Difference between revisions of "How to Configure a Web Ad Manager Server"
(→Configure Windows Firewall) |
(→Configure the Web Ad Manager COM+ application) |
||
(44 intermediate revisions by 2 users not shown) | |||
Line 5: | Line 5: | ||
* the web application files: the HTML, CSS, Javascript, PHP and other files which make up the web application. | * the web application files: the HTML, CSS, Javascript, PHP and other files which make up the web application. | ||
− | + | Please note that the Web Ad Manager Server components cannot be installed on a machine that has IIS currently installed on it, as this is incompatible with the server components used. | |
== Install Ad Manager == | == Install Ad Manager == | ||
− | + | Install Ad Manager (including any add-ins) as if you're setting up another client workstation. | |
− | + | ||
− | + | ||
== Install and configure the Ad Manager Web Host service == | == Install and configure the Ad Manager Web Host service == | ||
− | + | === Set up a Windows user account for the Web Host service === | |
− | + | The Web Host service needs to run as a Windows user who: | |
− | + | ||
− | The Web Host service needs to run as a user who: | + | |
* can run Ad Manager if logged on interactively; | * can run Ad Manager if logged on interactively; | ||
− | * belongs to the local machine's | + | * belongs to the local machine's "Administrators" group. |
− | + | 1. Pick or create a user account; make sure the account belongs to the local "Administrators" group. | |
− | + | 2. Log on as that user, run Ad Manager and import the Ad Manager serial number and license into the user profile. | |
− | + | 3. Make sure you can access all Ad Manager databases that will be exposed through the web application. | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
=== Install and register the Web Host service === | === Install and register the Web Host service === | ||
− | + | 1. Run the Ad Manager Web Host installer (<code>Amwh.msi</code>); install for "Everyone". | |
− | + | 2. Register the service: run cmd.exe as an administrator and execute the following commands: | |
− | + | <pre> | |
+ | cd "C:\Program Files (x86)\Dot2Dot\Ad Manager Web Host" | ||
+ | cpwh.exe -service | ||
+ | </pre> | ||
− | + | 3. Use the "Services" management console to configure the "Dot2Dot Ad Manager Web Host Service" to log on as the user account you configured earler. | |
− | + | 4. Test the configuration by starting and stopping the service. | |
− | + | === Configure the Web Ad Manager COM+ application === | |
− | + | This step is required if you're installing the 64-bit version of WampServer. It will make the required Ad Manager components, which are 32-bit, accessible to the web application. | |
− | + | 1. Launch the "Component Services" management console. | |
− | + | 2. Create a COM+ server application called "Web Ad Manager", running as "Local Service". | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | 3. Import the "Cpwh.DateTime" coponent from the 32-bit registry into the application. | |
− | + | === Configure the Web Host database connections === | |
− | + | Select the "Configure" shortcut in "Start : All Programs : Dot2Dot Ad Manager Web Host" and add a connection for each database that will be exposed through the web application. | |
− | + | == Set Up the Web Server == | |
− | + | ||
− | == | + | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | == | + | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
=== Install WampServer === | === Install WampServer === | ||
− | + | Follow the instructions at the [http://www.wampserver.com/en/ WampServer download page]. The latest Microsoft Visual C++ Redistributable components are a pre-requisite. | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | === Allow incoming connections to the web server port === | |
− | + | ||
− | + | ||
− | + | Use the "Windows Firewall with Advanced Security" management console to allow the incoming connections. | |
− | + | ||
− | + | ||
− | + | === Select the appropriate PHP version === | |
− | + | The highest PHP version the Ad Manager web applications are compatible with is 7.3.x. | |
− | + | ||
− | + | ||
− | + | ||
