il file /etc/apache2/worker.properties
workers.tomcat_home=/mnt/programs/apache-tomcat-6.0.32 workers.java_home=/mnt/programs/jdk1.6.0_26 ps=/ # Define 1 real worker using ajp13 worker.list=shibboleth # Set properties for worker1 (ajp13) worker.shibboleth.type=ajp13 worker.shibboleth.host=localhost worker.shibboleth.port=8009 worker.shibboleth.lbfactor=100 worker.shibboleth.socket_keepalive=1 worker.shibboleth.socket_timeout=1200
Creare il file /etc/apache2/sites-available/idp-ssl
<IfModule mod_ssl.c> <VirtualHost *:443> ServerAdmin webmaster@localhost ServerName idp.debian1.server JkMount /idp* shibboleth SSLEngine on SSLCertificateFile /etc/apache2/apache1.pe ErrorLog ${APACHE_LOG_DIR}/error-idp.log LogLevel warn CustomLog ${APACHE_LOG_DIR}/ssl_access-idp.log combined </VirtualHost> </IfModule>
Creare il file /etc/apache2/sites-available/idp-ssl
<IfModule mod_ssl.c> <VirtualHost *:443> ServerAdmin webmaster@localhost ServerName www.debian1.server SSLEngine on SSLCertificateFile /etc/apache2/apache1.pem JkMount /APP1* shibboleth RewriteEngine On RequestHeader set SHIB_PERSON_UID %{uid}e RequestHeader set SHIB_RUOLI %{ruolo}e DocumentRoot /var/www <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ErrorLog ${APACHE_LOG_DIR}/error-www.log LogLevel warn CustomLog ${APACHE_LOG_DIR}/ssl_access-www.log combined <Location /test> AuthType shibboleth ShibRequireSession On require valid-user </Location> <Location /APP1> AuthType shibboleth ShibRequireSession On require valid-user </Location> </VirtualHost> </IfModule>
Attivare i due siti appena creati con i seguenti comandi di shell:
a2ensite idp-ssl a2ensite www-ssl