ExtPascal Advanced Configuration Complete Eng v4
ExtPascal Advanced Configuration Complete Eng v4
6) <work folder> should be the full path to the file in the format supported by
Apache or an alias created in the appropriate session. Eg
"C:/Apache/htdocs/FastCGI/SrvExtPascal" or /FastCGI/ which is an
alias to the folder above
7) SrvExtPascal a file is used only to refer to the application and redirect the call
to the real server. Must be an empty file created in the workbook. The
relationship between the Apache server and the service will be via FastCGI
external socket on the understanding that the application is already active in
their respective server.
8) The parameter "-host" specifies the server that hosts the service FastCGI. If it
is the same host webserver says it is localhost. If you are in another host
enter the FQDN of the host or its IP address.
9) The TCP port used by default will be 2014. If not available any other unused
port can be configured.
10) If you prefer to use Alias instead of full name of a folder entry in the session
Alias <IfModule alias_module> should be established, as example below:
Alias /FastCGI/ "C:/Apache/htdocs/FastCGI/"
11) If the folder is created outside the folder declared the entry
"DocumentsRoot" the creation of "Alias" is mandatory for it to be referenced
by browsers in the address bar. That alias can be used anywhere where they
reference the full name of the folder . Even the entry <Directory>
12) <Directory> Entries must be created, as example below, for each folder you
created for Web service to allow users access to avoiding errors "403
Forbidden".
<Directory /fastcgi/>
AllowOverride None
Options None
Order allow, deny
Allow from all
</Directory>
13) To change the configuration of apache between SSL and SSL observer
without the line "fastcgiexternalserver" to point respectively to the folders
"ssl-htdocs" or "htdocs"
14) The line "ScriptAlias /cgi-bin/" ditto
2) Extract the contents of the X-Ext X.zip package in the root folder of your site's
default web server on the same level of folders cgi-bin and FastCGI. Eg
On the server apache
C:\Apache\htdocs-ssl\ext
Or
C:\Apache\htdocs\ext
DeflateBufferSize 65535
DeflateCompressionLevel 9
DeflateFilterNote input instream
DeflateFilterNote output outstream
DeflateFilterNote ratio ratio
# LogFormat Basic
# LogFormat '"%r" In:%{instream}n Out: %{outstream}n Comp.:%{ratio}n%%'
deflate
# LogFormat Full
LogFormat '%t | Cliente:%h(%a) | %>s | %B | "%r" | In:%{instream}n Out:
%{outstream}n Comp:%{ratio}n%% Tempo:%D/%T' deflate
# DeflateMemLevel Value
# How much memory should be used by zlib compression is. Value
between 1 and 9
# Default: DeflateMemLevel 9
# DeflateWindowSize Value
# Zlib compression window size. Value between 1 and 15
# Default: DeflateWindowSize 15
# </Location>
</IfModule>
# ---- End of HTTP COMPRESSION CONFIGURATION -----
This removes the passphrase of the private key. You have to understand, this
means that my-server. Key must only be readable by the Apache server and
administrator. You MUST delete the file. "Rnd" because it contains the
information of "entropy" to create the key and could be used for attacks
against your private key cryptography.
8) Now run the command
#openssl x509-in-my-server.csr out my server.cert-req-signkey-my-
day 365-server.key
This command creates a signed certificate that you can use to get a certificate
"real" of a certification authority. (This is optional: if you know your users tell
you that you can install the certificate in their browsers).
9) Note that license expires in a year. You can increase this by changing the
value after the "365-days."
10) Create a new directory inside called "ssl" within the directory "Apache2 \
conf" and copy the files "my-server. Key" and "my-server.cert" for him.
