## ## loncapa.conf -- Apache HTTP LON-CAPA configuration file ## ## $Id: loncapa.conf,v 1.9 2004/05/26 10:17:49 foxr Exp $ ## # ======================================= Machine Specific / Perl Configuration # # ------------------------ The variable values are also read and shared by lond # LON-internal HostID of this machine PerlSetVar lonHostID {[[[[lonHostID]]]]} # Role of this machine: library, access PerlSetVar lonRole {[[[[lonRole]]]]} # Server Administration PerlSetVar lonAdmEMail {[[[[lonAdmEMail]]]]} # Default domain PerlSetVar lonDefDomain {[[[[lonDefDomain]]]]} # Load Limit ( 100% loadavg ) PerlSetVar lonLoadLim {[[[[lonLoadLim]]]]} # User Load Limit ( 100% loadavg ) PerlSetVar lonUserLoadLim {[[[[lonUserLoadLim]]]]} # Expiration for local copies and tokens in seconds PerlSetVar lonExpire {[[[[lonExpire]]]]} # Key to issue receipts PerlSetVar lonReceipt {[[[[lonReceipt]]]]} # # The variables below control the behavior of secure lond: # # # londAllowInsecure allows lond to fall back to insecure connections # in the event its peer is not yet updated to secure lonc. # If you are certain all the systems you are communicating with # are using secure lonc, uncomment the first definition and # comment the second. # PerlSetVar londAllowInsecure {[[[[0]]]]} PerlSetVar londAllowInsecure {[[[[1]]]]} # loncAllowInsecure allows lonc to fall back to negotiating an insecure # connection with lond in the event the peer is not yet a secure lond. # If you are certain that all systems you are communicating with # are using secure lond, uncomment the next line and comment the # second: # PerlSetVar loncAllowInsecure {[[[[0]]]]} PerlSetVar loncAllowInsecure {[[[[1]]]]} # # Secure lond/lonc require ssl certificate and private # key files to function correctly. The certificate # files need not be terribly secure, but the private key files # should be set up so that only www (the lonc/lond effective user) # can read them. # # The definition below is the full path to the directory that # contains the certificate and key files: # PerlSetVar lonCertificateDirectory {[[[[/home/httpd/lonCerts]]]]} # # Secure lond/lonc require two certificates and a private host key. # The certificates required are that of the lonCAPA certificate authority # and the certificate that authority issued to this host. # lonnetCertificateAuthority is the name of the file that contains the # lonCAPA certificate authority's certificate. # lonnetCertificate is the name of the file that contains the certificate # issued to the host by the certificate authority. # Both of these variables are names of files assumed to be in # lonCertificateDirectory: PerlSetVar lonnetCertificateAuthority {[[[[loncapaCA.pem]]]]} PerlSetVar lonnetCertificate {[[[[lonhostcert.pem]]]]} # # To generate the request for a certificate, and to negotiate the # initial ssl connection, the host requires a private key. This key # is created at lonCAPA install time. Did we mention above that it # should be set so that only www can read it? The variale below # is the name of the file relative to lonnetCertificateDirectory # that has the host's private key. Did we remember to tell you to # keep the permissions on that file set to rw------- (0600)? # PerlSetVar lonnetPrivateKey {[[[[lonKey.pem]]]]} # Did we mention that the file described above must have # permissions really locked down so that it can't be stolen?