Install Quickr 8.5 for WPS - Part 3 (HTTP and LDAP)

Now I will install HTTP server to access Quickr over port 80/443 and configure LDAP (Domino LDAP)

I will use Apache HTTP server from OS installation media

• My CD is mounted under  /media/RHEL_5.8\ x86_64\ DVD/ folder.
• Navigate into the folder #cd /media/RHEL_5.8\ x86_64\ DVD/Server and install httpd rpm
• #rpm -Uvh  httpd-2.2.3-63.el5.x86_64.rpm
• After installation run #service httpd start
• Test port 80 - type your server IP in to browser. You should get apache welcome page 
• No it is time to install WAS plug-in which is used for communication betwen WAS and HTTP server
• Navigate to Quicker Installation Media IL-7.
• #cd /opt/install/IL-7/q850_extras/plugin
• #./install
• Installation wizard will be opened in a graphic mode
• Click NEXT
• Accept license NEXT
• System prerequisites check failed ... do not worry click NEXT
• See notes about this error http://www-01.ibm.com/support/docview.wss?rs=180&context=SSEQTP&q1=rhel5cert&uid=swg21260689&loc=en_US&cs=utf-8&lang=en
• Select Apache Web Server V2 and click NEXT
• Select local option
• /opt/IBM/Quickr/Plugins click NEXT
• /opt/IBM/Quickr/AppServer and click NEXT
• /etc/httpd/conf/httpd.conf and port 80 - click NEXT
• leave webserver1 and click NEXT
• Leave plugin-cfg.xml in default ... NEXT
• Check summary and click NEXT, NEXT
• Install will be finished with status: Partial Success. We must configure WAS to use  HTTP server only.
• Install FP for plugin http://www-01.ibm.com/support/docview.wss?uid=swg24031962
• Configure HTTP server in WAS console
• Go to https://<IP>:10041/admin and login
• Navigate to Servers>Web Servers and click NEW
• Step 1 - fill name, type, hostname and os. Click NEXT
• Step 2 - Click NEXT
• Step 3 - Set port 80 and /opt/IBM/Quickr/Plugins and select All. Click NEXT
• Step 4 - click FINISH
• After server is created, click SAVE link abow Web Servers table
• Edit httpd.conf as and chage last 2 lines to have module version ap22 and not ap20
• LoadModule was_ap22_module /opt/IBM/Quickr/Plugins/bin/64bits/mod_was_ap22_http.so
• WebSpherePluginConfig /opt/IBM/Quickr/Plugins/config/webserver1/plugin-cfg.xml
• #service httpd start
• Enable SSL
• install  #rpm -Uvh distcache-1.4.5-14.1.x86_64.rpm
• install  #rpm -Uvh mod_ssl-2.2.3-63.el5.x86_64.rpm
• Edit /etc/httpd/conf/ssl.conf and find line <VirtualHost _default_:443> and add under
•  RewriteEngine On
•  RewriteRule ^/$ /places/login [R]
• Edit /etc/httpd/conf/httpd.conf add this lines on the end of the file

AllowEncodedSlashes On

NameVirtualHost *:443
NameVirtualHost *:80

<VirtualHost *:80>
        ServerName examlpe.ibm.com
        ErrorLog logs/examlpe.ibm.com-error_log
        CustomLog logs/examlpe.ibm.com-access_log common
        RewriteEngine On
        RewriteCond %{HTTPS} off
        RewriteRule (.*) https://%{HTTP_HOST}/places/login
</VirtualHost>

LoadModule was_ap22_module /opt/IBM/Quickr/Plugins/bin/64bits/mod_was_ap22_http.so
WebSpherePluginConfig /opt/IBM/Quickr/Plugins/config/webserver1/plugin-cfg.xml

• Configure Domino LDAP
• goto # cd /opt/IBM/Quickr/wp_profile/PortalServer/wizard
• start graphic wizard #./configwizard.sh
• you will need only actual was admin account, LDAP bind account, hostname of LDAP, LDAP type is Domino 7 even we have 8.5.2.
• I configured LDAP as federated. All other options could be  left in defaults.
• Restart WebSphere_Portal

IBM Connections 3.0.1 on RHEL - how to install - 9. Post-Installation Tasks

Post-Installation Tasks

Finally, we have installed IBM Lotus Connections product, but there are some more important post installation steps! Lets go to finish them!

