Installation of Apache can be done through any number of means, depending on the software package on hand, and the target OS used. Please consult the Apache documentation for installation information.
All steps require use of a command shell. The example posted below is working as root user, but some OS’s are not enabled for root user access. The root user may have do be enabled on the target machine, otherwise commands must be prepended with "sudo", or whatever method required for editing service files, starting and stopping services, etc.
The httpd.conf file (sometimes alternatively, the apache2.conf file) is the configuration file for Apache. Locate this file on the target machine. For purposes of this illustration, the httpd.conf file name will be used.
leowiz:~ root# locate httpd.conf /private/etc/apache2/httpd.conf /private/etc/apache2/original/httpd.conf leowiz:~ root#
Alternatively "find" will do the same thing;
leowiz:~ root# find / -name httpd.conf /private/etc/apache2/httpd.conf /private/etc/apache2/original/httpd.conf leowiz:~ root#
In this case, the "/private/etc/apache2/httpd.conf" file is the one we are interested in.
For isolation of configuration options for editing purposes, the TACTIC configuration file is a single file which should be referred to by the Apache configuration file. In this case, the default "tactic.conf" file will be used. The file is included at the end of this document. Note this default "tactic.conf" has already be altered during the running of tactic installation install.py so that the path matches the installation directories.
Find out if the httpd.conf file has an "Include" statement that refers to a directory the TACTIC Apache configuration file can be put in.
leowiz:~ root# grep Include /private/etc/apache2/httpd.conf Include /private/etc/apache2/extra/httpd-mpm.conf #Include /private/etc/apache2/extra/httpd-default.conf #Include /private/etc/apache2/extra/httpd-ssl.conf Include /private/etc/apache2/other/*.conf leowiz:~ root#
In this case, the line at the bottom is the one that is required;
Include /private/etc/apache2/other/*.conf
If there is no such include, then a line can be added to the httpd.conf file.
In the above example, there is a reference to a directory wild-card configuration inclusion. Essentially then, any files with the suffix ".conf" will be activated. This is where the TACTIC configuration file will be stored. Either the default configuration file can be used with some editing, due to the variations in location of the TACTIC service application.
For purposes of efficiency, Apache will proxy files that are static. In the tactic.conf file, there are 2 major directives that are of concern regarding directory access. There is the directives that enable the TACTIC GUI widgets to work,
<Directory "/home/apache/tactic" > Options FollowSymLinks AllowOverride None Order Allow,Deny Allow from All </Directory>
The second set is:
<Directory "/home/apache/assets" > Options FollowSymLinks AllowOverride None Order Allow,Deny Allow from All </Directory>
In the default example, the TACTIC application is stored at "/home/apache/tactic" while the assets are stored at "/home/apache/assets" The directives here allow Apache access to proxy these file locations for TACTIC.
Since Apache is serving only static files, it can be configured to serve the dynamic content served by TACTIC using a proxy.
To enable the Apache proxy service, the tactic.conf file must contain directives that enable the proxy and rewrite modules to serve the TACTIC service.
ProxyPreserveHost on RewriteEngine on # for cherrypy RewriteRule ^/tactic/(.+)$ http://localhost:8081/tactic/$1 [P,L] RewriteRule ^/tactic http://localhost:8081/tactic/ [P,L] RewriteRule ^/projects/(.+)$ http://localhost:8081/tactic/$1 [P,L] RewriteRule ^/projects http://localhost:8081/tactic/ [P,L]
In this example, the TACTIC service is located on the same machine, on port 8081. All URL requests that have a "/tactic" or "/projects" in the URL will be redirected to the TACTIC service, which by default is on port 8081.
To effectively use load-balancing on this machine, replace it with the following configuration instead:
# This is for using a random load_balancing scheme RewriteMap lb rnd:/home/apache/sites/load_balance.txt RewriteRule ^/tactic/(.+)$ http://${lb:dynamic}/tactic/$1 [P,L] RewriteRule ^/projects/(.+)$ http://${lb:dynamic}/tactic/$1 [P,L] RewriteRule ^/tactic http://${lb:dynamic}/tactic/ [P,L] RewriteRule ^/projects http://${lb:dynamic}/tactic/ [P,L]
load balance
New Method
The use of balancer module is recommended for its reliablity and ease of use.
