If you are installing Orca on an existing server and want to use Apache as the web server, the following Apache configuration requirements must be addressed prior to installation.


This article assumes starting from the default httpd installation. If you are installing Orca into a virtual host (or other than the default document root) adjust the following instructions so the changes apply to the appropriate document root being served by Apache.


Orca utilizes a rewrite rule in its .htaccess file to force requests to use HTTPS. If you would like to allow access to Orca via HTTP, you must remove this rule from the Orca .htaccess file and remove any firewall blocks on port 80.


For the changes outlined below edit the appropriate configuration file identified by each configuration step. The following identifies where the files can be found in a standard Apache installation:


Apache on Linux Configuration Files


/etc/httpd/conf/httpd.conf
/etc/httpd/conf.d/*.conf


SSL and PHP modules


Orca’s REST API (used by the Orca User Interface) requires PHP and SSL. The following command will install those modules:yum install -y mod_ssl mod_php71w


The following modules are not required by Orca but can be very useful if the need arises to debug connection issues:


yum install -y iproute net-tools


.htaccess Overrides

Your Apache configuration must allow overrides for the document root Orca is installed to. Locate the directives for the default DocumentRoot and set AllowOverrides to All.


Edit httpd.conf:


The default override is None


<Directory "/var/www/html">
    ...
    Options Indexes FollowSymLinks

    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   Options FileInfo AuthConfig Limit
    AllowOverride  None 
    ....


Change the override value to All


<Directory "/var/www/html">
    ...
    Options Indexes FollowSymLinks

    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   Options FileInfo AuthConfig Limit
    AllowOverride  All 
    ....


WebSocket Proxy Settings

Orca utilizes websockets to provide user interface updates. An Orca Notifier websocket service will run on the Orca server to accept websocket connections from users’ browsers. Orca requires Apache to proxy the websocket connections to the service on the local host.


Edit httpd.conf:


Add the following lines to the bottom of the file


ProxyPass /ws ws://127.0.0.1:9900
ProxyPassReverse /ws ws://127.0.0.1:9900


Additionally, Orca requires both the Proxy and WSTunnel modules to be enabled.


Ensure both modules are enabled with the following commands:


# httpd -M | grep proxy_module
proxy_module (shared)
# httpd -M | grep proxy_wstunnel_module
proxy_wstunnel_module (shared)


If either of the modules is not listed as active, you must install and enable them.


Rewrite Module


Orca requires Apache’s mod_rewrite in order to properly dispatch UI and API requests. This module is enabled by default with Apache installations.

Ensure that mod_rewrite is enabled with the following command:


# httpd -M | grep rewrite
rewrite_module (shared)


If the rewrite module is not listed, you must enable it.


SSL Certificate


By default, Apache installs an automatically generated certificate that allows https to operate but will generate untrusted site warnings when you access the server. The following directives located in the ssl.conf file identify the certificate files being used by Apache.


SSLCertificateFile
SSLCertificateKeyFile


Refer to Apache’s online documentation on how to generate a self-signed certificate and validate it in your browser, or install an official certificate at the location identified by the above Apache directives.


Restarting Apache


Once you have made the Apache configuration changes enable and start (or restart) the Apache service to make the changes active.


systemctl enable httpd
systemctl restart httpd