1. Configure HTTP server
1. Open  http://ic.ys.cz:9060/admin and log in as wasadmin
2. [root@ic bin]# cd /opt/IBM/HTTPServer/bin/
3. start Administration server: [root@ic bin]# ./adminctl start
4. Create new node to manage http server with dmgr server ... navigate to System administration > Nodes > click Add Node 
1. select  Unmanaged node click NEXT
2. Name: webserver1node
3. HostName: <FQDN>
4. Platform Type: Linux > OK > SAVE
5. Go to create a new WebServer definition ... navigate to Servers > Server Types > Web servers > and click New
1. Select node: webserver1node
2. Server name: webserver1
3. Type: IBM HTTP Server
4. Click NEXT > NEXT
5. Port: 80
6. Web server installation root: /opt/IBM/HTTPServer
7. Plug-in installation root: /opt/IBM/HTTPServer/Plugins
8. Administration Server Port: 8008
9. Username: ihsadmin
10. Password: <yourpass>
11. Confirm password:  <yourpass>
12. Click NEXT
13. Click FINISH ans SAVE
6. Check webserver1 checkbox and click Start button - it should start the server. If not you can reset password:
1. Switch to the HTTPServer_installdir/bin directory on your machine.
2. Type the following command:
3. ./htpasswd -b ../conf/admin.passwd user password
4. where user and password are the user ID and password that you want to have administrative authority for IBM HTTP Server. 
7. Resynchronize all nodes.
8. Generate plug-in configuration file ... navigate again to the webservers (same as step 5).
1. Select webserver1 and click Generate Plug-in and them click Propagate Plug-in
2. Note: Make sure, you will see in a Message dialog box same path to plugin-cfg.xml as is in IHS httpd.conf (last line of the file) file saved in /opt/IBM/HTTPServer/conf/httpd.conf 
   
3. Restart webserver
9. Navigate to Servers > Web servers > webserver1 > Plug-in properties and click Copy to Web server key store directory
10. Setup HTTP over SSL with self signed certificate
1. [root@ic ~]# cd /opt/IBM/HTTPServer/
2. [root@ic ~]# mkdir  keyfiles
3. [root@ic ~]# cd bin
4. [root@ic bin]# ./ikeyman
5. In IBM Key Management click New
1. Key database type: CMS
2. File Name: webserver-key.kdb
3. Location: /opt/IBM/HTTPServer/keyfiles
4. Click OK
5. Enter your password and select Stash password to a file
6. Click OK
6. In IBM Key Management click Create a new self-signed certificate
1. Key Label: LC Self Signed
2. Version: X509 V3
3. Key Size: 1024
4. Signature Algorithm: SHA1WithRSA
5. Other options are optional (set them as you wish) 
6. Click OK and close ikeyman
7. Stop HTTP server and edit httpd.conf file
1. [root@ic bin]# cd ../conf/
2. backup file: [root@ic conf]# cp httpd.conf httpd.conf.bak
3. Edit file and add following lines to the bottom of the file:
   LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
   <IfModule mod_ibm_ssl.c>
     Listen 0.0.0.0:443
     <VirtualHost *:443>
       ServerName ic.ys.cz
       SSLEnable
     </VirtualHost>
   </IfModule>
   SSLDisable
   Keyfile "/opt/IBM/HTTPServer/keyfiles/webserver-key.kdb"
   SSLStashFile "/opt/IBM/HTTPServer/keyfiles/webserver-key.sth"
   
4. start HTTP server and test https url on port 80
1. [root@ic conf]# ../bin/apachectl -k start
2. Open browser and go to https://<yourhostname>
3. You should get info about certificate - it is not a trusted certificate (because it is self-signed certificate)
8. Add our cert among trusted ones in WAS Trust Store
1. Navigate in Security > SSL Certificate and Key Management > Key stores and certificates
2. Click on link  CellDefaultTrustStore
3. Click on link Signer certificates
4. Click Retrieve from port
1. Host: <IHS hostname>
2. Port: 443
3. Alias: webserver-ssl
4. And click Retrieve signer information
5. Check if it is correct
6. OK > SAVE
11. Update Connections URL to use SSL
1. [root@ic conf]# cd /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin/
2. [root@ic bin]# ./wsadmin.sh -lang jython
3. wsadmin> execfile("../config/bin_lc_admin/connectionsConfig.py")
4. wsadmin> LCConfigService.checkOutConfig("/root/","icCell01")
• Note: Make sure that you have correct cell name in command
5. Edit exported file and delete all occurrences of port in href or ssl_href
1. I deleted all occurrences of  :9081 and :9444 in the file.
6. Run wsadmin> LCConfigService.checkInConfig()
7. Run wsadmin> synchAllNodes()
12. You no what? You are done! Congratulations!  now you can take a look in to documentation how to tuneup your Connections