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
#SSLPassPhraseDialog builtin
#SSLSessionCache none
#SSLSessionCache shmht:logs/ssl_scache(512000)
#SSLSessionCache shmcb:logs/ssl_scache(512000)
SSLSessionCache dbm:logs/ssl-scache.log
SSLSessionCacheTimeout 300
#SSLMutex file:logs/ssl_mutex.log
SSLMutex default
##
## SSL Virtual Host Context
##
<VirtualHost _default_:443>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:
+SSLv2:+EXP:+eNULL
SSLCertificateFile "C:/Apache/conf/ssl/crt/Farm-Apache.cer"
SSLCertificateKeyFile "C:/Apache/conf/ssl/crt/Farm-Apache.key"
#SSLCertificateChainFile conf/ssl.crt/ca.crt
#SSLCACertificatePath conf/ssl.crt
#SSLCACertificateFile conf/ssl.crt/CACert.crt
SSLCACertificatePath "C:/Apache/conf/ssl/crt"
SSLCACertificateFile "C:/Apache/conf/ssl/crt/CACert.cer"
#SSLCARevocationPath conf/ssl.crl
#SSLCARevocationFile conf/ssl.crl/ca-bundle.crl
SSLVerifyClient optional_no_ca
SSLVerifyDepth 1
# Access Control:
# With SSLRequire you can do per-directory access control based
# on arbitrary complex boolean expressions containing server
# variable checks and other lookup directives. The syntax is a
# mixture between C and Perl. See the mod_ssl documentation
# for more details.
#<Location>
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "C:/Apache/ssl-htdocs">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
SSLOptions +StdEnvVars +ExportCertData
</Directory>
# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
#</IfDefine>
Click Daily (order to create a log file per day), click Use local time for file
naming and overlapping so that the date/time of the log is the same server
(using the time of the W3C, which is the same as Greenwich).
In Directory of the log file, type the folder where you saved the log files.
The compression of the log folder does not influence the way the remarkable
performance of the server.
8) Security directory: allows you to configure the type of authentication and
access control, the IP restrictions and field (so you stop access to your site)
and communications security (certificates for secure communication channel
and security SSL).
9) Enabling HTTP Compression IIS 6
To enable compression (which is in the kernel and does not influence the
performance of the server), you must click with the right mouse button on
Web Sites> Services tab. Click on Options Compact Compact and application
files of static files. In the maximum size of the temporary directory, leave at
Unlimited. Click OK.
2.02.1 Installation
1) Download the package ExtJS in version 2.1:
http://www.extjs.com/products/extjs/download.php?dl=extjs21
2) Extract the contents of the package Ext-2.1.zip in the root folder of your site's
default web server on the same level of folders cgi-bin and FastCGI. On the
server IIS:
C:\inetpub\wwwroot\ext
8) Click "Prepare the request now, but send it later" and click [Next].
9) Enter a descriptive name for the certificate in the Name field, for example "IIS
server - <Server name>", choose " 1024 " for the length in bits for the key
field size bit. The wizard uses the name of the current site as a default name.
He is not used in the certificate, but appears in the "friendly name" and serves
as a friendly name to help administrators to identify the certificate. Click
[Next].
10) Enter the name of an organization want (Department of Finance of the
Federal District) in the Organization and enter an organizational unit (GESIS)
in the organizational unit and click [Next].
In the Common Name field, type the server name and click [Next].
Important: The common name is one of the most significant information
ending the certificate. It is the DNS name of the site (ie, the name that users
enter when navigating the site). If the name of the certificate does not match
the name of the site, you reported an issue of certificate when users browse
the site.
If the site is the Web and is named www.contoso.com, is what must be
specified for a common name.
If the site is internal and users browse by computer name, enter the DNS or
NetBIOS name of the computer.
11) Enter the appropriate information in the fields Country/Region,
State/Province and City/locality and click [Next].
12) Enter a file name for the certificate request. Preferably the server name
Click [Next]. The wizard displays a summary of the information contained in
the request for the certificate.
13) Click [Next] and click [Finish] to complete the inquiry.
The request for the certificate can now be sent to a certification authority for
purposes of verification and processing. After receiving a response on the
certificate of the certifying authority, you can continue to install the certificate
on the Web server, again using the IIS Certificate Wizard.
Require Client Certificates: Allows users to connect only with valid client
certificate. Users without valid certificate does not have permission to access
this site.
For testing purposes of certificate select "Require ...", which should also be
an option used in production.
