Server Configuration2019-08-19T13:08:53-04:00

APACHE CONFIGURATION GUIDE

This guide will walk you through the configurations required to run ATiM on Apache. It is assumed that you have already installed it and configured it to work with PHP. Note that the steps detailed above are known to work. There might be unnecessary steps.

Basic Server configuration

Tested on Apache 2.4

Don’t forget to restart the server after these setup steps.

httpd.conf
Copy to Clipboard

To change the root of the server

Copy to Clipboard

ATiM Folders Permissions

Change access properties of following folders ‘./app/tmp’ and ‘app/Locale’ to :

  • Full access for User
  • Full access for Group
  • Read and Write for Other
Copy to Clipboard

Set the permission for all the folders, except the 2 listed above which are 776, to 755 and for the files 664.

SSL Configuration

Enable the module by typing
Copy to Clipboard
Create a Self-Signed SSL Certificate
Copy to Clipboard
Configure Apache to Use SSL

default-ssl.conf

Copy to Clipboard

httpd.conf

Copy to Clipboard

Alias Creation

The following lines are included in this document to help system installation but they don’t have necessarily to be applied.

In the following example:

  • Application directories and code files are stored into the application directory ‘/ATiM/www/’.
  • The root of the web server is ‘/var/www/’.
  • The URL to launch ATiM will be the following link ‘https://*.*.*.*/ATiM/’.
httpd.conf Modification
Copy to Clipboard

In Apache 2.4 and more

Copy to Clipboard
.htaccess Files Modification
  • /ATiM/www/.htaccess
Copy to Clipboard
  • /ATiM/www/app/.htaccess
Copy to Clipboard
  • /ATiM/www/app/webroot/.htaccess
Copy to Clipboard

IIS6 CONFIGURATION GUIDE

This guide will walk you through the configurations required to run ATiM on IIS 6 using an iismod_rewrite module use.

It is assumed that you have already installed it and configured it to work with PHP.

Note that this guide is based upon IIS 6. There might be discrepancies between it and IIS 7+. Also, note that the steps detailed above are known to work. There might be unnecessary steps.

Rewrite Rules

Download iismod_rewrite

ATiM uses mod_rewrite. It comes built-in in apache, but not in IIS! As of this writing, this module can be found on our server [1].

Note this Mod Rewrite has been tested for Windows 2000 Server and Windows 2003 Server.

Extraction

You have to extract mod_rewrite.dll somewhere. If you installed IIS at the default location, you can extract it to C:\Inetput\modRewrite\

Create the rewrite rules

In the same directory, create a new file named “mod_rewrite.ini” and open it. Copy and alter following configuration based on your install. If your ATiM is installed right into webroot and not in any subfolders (ex.: webroot/directory_name/), alter code deleting “/(directory_name)”.

  • For any ATiM install having version < 2.5
Copy to Clipboard
  • For any ATiM install having version >= 2.5.
Copy to Clipboard
  • For any ATiM install having version >= 2.6.
Copy to Clipboard
Files permissions

Note: Security controls are available only to Administrator or users with administrative rights. So make sure you log in as one. And security can only be set in an NTFS partition. If you are in a FAT partition, you can skip to the next part.

IIS will need to access mod_rewrite.ini and mod_rewrite.dll. It hereby needs to be granted permission to do so. You may want to first observe the permissions of the web root folder (located in Inetpub) to give you an idea of what users you need to add. As of this writing, a similar visual guide is available. [2]. An easy way to find out under which user IIS is running is to use the php get_current_user function.

  1. Right click on the directory
  2. Select properties
  3. Select the security tab. If you can’t see the security tab you must
    1. In an explorer window, click on the Tools at the menu bar, then click on Folder Options.
    2. Click on View tab.
    3. In the Advanced Settings section at the bottom of the list, uncheck and unselect (clear the tick) on the “Use simple file sharing (Recommended)” checkbox.
    4. Click OK.
  4. In the top section, there are two users you should be interested in
    1. IIS_WPG
    2. IUSR*
  5. It is important that you note the user itself and the prefix before the backslash.
  6. Close the properties windows
  7. Open the properties window for the modRewrite directory.
  8. Head over to the security tab and click add.
  9. Set the location as the prefix you noted previously.
  10. In the object names section, enter the two users you noted.
  11. Click check names. If you entered the parameters properly, they will both be underlined. Otherwise, there will be some pop-up.
  12. Once the names are ok, click ok.
  13. For each of those names, click on “full control” on the lower section.
  14. Repeat steps 7 to 13 for mod_rewrite.dll and mod_rewrite.ini.
Set mod_rewrite in IIS

You must now configure IIS to use mod_rewrite.

  1. Open IIS manager
  2. Right click on your website (within the website directory) and select properties.
  3. Click on the ISAPI Filters tab
  4. Click add
  5. Enter some name. Ex.: URL Rewrite Filter
  6. Select mod_rewrite.dll as the filter executable
  7. Click ok twice to close both windows
  8. Restart IIS.

Note: On some servers, the IIS manager restart commands Are somehow broken and don’t entirely restart IIS. The restart_iis.bat file found in the mod_rewrite zip file is known to do it properly.

Enable file writing [Optional but required for caching]

If you intend on activating structures/menus caching, you must configure IIS to allow PHP to create files.