− | + | === Tweak the PHP configuration === | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | Edit the "php.ini" file. | |
− | + | 1. Disable the script execution timeout: | |
− | + | ||
− | + | ||
− | + | <pre> | |
− | + | max_execution_time = 0 | |
+ | </pre> | ||
− | + | 2. Remove the memory limit: | |
− | + | <pre> | |
− | + | memory_limit = -1 | |
+ | </pre> | ||
− | + | === Create the Ad Manager web applications === | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | Extract the web application archives into sub-directories of the Apache document root directory (usually C:\wamp64\www<code></code>). Your directory structure should look like this: | |
− | + | <pre> | |
+ | C:\wamp64\www | ||
+ | - wam | ||
+ | + api | ||
+ | + fonts | ||
+ | + img | ||
+ | + js | ||
+ | app.xml | ||
+ | index.html | ||
+ | - wam-pub | ||
+ | + api | ||
+ | + fonts | ||
+ | + img | ||
+ | + js | ||
+ | app.xml | ||
+ | index.html | ||
+ | </pre> | ||
− | + | Edit the "httpd-vhosts.conf" file to enable remote access to the new directories. | |
− | + | <pre> | |
− | + | # Virtual Hosts | |
+ | # | ||
+ | <VirtualHost *:80> | ||
+ | ServerName localhost | ||
+ | ServerAlias localhost | ||
+ | DocumentRoot "${INSTALL_DIR}/www" | ||
+ | <Directory "${INSTALL_DIR}/www/"> | ||
+ | Options +Indexes +Includes +FollowSymLinks +MultiViews | ||
+ | AllowOverride All | ||
+ | Require local | ||
+ | </Directory> | ||
+ | <Directory "${INSTALL_DIR}/www/wam"> | ||
+ | Options +Indexes +Includes +FollowSymLinks +MultiViews | ||
+ | AllowOverride All | ||
+ | Require all granted | ||
+ | </Directory> | ||
+ | <Directory "${INSTALL_DIR}/www/wam-pub"> | ||
+ | Options +Indexes +Includes +FollowSymLinks +MultiViews | ||
+ | AllowOverride All | ||
+ | Require all granted | ||
+ | </Directory> | ||
+ | </VirtualHost> | ||
+ | </pre> | ||
− | + | === Schedule a nightly restart of the services === | |
− | + | ||
− | + | Create a batch file to stop, force the termination of, and restart the Wampapache and Ad Manager Web Host services: | |
− | + | ||
− | + | <pre> | |
+ | @echo off | ||
+ | net stop wampapache | ||
+ | taskkill /f /im httpd.exe | ||
+ | net stop cpwh | ||
+ | taskkill /f /im cpwh.exe | ||
+ | net start wampapache | ||
+ | </pre> | ||
− | : | + | Note: the Ad Manager Web Host service starts on demand and doesn't need to be started explicitly. |
− | + | Use the task scheduler to set up a task to execute the batch file nightly: | |
+ | * Run whether user is logged on or not; | ||
+ | * Run with highest privileges. | ||
− | + | == Configure the Ad Manager web features == | |
− | + | ||
− | + | 1. Edit the online sharing options: "Tools : Options : Online Sharing". | |
− | + | 2. Import the web application roles: "Tools : Import Web App : From URL...". | |
− | + | 3. Create Web Users. | |
− | + | == Configure SSL/TLS == | |
− | === | + | === Purchase an SSL certificate === |
− | + | 1. Create a server key and a certificate signing request (CSR). | |
− | + | E.g. using OpenSSL: | |
− | + | <pre> | |
+ | openssl genrsa -out host.example.com.key 2048 | ||
+ | openssl req -new -key host.example.com.key -out host.example.com.csr | ||
+ | </pre> | ||
− | + | 2. Use the CSR to purchase an SSL certificate from a certificate issuing authority, e.g. [https://www.digicert.com/ Digicert], [https://godaddy.com GoDaddy], etc. | |
− | + | To create a self-signed certificate using OpenSSL: | |
− | + | <pre> | |
− | + | openssl x509 -req -in host.example.com.csr -signkey host.example.com.key -days 365 -out host.example.com.crt | |
− | + | </pre> | |
− | + | ||
− | + | ||
− | === | + | === Configure Apache for SSL === |
− | + | 1. Copy the server key and the SSL certificates to a subdirectory of your Apache installation, e.g. C:\wamp64\ssl: | |
− | + | <pre> | |
+ | C:\wamp64\ssl | ||
+ | host.example.com.chain.crt | ||
+ | host.example.com.crt | ||
+ | host.example.com.key | ||
+ | </pre> | ||
− | + | Here "host.example.com.key" is the server key (in PEM format), "host.example.com.crt" is the SSL certificate you purchased (in PEM format), and "host.example.com.chain.crt" is the intermediate (or chain) certificate of the certificate issuing authority (in PEM format). | |
