Project

General

Profile

Apache and Passenger Setup

Apache configuration data

Compile settings

$ httpd -V
Server version: Apache/2.2.3
Server built:   Sep  1 2011 09:46:21
Server's Module Magic Number: 20051115:3
Server loaded:  APR 1.2.7, APR-Util 1.2.7
Compiled using: APR 1.2.7, APR-Util 1.2.7
Architecture:   64-bit
Server MPM:     Prefork
  threaded:     no
    forked:     yes (variable process count)
Server compiled with....
 -D APACHE_MPM_DIR="server/mpm/prefork" 
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=128
 -D HTTPD_ROOT="/etc/httpd" 
 -D SUEXEC_BIN="/usr/sbin/suexec" 
 -D DEFAULT_PIDLOG="run/httpd.pid" 
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" 
 -D DEFAULT_LOCKFILE="logs/accept.lock" 
 -D DEFAULT_ERRORLOG="logs/error_log" 
 -D AP_TYPES_CONFIG_FILE="conf/mime.types" 
 -D SERVER_CONFIG_FILE="conf/httpd.conf" 

Loaded Modules

Loaded Modules:
 core_module (static)
 mpm_prefork_module (static)
 http_module (static)
 so_module (static)
 auth_basic_module (shared)
 auth_digest_module (shared)
 authn_file_module (shared)
 authn_alias_module (shared)
 authn_anon_module (shared)
 authn_dbm_module (shared)
 authn_default_module (shared)
 authz_host_module (shared)
 authz_user_module (shared)
 authz_owner_module (shared)
 authz_groupfile_module (shared)
 authz_dbm_module (shared)
 authz_default_module (shared)
 ldap_module (shared)
 authnz_ldap_module (shared)
 include_module (shared)
 log_config_module (shared)
 logio_module (shared)
 env_module (shared)
 ext_filter_module (shared)
 mime_magic_module (shared)
 expires_module (shared)
 deflate_module (shared)
 headers_module (shared)
 usertrack_module (shared)
 setenvif_module (shared)
 mime_module (shared)
 dav_module (shared)
 status_module (shared)
 autoindex_module (shared)
 info_module (shared)
 dav_fs_module (shared)
 vhost_alias_module (shared)
 negotiation_module (shared)
 dir_module (shared)
 actions_module (shared)
 speling_module (shared)
 userdir_module (shared)
 alias_module (shared)
 rewrite_module (shared)
 proxy_module (shared)
 proxy_balancer_module (shared)
 proxy_ftp_module (shared)
 proxy_http_module (shared)
 proxy_connect_module (shared)
 cache_module (shared)
 suexec_module (shared)
 disk_cache_module (shared)
 file_cache_module (shared)
 mem_cache_module (shared)
 cgi_module (shared)
 version_module (shared)
 passenger_module (shared)
 perl_module (shared)
 php5_module (shared)
 proxy_ajp_module (shared)
 python_module (shared)
 ssl_module (shared)

Virtual hosts

VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
_default_:443          survey.fnal.gov (/etc/httpd/conf.d/ssl.conf:83)

Rails configuration in the Apache configuration data

The comments have been removed below.

LDAPTrustedGlobalCert CA_BASE64 /etc/openldap/cacerts/DigiCertGlobalRootCA.crt
LDAPTrustedGlobalCert CA_BASE64 /etc/openldap/cacerts/Entrust.netSecureServerCertificationAuthority.crt
<Location /cv/login>
    SSLOptions +StrictRequire
    AuthzLDAPAuthoritative on
    Order allow,deny
    deny from all
    AuthName "SERVICES Domain Authentication" 
    AuthType Basic
    AuthBasicProvider ldap
    AuthLDAPURL "ldaps://ldapdc1.services.fnal.gov ldapdc2.services.fnal.gov/ou=FermiUsers,dc=services,dc=fnal,dc=gov?cn" 
    AuthLDAPBindDN "cn=cd-srv-scientist-survey,ou=FermiServiceAccounts,dc=services,dc=fnal,dc=gov" 
    AuthLDAPBindPassword "BenjaminFranklin1790" 
    Require valid-user
</Location>
<Location /cv/welcome/login>
    SSLOptions -StrictRequire
    AuthzLDAPAuthoritative off
    Order allow,deny
    deny from all
    AuthName "SERVICES Domain Authentication" 
    AuthType Basic
    AuthBasicProvider ldap
    AuthLDAPURL "ldaps://ldapdc1.services.fnal.gov ldapdc2.services.fnal.gov/ou=FermiUsers,dc=services,dc=fnal,dc=gov?cn" 
    AuthLDAPBindDN "cn=cd-srv-scientist-survey,ou=FermiServiceAccounts,dc=services,dc=fnal,dc=gov" 
    AuthLDAPBindPassword "BenjaminFranklin1790" 
    Require valid-user
</Location>
<Location /cv>
    Options None
    Order   allow,deny
    Allow   from all
    Deny    from 72.30
</Location>

N.B., You will have to work with the Service Desk to assure that the cd-srv-scientist-survey works with its password and
that the working password is configured in the Apache configuration data.

Apache SSL configuration

The comments have been removed below.

LoadModule ssl_module modules/mod_ssl.so
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
SSLPassPhraseDialog  builtin
SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
<VirtualHost _default_:443>
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/pki/tls/certs/star_fnal_gov.crt
SSLCertificateKeyFile /etc/pki/tls/private/star_fnal_gov.key
SSLCertificateChainFile /etc/pki/tls/certs/DigiCertCA.crt
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" 
</VirtualHost>                                  

Passenger version data

passenger --version
Phusion Passenger version 3.0.9

"Phusion Passenger" is a trademark of Hongli Lai & Ninh Bui.

Passenger needs to be compiled against the version of Apache with which it will be ran.