###################################################################### # # Config parameter for an OpenACS site using NaviServer. # adapted for openacs PKGBUILD # # These default settings will only work in limited circumstances. # Two servers with default settings cannot run on the same host # ###################################################################### ns_log notice "nsd.tcl: starting to read config file..." #--------------------------------------------------------------------- # change to 80 and 443 for production use set httpport 8000 set httpsport 8443 # The hostname and address should be set to actual values. # setting the address to 0.0.0.0 means aolserver listens on all interfaces set hostname localhost set address 127.0.0.1 # Note: If port is privileged (usually < 1024), OpenACS must be # started by root, and the run script must contain the flag # '-b address:port' which matches the address and port # as specified above. set server "openacs" set servername "New OpenACS Installation - Development" set serverroot /usr/lib/$server set logroot $serverroot/log/ set homedir /usr/lib/naviserver set bindir $homedir/bin # Are we runnng behind a proxy? set proxy_mode false #--------------------------------------------------------------------- # Which database do you want? postgres or oracle set database postgres set db_name oacs-5-9 if { $database eq "oracle" } { set db_password "mysitepassword" } else { set db_host localhost set db_port "" set db_user nsadmin } #--------------------------------------------------------------------- # if debug is false, all debugging will be turned off set debug false set dev false set max_file_upload_mb 200 set max_file_upload_min 5 #--------------------------------------------------------------------- # set environment variables HOME and LANG set env(HOME) $homedir set env(LANG) en_US.UTF-8 ###################################################################### # # End of instance-specific settings # # Nothing below this point need be changed in a default install. # ###################################################################### #--------------------------------------------------------------------- # # NaviServer's directories. Autoconfigurable. # #--------------------------------------------------------------------- # Where are your pages going to live ? set pageroot ${serverroot}/www set directoryfile "index.tcl index.adp index.html index.htm" #--------------------------------------------------------------------- # Global server parameters #--------------------------------------------------------------------- ns_section ns/parameters ns_param serverlog ${logroot}/error.log ns_param pidfile ${logroot}/nsd.pid ns_param home $homedir ns_param debug $debug # # ns_param logroll on ns_param logmaxbackup 100 ;# 10 is default ns_param logdebug $debug ns_param logdev $dev # ns_param mailhost localhost # ns_param jobsperthread 0 # ns_param jobtimeout 300 # ns_param schedsperthread 0 # Write asynchronously to log files (access log and error log) # ns_param asynclogwriter true ;# false # Enforce sequential thread initialization. This is not really # desirably in general, but might be useful for hunting strange # crashes or for debugging with valgrind. # ns_param tclinitlock true ;# default: false # # Encoding settings (see http://dqd.com/~mayoff/encoding-doc.html) # # ns_param HackContentType 1 # Naviserver's defaults charsets are all utf-8. Allthough the # default charset is utf-8, set the parameter "OutputCharset" # here, since otherwise OpenACS uses in the meta-tags the charset # from [ad_conn charset], which is taken from the db and # per-default ISO-8859-1. ns_param OutputCharset utf-8 # ns_param URLCharset utf-8 # Running behind proxy? Used by OpenACS... ns_param ReverseProxyMode $proxy_mode #--------------------------------------------------------------------- # Thread library (nsthread) parameters #--------------------------------------------------------------------- ns_section ns/threads ns_param stacksize [expr {128 * 8192}] #--------------------------------------------------------------------- # Extra mime types #--------------------------------------------------------------------- ns_section ns/mimetypes # Note: NaviServer already has an exhaustive list of MIME types: # see: /usr/local/src/naviserver/nsd/mimetypes.c # but in case something is missing you can add it here. #ns_param Default */* #ns_param NoExtension */* #ns_param .pcd image/x-photo-cd #ns_param .prc application/x-pilot #--------------------------------------------------------------------- # Global fastpath parameters #--------------------------------------------------------------------- ns_section "ns/fastpath" #ns_param cache true ;# default: false #ns_param cachemaxsize 10240000 ;# default: 1024*10000 #ns_param cachemaxentry 100000 ;# default: 8192 #ns_param mmap true ;# default: false #ns_param gzip_static true ;# check for static gzip; default: false #ns_param gzip_refresh true ;# refresh stale .gz files on the fly using ::ns_gzipfile #ns_param gzip_cmd "/usr/bin/gzip -9" ;# use for re-compressing #--------------------------------------------------------------------- # # Server-level configuration # # There is only one server in NaviServer, but this is helpful when multiple # servers share the same configuration file. This file assumes that only # one server is in use so it is set at the top in the "server" Tcl variable # Other host-specific values are set up above as Tcl variables, too. # #--------------------------------------------------------------------- ns_section ns/servers ns_param $server $servername # # Server parameters # ns_section ns/server/${server} # # Scaling and Tuning Options # # ns_param maxconnections 100 ;# 100; number of allocated connection stuctures # ns_param maxthreads 10 ;# 10; maximal number of connection threads ns_param minthreads 2 ;# 1; minimal number of connection threads ns_param connsperthread 1000 ;# 10000; number of connections (requests) handled per thread # ns_param threadtimeout 120 ;# 120; timeout for idle theads # ns_param lowwatermark 10 ;# 10; create additional threads above this queue-full percentage ns_param highwatermark 100 ;# 80; allow concurrent creates above this queue-is percentage ;# 100 means to disable concurrent creates # Compress response character data: ns_return, ADP etc. # ns_param compressenable on ;# false, use "ns_conn compress" to override # ns_param compresslevel 4 ;# 4, 1-9 where 9 is high compression, high overhead # ns_param compressminsize 512 ;# Compress responses larger than this # ns_param compresspreinit true ;# false, if true then initialize and allocate buffers at startup # # Configuration of replies # # ns_param realm yourrealm ;# Default realm for Basic authentication # ns_param noticedetail false ;# true, return detail information in server reply # ns_param errorminsize 0 ;# 514, fillup reply to at least specified bytes (for ?early? MSIE) # ns_param headercase preserve;# preserve, might be "tolower" or "toupper" # ns_param checkmodifiedsince false ;# true, check modified-since before returning files from cache. Disable for speedup # # Special HTTP pages # ns_section ns/server/${server}/redirects ns_param 404 "/global/file-not-found.html" ns_param 403 "/global/forbidden.html" ns_param 503 "/global/busy.html" ns_param 500 "/global/error.html" #--------------------------------------------------------------------- # # ADP (AOLserver Dynamic Page) configuration # #--------------------------------------------------------------------- ns_section ns/server/${server}/adp ns_param enabledebug $debug ns_param map /*.adp ;# Extensions to parse as ADP's # ns_param map "/*.html" ;# Any extension can be mapped # # ns_param cache true ;# false, enable ADP caching # ns_param cachesize 10000*1025 ;# 5000*1024, size of cache # # ns_param trace true ;# false, trace execution of adp scripts # ns_param tracesize 100 ;# 40, max number of entries in trace # # ns_param bufsize 5*1024*1000 ;# 1*1024*1000, size of ADP buffer # # ns_param stream true ;# false, enable ADP streaming # ns_param enableexpire true ;# false, set "Expires: now" on all ADP's # ns_param safeeval true ;# false, disable inline scripts # ns_param singlescript true ;# false, collapse Tcl blocks to a single Tcl script # ns_param detailerror false ;# true, include connection info in error backtrace # ns_param stricterror true ;# false, interrupt execution on any error # ns_param displayerror true ;# false, include error message in output # ns_param trimspace true ;# false, trim whitespace from output buffer # ns_param autoabort false ;# true, failure to flush a buffer (e.g. closed HTTP connection) generates an ADP exception # # ns_param errorpage /.../errorpage.adp ;# page for returning errors # ns_param startpage /.../startpage.adp ;# file to be run for every adp request; should include "ns_adp_include [ns_adp_argv 0]" # ns_param debuginit some-proc ;# ns_adp_debuginit, proc to be executed on debug init # ns_section ns/server/${server}/adp/parsers ns_param fancy ".adp" # # Tcl Configuration # ns_section ns/server/${server}/tcl ns_param library ${serverroot}/tcl ns_param autoclose on ns_param debug $debug # ns_param nsvbuckets 16 ;# default: 8 ns_section "ns/server/${server}/fastpath" ns_param serverdir ${homedir} ns_param pagedir ${pageroot} # # Directory listing options # # ns_param directoryfile "index.adp index.tcl index.html index.htm" # ns_param directoryadp $pageroot/dirlist.adp ;# Choose one or the other # ns_param directoryproc _ns_dirlist ;# ...but not both! # ns_param directorylisting fancy ;# Can be simple or fancy # #--------------------------------------------------------------------- # # WebDAV Support (optional, requires oacs-dav package to be installed # #--------------------------------------------------------------------- ns_section ns/server/${server}/tdav ns_param