− | + | 2. Edit the "httpd.conf" file: | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | Edit the port Apache will listen to: | |
− | + | <pre> | |
+ | Listen 0.0.0.0:443 | ||
+ | Listen [::0]:443 | ||
+ | </pre> | ||
− | + | Uncomment the line that loads the SSL module: | |
− | + | <pre> | |
+ | LoadModule ssl_module modules/mod_ssl.so | ||
+ | </pre> | ||
− | + | 3. Edit the "httpd-vhosts.conf" file: | |
− | + | Specify the port of the virtual host, update the server name if necessary, and add the SSL directives. | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | <pre> | |
− | + | <VirtualHost *:443> | |
− | + | ServerName host.example.com | |
+ | SSLEngine on | ||
+ | SSLCertificateFile "${INSTALL_DIR}/ssl/host.example.com.crt" | ||
+ | SSLCertificateKeyFile "${INSTALL_DIR}/ssl/host.example.com.key" | ||
+ | SSLCertificateChainFile "${INSTALL_DIR}/ssl/host.example.com.chain.crt" | ||
+ | ... | ||
+ | </VirtualHost> | ||
+ | </pre> | ||
− | + | Note: the name specified in the ServerName directive must match the name in the certificate. | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | 4. Restart the Apache service. | |
− | + | 5. Ensure the firewall is not blocking incoming traffic to the port Apache is listening to. | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | : | + | See also: [https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html SSL/TLS Strong Encryption: How-To]. |
Latest revision as of 13:27, 27 January 2023
Web Ad Manager consists of the following parts:
- the Ad Manager desktop application components: these include the ActiveX components which expose the Ad Manager data and business logic to the web application;
- the Ad Manager Web Host service: it provides the context in which the web application loads the Ad Manager ActiveX components;
- the Apache HTTP Server with a PHP preprocessor: it makes the web application accessible on the Internet;
- the web application files: the HTML, CSS, Javascript, PHP and other files which make up the web application.
Please note that the Web Ad Manager Server components cannot be installed on a machine that has IIS currently installed on it, as this is incompatible with the server components used.
Contents |
Install Ad Manager
Install Ad Manager (including any add-ins) as if you're setting up another client workstation.
Install and configure the Ad Manager Web Host service
Set up a Windows user account for the Web Host service
The Web Host service needs to run as a Windows user who:
- can run Ad Manager if logged on interactively;
- belongs to the local machine's "Administrators" group.
1. Pick or create a user account; make sure the account belongs to the local "Administrators" group.
2. Log on as that user, run Ad Manager and import the Ad Manager serial number and license into the user profile.
3. Make sure you can access all Ad Manager databases that will be exposed through the web application.
Install and register the Web Host service
1. Run the Ad Manager Web Host installer (Amwh.msi
); install for "Everyone".
2. Register the service: run cmd.exe as an administrator and execute the following commands:
cd "C:\Program Files (x86)\Dot2Dot\Ad Manager Web Host" cpwh.exe -service
3. Use the "Services" management console to configure the "Dot2Dot Ad Manager Web Host Service" to log on as the user account you configured earler.
4. Test the configuration by starting and stopping the service.
Configure the Web Ad Manager COM+ application
This step is required if you're installing the 64-bit version of WampServer. It will make the required Ad Manager components, which are 32-bit, accessible to the web application.
1. Launch the "Component Services" management console.
2. Create a COM+ server application called "Web Ad Manager", running as "Local Service".
3. Import the "Cpwh.DateTime" coponent from the 32-bit registry into the application.
Configure the Web Host database connections
Select the "Configure" shortcut in "Start : All Programs : Dot2Dot Ad Manager Web Host" and add a connection for each database that will be exposed through the web application.
Set Up the Web Server
Install WampServer
Follow the instructions at the WampServer download page. The latest Microsoft Visual C++ Redistributable components are a pre-requisite.
