7 files changed, 51 insertions, 17 deletions

diff --git a/base/ra/CMakeLists.txt b/base/ra/CMakeLists.txt
index 59910fe95..79152e291 100644
--- a/base/ra/CMakeLists.txt
+++ b/base/ra/CMakeLists.txt
@@ -3,6 +3,19 @@ project(ra)
 add_subdirectory(doc)
 add_subdirectory(setup)
 
+# install systemd scripts
+install(
+    FILES
+        lib/systemd/system/pki-rad.target
+        lib/systemd/system/pki-rad@.service
+    DESTINATION
+        ${SYSTEMD_LIB_INSTALL_DIR}
+    PERMISSIONS
+        OWNER_EXECUTE OWNER_WRITE OWNER_READ
+        GROUP_EXECUTE GROUP_READ
+        WORLD_EXECUTE WORLD_READ
+)
+
 # install init script
 install(
     FILES
@@ -74,3 +87,8 @@ install(
         ${VAR_INSTALL_DIR}/run/pki/ra
 )
 
+install(
+    DIRECTORY
+    DESTINATION
+        ${SYSTEMD_ETC_INSTALL_DIR}/pki-rad.target.wants
+)
diff --git a/base/ra/apache/conf/httpd.conf b/base/ra/apache/conf/httpd.conf
index f89e43b33..180c08de0 100644
--- a/base/ra/apache/conf/httpd.conf
+++ b/base/ra/apache/conf/httpd.conf
@@ -232,8 +232,13 @@ Listen [PORT]
 # LoadModule foo_module modules/mod_foo.so
 #
 
-# Required modules for command 'Order':
+# MPM worker module is a loadable module as of 2.4
+LoadModule mpm_worker_module /etc/httpd/modules/mod_mpm_worker.so
+
+LoadModule authz_core_module /etc/httpd/modules/mod_authz_core.so
 [FORTITUDE_AUTH_MODULES]
+# Module for User and Group
+LoadModule unixd_module /etc/httpd/modules/mod_unixd.so
 # Required module for command 'UserDir':
 LoadModule userdir_module [FORTITUDE_LIB_DIR]/modules/mod_userdir.so
 # Required module for command 'DirectoryIndex':
@@ -394,8 +399,7 @@ DocumentRoot "[SERVER_ROOT]/docroot"
 #
 # Controls who can get stuff from this server.
 #
-    Order allow,deny
-    Allow from all
+    Require all granted
 
 </Directory>
 
@@ -444,8 +448,7 @@ AccessFileName .htaccess
 # viewed by Web clients. 
 #
 <Files ~ "^\.ht">
-    Order allow,deny
-    Deny from all
+    Require all denied
 </Files>
 
 #
@@ -592,8 +595,7 @@ Alias /icons/ "[SERVER_ROOT]/icons/"
 <Directory "[SERVER_ROOT]/icons">
     Options Indexes MultiViews
     AllowOverride None
-    Order allow,deny
-    Allow from all
+    Require all granted
 </Directory>
 
 #
@@ -606,8 +608,7 @@ AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|ru))?(/.*)?$ "[SERVER_ROOT]/manual$1
 <Directory "[SERVER_ROOT]/manual">
     Options Indexes
     AllowOverride None
-    Order allow,deny
-    Allow from all
+    Require all granted
 
     <Files *.html>
         SetHandler type-map
@@ -642,8 +643,7 @@ ScriptAlias /cgi-bin/ "[SERVER_ROOT]/cgi-bin/"
 <Directory "[SERVER_ROOT]/cgi-bin">
     AllowOverride None
     Options ExecCGI
-    Order allow,deny
-    Allow from all
+    Require all granted
 </Directory>
 
 #
diff --git a/base/ra/apache/conf/perl.conf b/base/ra/apache/conf/perl.conf
index 50139cdab..02a503f74 100644
--- a/base/ra/apache/conf/perl.conf
+++ b/base/ra/apache/conf/perl.conf
@@ -58,15 +58,13 @@ PerlSetEnv PKI_ROOT [SERVER_ROOT]
 <Location /ra/admin/console/config/wizard>
    SetHandler perl-script
    PerlHandler PKI::RA::Wizard
-   Order deny,allow
-   Allow from all
+   Require all granted
 </Location>
 
 <Location /ra/admin/console/config/login>
    SetHandler perl-script
    PerlHandler PKI::RA::Login
-   Order deny,allow
-   Allow from all
+   Require all granted
 </Location>
 
 PerlModule ModPerl::PerlRun
diff --git a/base/ra/lib/systemd/system/pki-rad.target b/base/ra/lib/systemd/system/pki-rad.target
new file mode 100644
index 000000000..e1a4f808e
--- /dev/null
+++ b/base/ra/lib/systemd/system/pki-rad.target
@@ -0,0 +1,6 @@
+[Unit]
+Description=PKI Registration Authority Server
+After=syslog.target network.target
+
+[Install]
+WantedBy=multi-user.target
diff --git a/base/ra/lib/systemd/system/pki-rad@.service b/base/ra/lib/systemd/system/pki-rad@.service
new file mode 100644
index 000000000..5432c62b2
--- /dev/null
+++ b/base/ra/lib/systemd/system/pki-rad@.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=PKI Registration Authority Server %i
+After=pki-rad.target
+BindTo=pki-rad.target
+
+[Service]
+Type=forking
+ExecStart=/usr/bin/pkicontrol start ra %i
+ExecStop=/usr/bin/pkicontrol stop ra %i
+
+[Install]
+WantedBy=multi-user.target
diff --git a/base/ra/setup/pkidaemon_registry b/base/ra/setup/pkidaemon_registry
index 8d23dda05..2e81158ef 100644
--- a/base/ra/setup/pkidaemon_registry
+++ b/base/ra/setup/pkidaemon_registry
@@ -62,7 +62,7 @@ export RESTART_SERVER
 # available, but does not work with some modules (such as PHP).
 # The service must be stopped before changing this variable.
 #
-PKI_HTTPD=${PKI_FORTITUDE_DIR}/sbin/httpd.worker
+PKI_HTTPD=${PKI_FORTITUDE_DIR}/sbin/httpd
 export PKI_HTTPD
 
 #
diff --git a/base/ra/setup/registry_instance b/base/ra/setup/registry_instance
index f8cae5a43..5be7a4de0 100644
--- a/base/ra/setup/registry_instance
+++ b/base/ra/setup/registry_instance
@@ -59,7 +59,7 @@ export RESTART_SERVER
 # available, but does not work with some modules (such as PHP).
 # The service must be stopped before changing this variable.
 #
-PKI_HTTPD=${PKI_FORTITUDE_DIR}/sbin/httpd.worker
+PKI_HTTPD=${PKI_FORTITUDE_DIR}/sbin/httpd
 export PKI_HTTPD
 
 #