<Proxy balancer://tactic> BalancerMember http://localhost:8081/tactic BalancerMember http://localhost:8082/tactic BalancerMember http://localhost:8083/tactic </Proxy> ProxyPass /tactic balancer://tactic ProxyPass /tactic_data balancer://tactic
Old Method
The file, /home/apache/sites/load_balance.txt contains
lb localhost:8081|localhost:8082|localhost:8083
The Apache configuration files have now been modified to proxy and rewrite TACTIC requests.
Apache needs to be restarted for the configuration changes to take effect. Most Apache installations have a "apachectl" command. To restart apache, use;
` apachectl restart`
Once Apache has been restarted, it should be serving TACTIC requests.
At this point Apache should be configured to proxy TACTIC service requests to the TACTIC service, while leaving all other requests to Apache itself.
Windows HTTP co-service installations are IIS based.
On IIS installations prior to version 7, appropriate 3rd party proxying software (the ISAPI_Rewrite module) is required to be installed with IIS to enable the proper functioning of TACTIC.
TACTIC can be configured to work with the native IIS 7.5 services available on applicable Windows OS’s, such as Windows 7 and Windows Server 2008. Prior versions of IIS have required 3rd party software (the ISAPI_Rewrite module) to be installed alongside the IIS service to facilitate proxy and URL rewriting. With IIS 7.5, and the introduction of the ARR and URL rewrite module, the requirement of a 3rd party software is no longer needed.
On Windows 7, and Windows Server 2008, IIS is installed through means and directions published on Microsoft support websites. Please consult installation guides published by Microsoft for the installation procedure of IIS.
Typically, IIS 7.5 does not come with the ARR module, and depending on the IIS installation, URL rewrite. These modules are requirements for a installation alongside TACTIC. Please refer to Microsoft published documentation regarding installation of these modules.
Permissions must be set for IIS to be able to serve assets that TACTIC manages.
TACTIC requires that the IIS user have access to TACTIC assets and all of the virtual directories that contain TACTIC widgets.
Whether the assets directory is stored on the host machine or on a network mount, there should be a assigned user that runs TACTIC.
For non-domain Windows machines, a local user created on the TACTIC host, such as the IUSR_<computer_name> automatically created by an IIS installation will suffice, provided that the network mounted directories are writable by the system user.
For ADS domains, a user can be created on the domain, and assigned via the Services control panel. Assigning a domain user to the TACTIC service will allow domain level security rules to apply.
To assign a user to a service:
Change the "log on as" option to reflect the user created, whether local or domain based.
For a locally hosted asset directory , the anonymous user (typically IUSR_<computer name>) account needs to be granted access to the directories, and all subdirectories under them.
Find the directories above in Windows Explorer, and right click on the directory to bring up “Sharing and Security�? for that directory.
IIS must be configured to serve static content, such as TACTIC assets, and TACTIC UI skins.
Table 5. Virtual directories required by TACTIC
Directory Description | Directory Alias | Location |
---|---|---|
Assets storage | assets | User provided during installation |
TACTIC UI widgets | context | Inside TACTIC installation directory |
Documentation | doc | Inside TACTIC installation directory |
Project storage | projects | User provided during installation |
There are four “virtual directories�? that must be created to access the static content provided by TACTIC.
To create the directories;
Create the virtual directory, using the paths that were created by the installation of TACTIC. The default paths may not apply.
3.
Important
If the directory is located on a network mount, it may have to be connected to as the user running the TACTIC service. To connect as a different user than the IIS user, click on the "Connect As"
+
+ Then click on the "Set…" button, and fill in the details of the user that will run the TACTIC service.
+
There should now be 4 virtual entries on the IIS service.
Application Request Routing (ARR) is the module snap-in that will proxy and load balance requests. ARR is required by IIS to split incoming TACTIC service requests between the dynamic content that drives the API and the TACTIC web UI, and static content. In order to achieve this, IIS must be configured to send certain requests to the TACTIC application server, while static data requests (usually assets) are sent to IIS.
This guide currently supports two methods of attaching the TACTIC service to an IIS co-service.
Proxy/Load balancing
The Load balancing configuration of IIS splits TACTIC service requests into multiple streams, with each stream utilizing its own TACTIC service process.
