--- loncom/loncapa.conf 2002/03/02 04:13:58 1.4
+++ loncom/loncapa.conf 2004/05/26 10:17:49 1.9
@@ -1,604 +1,106 @@
##
## loncapa.conf -- Apache HTTP LON-CAPA configuration file
##
-## $Id: loncapa.conf,v 1.4 2002/03/02 04:13:58 harris41 Exp $
+## $Id: loncapa.conf,v 1.9 2004/05/26 10:17:49 foxr Exp $
##
-## 1/11/2002 - Scott Harrison
+# ======================================= Machine Specific / Perl Configuration
#
-# LON-CAPA Section (extensions to httpd.conf daemon configuration)
-#
-# ======================================================================== User
+# ------------------------ The variable values are also read and shared by lond
-DocumentRoot "/home/httpd/html"
+# LON-internal HostID of this machine
-# ======================================================================== User
+PerlSetVar lonHostID {[[[[lonHostID]]]]}
+
+# Role of this machine: library, access
-User www
-Group www
+PerlSetVar lonRole {[[[[lonRole]]]]}
-# ======================================================= Shared Object Modules
+# Server Administration
-LoadModule perl_module modules/libperl.so
-AddModule mod_perl.c
+PerlSetVar lonAdmEMail {[[[[lonAdmEMail]]]]}
-# =============================================================== Miscellaneous
+# Default domain
-ServerAdmin korte@lite.msu.edu
-ExtendedStatus On
+PerlSetVar lonDefDomain {[[[[lonDefDomain]]]]}
-#
-# LON-CAPA Section (extensions to srm.conf name space servicing)
-#
-# ===================================================================== Aliases
+# Load Limit ( 100% loadavg )
-Alias /prtspool/ /home/httpd/prtspool/
+PerlSetVar lonLoadLim {[[[[lonLoadLim]]]]}
-# ================================================================= Directories
+# User Load Limit ( 100% loadavg )
-# ------------------------------------------------------------- Access Handlers
+PerlSetVar lonUserLoadLim {[[[[lonUserLoadLim]]]]}
-
-PerlAccessHandler Apache::lonacc
-PerlHeaderParserHandler Apache::lonrep
-ErrorDocument 403 /adm/login
-ErrorDocument 404 /adm/notfound.html
-ErrorDocument 406 /adm/roles
-ErrorDocument 500 /adm/errorhandler
-
-
-
-PerlAccessHandler Apache::loncacc
-SetHandler perl-script
-PerlHandler Apache::lonconstruct
-ErrorDocument 403 /adm/login
-ErrorDocument 404 /adm/notfound.html
-ErrorDocument 406 /adm/unauthorized.html
-ErrorDocument 500 /adm/errorhandler
-
-
-
-PerlAccessHandler Apache::lonracc
-
-
-
-PerlAccessHandler Apache::loncacc
-ErrorDocument 403 /adm/login
-ErrorDocument 404 /adm/notfound.html
-ErrorDocument 406 /adm/unauthorized.html
-ErrorDocument 500 /adm/errorhandler
-AllowOverride None
-
-
-# ------------------------------------------------------------------------- RAT
-
-
-SetHandler perl-script
-PerlHandler Apache::lonratedt
-
-
-
-SetHandler perl-script
-PerlHandler Apache::lonratedt
-
-
-
-SetHandler perl-script
-PerlHandler Apache::lonratsrv
-
-
-
-PerlAccessHandler Apache::lonacc
-SetHandler perl-script
-PerlHandler Apache::lonratparms
-ErrorDocument 403 /adm/login
-ErrorDocument 500 /adm/errorhandler
-
-
-# --------------------------------------------- Resource Space Content Handlers
-
-
-SetHandler perl-script
-PerlHandler Apache::lonindexer
-
-
-
-SetHandler perl-script
-PerlHandler Apache::lontex
-
-
-
-SetHandler perl-script
-PerlHandler Apache::lonpage
-
-
-
