OpenACS 5.4 | AOLServer 4.5 Configuration
Configuration for an AOLServer 4.5 Configuration running behind an OpenACS 5.4 instance
I decided to post my OpenACS 5.4 / AOLServer 4.5 nsd.tcl configuration file. Hopefully this will be useful to many folks who have struggled getting the proper configuration directives in nsd.tcl
UPPERCASE characters enclosed within double quotation marks should be replaced by server specific configuration parameters.
######################################################################
# BEGIN FILE nsd.tcl
######################################################################
ns_log notice "nsd.tcl: starting to read config file..."
######################################################################
#
# Instance-specific settings
# These default settings will only work in limited circumstances
# Two servers with default settings cannot run on the same host
#
######################################################################
set httpport 80
set httpsport 443
set hostname "HOSTNAME.MYDOMAIN.COM"
set address MYIPADDRESS
set server "SERVERFRIENDLYNAME"
set servername "SERVERFRIENDLYNAME"
set serverroot /web/${server}
set sslkeyfile /web/${server}/etc/certs/keyfile.pem
set sslcertfile /web/${server}/etc/certs/certfile.pem
set database postgres
set db_name $server
if { $database == "oracle" } {
set db_password "mysitepassword"
} else {
set db_host localhost
set db_port ""
set db_user nsadmin
}
set debug false
set homedir /usr/local/aolserver
set bindir [file dirname [ns_info nsd]]
set max_file_upload_mb 20
set max_file_upload_min 5
######################################################################
#
# Modules
# which modules should be loaded? Missing modules break the server, so
# don't uncomment modules unless they have been installed.
#
######################################################################
ns_section ns/server/${server}/modules
ns_param nssock ${bindir}/nssock.so
ns_param nslog ${bindir}/nslog.so
ns_param nssha1 ${bindir}/nssha1.so
ns_param nscache ${bindir}/nscache.so
ns_param nsrewrite ${bindir}/nsrewrite.so
#---------------------------------------------------------------------
# nsopenssl will fail unless the cert files are present as specified
# later in this file, so it's disabled by default
ns_param nsopenssl ${bindir}/nsopenssl.so
ns_param nsdb ${bindir}/nsdb.so
if {[file exists ${homedir}/lib/thread2.6.4/libthread2.6.4[info sharedlibextension]]} {
ns_param libthread ${homedir}/lib/thread2.6.4/libthread2.6.4[info sharedlibextension]
}
set max_input [expr {$max_file_upload_mb * 1024 * 1024}] ;# Maximum File Size for uploads in bytes
ns_limits set default -maxupload $max_input
######################################################################
#
# Rollout email support
#
# These procs help manage differing email behavior on
# dev/staging/production.
#
######################################################################
ns_section ns/server/${server}/acs/acs-rollout-support
# EmailDeliveryMode can be:
# default: Email messages are sent in the usual manner.
# log: Email messages are written to the server's error log.
# redirect: Email messages are redirected to the addresses specified
# by the EmailRedirectTo parameter. If this list is absent
# or empty, email messages are written to the server's error log.
# filter: Email messages are sent to in the usual manner if the
# recipient appears in the EmailAllow parameter, otherwise they
# are logged.
#--------------------------------------------------------------------
#
# End of instance-specific settings
#
# Nothing below this point need be changed in a default install.
#
#--------------------------------------------------------------------
#---------------------------------------------------------------------
#
# AOLserver's directories. Autoconfigurable.
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Where are your pages going to live ?