Proxy Only
The proxy-only configuration routes all TACTIC service requests to a single TACTIC service. This method should only be used in light usage TACTIC installations such as development servers.
A TACTIC installation by default runs 3 seperate TACTIC service listeners, arranged on default ports 8081, 8082 and 8083. To split TACTIC service requests into multiple streams, IIS must be configured to consider TACTIC part of a “server farm�?. Since all of the TACTIC services are running on one single host, IIS currently must be tricked into routing requests to the 3 different TACTIC streams on the localhost.
By default, windows looks in the hosts file, then to DNS for named
hosts. To divide localhost into three “different�? machines, the
“%SYSTEMROOT%/System32/drivers/etc/host�?
file must be edited to be
able to address localhost as more than one machine.
Important
If TACTIC is set to run a number of processes other than the default of three, then these instructions must reflect that number. Add or subtract from the list of localhost entries and web farm entries accordingly.
To create a web farm;
As an “Administrator�? user, edit the “127.0.0.1�? line in this file
The addition of localhost-2 and localhost-3 that reference 127.0.0.1 allow this host machine to access localhost as more than one machine. 2. Now the Server Farm reference must be created.
Start the IIS snap in, and select the Web server that will be used as a TACTIC co-service in the left side navigation bar. Right click on the “Server Farms�? folder and create a new server farm.
3 seperate servers must be added to the server farm to correspond to the 3 default TACTIC service processes. Add each server according to the below table.
Server Address | httpPort |
---|---|
localhost-1 | 8081 |
localhost-2 | 8082 |
localhost-3 | 8083 |
Click on “Add�? when done each entry in the above list. For additional servers, the “server address�? must correspond to the additional localhost entries in the “hosts�? file. The ports must correspond to 8082, 8083, etc. Add the required number of servers according to TACTIC deployment requirements.
3. Click “Finish�? when done.
4. Create the rewrite rule when prompted.
URL rewrite must now be configured to only send TACTIC API requests to the server farm.
Click on the server farm icon on the left-hand side of IIS manager and click the “Routing Rules�? icon.
2. In the right pane of the Routing rules section, click the "URL
rewrite" link
3. Select the automatically created URL rewrite rule created when the
web farm was created, and click on the "Edit" link in the right pane.
In the “Edit Inbound rule�? pane, edit the pattern to read “tactic*,projects*�? This will instruct IIS to route all TACTIC UI requests to the TACTIC service.
4. Apply the change.
ARR comes with several load balancing algorithms. Click on the newly created server farm, and click on the “Load Balancing�? icon. Select “Weighted round robin�? as the algorithm, and “Even distribution�? as the load distribution.
IIS can be configured to run a single rewrite rule to forward requests to a single TACTIC service.
Start the IIS snap in, and select the Web server that will be used as a TACTIC co-service in the left side navigation bar. Choose “Application request routing�? And click on server proxy settings on the right-hand side.
In the ARR options under the proxy settings check the “use URL rewrite to inspect incoming requests�?, And in the “reverse proxy�? text area type “localhost:8081�?. This instructs IIS to proxy everything to this address and port.
From here URL Rewrite can then be instructed to filter proxy requests. Click on the “URL rewrite�? link on the right-hand side to modify rewrite rules. Typically, if the proxy has been created in ARR, then a rule will be created in URL rewrite.
IIS must then be instructed to only proxy TACTIC UI and API requests. To do this, an automatically created rule must be altered to allow TACTIC asset requests to be handled by IIS.
To modify the existing rule for TACTIC, the pattern under "Match URL" should be "tactic*". The action “Rewrite URL�? should be "http://localhost:8081/{R:0}"
TACTIC currently has a requirement to insert custom MIME types into the list of allowed types for the IIS service.
MIME type | Function | Extension |
---|---|---|
text/plain | Python Script mask | .xx |
To add a MIME type in IIS 7
Add all entries required by the table above.
At this point IIS should be configured to proxy TACTIC service requests to the TACTIC service, while leaving all other requests to IIS.
http://learn.iis.net/page.aspx/485/define-and-configure-an-application-request-routing-server-farm/
http://learn.iis.net/page.aspx/486/http-load-balancing-using-application-request-routing/