Running Open Web Server on FreeBSD

Running Open Web Server on FreeBSD

Downloaded Free BSD from ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/ISO-IMAGES/7.2/7.2-RELEASE-i386-dvd1.iso.gz

and installed it.

For reference, see http://wikis.sun.com/display/wsFOSS/Checkout+and+Build+Instructions

To search for a package, I used cd /usr/ports; make search name="mercurial" and so on.

First make sure that you already have these components

GNU make 3.81	/usr/local/bin/gmake
C/C++ Compiler 4.2.1	/usr/bin/g++ and gcc
Zlib	/usr/lib/libz.so already installed
Perl 5.8.9	/usr/bin/perl
CVS  1.11.22.1	/usr/bin/cvs

Install/Build these Components

Mercurial	cd /usr/ports/devel/mercurial; make install
Java SE 5 or 6	Due to license problems had to manually download and putting it in /usr/ports/distfiles For JDK 5 : cd /usr/posts/java/jdk15; make install and download the following files into /usr/ports/distfiles http://www.java.net/download/tiger/tiger_u16/jdk-1_5_0_16-fcs-bin-b02-jrl-28_may_2008.jar http://www.java.net/download/tiger/tiger_u16/jdk-1_5_0_16-fcs-src-b02-jrl-28_may_2008.jar tzupdater-1_3_12-2009a.zip from http://www.filewatcher.com/m/tzupdater-1_3_12-2009a.zip.261842.0.0.html Java(TM) Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 5.0 - jce_policy-1_5_0.zip http://www.eyesbeyond.com/freebsddom/java/jdk15.html - bsd-jdk15-patches-9.tar.bz2 For JDK 6 : cd /usr/posts/java/diablo-jdk16; make install and download the following files into /usr/ports/distfiles Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 6 jce_policy-6.zip Java SE Timezone Updater 1.3.15 - tzupdater-1_3_15-2009g.zip http://www.freebsdfoundation.org/cgi-bin/download?download=diablo-caffe-freebsd7-i386-1.6.0_07-b02.tar.bz2
Ant	cd /usr/ports/devel/apache-ant; make install
NSPR	cd /usr/ports/devel/nspr; make install
NSS	cd /usr/ports/security/nss; make install
Xerces C++	cd /usr/ports/textproc/xerces-c2; make install cd /usr/ports/textproc/xerces-c2-devel; make install selected Use ICU transcoder option. Build thread safe version of library. Got an error "/usr/bin/ld: can not find -lgcc_pic" For this we need to manually modify "files/filepatch-src-xercesc-Makefile.incl" and change "-lgcc_pic" to "-lgcc"
Xalan C++	cd /usr/ports/textproc/xalan; make install Selected INMEN and TRANSCODER_ICU options.
PCRE	cd /usr/ports/devel/pcre; make install
ICU	cd /usr/ports/devel/icu; make install
SASL	cd /usr/ports/security/cyrus-sasl2; make install
Mozilla LDAP C SDK*	cd /usr/ports/convertors/libiconv; make install cd /usr/ports/convertors/iconv; make install cvs -d :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot co -P -rLDAPCSDK_6_0_5_RTM DirectorySDKSourceC cd mozilla Add this patch Index: directory/c-sdk/configure =================================================================== RCS file: /cvsroot/mozilla/directory/c-sdk/configure,v retrieving revision 5.65 diff -u -r5.65 configure --- directory/c-sdk/configure   17 Sep 2007 17:46:23 -0000      5.65 +++ directory/c-sdk/configure   22 Jul 2009 07:27:11 -0000 @@ -4362,12 +4362,7 @@  EOF      CFLAGS="$CFLAGS $(DSO_CFLAGS) -ansi -Wall" -    MOZ_OBJFORMAT=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout` -    if test "$MOZ_OBJFORMAT" = "elf"; then -        DLL_SUFFIX=so -    else -        DLL_SUFFIX=so.1.0 -    fi +   DLL_SUFFIX=so      DSO_CFLAGS=-fPIC      DSO_LDOPTS=-Bshareable      ;; Index: directory/c-sdk/ldap/libraries/libldap/Makefile.in =================================================================== RCS file: /cvsroot/mozilla/directory/c-sdk/ldap/libraries/libldap/Makefile.in,v retrieving revision 5.23 diff -u -r5.23 Makefile.in --- directory/c-sdk/ldap/libraries/libldap/Makefile.in  20 Jun 2007 17:57:11 -0000      5.23 +++ directory/c-sdk/ldap/libraries/libldap/Makefile.in  22 Jul 2009 07:27:12 -0000 @@ -267,6 +267,10 @@  EXTRA_LIBS = -L$(dist_libdir) -l$(LBER_LIBNAME) -pthread  endif +ifeq ($(OS_ARCH), FreeBSD) +EXTRA_LIBS += -L$(dist_libdir) -l$(LBER_LIBNAME) -L/usr/lib -lcompat +endif +  ifeq ($(HAVE_SASL), 1)  EXTRA_LIBS += $(SASL_LINK)  endif cd directory/c-sdk ./configure --with-sasl-inc=/usr/local/include/sasl        --with-sasl-lib=/usr/local/lib          --with-nspr-lib=/usr/local/lib --with-nspr-inc=/usr/local/include/nspr/ --with-nspr          --with-nss-lib=/usr/local/lib/nss --with-nss-inc=/usr/local/include/nss/nss/ --with-nss gmake cd ../../dist/ sudo mkdir /usr/local/include/mozldap /usr/local/lib/mozldap sudo cp public/ldap/* /usr/local/include/mozldap/ sudo cp lib/* /usr/local/lib/mozldap/

