If you are installing Orca on an existing server and want to use Apache as the web server, the following Apache configuration requirements must be addressed prior to installation.
This article assumes starting from the default httpd installation. If you are installing Orca into a virtual host (or other than the default document root) adjust the following instructions so the changes apply to the appropriate document root being served by Apache.
Orca utilizes a rewrite rule in its .htaccess file to force requests to use HTTPS. If you would like to allow access to Orca via HTTP, you must remove this rule from the Orca .htaccess file and remove any firewall blocks on port 80.
For the changes outlined below edit the appropriate configuration file identified by each configuration step. The following identifies where the files can be found in a standard Apache installation:
Apache on Linux Configuration Files
SSL and PHP modules
Orca’s REST API (used by the Orca User Interface) requires PHP and SSL. The following command will install those modules:yum install -y mod_ssl mod_php71w
The following modules are not required by Orca but can be very useful if the need arises to debug connection issues:
yum install -y iproute net-tools
Your Apache configuration must allow overrides for the document root Orca is installed to. Locate the directives for the default DocumentRoot and set AllowOverrides to All.
The default override is None
<Directory "/var/www/html"> ... Options Indexes FollowSymLinks # AllowOverride controls what directives may be placed in .htaccess files. # It can be "All", "None", or any combination of the keywords: # Options FileInfo AuthConfig Limit AllowOverride None ....
Change the override value to All
<Directory "/var/www/html"> ... Options Indexes FollowSymLinks # AllowOverride controls what directives may be placed in .htaccess files. # It can be "All", "None", or any combination of the keywords: # Options FileInfo AuthConfig Limit AllowOverride All ....
WebSocket Proxy Settings
Orca utilizes websockets to provide user interface updates. An Orca Notifier websocket service will run on the Orca server to accept websocket connections from users’ browsers. Orca requires Apache to proxy the websocket connections to the service on the local host.
Add the following lines to the bottom of the file
ProxyPass /ws ws://127.0.0.1:9900
ProxyPassReverse /ws ws://127.0.0.1:9900
Additionally, Orca requires both the Proxy and WSTunnel modules to be enabled.
Ensure both modules are enabled with the following commands:
# httpd -M | grep proxy_module proxy_module (shared) # httpd -M | grep proxy_wstunnel_module proxy_wstunnel_module (shared)
If either of the modules is not listed as active, you must install and enable them.
Orca requires Apache’s mod_rewrite in order to properly dispatch UI and API requests. This module is enabled by default with Apache installations.
Ensure that mod_rewrite is enabled with the following command:
# httpd -M | grep rewrite rewrite_module (shared)
If the rewrite module is not listed, you must enable it.
By default, Apache installs an automatically generated certificate that allows https to operate but will generate untrusted site warnings when you access the server. The following directives located in the ssl.conf file identify the certificate files being used by Apache.
Refer to Apache’s online documentation on how to generate a self-signed certificate and validate it in your browser, or install an official certificate at the location identified by the above Apache directives.
Once you have made the Apache configuration changes enable and start (or restart) the Apache service to make the changes active.
systemctl enable httpd systemctl restart httpd