-SetHandler perl-script
-PerlHandler Apache::lonsequence
-
-
-
-SetHandler perl-script
-PerlHandler Apache::lonmeta
-
-
-
-SetHandler perl-script
-PerlHandler Apache::lonxml
-
-
-
-SetHandler perl-script
-PerlHandler Apache::lonhomework
-
-
-
-PerlAccessHandler Apache::lonacc
-SetHandler perl-script
-PerlHandler Apache::lonwrapper
-ErrorDocument 403 /adm/login
-ErrorDocument 500 /adm/errorhandler
-
-
-# -------------------------------------------------------------- Admin Programs
-
-
-PerlAccessHandler Apache::lonacc
-SetHandler perl-script
-PerlHandler Apache::lonstatistics
-ErrorDocument 403 /adm/login
-ErrorDocument 500 /adm/errorhandler
-
-
-
-PerlAccessHandler Apache::lonacc
-SetHandler perl-script
-PerlHandler Apache::lonroles
-ErrorDocument 403 /adm/login
-ErrorDocument 500 /adm/errorhandler
-
-
-
-SetHandler perl-script
-PerlHandler Apache::lonlogin
-
-
-
-PerlAccessHandler Apache::lonacc
-SetHandler perl-script
-PerlHandler Apache::lonlogout
-ErrorDocument 403 /adm/login
-
-
-
-SetHandler perl-script
-PerlHandler Apache::lonauth
-
-
-
-PerlAccessHandler Apache::lonacc
-SetHandler perl-script
-PerlHandler Apache::admannotations
-ErrorDocument 403 /adm/login
-ErrorDocument 500 /adm/errorhandler
-
-
-
-PerlAccessHandler Apache::lonacc
-SetHandler perl-script
-PerlHandler Apache::admbookmarks
-ErrorDocument 403 /adm/login
-ErrorDocument 500 /adm/errorhandler
-
-
-
-PerlAccessHandler Apache::lonacc
-SetHandler perl-script
-PerlHandler Apache::lonpageflip
-ErrorDocument 406 /adm/roles
-ErrorDocument 403 /adm/login
-ErrorDocument 500 /adm/errorhandler
-
-
-
-PerlAccessHandler Apache::lonacc
-SetHandler perl-script
-PerlHandler Apache::lonambiguous
-ErrorDocument 403 /adm/login
-ErrorDocument 500 /adm/errorhandler
-
-
-
-PerlAccessHandler Apache::lonacc
-SetHandler perl-script
-PerlHandler Apache::lonmsg
-ErrorDocument 403 /adm/login
-ErrorDocument 500 /adm/errorhandler
-
-
-
-PerlAccessHandler Apache::lonacc
-SetHandler perl-script
-PerlHandler Apache::lonparmset
-ErrorDocument 403 /adm/login
-ErrorDocument 406 /adm/roles
-ErrorDocument 500 /adm/errorhandler
-
-
-
-PerlAccessHandler Apache::lonacc
-SetHandler perl-script
-PerlHandler Apache::grades
-ErrorDocument 403 /adm/login
-ErrorDocument 406 /adm/roles
-ErrorDocument 500 /adm/errorhandler
-
-
-
-PerlAccessHandler Apache::lonacc
-SetHandler perl-script
-PerlHandler Apache::loncreatecourse
-ErrorDocument 403 /adm/login
-ErrorDocument 406 /adm/roles
-ErrorDocument 500 /adm/errorhandler
-
-
-
-PerlAccessHandler Apache::lonacc
-SetHandler perl-script
-PerlHandler Apache::loncreateuser
-ErrorDocument 403 /adm/login
-ErrorDocument 406 /adm/roles
-ErrorDocument 500 /adm/errorhandler
-
-
-
-PerlAccessHandler Apache::lonacc
-SetHandler perl-script
-PerlHandler Apache::lonpublisher
-ErrorDocument 403 /adm/login
-ErrorDocument 404 /adm/notfound.html
-ErrorDocument 406 /adm/unauthorized.html
-ErrorDocument 500 /adm/errorhandler
-
-
-
-PerlAccessHandler Apache::loncacc
-SetHandler perl-script
-PerlHandler Apache::lonpubdir
-ErrorDocument 403 /adm/login
-ErrorDocument 404 /adm/notfound.html
-ErrorDocument 406 /adm/unauthorized.html
-ErrorDocument 500 /adm/errorhandler
-
-
-
-PerlAccessHandler Apache::lonacc
-SetHandler perl-script
-PerlHandler Apache::lonpubdir
-ErrorDocument 403 /adm/login