*Note  There is one /usr/ports/net/ldapsdk. It downloads and builds ldapsdk_12311998.tar.gz.

But I can see it in ancient now from mozilla site http://ftp.mozilla.org/pub/mozilla.org/directory/c-sdk/ancient/

So I built Mozilla C SDK myself.

Hack IN NSPR

One manual hack you need to do in "/usr/local/include/prinet.h" 

#if defined(FREEBSD) || defined(BSDI) || defined(QNX)
#include <rpc/types.h> /* the only place that defines INADDR_LOOPBACK */
#endif

replace it by

#ifndef INADDR_LOOPBACK
#define INADDR_LOOPBACK         (u_long)0x7F000001
#endif

Building Open Web Server

• /usr/local/bin/hg clone ssh://anon@hg.opensolaris.org/hg/webstack/webserver
• cd webserver
• DOWNLOAD AND PATCH THESE DIFFS
• gmake BUILD_VARIANT=OPTIMIZED
  
• gmake BUILD_VARIANT=OPTIMIZED install

Go to work/FreeBSD7.2-RELEASE_OPT.OBJ/https-test/bin/ directory and start the server instance using startserv script.

For the last two gmake commands, you can add WS_INSTALL_ROOT=/opt/ws if you want the server instance to be installed in /opt/ws/https-test

References:

• http://wikis.sun.com/display/wsFOSS/Checkout+and+Build+Instructions
• http://www.freebsd.org/cgi/cvsweb.cgi/ports/textproc/xerces-c2-devel/files/patch-src-xercesc-Makefile.incl?rev=1.2;content-type=text%2Fplain
• https://bugzilla.mozilla.org/show_bug.cgi?id=505418
• https://bugzilla.mozilla.org/show_bug.cgi?id=504248
• http://www.freebsd.org/cgi/query-pr.cgi?pr=136984
  

Posted by meena ( Jul 20 2009, 06:03:54 PM IST ) Permalink Comments [0]

Running Open Web Server on MacOS

Running Open Web Server on MacOS 

I tried to run Open Web Server on iMac with Mac OS X 10.5.7 on it.

Install http://svn.macports.org/repository/macports/downloads/MacPorts-1.7.1/MacPorts-1.7.1-10.5-Leopard.dmg as per http://www.macports.org/install.php

Already existing Components

To build Open Web Server, first we need to have a few components. I already have /usr/bin/make, JAVA SE(/usr/bin/javac etc.), /usr/bin/ant, C/C+ compiler(/usr/bin/gcc and /usr/bin/g++),/usr/bin/perl, /usr/bin/cvs, /usr/lib/libz.*, /usr/lib/libsasl2.*, installed. Double check these component versions as per the table given in http://wikis.sun.com/display/wsFOSS/Checkout+and+Build+Instructions#CheckoutandBuildInstructions-RequiredLibrariesandTools

Install Mercurial, NSS, NSPR, Xerces C++, Xalan C++, PCRE, ICU

sudo port install mercurial nspr nss pcre icu xercesc xalanc

Building and Installing Mozilla LDAP C SDK

cvs -d :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot co -P -rLDAPCSDK_6_0_5_RTM DirectorySDKSourceC cd mozilla/directory/c-sdk ./configure --with-sasl --with-nspr-inc=/opt/local/include/nspr --with-nspr-lib=/opt/local/lib/nspr --with-nspr --with-nss-inc=/opt/local/include/nss --with-nss-lib=/opt/local/lib/nss --with-nss make cd ../../dist/ sudo mkdir /usr/local/include/mozldap /usr/local/lib/mozldap sudo cp public/ldap/* /usr/local/include/mozldap/ sudo cp lib/* /usr/local/lib/mozldap/

Building Open Web Server

cd hg clone ssh://anon@hg.opensolaris.org/hg/webstack/webserver cd webserver Download and apply this patch make make install cd work/Darwin9.7.0_DBG.OBJ/https-test/bin Manually substitute in startserv script, LD_LIBARAY_PATH to DYLD_LIBRARY_PATH before starting the server. Make similar changes in all the scripts like stopserv. ./startserv As you can see the server starts up on port 8080.