#
set pageroot ${serverroot}/www
set directoryfile index.tcl,index.adp,index.html,index.htm
######################################################################
#
# Global server parameters
#
######################################################################
ns_section ns/parameters
ns_param serverlog ${serverroot}/log/error.log
ns_param home $homedir
ns_param maxkeepalive 0
ns_param logroll on
ns_param maxbackup 5
ns_param debug $debug
ns_param HackContentType 1
ns_param DefaultCharset utf-8
ns_param HttpOpenCharset utf-8
ns_param OutputCharset utf-8
ns_param URLCharset utf-8
######################################################################
#
# MIME types.
# Note: AOLserver already has an exhaustive list of MIME types, but in
# case something is missing you can add it here.
#
######################################################################
ns_section ns/mimetypes
# See also "http://dqd.com/~mayoff/encoding-doc.html" for advice on
# character sets and MIME types in AOLserver.
ns_param Default */*
ns_param NoExtension */*
ns_param .pcd image/x-photo-cd
ns_param .prc application/x-pilot
ns_param .xls application/vnd.ms-excel
ns_param .doc application/vnd.ms-word
######################################################################
#
# Thread library (nsthread) parameters
#
######################################################################
ns_section ns/threads
ns_param mutexmeter true ;# measure lock contention
# The per-thread stack size must be a multiple of 8k for AOLServer to run under MacOS X
ns_param stacksize [expr 128 * 8192]
######################################################################
#
# Tcl Configuration
#
######################################################################
ns_section ns/server/${server}/tcl
ns_param library ${serverroot}/tcl
ns_param autoclose on
ns_param debug $debug
######################################################################
#
# Server-level configuration
#
# There is only one server in AOLserver, but this is helpful when multiple
# servers share the same configuration file. This file assumes that only
# one server is in use so it is set at the top in the "server" Tcl variable
# Other host-specific values are set up above as Tcl variables, too.
#
######################################################################
ns_section ns/servers
ns_param $server $servername
######################################################################
#
# Server parameters
#
######################################################################
ns_section ns/server/${server}
ns_param directoryfile $directoryfile
ns_param pageroot $pageroot
ns_param maxconnections 100
ns_param maxdropped 0
ns_param maxthreads 50
ns_param minthreads 20
ns_param threadtimeout 120
ns_param globalstats false ;# Enable built-in statistics
ns_param urlstats false ;# Enable URL statistics
ns_param maxurlstats 1000 ;# Max number of URL's to do stats on
#ns_param directoryadp $pageroot/dirlist.adp ;# Choose one or the other
ns_param directoryproc _ns_dirlist ;# ...but not both!
ns_param directorylisting fancy ;# Can be simple or fancy
#
# Special HTTP pages
#
ns_param NotFoundResponse "/global/file-not-found.html"
ns_param ServerBusyResponse "/global/busy.html"
ns_param ServerInternalErrorResponse "/global/error.html"
######################################################################
#
# ADP (AOLserver Dynamic Page) configuration
#
######################################################################
ns_section ns/server/${server}/adp
ns_param map /*.adp ;# Extensions to parse as ADP's
ns_param enableexpire false ;# Set "Expires: now" on all ADP's
ns_param enabledebug $debug ;# Allow Tclpro debugging with "?debug"
ns_param defaultparser fancy
######################################################################
#
# ADP Parsers
#
######################################################################
ns_section ns/server/${server}/adp/parsers
ns_param fancy ".adp"
######################################################################
#
# Socket driver module (HTTP) -- nssock
#
######################################################################
ns_section ns/server/${server}/module/nssock
ns_param timeout 120
ns_param address $address
ns_param hostname $hostname
ns_param port $httpport
#ns_param maxinput [expr 1024 * 1024 * 100]
# setting maxinput higher than practical may leave the server vulnerable to resource DoS attacks
# see http://www.panoptic.com/wiki/aolserver/166
ns_param maxinput [expr {$max_file_upload_mb * 1024 * 1024}] ;# Maximum File Size for uploads in bytes
ns_param maxpost [expr {$max_file_upload_mb * 1024 * 1024}] ;# Maximum File Size for uploads in bytes
ns_param recvwait [expr {$max_file_upload_min * 60}] ;# Maximum request time in minutes