-ErrorDocument 404 /adm/notfound.html
-ErrorDocument 406 /adm/unauthorized.html
-ErrorDocument 500 /adm/errorhandler
-
-
-
-PerlAccessHandler Apache::lonacc
-SetHandler perl-script
-PerlHandler Apache::lonretrieve
-ErrorDocument 403 /adm/login
-ErrorDocument 404 /adm/notfound.html
-ErrorDocument 406 /adm/unauthorized.html
-ErrorDocument 500 /adm/errorhandler
-
-
-
-PerlAccessHandler Apache::lonacc
-SetHandler perl-script
-PerlHandler Apache::loncfile
-ErrorDocument 403 /adm/login
-ErrorDocument 404 /adm/notfound.html
-ErrorDocument 406 /adm/unauthorized.html
-ErrorDocument 500 /adm/errorhandler
-
-
-
-PerlAccessHandler Apache::lonacc
-SetHandler perl-script
-PerlHandler Apache::londiff
-ErrorDocument 403 /adm/login
-ErrorDocument 404 /adm/notfound.html
-ErrorDocument 406 /adm/unauthorized.html
-ErrorDocument 500 /adm/errorhandler
-
-
-
-PerlAccessHandler Apache::lonacc
-SetHandler perl-script
-PerlHandler Apache::lonupload
-ErrorDocument 403 /adm/login
-ErrorDocument 404 /adm/notfound.html
-ErrorDocument 406 /adm/unauthorized.html
-ErrorDocument 500 /adm/errorhandler
-
-
-
-PerlAccessHandler Apache::lonacc
-SetHandler perl-script
-PerlHandler Apache::lonspreadsheet
-ErrorDocument 403 /adm/login
-ErrorDocument 406 /adm/roles
-ErrorDocument 500 /adm/errorhandler
-
-
-
-PerlAccessHandler Apache::lonacc
-SetHandler perl-script
-PerlHandler Apache::lonspreadsheet
-ErrorDocument 403 /adm/login
-ErrorDocument 406 /adm/roles
-ErrorDocument 500 /adm/errorhandler
-
-
-
-PerlAccessHandler Apache::lonacc
-SetHandler perl-script
-PerlHandler Apache::lonspreadsheet
-ErrorDocument 403 /adm/login
-ErrorDocument 406 /adm/roles
-ErrorDocument 500 /adm/errorhandler
-
-
-
-PerlAccessHandler Apache::lonacc
-SetHandler perl-script
-PerlHandler Apache::lonchart
-ErrorDocument 403 /adm/login
-ErrorDocument 406 /adm/roles
-ErrorDocument 500 /adm/errorhandler
-
-
-
-PerlAccessHandler Apache::lonacc
-SetHandler perl-script
-PerlHandler Apache::londropadd
-ErrorDocument 403 /adm/login
-ErrorDocument 406 /adm/roles
-ErrorDocument 500 /adm/errorhandler
-
-
-
-PerlAccessHandler Apache::lonacc
-SetHandler perl-script
-PerlHandler Apache::lonprintout
-ErrorDocument 403 /adm/login
-ErrorDocument 500 /adm/errorhandler
-
-
-
-PerlAccessHandler Apache::lonacc
-SetHandler perl-script
-PerlHandler Apache::lonfeedback
-ErrorDocument 403 /adm/login
-ErrorDocument 500 /adm/errorhandler
-
-
-
-PerlAccessHandler Apache::lonacc
-SetHandler perl-script
-PerlHandler Apache::lonevaluate
-ErrorDocument 403 /adm/login
-ErrorDocument 500 /adm/errorhandler
-
-
-
-PerlAccessHandler Apache::lonacc
-SetHandler perl-script
-PerlHandler Apache::lonpreferences
-ErrorDocument 403 /adm/login
-ErrorDocument 500 /adm/errorhandler
-
-
-
-PerlAccessHandler Apache::lonacc
-SetHandler perl-script
-PerlHandler Apache::lonassignments
-ErrorDocument 403 /adm/login
-ErrorDocument 406 /adm/roles
-ErrorDocument 500 /adm/errorhandler
-
-
-
-PerlAccessHandler Apache::lonacc
-SetHandler perl-script
-PerlHandler Apache::loncommunicate
-ErrorDocument 403 /adm/login
-ErrorDocument 500 /adm/errorhandler
-
-
-
-PerlAccessHandler Apache::lonacc
-SetHandler perl-script
-PerlHandler Apache::lonsearchcat
-ErrorDocument 403 /adm/login
-ErrorDocument 500 /adm/errorhandler
-
-
-
-PerlAccessHandler Apache::lonacc
-SetHandler perl-script