ALL_HTTP List all the HTTP headers sent by the client browser to
the server. Information such as: host home, the home
page, the browser client features, among others.
APPL_MD_PATH Return the logical path of the ASP file in question (the
metabase path).
APPL_PHYSICAL_PATH Physical path of the file to disk. This is the logical path
of APPL_MD_PATH (metabase path of)
Note:
Note:
HTTP_COOKIE Returns the string cookie that was included with the
request.
HTTP_HOST Returns the name of the Web server. This may or may
not be the same server_name depending on the type
of name resolution you are using on your Web server
(IP address, host header).
HTTP_REFERER Returns the string that contains the URL of the page
that referred the request to the current page using an
HTML tag <A>. Note that the URL is the one that the
user typed into the browser address bar, which may
not include the name of the default document.
If the page is redirected, HTTP_REFERER is empty.
HTTP_REFERER is not a mandatory member of the
HTTP specification.
HTTP_VERSION The name and version of the protocol request (the raw
form of SERVER_PROTOCOL).
22) Setting launch menu on the screen or on the desktop if you want pointing to
the application in /usr/bin/firefox
23) Setting the standard proxy network.
24) Adjust video settings
25) If a proxy/firewall Microsoft ISA Server, install NTLMaps
download the latest version of NTLMaps at:
http://sourceforge.net/project/showfiles.php?group_id=69259
and run the following commands:
# tar xvzf ntlmaps-xxx. Tar.gz-C / usr / local
# cd / usr / local /
# mv ntlmaps-xxx ntlmaps
# cd ntlmaps
create a copy of the file server.cfg and edit it. The following configurations
needed:
LISTEN_PORT: 5865 (default)
PARENT_PROXY: 10.70.1.20
PARENT_PROXY_PORT: 80
NT_DOMAIN: <domain name>
USER: <user name>
PASSWORD: <password>
LM_PART: 0
NT_PART: 1
NTLM_FLAGS: 05820000
NTLM_TO_BASIC: 0
29) As a rule the majority of Linux applications that allow the configuration of
proxy accept the environmental variables:
"http_proxy", "ftp_proxy" in the formats:
export http_proxy = http:// <username>: <password> @ host: port, or
export http_proxy = http://host:port
30) If the application may not make use of variables, so they must be
individually configured to use the proxy at the address 127.0.0.1, port 5865.
31) For Yum, for example, as an alternative to the use of environmental
variables, can be changed /etc/yum.conf to contain the proxy settings.
In order to avoid exposing the password for authentication on the proxy it can
be omitted in the server.cfg, but in this case the server asks for the password.
If the service is activated in the background (&) will not be asked for the
password and proxy not authenticate the connections.
The best solution is to omit the password for the file server.cfg, configuring
the environmental variables "http_proxy" without the password, and the fire
service manually (by a script for example), then the server when you request
a password. Tip of script:
# python /usrs/local/ntlmaps/main.py
32) In the specific case of Firefox you can choose to keep ntlmaps configured the
proxy or proxy's original network, since it makes the authentication via NTLM.
3) To start the service Apache (httpd) during the boot copy the script apachectl
to the folder /etc/rc.d/init.d.
- Create symbolic links K99httpd and S99httpd the folders /etc/rc.d/rc3.d,
/etc/rc.d/rc4.d and /etc/rc.d/rc5.d that are initlevels where apache will be
initialized:
# cp /usr/local/apache2/bin/apachectl /etc/rc.d/init.d/httpd
# cd / etc/rc.d/rc3.d
# ln - s ../init.d/httpd K99httpd
# ln - s ../init.d/httpd S99httpd
# cd ../rc4.d
# ln -s ../init.d/httpd K99httpd
# ln -s ../init.d/httpd S99httpd
# cd ../rc5.d
# ln -s ../init.d/httpd K99httpd
# ln -s ../init.d/httpd S99httpd
Where <folder name> is the full name of the folder where you set your
application and web <application name> is the name of the file that will be
created to be referenced by the FastCGI module. To be referenced the module
connects to the host of <name host>, using the socket <socket>, and awaits
a reply by the time <n>