Changeset 32412
- Timestamp:
- 2018-08-31T19:26:21+12:00 (6 years ago)
- Location:
- main/trunk/greenstone3
- Files:
-
- 3 added
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
main/trunk/greenstone3/build.xml
r32384 r32412 194 194 </if> 195 195 196 <!-- Set the keystore file name for linux versus windows. Ultimately unused/inactive if HTTPS is not enabled and no certificate obtained. We don't have https certification on mac --> 197 <condition property="keystore.file" value="fullchain_and_prvtkey.pfx" else="fullchain_and_prvtkey.p12"> 198 <istrue value="${current.os.iswindows}"/> 199 </condition> 200 196 201 <!-- 197 202 1. Using the macrodef task from ant 1.6+ (https://ant.apache.org/manual/Tasks/macrodef.html) … … 1113 1118 description="Startup the Tomcat server." > 1114 1119 <echo>${app.name} (${app.version}) server running using Apache Tomcat and Java</echo> 1115 <echo>Tomcat: ${catalina.home}</echo> 1120 <echo>Tomcat: ${catalina.home}</echo> 1116 1121 <echo>Java : ${java.home}</echo> 1117 1122 <if><bool><available file="${build.src.home}"/></bool> … … 1681 1686 <input addproperty="https.conditions.ok" validargs="y,n"> 1682 1687 To run this target, ensure you have: 1683 * sudo permissions 1688 * On Linux: sudo permissions 1689 * On Windows: sufficient privileges to run the included tomcat on port 80 1684 1690 * nothing running on port 80 when you run this target 1685 1691 * edited the build.properties file with … … 1725 1731 <else> 1726 1732 <echo>Proceeding...</echo> 1733 </else> 1734 </if> 1735 1736 <if><bool><istrue value="${current.os.iswindows}"/></bool> 1737 <antcall target="setup-https-cert-windows"/> 1738 </if> 1739 <if><bool><istrue value="${current.os.isunixnotmac}"/></bool> 1740 <antcall target="setup-https-cert-linux"/> 1741 </if> 1742 </target> 1743 1744 <target name="setup-https-cert-windows"> 1745 <echo>********** The included tomcat will be stopped, then restarted on port 80 and stopped again</echo> 1746 1747 <!-- create folder packages\tomcat\webapps\ROOT\.well-known\acme-challenge --> 1748 <mkdir dir="${packages.home}/tomcat/webapps/ROOT/.well-known/acme-challenge"/> 1749 <mkdir dir="${packages.home}/tomcat/conf/https_cert"/> 1750 1751 <!-- stop the included tomcat (also stopping derby and solr) --> 1752 <antcall target="stop" /> 1753 1754 <!-- rerun tomcat on port 80 1755 See https://ant.apache.org/manual/Tasks/antcall.html --> 1756 <antcall target="start"> 1757 <param name="tomcat.port.http" value="80"/> 1758 <param name="internal.tomcat.port" value="80"/> 1759 <param name="http.comment.out.start" value=""/> 1760 <param name="http.comment.out.end" value=""/> 1761 <param name="https.comment.out.start" value="${comment.start}"/> 1762 <param name="https.comment.out.end" value="${comment.end}"/> 1763 </antcall> 1764 1765 <!-- get the certificate: use zerossl for windows 1766 Download from https://github.com/do-know/Crypt-LE/releases, 1767 For licence see https://github.com/do-know/Crypt-LE/ 1768 Usage instructions at https://zerossl.com/usage.html 1769 1770 le64 ==key "${packages.home}\tomcat\conf\https_cert\privkey.key" ==csr "${packages.home}\tomcat\conf\https_cert\${tomcat.server}.csr" ==csr-key "${packages.home}s\tomcat\conf\https_cert\${tomcat.server}.key" ==crt "${packages.home}\tomcat\conf\https_cert\${tomcat.server}.crt" ==domains "${https.cert.domains}" ==path "${packages.home}\tomcat\webapps\ROOT\.well-known\acme-challenge" ==generate-missing ==unlink ==live -export-pfx "${keystore.pass}" 1771 1772 which generates a .pfx file with the same name as the PEM certificate (.crt) 1773 .pfx vs .p12: https://stackoverflow.com/questions/6819079/convert-pfx-format-to-p12 1774 1775 In this case "fullchain_and_prvtkey.pfx" is generated, which is the windows value of ${keystore.file} property 1776 --> 1777 <exec executable="cmd" osfamily="windows" dir="${basedir}/bin/${os.bin.dir}" spawn="false"> 1778 <arg value="/c" /> 1779 <arg value="le64" /> 1780 <arg value="--key" /><arg value="${packages.home}\tomcat\conf\https_cert\privkey.key" /> 1781 <arg value="--csr" /><arg value="${packages.home}\tomcat\conf\https_cert\${tomcat.server}.csr" /> 1782 <arg value="--csr-key" /><arg value="${packages.home}\tomcat\conf\https_cert\${tomcat.server}.key" /> 1783 <!--<arg value="==crt" /><arg value="${packages.home}\tomcat\conf\https_cert\${tomcat.server}.crt" />--> 1784 <arg value="--crt" /><arg value="${packages.home}\tomcat\conf\https_cert\fullchain_and_prvtkey.crt" /> 1785 <arg value="--domains" /><arg value="${https.cert.domains}" /> 1786 <arg value="--path" /><arg value="${packages.home}\tomcat\webapps\ROOT\.well-known\acme-challenge" /> 1787 <arg value="--generate-missing" /> 1788 <arg value="--unlink" /> 1789 <arg line="--live" /><!-- https://stackoverflow.com/questions/11840284/pass-arguments-to-apache-ant-exec-task-based-on-the-variables-value --> 1790 <arg value="--export-pfx" /><arg value="${keystore.pass}" /> 1791 </exec> 1792 1793 <echo>KEYSTORE FILE: ${keystore.file}</echo> 1794 1795 <!-- stop the tomcat running on port 80 --> 1796 <antcall target="stop"> 1797 <param name="tomcat.port.http" value="80"/> 1798 <param name="internal.tomcat.port" value="80"/> 1799 <param name="http.comment.out.start" value=""/> 1800 <param name="http.comment.out.end" value=""/> 1801 <param name="https.comment.out.start" value="${comment.start}"/> 1802 <param name="https.comment.out.end" value="${comment.end}"/> 1803 </antcall> 1804 1805 1806 </target> 1807 1808 <target name="setup-https-cert-linux"> 1727 1809 <!-- Running as 1728 1810 ./certbot-auto certonly ==standalone ==preferred-challenges http ==email EMAIL -d DOMAINS … … 1777 1859 <copy todir="${packages.home}/tomcat/conf/https_cert"> 1778 1860 <fileset file="/tmp/${tomcat.server}_fullchain_and_key.p12"/> 1779 <globmapper from="${tomcat.server}_fullchain_and_key.p12" to=" fullchain_and_prvtkey.p12"/>1861 <globmapper from="${tomcat.server}_fullchain_and_key.p12" to="${keystore.file}"/> 1780 1862 </copy> 1781 1863 1782 1864 <exec executable="sudo" dir="/tmp" failonerror="true"> 1783 <arg line="rm -f /tmp/${tomcat.server}_fullchain_and_key.p12" />1784 </exec> 1865 <arg line="rm -f /tmp/${tomcat.server}_fullchain_and_key.p12" /> 1866 </exec> 1785 1867 1786 </else>1787 </if>1788 1789 1868 </target> 1790 1869 … … 1876 1955 <filter token="tomcat.port.https" value="${tomcat.port.https}"/> 1877 1956 <!--<filter token="keystore.file" value="${packages.home}/tomcat/conf/https_cert/${tomcat.server}.jks" />--> 1878 <filter token="keystore.file" value="${packages.home}/tomcat/conf/https_cert/fullchain_and_prvtkey.p12" /> 1957 <!--ON UNIX: <filter token="keystore.file" value="${packages.home}/tomcat/conf/https_cert/fullchain_and_prvtkey.p12" />--> 1958 <!--ON WINDOWS: <filter token="keystore.file" value="conf/https_cert/fullchain_and_prvtkey.pfx" />--> 1959 <filter token="keystore.file" value="conf/https_cert/${keystore.file}" /> 1879 1960 <!-- tomcat Connector's keystoreType param defaults to JKS (Java keystore), see https://tomcat.apache.org/tomcat-7.0-doc/config/http.html 1880 1961 We'll follow the instructions at https://community.letsencrypt.org/t/using-lets-encrypt-with-tomcat/41082,
Note:
See TracChangeset
for help on using the changeset viewer.