# maxsock will limit the number of simultanously returned pages,
# regardless of what maxthreads is saying
ns_param maxsock 100 ;# 100 = default
# On Windows you need to set this parameter to define the number of
# connections as well (it seems).
ns_param backlog 5 ;# if < 1 == 5
# Optional params with defaults:
ns_param bufsize 16000
ns_param rcvbuf 0
ns_param sndbuf 0
ns_param socktimeout 30 ;# if < 1 == 30
ns_param sendwait 30 ;# if < 1 == socktimeout
ns_param recvwait 30 ;# if < 1 == socktimeout
ns_param closewait 2 ;# if < 0 == 2
ns_param keepwait 30 ;# if < 0 == 30
ns_param readtimeoutlogging false
ns_param serverrejectlogging false
ns_param sockerrorlogging false
ns_param sockshuterrorlogging false
######################################################################
#
# OpenSSL
#
######################################################################
ns_section "ns/server/${server}/module/nsopenssl"
# NSD-driven connections:
ns_param ServerPort $httpsport
ns_param ServerHostname $hostname
ns_param ServerAddress $address
ns_param ServerCertFile $sslcertfile
ns_param ServerKeyFile $sslkeyfile
ns_param maxinput [expr {$max_file_upload_mb * 1024 * 1024}] ;# Maximum File Size for uploads in bytes
######################################################################
#
# SSL Contexts
#
######################################################################
ns_section "ns/server/${server}/module/nsopenssl/sslcontexts"
ns_param users "SSL context used for regular user access to the website"
#ns_param ssl_outgoing_context "SSL context used for outgoing script socket connections"
ns_param client "SSL context used for testing"
######################################################################
#
# SSL Defaults
#
######################################################################
ns_section "ns/server/${server}/module/nsopenssl/defaults"
ns_param server users
ns_param client client
######################################################################
#
# SSL Users
#
######################################################################
ns_section "ns/server/${server}/module/nsopenssl/sslcontext/users"
ns_param Role server
ns_param ModuleDir ${serverroot}/etc/certs
ns_param CertFile $sslcertfile
ns_param KeyFile $sslkeyfile
#ns_param CADir ca-client/dir
#ns_param CAFile ca-client/ca-client.crt
ns_param Protocols "SSLv2, SSLv3, TLSv1"
ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
ns_param PeerVerify false
ns_param PeerVerifyDepth 3
ns_param Trace false
ns_param SessionCache true
ns_param SessionCacheID 1
ns_param SessionCacheSize 512
ns_param SessionCacheTimeout 300
######################################################################
#
# SSL Client
#
######################################################################
ns_section "ns/server/${server}/module/nsopenssl/sslcontext/client"
ns_param Role client
ns_param ModuleDir ${serverroot}/etc/certs
ns_param CertFile certfile.pem
ns_param KeyFile keyfile.pem
#ns_param CADir ca-client/dir
#ns_param CAFile ca-client/ca-client.crt
ns_param Protocols "SSLv2, SSLv3, TLSv1"
ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
ns_param PeerVerify false
ns_param PeerVerifyDepth 3
ns_param Trace false
ns_param SessionCache true
ns_param SessionCacheID 1
ns_param SessionCacheSize 512
ns_param SessionCacheTimeout 300
######################################################################
#
# SSL drivers
# Each driver defines a port and a named SSL context to associate with it.
#
######################################################################
ns_section "ns/server/${server}/module/nsopenssl/ssldrivers"
ns_param users "Driver for regular user access to the website"
######################################################################
#
# SSL users
#
######################################################################
ns_section "ns/server/${server}/module/nsopenssl/ssldriver/users"
ns_param sslcontext users
ns_param port $httpsport
ns_param hostname $hostname
ns_param address $address
ns_param maxinput [expr {$max_file_upload_mb * 1024 * 1024}] ;# in bytes
# Maximum request time
ns_param recvwait [expr {$max_file_upload_min * 60}] ;# in minutes
######################################################################
#
# Database drivers
# The database driver is specified here.
# Make sure you have the driver compiled and put it in {aolserverdir}/bin
#
######################################################################
ns_section "ns/db/drivers"
