I’ve configured this blog to use my OpenID accounts. I have two (which totally goes against the single identity mindset of OpenID :) )

• http://mcarlson.myopenid.com/

• http://openid.evil-genius-network.com/mike

The second one I just stood up today. I’m always concerned with who has my information, and if I can, I try to keep it all within the realm of my control. Also, the evil genius domain has absolutely no purpose besides a testing ground that I have no problems destroying :)

Using my own OpenID service is attractive, most of all its a fun exercise. Lets go through what I did (so one day I can remember).

The easiest part was finding an OpenID server. A quick google search brought me here:

http://wiki.openid.net/Run_your_own_identity_server

The hard part was deciding which one I should use. I actually tried out 4 of them, phpMyID, Masquerade, DjangoID, and finally, Java OpenID Server. I got three of them running, and in the end I simply settled on JOS. For now. I had a lot of fun building a MCV app in both Ruby on Rails and Django. I’ve been on a MCV kick, as a month ago I got pretty excited about Ruby on Rails. The big part where I shy away from Django or RoR is integrating things into Apache. With Java, I have Tomcat, and I’ve used it before so I have an immediate comfort level with it. I did have to ask Chris for a little bit of help when it came to the mod_jk stuff.

First thing was to go over the JOS documentation. I knew I would need the following:

• Java App Server - I decided to use Apache’s Tomcat 6.0

• A database - PostgreSQL 8.3

• JCalendar, this was simple, as the readme pointed me to one

Over the years, I’ve always used MySQL. It’s simple, light, and all the new fancy “Web 2.0” site use it. I’m considering making the switch to PostgreSQL for two reasons. 1) Sun seems to be mishandling the QA and release engineering of MySQL . 2) Recent benchmarks with FreeBSD 7.1 and PostgreSQL have been phenomenally good, and even though I’m not running a big site with millions of visitors I do like to keep up with whats current and performs well.

Second, I built the required applications and enabled both tomcat and PostgreSQL in /etc/rc.conf. Think of rc.conf as a simple text-based chkconfig, except with rc.conf, you can specify additional command arguments, profile environment, and anything else the application might support. I like the ease of the chkconfig/service system works in Linux, but FreeBSD’s run command (rc) system is very flexible and easier to tune.

> sudo su -
$ cd /usr/ports/databases/postgresql83-server
$ make install
$ echo 'postgresql_enable="YES"' >> /etc/rc.conf
$ cd /usr/ports/www/tomcat6
$ make install
$ echo 'tomcat60_enable="YES"' >> /etc/rc.conf
$ cd /usr/ports/databases/postgresql-jdbc
$ make install

I could have simply added pre-built packages with “pkg_add -r tomcat6 postgresql83-server postgresql-jdbc” but I like seeing what compile time options are available, and then setting those. Hurray for the flexibility of FreeBSD!

One thing that you have to do with PostgreSQL (that you don’t have to do with MySQL) is initialize the database/config:

$ initdb /usr/local/pgsql/data
$ su - pgsql
> createdb jos-openid
> makepasswd --chars=13
 a nice 13 character random string
> createuser josuser -P
> psql jos-openid 

Welcome to psql 8.3.6, the PostgreSQL interactive terminal. Type:
        \copyright for distribution terms
        \h for help with SQL commands
        \? for help with psql commands
        \g or terminate with semicolon to execute query
        \q to quit

jos-openid=# select * from pg_user;
  usename | usesysid | usecreatedb | usesuper | usecatupd |  passwd  | valuntil | useconfig
 ---------+----------+-------------+----------+-----------+----------+----------+-----------
  pgsql   |       10 | t           | t        | t         | ******** |          |
  josuser |    16386 | t           | f        | f         | ******** |          |
(2 rows)
jos-openid=#

Next, I had to unpack the war file and modify the jdbc.properties to use PostgreSQL

jar -xvf jos-webapp-1.2.0.war .
...
jar -cvf /usr/local/tomcat6/webapps/ROOT.war .

Yeah, after configuring the app and zipping it back up, I called it ROOT, it was a lot easier this way. I didn’t want to manage multiple java apps at this point. I can be a very lazy admin :)

After starting both Tomcat and PostgreSQL up, I now had a working web app running on my server at port 8180. The last part is to mount the java application inside of apache. For that, I needed to install mod_jk:

$ cd /usr/ports/www/mod_jk
$ make install

Thats the easy part of installing mod_jk, the next parts are the worker.properties file, modifying httpd.conf, and then modifying my virtualhost configuration for the domain evil-genius-network.com. I also added a record for openid.evil-genius-network.com. So, in that order, this is what I did:

/usr/local/etc/apache2/worker.properties:

workers.tomcat_home=/usr/local/apache-tomcat6.0
workers.java_home=/usr/local/jdk1.6.0
ps=/
worker.list=localhost
worker.tomcat.type=lb
#worker.tomcat.balanced_workers=localhost
#worker.loadbalancer.local_worker_only=0
worker.localhost.port=8009
worker.localhost.host=localhost
worker.localhost.type=ajp13
worker.localhost.lbfactor=1

/usr/local/etc/apache2/httpd.conf:

LoadModule jk_module libexec/apache22/mod_jk.so
# mod_jk
JkWorkersFile /usr/local/etc/apache22/workers.properties
JkLogFile  /var/log/jk.log
JkShmFile  /var/log/jk-runtime-status
JkLogLevel error

/usr/local/etc/apache2/virtualhosts/evil-genius-network.com (in the openid.evil-genius-network.com VirtualHost section):

JkMount /* localhost

Then, I restarted apache:

$ /usr/local/etc/rc.d/apache2 restart

Now, have my own little OpenID server running at http://openid.evil-genius-network.com/

BTW, I had to re-edit EVERY pre section of this page about 6 times, that was the least-fun part of all of this.