Allow incoming connections to the web server port
Use the "Windows Firewall with Advanced Security" management console to allow the incoming connections.
Select the appropriate PHP version
The highest PHP version the Ad Manager web applications are compatible with is 7.3.x.
Tweak the PHP configuration
Edit the "php.ini" file.
1. Disable the script execution timeout:
max_execution_time = 0
2. Remove the memory limit:
memory_limit = -1
Create the Ad Manager web applications
Extract the web application archives into sub-directories of the Apache document root directory (usually C:\wamp64\www). Your directory structure should look like this:
C:\wamp64\www - wam + api + fonts + img + js app.xml index.html - wam-pub + api + fonts + img + js app.xml index.html
Edit the "httpd-vhosts.conf" file to enable remote access to the new directories.
# Virtual Hosts # <VirtualHost *:80> ServerName localhost ServerAlias localhost DocumentRoot "${INSTALL_DIR}/www" <Directory "${INSTALL_DIR}/www/"> Options +Indexes +Includes +FollowSymLinks +MultiViews AllowOverride All Require local </Directory> <Directory "${INSTALL_DIR}/www/wam"> Options +Indexes +Includes +FollowSymLinks +MultiViews AllowOverride All Require all granted </Directory> <Directory "${INSTALL_DIR}/www/wam-pub"> Options +Indexes +Includes +FollowSymLinks +MultiViews AllowOverride All Require all granted </Directory> </VirtualHost>
Schedule a nightly restart of the services
Create a batch file to stop, force the termination of, and restart the Wampapache and Ad Manager Web Host services:
@echo off net stop wampapache taskkill /f /im httpd.exe net stop cpwh taskkill /f /im cpwh.exe net start wampapache
Note: the Ad Manager Web Host service starts on demand and doesn't need to be started explicitly.
Use the task scheduler to set up a task to execute the batch file nightly:
- Run whether user is logged on or not;
- Run with highest privileges.
Configure the Ad Manager web features
1. Edit the online sharing options: "Tools : Options : Online Sharing".
2. Import the web application roles: "Tools : Import Web App : From URL...".
3. Create Web Users.
Configure SSL/TLS
Purchase an SSL certificate
1. Create a server key and a certificate signing request (CSR).
E.g. using OpenSSL:
openssl genrsa -out host.example.com.key 2048 openssl req -new -key host.example.com.key -out host.example.com.csr
2. Use the CSR to purchase an SSL certificate from a certificate issuing authority, e.g. Digicert, GoDaddy, etc.
To create a self-signed certificate using OpenSSL:
openssl x509 -req -in host.example.com.csr -signkey host.example.com.key -days 365 -out host.example.com.crt
Configure Apache for SSL
1. Copy the server key and the SSL certificates to a subdirectory of your Apache installation, e.g. C:\wamp64\ssl:
C:\wamp64\ssl host.example.com.chain.crt host.example.com.crt host.example.com.key
Here "host.example.com.key" is the server key (in PEM format), "host.example.com.crt" is the SSL certificate you purchased (in PEM format), and "host.example.com.chain.crt" is the intermediate (or chain) certificate of the certificate issuing authority (in PEM format).
2. Edit the "httpd.conf" file:
Edit the port Apache will listen to:
Listen 0.0.0.0:443 Listen [::0]:443
Uncomment the line that loads the SSL module:
LoadModule ssl_module modules/mod_ssl.so
3. Edit the "httpd-vhosts.conf" file:
Specify the port of the virtual host, update the server name if necessary, and add the SSL directives.
<VirtualHost *:443> ServerName host.example.com SSLEngine on SSLCertificateFile "${INSTALL_DIR}/ssl/host.example.com.crt" SSLCertificateKeyFile "${INSTALL_DIR}/ssl/host.example.com.key" SSLCertificateChainFile "${INSTALL_DIR}/ssl/host.example.com.chain.crt" ... </VirtualHost>
Note: the name specified in the ServerName directive must match the name in the certificate.
4. Restart the Apache service.
5. Ensure the firewall is not blocking incoming traffic to the port Apache is listening to.
See also: SSL/TLS Strong Encryption: How-To.