--- loncom/loncapa.conf 2002/05/12 19:12:01 1.5 +++ loncom/loncapa.conf 2004/05/26 10:17:49 1.9 @@ -1,44 +1,106 @@ ## ## loncapa.conf -- Apache HTTP LON-CAPA configuration file ## -## $Id: loncapa.conf,v 1.5 2002/05/12 19:12:01 harris41 Exp $ +## $Id: loncapa.conf,v 1.9 2004/05/26 10:17:49 foxr Exp $ ## -## 5/12/2002 - Scott Harrison -# **** DISABLED TO STAY COMPATIBLE WITH LON-CAPA AND ACCESS.CONF FOR NOW ****** # ======================================= Machine Specific / Perl Configuration # # ------------------------ The variable values are also read and shared by lond # LON-internal HostID of this machine -# PerlSetVar lonHostID {[[[[lonHostID]]]]} +PerlSetVar lonHostID {[[[[lonHostID]]]]} # Role of this machine: library, access -# PerlSetVar lonRole {[[[[lonRole]]]]} +PerlSetVar lonRole {[[[[lonRole]]]]} # Server Administration -# PerlSetVar lonAdmEMail {[[[[lonAdmEMail]]]]} +PerlSetVar lonAdmEMail {[[[[lonAdmEMail]]]]} # Default domain -# PerlSetVar lonDefDomain {[[[[lonDefDomain]]]]} +PerlSetVar lonDefDomain {[[[[lonDefDomain]]]]} # Load Limit ( 100% loadavg ) -# PerlSetVar lonLoadLim {[[[[lonLoadLim]]]]} +PerlSetVar lonLoadLim {[[[[lonLoadLim]]]]} + +# User Load Limit ( 100% loadavg ) + +PerlSetVar lonUserLoadLim {[[[[lonUserLoadLim]]]]} # Expiration for local copies and tokens in seconds -# PerlSetVar lonExpire {[[[[lonExpire]]]]} +PerlSetVar lonExpire {[[[[lonExpire]]]]} # Key to issue receipts -# PerlSetVar lonReceipt {[[[[lonReceipt]]]]} +PerlSetVar lonReceipt {[[[[lonReceipt]]]]} -# Key to handle SQL access - -# PerlSetVar lonSqlAccess {[[[[lonSqlAccess]]]]} +# +# The variables below control the behavior of secure lond: +# +# + +# londAllowInsecure allows lond to fall back to insecure connections +# in the event its peer is not yet updated to secure lonc. +# If you are certain all the systems you are communicating with +# are using secure lonc, uncomment the first definition and +# comment the second. + +# PerlSetVar londAllowInsecure {[[[[0]]]]} +PerlSetVar londAllowInsecure {[[[[1]]]]} + +# loncAllowInsecure allows lonc to fall back to negotiating an insecure +# connection with lond in the event the peer is not yet a secure lond. +# If you are certain that all systems you are communicating with +# are using secure lond, uncomment the next line and comment the +# second: + +# PerlSetVar loncAllowInsecure {[[[[0]]]]} +PerlSetVar loncAllowInsecure {[[[[1]]]]} + +# +# Secure lond/lonc require ssl certificate and private +# key files to function correctly. The certificate +# files need not be terribly secure, but the private key files +# should be set up so that only www (the lonc/lond effective user) +# can read them. +# +# The definition below is the full path to the directory that +# contains the certificate and key files: +# +PerlSetVar lonCertificateDirectory {[[[[/home/httpd/lonCerts]]]]} + +# +# Secure lond/lonc require two certificates and a private host key. +# The certificates required are that of the lonCAPA certificate authority +# and the certificate that authority issued to this host. +# lonnetCertificateAuthority is the name of the file that contains the +# lonCAPA certificate authority's certificate. +# lonnetCertificate is the name of the file that contains the certificate +# issued to the host by the certificate authority. +# Both of these variables are names of files assumed to be in +# lonCertificateDirectory: + +PerlSetVar lonnetCertificateAuthority {[[[[loncapaCA.pem]]]]} +PerlSetVar lonnetCertificate {[[[[lonhostcert.pem]]]]} + +# +# To generate the request for a certificate, and to negotiate the +# initial ssl connection, the host requires a private key. This key +# is created at lonCAPA install time. Did we mention above that it +# should be set so that only www can read it? The variale below +# is the name of the file relative to lonnetCertificateDirectory +# that has the host's private key. Did we remember to tell you to +# keep the permissions on that file set to rw------- (0600)? +# + +PerlSetVar lonnetPrivateKey {[[[[lonKey.pem]]]]} + +# Did we mention that the file described above must have +# permissions really locked down so that it can't be stolen?