a714b4e27f
ok ajacoutot@ (MAINTAINER)
83 lines
2.9 KiB
Plaintext
83 lines
2.9 KiB
Plaintext
$OpenBSD: README,v 1.1 2010/11/12 13:54:28 jasper Exp $
|
|
|
|
Post-install/update memo for Community-ID
|
|
=========================================
|
|
|
|
The complete installation instructions are available at
|
|
${BASE_URL}/wiki/communityid/How_to_install_Community-ID_under_Linux
|
|
|
|
Commutity-ID is installed under
|
|
${INSTDIR}
|
|
|
|
You should point this to the DocumentRoot of your web-server:
|
|
# ln -s ../communityid/webdir ${PREFIX}/htdocs/openid
|
|
(make sure you use a relative symlink since Apache is chrooted)
|
|
|
|
|
|
Installation
|
|
------------
|
|
|
|
* Creating a dedicated user and database for Community-ID.
|
|
|
|
$ mysql -u root -p mysql
|
|
mysql> CREATE DATABASE `communityid`;
|
|
mysql> USE `communityid`;
|
|
mysql> GRANT ALL PRIVILEGES ON `communityid` . *
|
|
-> TO 'cid'@'localhost' IDENTIFIED BY 'cidpasswd';
|
|
mysql> QUIT
|
|
|
|
* Configuring the Apache web server.
|
|
Some rewriting rules are needed for proper operation as well as some
|
|
AllowOverride settings. You can configure these as follows:
|
|
$ sudo ln -s ${PREFIX}/conf/modules.sample/communityid.conf \
|
|
${PREFIX}/conf/modules
|
|
|
|
* Setting up entropy.
|
|
Community-ID needs a high-quality pseudo-random number generator. The
|
|
partition that hosts the ServerRoot (e.g. /var/www) needs to allow
|
|
character devices, i.e. _not_ be mounted "nodev", so configure
|
|
/etc/fstab accordingly. You can remount your /var/www partition
|
|
without having to restart:
|
|
$ sudo mount -u -o dev /var/www
|
|
|
|
You also need to create the arandom(4) device:
|
|
$ sudo mknod -m 644 /var/www/dev/arandom c $(ls -l /dev/arandom | awk '{ print $5,$6 }' | sed 's|,||')
|
|
|
|
Another solution would be to just run httpd unchrooted but it is
|
|
obviously not recommended.
|
|
|
|
Note: setting up entropy this way is not required per se but _highly_
|
|
encouraged on production systems. If you want to use an insecure
|
|
pseudo-random generator, just define Auth_OpenID_RAND_SOURCE as 'null'
|
|
at line 23 of ${INSTDIR}/libs/Auth/OpenID/CryptUtil.php.
|
|
|
|
* Configuring the maintenance job (clean the history logs).
|
|
Every openid authentication gets logged into the "history" table, so
|
|
it can get pretty large with time. The script clear_logs.php erases
|
|
the entries older than the number of days set in the config.php
|
|
setting "keep_history_days".
|
|
Add the following line to root's crontab:
|
|
|
|
0 0 * * * ${LOCALBASE}/bin/php ${INSTDIR}/scripts/clear_logs.php
|
|
|
|
* Finishing the installation.
|
|
Point your web browser to:
|
|
http://<hostname>/openid/
|
|
|
|
|
|
Restricting configuration file access
|
|
-------------------------------------
|
|
|
|
* IMPORTANT!
|
|
After having successfully installed and configured Community-ID, you
|
|
must remove write access to the config.php file (you may want to edit
|
|
it manually in case the defaults are not good enough for your setup).
|
|
$ sudo chmod 0440 ${INSTDIR}/config.php
|
|
|
|
|
|
Update
|
|
------
|
|
|
|
After upgrading Community-ID to a new version, always check:
|
|
${BASE_URL}/wiki/communityid/Upgrade_instructions_for_Community-ID
|