Apache

WebAuth Setup

• Install mod_webauth by sudo apt-get install libapache2-mod-webauth, following here and here. More help here.
• Install Kerberos following here.
• Get keytab file following here. The AWS instance is not part of Stanford network, thus wallet will never be able to retrieve the keytab file. Use the alternative method described on the page: ssh in to your [email protected], get the keytab file, and scp it to the instance.

Configuration

• Install mod_wsgi by sudo apt-get install libapache2-mod-wsgi.
• Have the following modules enabled (exactly): access_compat, alias, auth_basic, authn_core, authn_file, authz_core, authz_groupfile, authz_host, authz_user, deflate, expires, filter, headers, http2, mime, mpm_worker, negotiation, reqtimeout, setenvif, socache_shmcb, ssl, status, webauth, wsgi.
• Edit configuration files. It's recommend to recover and overwrite from the backup/backup_apache.tgz. These files are important: apache.conf, deflate.conf, httpd.conf, ports.conf, webauth.conf, sites-enabled/000-default.conf.

File	Description
httpd.conf	Defines worker numbers, /server-status/ page access, Expires header, and error handling pages. Do not use prefork with mod_wsgi!
webauth.conf	GROUP access to /group/, /site_data/rot_*, /site_data/spe_ppt, and /site_data/def_img/; ADMINacess to /admin/ through WebAuth referrin to config/group.conf.
sites-enabled/000-default.conf	Sets SSL, non-HTTPS redirects, wsgi app path, directory permissions, and /favicon.ico redirect.
password	Stores Apache user logins. Currently only daslab.

Apache related system path:

Item	Path
configuration	/etc/apache2/
log	var/log/apache2/