propdir ${serverroot}/data/dav/properties ns_param lockdir ${serverroot}/data/dav/locks ns_param defaultlocktimeout 300 ns_section ns/server/${server}/tdav/shares ns_param share1 "OpenACS" # ns_param share2 "Share 2 description" ns_section ns/server/${server}/tdav/share/share1 ns_param uri "/dav/*" # all WebDAV options ns_param options "OPTIONS COPY GET PUT MOVE DELETE HEAD MKCOL POST PROPFIND PROPPATCH LOCK UNLOCK" #ns_section ns/server/${server}/tdav/share/share2 # ns_param uri "/share2/path/*" # read-only WebDAV options # ns_param options "OPTIONS COPY GET HEAD MKCOL POST PROPFIND PROPPATCH" #--------------------------------------------------------------------- # # Socket driver module (HTTP) -- nssock # #--------------------------------------------------------------------- ns_section ns/server/${server}/module/nssock ns_param address $address ns_param hostname $hostname ns_param port $httpport ;# 80 or 443 ns_param maxinput [expr {$max_file_upload_mb * 1024 * 1024}] ;# 1024*1024, maximum size for inputs ns_param recvwait [expr {$max_file_upload_min * 60}] ;# 30, timeout for receive operations # ns_param maxline 8192 ;# 8192, max size of a header line # ns_param maxheaders 128 ;# 128, max number of header lines # ns_param uploadpath /tmp ;# directory for uploads # ns_param backlog 256 ;# 256, backlog for listen operations # ns_param maxqueuesize 256 ;# 1024, maximum size of the queue # ns_param acceptsize 10 ;# Maximum number of requests accepted at once. # ns_param deferaccept true ;# false, Performance optimization, may cause recvwait to be ignored # ns_param bufsize 16384 ;# 16384, buffersize # ns_param readahead 16384 ;# value of bufsize, size of readahead for requests # ns_param sendwait 30 ;# 30, timeout in seconds for send operations # ns_param closewait 2 ;# 2, timeout in seconds for close on socket # ns_param keepwait 2 ;# 5, timeout in seconds for keep-alive # ns_param nodelay true ;# false; activate TCP_NODELAY if not activated per default on your OS # ns_param keepalivemaxuploadsize 500000 ;# 0, don't allow keep-alive for upload content larger than this # ns_param keepalivemaxdownloadsize 1000000 ;# 0, don't allow keep-alive for download content larger than this # # Spooling Threads # # ns_param spoolerthreads 1 ;# 0, number of upload spooler threads # ns_param maxupload 0 ;# 0, when specified, spool uploads larger than this value to a temp file ns_param writerthreads 2 ;# 0, number of writer threads ns_param writersize 4096 ;# 1024*1024, use writer threads for files larger than this value # ns_param writerbufsize 8192 ;# 8192, buffer size for writer threads # ns_param writerstreaming true ;# false; activate writer for streaming HTML output (when using ns_write) #--------------------------------------------------------------------- # # Access log -- nslog # #--------------------------------------------------------------------- ns_section ns/server/${server}/module/nslog # # General parameters for access.log # ns_param file ${logroot}/access.log # ns_param maxbuffer 100 ;# 0, number of logfile entries to keep in memory before flushing to disk # # Control what to log # # ns_param suppressquery true ;# false, suppress query portion in log entry # ns_param logreqtime true ;# false, include time to service the request ns_param logpartialtimes true ;# false, include high-res start time and partial request durations (accept, queue, filter, run) # ns_param formattedtime true ;# true, timestamps formatted or in secs (unix time) # ns_param logcombined true ;# true, Log in NSCA Combined Log Format (referer, user-agent) # ns_param extendedheaders COOKIE ;# space delimited list of HTTP heads to log per entry ns_param checkforproxy $proxy_mode ;# false, check for proxy header (X-Forwarded-For) # # # Control log file rolling # # ns_param maxbackup 100 ;# 10, max number of backup log files # ns_param rolllog true ;# true, should server log files automatically # ns_param rollhour 0 ;# 0, specify at which hour to roll # ns_param rollonsignal true ;# false, perform roll on a sighup ns_param rollfmt %Y-%m-%d-%H:%M ;# format appendend to log file name #--------------------------------------------------------------------- # # CGI interface -- nscgi, if you have legacy stuff. Tcl or ADP files inside # NaviServer are vastly superior to CGIs. I haven't tested these params but they # should be right. # #--------------------------------------------------------------------- #ns_section "ns/server/${server}/module/nscgi" # ns_param map "GET /cgi-bin ${serverroot}/cgi-bin" # ns_param map "POST /cgi-bin ${serverroot}/cgi-bin" # ns_param Interps CGIinterps #ns_section "ns/interps/CGIinterps" # ns_param .pl "/usr/bin/perl" #--------------------------------------------------------------------- # # PAM authentication # #--------------------------------------------------------------------- ns_section ns/server/${server}/module/nspam ns_param PamDomain "pam_domain" #--------------------------------------------------------------------- # # SSL # #--------------------------------------------------------------------- ns_section "ns/server/${server}/module/nsssl" ns_param address $address ns_param port $httpsport ns_param hostname $hostname ns_param ciphers "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!RC4" ns_param protocols "!SSLv2" ns_param certificate $serverroot/etc/certfile.pem ns_param verify 0 ns_param writerthreads 2 ns_param writersize 4096 ns_param writerbufsize 16384 ;# 8192, buffer size for writer threads #ns_param writerstreaming true ;# false #ns_param deferaccept true ;# false, Performance optimization ns_param maxinput [expr {$max_file_upload_mb * 1024*1024}] ;# Maximum File Size for uploads in bytes #--------------------------------------------------------------------- # # Database drivers # The database driver is specified here. # Make sure you have the driver compiled and put it in {aolserverdir}/bin # #--------------------------------------------------------------------- ns_section "ns/db/drivers" if { $database eq "oracle" } { ns_param ora8 ${bindir}/ora8.so } else { ns_param postgres ${bindir}/nsdbpg.so } if { $database eq "oracle" } { ns_section "ns/db/driver/ora8" ns_param maxStringLogLength -1 ns_param LobBufferSize 32768 } else { ns_section "ns/db/driver/postgres" # Set this parameter, when "psql" is not on your path (OpenACS specific) # ns_param pgbin "/usr/local/pg920/bin/" } # Database Pools: This is how NaviServer ``talks'' to the RDBMS. You need # three for OpenACS: main, log, subquery. Make sure to replace ``yourdb'' # and ``yourpassword'' with the actual values for your db name and the # password for it, if needed. # # NaviServer can have different pools connecting to different databases # and even different different database servers. See # http://openacs.org/doc/tutorial-second-database.html # An example 'other db' configuration is included (and commented out) using other1_db_name # set other1_db_name "yourDBname" ns_section ns/db/pools ns_param pool1 "Pool 1" ns_param pool2 "Pool 2" ns_param pool3 "Pool 3" ns_section ns/db/pool/pool1 # ns_param maxidle 0 # ns_param maxopen 0 ns_param connections 15 ns_param verbose $debug ns_param logsqlerrors $debug if { $database eq "oracle" } { ns_param driver ora8 ns_param datasource {} ns_param user $db_name ns_param password $db_password } else { ns_param driver postgres ns_param datasource ${db_host}:${db_port}:${db_name} ns_param user $db_user ns_param password "" } ns_section ns/db/pool/pool2 # ns_param maxidle 0 # ns_param maxopen 0 ns_param connections 5 ns_param verbose $debug ns_param logsqlerrors $debug if { $database eq "oracle" } { ns_param driver ora8 ns_param datasource {} ns_param user $db_name ns_param password $db_password } else { ns_param driver postgres ns_param datasource ${db_host}:${db_port}:${db_name} ns_param user $db_user ns_param password "" } ns_section ns/db/pool/pool3 # ns_param maxidle 0 # ns_param maxopen 0 ns_param connections 5 ns_param verbose $debug ns_param logsqlerrors $debug if { $database eq "oracle" } { ns_param driver ora8 ns_param datasource {} ns_param user $db_name ns_param password $db_password } else { ns_param driver postgres ns_param datasource ${db_host}:${db_port}:${db_name} ns_param user $db_user ns_param password "" } ns_section ns/server/${server}/db ns_param pools pool1,pool2,pool3 ns_param defaultpool pool1 #--------------------------------------------------------------------- # Which modules should be loaded? Missing modules break the server, so # don't uncomment modules unless they have been installed. ns_section ns/server/${server}/modules ns_param nssock ${bindir}/nssock.so ns_param nslog ${bindir}/nslog.so ns_param nsdb ${bindir}/nsdb.so #ns_param nsproxy ${bindir}/nsproxy.so # ns_param nsssl ${bindir}/nsssl.so # # Determine, if libthread is installed # set libthread [lindex [glob -nocomplain $homedir/lib/thread*/libthread*[info sharedlibextension]] end] if {$libthread eq ""} { ns_log notice "No Tcl thread library installed in $homedir/lib/" } else { ns_param libthread $libthread ns_log notice "Use Tcl thread library $libthread" } # authorize-gateway package requires dqd_utils # ns_param dqd_utils dqd_utils[expr {int($tcl_version)}].so # PAM authentication # ns_param nspam ${bindir}/nspam.so # LDAP authentication # ns_param nsldap ${bindir}/nsldap.so # These modules aren't used in standard OpenACS installs # ns_param nsperm ${bindir}/nsperm.so # ns_param nscgi ${bindir}/nscgi.so # ns_param nsjava ${bindir}/libnsjava.so # ns_param nsrewrite ${bindir}/nsrewrite.so # # nsproxy configuration # ns_section ns/server/${server}/module/nsproxy # ns_param maxslaves 8 # ns_param sendtimeout 5000 # ns_param recvtimeout 5000 # ns_param waittimeout 1000 # ns_param idletimeout 300000 ns_log notice "nsd.tcl: using threadsafe tcl: [info exists tcl_platform(threaded)]" ns_log notice "nsd.tcl: finished reading config file."