if { $database == "oracle" } {
ns_param ora8 ${bindir}/ora8.so
} else {
ns_param postgres ${bindir}/nspostgres.so ;# Load PostgreSQL driver
}
######################################################################
#
# Database Pools
# This is how AOLserver ``talks'' to the RDBMS. You need
# three for OpenACS: main, log, subquery. Make sure to replace ``yourdb''
# and ``yourpassword'' with the actual values for your db name and the
# password for it, if needed.
#
# AOLserver can have different pools connecting to different databases
# and even different different database servers.
#
######################################################################
ns_section ns/db/pools
ns_param pool1 "Pool 1"
ns_param pool2 "Pool 2"
ns_param pool3 "Pool 3"
######################################################################
#
# Pool1
#
######################################################################
ns_section ns/db/pool/pool1
ns_param maxidle 0
ns_param maxopen 0
ns_param connections 20
ns_param verbose $debug
ns_param extendedtableinfo true
ns_param logsqlerrors $debug
if { $database == "oracle" } {
ns_param driver ora8
ns_param datasource {}
ns_param user $db_name
ns_param password $db_password
} else {
ns_param driver postgres
ns_param datasource ${db_host}:${db_port}:${db_name}
ns_param user $db_user
ns_param password ""
}
######################################################################
#
# Pool2
#
######################################################################
ns_section ns/db/pool/pool2
ns_param maxidle 0
ns_param maxopen 0
ns_param connections 20
ns_param verbose $debug
ns_param extendedtableinfo true
ns_param logsqlerrors $debug
if { $database == "oracle" } {
ns_param driver ora8
ns_param datasource {}
ns_param user $db_name
ns_param password $db_password
} else {
ns_param driver postgres
ns_param datasource ${db_host}:${db_port}:${db_name}
ns_param user $db_user
ns_param password ""
}
######################################################################
#
# Pool3
#
######################################################################
ns_section ns/db/pool/pool3
ns_param maxidle 0
ns_param maxopen 0
ns_param connections 20
ns_param verbose $debug
ns_param extendedtableinfo true
ns_param logsqlerrors $debug
if { $database == "oracle" } {
ns_param driver ora8
ns_param datasource {}
ns_param user $db_name
ns_param password $db_password
} else {
ns_param driver postgres
ns_param datasource ${db_host}:${db_port}:${db_name}
ns_param user $db_user
ns_param password ""
}
######################################################################
#
# Pool Configuration
#
######################################################################
ns_section ns/server/${server}/db
ns_param pools "*"
ns_param defaultpool pool1
######################################################################
#
# Redirects
#
######################################################################
ns_section ns/server/${server}/redirects
ns_param 404 "global/file-not-found.html"
ns_param 403 "global/forbidden.html"
######################################################################
#
# Access log -- nslog
#
######################################################################
ns_section ns/server/${server}/module/nslog
ns_param debug false
ns_param dev false
ns_param enablehostnamelookup false
ns_param file ${serverroot}/log/${server}.log
ns_param logcombined true
ns_param extendedheaders COOKIE,user_id,session_id
#ns_param logrefer false
#ns_param loguseragent false
ns_param maxbackup 1000
ns_param rollday *
ns_param rollfmt %Y-%m-%d-%H:%M
ns_param rollhour 0
ns_param rollonsignal true
ns_param rolllog true
######################################################################
#
# nsjava - aolserver module that embeds a java virtual machine. Needed to
# support webmail. See http://nsjava.sourceforge.net for further
# details. This may need to be updated for OpenACS4 webmail
#
######################################################################
ns_section ns/server/${server}/module/nsjava
ns_param enablejava off ;# Set to on to enable nsjava.
ns_param verbosejvm off ;# Same as command line -debug.
ns_param loglevel Notice
ns_param destroyjvm off ;# Destroy jvm on shutdown.
ns_param disablejitcompiler off
ns_param classpath /usr/local/jdk/jdk118_v1/lib/classes.zip:${bindir}/nsjava.jar:${pageroot}/webmail/java/activation.jar:${pageroot}/webmail/java/mail.jar:${pageroot}/webmail/java
######################################################################
#
# PAM authentication
#
######################################################################
ns_section ns/server/${server}/module/nspam
ns_param PamDomain "pam_domain"
######################################################################
ns_log notice "nsd.tcl: finished reading config file."