  1. Open IIS manager
  2. Right click on your website (within the website directory)
  3. Reach the Home Directory tab
  4. Check the write option
  5. Click apply
  6. Click ok
  7. Restart IIS
See if it works
  1. Reopen the properties window of the website directory and go to ISAPI filters. Your newly added filter should be preceded by an up green arrow. If it’s a down red arrow, it’s not working. Most of the time files permissions are the problem.
  2. If you have the green arrow, open a browser and type in a URL related to your IIS installation.
  3. Open the directory where you put mod_rewrite.dll and see if you have the mod_rewrite.txt file.
  4. Open it.
  5. If you have two lines, one stating something like “Received URL” and the other stating “Rewritten URL”, then congratulations! It works! If you have some error message, your mod_rewrite.ini file contains bogus code and needs to be rewritten. You need to restart the server each time you want to try a new configuration and remember: the stop/start command cannot be relied upon. Use the restart_iis.bat script instead.

ATiM Folders Permissions

Change security properties of following folders ‘./app/tmp’ and ‘app/Locale’ (if required):

  • by adding user IIS_IUSRS and setting permissions to Full Control
  • by changing User permissions to Full Control.

SSL Configuration

CSR generation

To generate the certificate signing request (CSR):

  • Open the IIS Manager
  • Right click on the default web site to display the properties
  • Under the ‘Directory Security’ tab, click on ‘Server certificates…’
  • Create a new request but select option to ‘…send it later’
  • Enter a name for the certificate that you can identify on your server. Choose a bit-length of 2048. Leave the other boxes unchecked.
  • Complete next steps until you generate a ‘certreq.txt’ file
Self-signed certificate generation

We use to use OpenSSL to create a self-signed certificate for ATiM install on IIS:

  • Install OpenSSL on a Linux server
  • Copy your ‘certreq.txt’ file on the server
  • Launch following command lines:
    • OpenSSL genrsa – des3 -out cakey.pem 2048
    • OpenSSL req -new -key cakey.pem -x509 -days 9999 -out ca.crt
    • OpenSSL x509 -req -days 9999 -in certreq.txt -CA ca.crt -CAkey cakey.pem -CAcreateserial -out new.crt
Certificate installation

Copy the certificate file (new.crt) on your windows server then:

  • Open the IIS Manager
  • Right click on the default web site to display the properties
  • Under the ‘Directory Security’ tab, click on ‘Server certificates…’
  • Select ‘Process the Pending Request and Install the Certificate’ to install the certificate browsing the new.crt file and setting the port SSL to 443
Force secure connection
  • Open the IIS Manager
  • Right click on the default web site to display the properties
  • Under the ‘Directory Security’ tab, click on ‘Edit’
  • Select ‘Require secure channel ssl’

IIS8 CONFIGURATION GUIDE

This guide will walk you through the configurations required to run ATiM on IIS 8 using the native IIS URL Rewrite.

It is assumed that you have already installed it and configured it to work with PHP (Use Microsoft’s Web Platform Installer to install non-commercial development tools and their dependencies – Note your install can require the download of the Visual C++ Redistributable for Visual Studio 2012 Update 4 [1]).

Note that this guide is based upon IIS 8. There might be discrepancies between it and IIS 7. Also, note that the steps detailed above are known to work. There might be unnecessary steps.

Rewrite Rules

First check the IIS URL Rewrite module is installed (the URL Rewrite icon should appear in the IIS Manager) or use Microsoft’s Web Platform Installer to install the URL Rewrite Module 2.0.

web.config

Create a new file called web.config in your ATiM root folder (directory gathering subdirectories app, lib, etc and files index.php, .htaccess, etc). Then using Notepad or any XML-safe editor, copy the following code into your new web.config file:

  • For any ATiM install having version >= 2.6.
Copy to Clipboard
File Permission

Change security properties of this file adding user IIS_IUSRS (or IIS_USR & IIS_WPG) with Full Control permission on this file.

  1. Right click on the directory.
  2. Select properties.
  3. Select the security tab.

ATiM Folders Permissions

Change security properties of following folders ‘./app/tmp’ and ‘app/Locale’ (if required):

  • by adding user IIS_IUSRS (or IIS_USR & IIS_WPG) and setting permissions to Full Control
  • by changing User permissions to Full Control.

SSL Configuration

Self-signed certificate generation

We use the IIS Server Certificates module to create a self-signed certificate for ATiM install on IIS (see [2] for more details):

  • Open the IIS Manager
  • Click on the name of the server in the Connections column on the left. Double-click on Server Certificates.
  • Click on Create Self-Signed Certificate in the Actions form.
  • Enter ‘ATiM’ as a ‘friendly name for the certificate’
  • Bind the certificate to the ‘Default Web Site’ (or the web site that you want to bind) by clicking on ‘Bindings’ link in the Actions form, adding a new Site Bindings with SSL Certificate ‘ATiM’.
Redirect to https

In the web.config file of the website root directory, add following rule:

Copy to Clipboard

PHP CONFIGURATION GUIDE

Requested Modules
Module Reference Compile Flag
Multibyte String [1] –enable-mbstring
Zlib [2] –with-zlib
One of mysql or mysqli [3], [4] –with-mysql, –with-mysqli
(To confirm) PHP Data Object [5] –enable-pdo –with-pdo-mysql
(For apache onyl) One of apxs or apxs2 [1] –with-apxs=[DIR], –with-apxs2=[DIR]
Php.ini
1- Extensions

Define the path to the loadable extensions (modules),

Copy to Clipboard
2- Environment variables
Copy to Clipboard

Following configuration are optional but requested for any files upload

Copy to Clipboard