-PerlHandler Apache::lonnavmaps
-ErrorDocument 403 /adm/login
-ErrorDocument 406 /adm/roles
-ErrorDocument 500 /adm/errorhandler
-
-
-
-PerlAccessHandler Apache::lonacc
-SetHandler perl-script
-PerlHandler Apache::groupsort
-ErrorDocument 403 /adm/login
-ErrorDocument 500 /adm/errorhandler
-
-
-
-SetHandler perl-script
-PerlHandler Apache::lonerrorhandler
-
-
-# ------------------------------------------------- Backdoor Adm Tests/Programs
-
-
-AuthName "LON-CAPA Network Administration"
-AuthType Basic
-AuthUserFile /home/httpd/lonTabs/htpasswd
-require user lonadm
-
-
-
-AuthName "LON-CAPA Network Administration"
-AuthType Basic
-AuthUserFile /home/httpd/lonTabs/htpasswd
-require user lonadm
-
-
-
-AuthName "LON-CAPA Network Administration"
-AuthType Basic
-AuthUserFile /home/httpd/lonTabs/htpasswd
-require user lonadm
-
-
-
-AuthName "LON-CAPA Network Administration"
-AuthType Basic
-AuthUserFile /home/httpd/lonTabs/htpasswd
-require user lonadm
-
-
-
-AuthName "LON-CAPA Network Administration"
-AuthType Basic
-AuthUserFile /home/httpd/lonTabs/htpasswd
-require user lonadm
-SetHandler perl-script
-PerlAccessHandler Apache::lonacc
-PerlHandler Apache::lontest
-
+# Expiration for local copies and tokens in seconds
-# ------------------------------------------------------- Shutting down a child
+PerlSetVar lonExpire {[[[[lonExpire]]]]}
-PerlChildExitHandler Apache::lonnet::goodbye
+# Key to issue receipts
+
+PerlSetVar lonReceipt {[[[[lonReceipt]]]]}
#
-# LON-CAPA Section (extensions to access.conf permission configuration)
+# The variables below control the behavior of secure lond:
#
-# =========================================================== Directory Options
-
-# Start out with "no"
-
-
-Options None
-AllowOverride None
-
-
-# Yes to symbolic links and server-side includes
-
-
-Options Includes FollowSymLinks
-AllowOverride None
-order allow,deny
-allow from all
-
-
-# If it is in cgi-bin, then it can be executed as a CGI script.
-
-
-AllowOverride None
-Options ExecCGI
-
-
-# ============================================================= Access Handlers
-
-# ------------------------------------------------- Allow server-status reports
-
-SetHandler server-status
-AuthName "LON-CAPA Network Administration"
-AuthType Basic
-AuthUserFile /home/httpd/lonTabs/htpasswd
-require user lonadm
-
-
-# ------------------------ Allow LON-CAPA "low-level" connection status reports
-
-AuthName "LON-CAPA Network Administration"
-AuthType Basic
-AuthUserFile /home/httpd/lonTabs/htpasswd
-require user lonadm
-
-
-# ------------------- Allow access to local system documentation from localhost
-Alias /doc /usr/doc
-
-order deny,allow
-deny from all
-allow from localhost
-Options Indexes FollowSymLinks
-
-
-# **** DISABLED TO STAY COMPATIBLE WITH LON-CAPA AND ACCESS.CONF FOR NOW ******
-# ======================================= Machine Specific / Perl Configuration
#
-# ------------------------ The variable values are also read and shared by lond
-# LON-internal HostID of this machine
+# londAllowInsecure allows lond to fall back to insecure connections
+# in the event its peer is not yet updated to secure lonc.
+# If you are certain all the systems you are communicating with
+# are using secure lonc, uncomment the first definition and
+# comment the second.