Note that

I am using "_xpatomic_locked.h" for now. Their performance needs to be optimized using functions in /usr/include/libkern/OSAtomic.h.
NSPR's PR_GetLibraryFilePathname dumps if called with NULL as first argument on MAC so added a hack of PR_GetLibraryFilePathname("ns-httpd40"..).
Some filenames are ugly like defines___.mk will fix it later.

If you see entries in error log like :

failure : HTTP3360: connection limit (1) exceeded.
PollManager::RequestReservation() keep-alive subsystem full

Run Web Server in finest log level ( set <log-level>finest</log-level> in server/xml). And look for messages like

fine: operating system file descriptor limit is 256
fine: allocating 1 file descriptors to the connection queue, 1 file descriptors to keep-alive connections, and 1 file descriptors to the file cache
fine: 130 connection maximum (1 queued, 128 active, 1 keep-alive)
fine: HTTP3066: HTTP keep-alive subsystem will accomodate up to 1 connections

$ulimit -a
open files                      (-n) 256
...

Now I changed it to 1024 :

$ulimit -n 1024

$./https-test/bin/startserv
fine: operating system file descriptor limit is 1024
fine: allocating 128 file descriptors to the connection queue, 128 file descriptors to keep-alive connections, and 8 file descriptors to the file cache
fine: 384 connection maximum (128 queued, 128 active, 128 keep-alive)
fine: HTTP3066: HTTP keep-alive subsystem will accomodate up to 128 connections

References

1. Build instructions for Open Web Server
2. https://bugzilla.mozilla.org/show_bug.cgi?id=504893
   
3. http://developer.apple.com/documentation/Darwin/Reference/ManPages/man3/barrier.3.html
   
4. http://devworld.apple.com/technotes/tn2002/tn2071.html
5. http://lists.apple.com/archives/unix-porting/2002/Sep/msg00021.html
6. http://dev.eclipse.org/newslists/news.eclipse.tools.cdt/msg16863.html
7. http://blogs.sun.com/Janice/entry/http3360_connection_limit_1_exceeded
   

Posted by meena ( Jul 17 2009, 04:01:33 PM IST ) Permalink Comments [0]

Installing Sun Java System Web Server 7.0 on CentOS 5.3 or Fedora 10-11 or Ubuntu

Installing Sun Java System Web Server 7.0 on CentOS 5.3 or Fedora 10/11 or Ubuntu

In my free time, I just tried out Sun Java System Web Server 7.0 update 5 on CentOS 5.3 and Fedora10 and 11 and Ubuntu. Joe has also written a similar blog on this

Download Sun Java System Web Server 7.0 for Linux from http://www.sun.com/download/index.jsp?cat=Web%20%26%20Proxy%20Servers&tab=3&subcat=Web%20Servers and extract the contents of tar.gz file

$gunzip  sjsws-7_0u5-linux-i586.tar.gz; tar -xvf sjsws-7_0u5-linux-i586.tar

Run installer, it will fail

$./setup

error while loading shared libraries: libstdc++.so.5: cannot open shared object file: No such file or directory

CentOS

To fix this problem  install "compat-libstdc++-33" package as shown below

$sudo yum -y install compat-libstdc++-33

Now run setup, it will work fine.

Fedora 10/11

Install "compat-libstdc++-33" package as shown below

$sudo yum -y install compat-libstdc++-33

There is one more problem in Fedora 11 but is fixed in 7.0 update 6.

If you get error message like

lib/libfreebl3.so: version `NSSRAWHASH_3.12.3' not found (required by /lib64/libcrypt.so.1)

You need workaround as given in http://forums.sun.com/thread.jspa?messageID=10769043#10769043

Ubuntu

You need to install libstdc++5 as shown below

$sudo apt-get install libstdc++5

If you get an error which has something that looks like /bin/domainname not found, you need to install

$sudo apt-get install nis

I have tested on Ubuntu 9.04.

*Note that Sun Java System Web Server 7.0 update 5 or 6 is not officially certified or supported on CentOS or Fedora or Ubuntu, but here's how you can make it work.

References

http://wikis.sun.com/display/WebServer/Installing+on+Ubuntu

http://jmccabe.org/blog/CentOS_WebServer_Install

http://blogs.sun.com/kkranz/entry/installing_sun_java_system_web

http://ubuntuforums.org/showthread.php?t=855603

Posted by meena ( Jul 10 2009, 06:48:32 PM IST ) Permalink Comments [2]

About trust flags of certificates in NSS database that can be modified by certutil

Managing Certificate Trust flags in NSS Database

We can modify certificate trust flags using certutil. But before we do so we must know more about these trust flags. Here are my notes about trust flags from Nelson Bolyard 's Brown bag:

...  >>> READ MORE >>> ...

[Read More] Posted by meena ( Jul 08 2009, 06:17:58 PM IST ) Permalink Comments [1]