Skip to content
Normal view History Permalink
README.md 2.48 KiB
Newer Older
Sonia Zorba's avatar
Added comments and documentation + security fix  
Sonia Zorba committed
1 
# RAP IA2
Sonia Zorba's avatar
Initial commit (Google and Facebook)
Sonia Zorba committed
2
Sonia Zorba's avatar
Added comments and documentation + security fix  
Sonia Zorba committed
3 4 5 6 7 8 9 10 11 12 13 
## Installation and configuration

Requirements:

* Apache httpd server (tested on Apache/2.4.6)
* PHP (5.4+), composer for dependecies
* MySQL/MariaDB (tested on MariaDB 5.5.52)

### PHP

Put RAP sources in `/var/www/html/rap-ia2`
Sonia Zorba's avatar
Initial commit (Google and Facebook)
Sonia Zorba committed
14 15 16 17 18 

For installing PHP dependencies run:

    composer install
Sonia Zorba's avatar
Various changes  
Sonia Zorba committed
19 20 
Install also the bcmath PHP package (used in X.509 parser).
Sonia Zorba's avatar
Added comments and documentation + security fix  
Sonia Zorba committed
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 
### MySQL

Create a dedicated database and user:

    CREATE DATABASE rap;
    CREATE USER rap@localhost IDENTIFIED BY 'XXXXXX';
    GRANT ALL PRIVILEGES ON rap.* TO rap@localhost;

Enable the event scheduler:

* open MySQL configuration file (e.g. /etc/my.cnf)
* set `event_scheduler=1`
* restart MySQL

Then run the setup script:

    mysql -u root -p <  sql/setup-database.sql

### Apache (httpd)

* Configure a valid HTTPS certificate on the server
* Configure X.509 client certificate authentication:

        <Directory /var/www/html/rap-ia2/auth/x509/>
            Options Indexes FollowSymLinks
            AllowOverride None
            Order allow,deny
            allow from all
            SSLVerifyClient require
            SSLVerifyDepth 10
            SSLOptions +ExportCertData
        </Directory>

* Shibboleth authentication:

        <Directory /var/www/html/rap-ia2/auth/saml2/>
            AuthType shibboleth
            ShibRequestSetting requireSession 1
            Require valid-user
        </Directory>

* Protect log directory:

        <Directory /var/www/html/rap-ia2/logs/>
            Order deny,allow
            Deny From All
        </Directory>

* Protect RAP Web Service in Basic-Auth:

        <Location "/rap-ia2/ws">
            AuthType basic
            AuthName RAP
            AuthUserFile apachepasswd
            Require valid-user
        </Location>

* Then creates a password file for RAP Web Service Basic-Auth:
    * `cd /etc/httpd/`
    * `htpasswd -c apachepasswd rap`
        * The last command creates an hashed password for an user "rap" and store it in a file named apachepasswd.

* Finally, restart the Apache server.

### Social networks

Before using social API it is necessary to register an application on each social network and obtain API keys and secrets:

* https://console.developers.google.com
* https://www.linkedin.com/developer/apps
* https://developers.facebook.com/apps

### Configuration file

Copy the `config-example.php` into `config.php` and edit it for matching your needs.

## Additional information and developer guide
Sonia Zorba's avatar
Initial commit (Google and Facebook)
Sonia Zorba committed
98
Sonia Zorba's avatar
Added comments and documentation + security fix  
Sonia Zorba committed
99 
See the wiki: https://www.ict.inaf.it/gitlab/zorba/rap-ia2/wikis/home