-# PerlSetVar lonHostID {[[[[lonHostID]]]]}
-
-# Role of this machine: library, access
-
-# PerlSetVar lonRole {[[[[lonRole]]]]}
-
-# Server Administration
+# PerlSetVar londAllowInsecure {[[[[0]]]]}
+PerlSetVar londAllowInsecure {[[[[1]]]]}
-# PerlSetVar lonAdmEMail {[[[[lonAdmEMail]]]]}
-
-# Default domain
-
-# PerlSetVar lonDefDomain {[[[[lonDefDomain]]]]}
-
-# Load Limit ( 100% loadavg )
+# loncAllowInsecure allows lonc to fall back to negotiating an insecure
+# connection with lond in the event the peer is not yet a secure lond.
+# If you are certain that all systems you are communicating with
+# are using secure lond, uncomment the next line and comment the
+# second:
-# PerlSetVar lonLoadLim {[[[[lonLoadLim]]]]}
+# PerlSetVar loncAllowInsecure {[[[[0]]]]}
+PerlSetVar loncAllowInsecure {[[[[1]]]]}
-# Expiration for local copies and tokens in seconds
-
-# PerlSetVar lonExpire {[[[[lonExpire]]]]}
+#
+# Secure lond/lonc require ssl certificate and private
+# key files to function correctly. The certificate
+# files need not be terribly secure, but the private key files
+# should be set up so that only www (the lonc/lond effective user)
+# can read them.
+#
+# The definition below is the full path to the directory that
+# contains the certificate and key files:
+#
+PerlSetVar lonCertificateDirectory {[[[[/home/httpd/lonCerts]]]]}
-# Key to issue receipts
-
-# PerlSetVar lonReceipt {[[[[lonReceipt]]]]}
+#
+# Secure lond/lonc require two certificates and a private host key.
+# The certificates required are that of the lonCAPA certificate authority
+# and the certificate that authority issued to this host.
+# lonnetCertificateAuthority is the name of the file that contains the
+# lonCAPA certificate authority's certificate.
+# lonnetCertificate is the name of the file that contains the certificate
+# issued to the host by the certificate authority.
+# Both of these variables are names of files assumed to be in
+# lonCertificateDirectory:
-# Key to handle SQL access
-
-# PerlSetVar lonSqlAccess {[[[[lonSqlAccess]]]]}
+PerlSetVar lonnetCertificateAuthority {[[[[loncapaCA.pem]]]]}
+PerlSetVar lonnetCertificate {[[[[lonhostcert.pem]]]]}
-# ************ ENABLE SINCE THESE SHOULD BE STATIC ANYWAYS ********************
-# ====================================== Internal Settings / Perl Configuration
+#
+# To generate the request for a certificate, and to negotiate the
+# initial ssl connection, the host requires a private key. This key
+# is created at lonCAPA install time. Did we mention above that it
+# should be set so that only www can read it? The variale below
+# is the name of the file relative to lonnetCertificateDirectory
+# that has the host's private key. Did we remember to tell you to
+# keep the permissions on that file set to rw------- (0600)?
+#
-PerlSetVar lonIDsDir /home/httpd/lonIDs
-PerlSetVar lonTabDir /home/httpd/lonTabs
-PerlSetVar lonUsersDir /home/httpd/lonUsers
-PerlSetVar lonIconsURL /adm/lonIcons
-PerlSetVar londPort 5663
-PerlSetVar lonSysEMail korte@lite.msu.edu
-PerlSetVar lonDaemons /home/httpd/perl
-PerlSetVar lonSockDir /home/httpd/sockets
-PerlSetVar lonDocRoot /home/httpd/html
-PerlSetVar lonIncludes /home/httpd/html/res/adm/includes
-PerlSetVar lonBrowsDet netscape:mozilla:msie:mozilla\/(\d+\.\d+)\s:9999&explorer:msie:netscape:msie\s(\d+\.\d+)\;:9999&mozilla:mozilla\/[5-9]:msie:mozilla\/(\d+\.\d+)\s:9999&amaya:amaya:mozilla:V(\d+\.\d+)\s:1
+PerlSetVar lonnetPrivateKey {[[[[lonKey.pem]]]]}
-# ================================================== Initiate mod_perl starting
+# Did we mention that the file described above must have
+# permissions really locked down so that it can't be stolen?
-PerlRequire conf/startup.pl
-PerlFreshRestart On