Changeset 32483

Show
Ignore:
Timestamp:
24.09.2018 20:41:50 (7 months ago)
Author:
ak19
Message:

1. Avoiding subtle bug if you forget to include https in server.protocols.property: you can still get an https certificate, but when you start up tomcat and visit  https://hostname:https_port, the server won't run because you forgot to allow https in build.properties. So now setup-https-cert will exit with a fail message if you forgot to turn on https support in this way. 2. Tidied up after previous commits by adding comments, removing deprecated temporary target.

Files:
1 modified

Legend:

Unmodified
Added
Removed
  • main/trunk/greenstone3/build.xml

    r32482 r32483  
    16311631  <!-- ============ Targets concerned with https certification ================ --> 
    16321632 
    1633   <target name="check-os-for-https-cert-support"> 
    1634     <if><bool><isset property="current.os.ismac"/></bool> 
    1635         <echo> 
    1636             Features that automate generating, removing and renewing HTTPS certificates 
    1637             are currently still being implemented on Macs. 
    1638         </echo> 
    1639     </if>    
    1640   </target> 
    1641    
    1642    
    16431633  <target name="setup-https-cert-info"> 
    16441634    <echo> 
     
    16801670   
    16811671 
    1682   <target name="setup-https-cert" depends="check-os-for-https-cert-support,setup-https-cert-info,https-conditions-set"> 
     1672  <target name="setup-https-cert" depends="setup-https-cert-info,https-conditions-set"> 
     1673    <if><bool><not><matches string="${server.protocols}" pattern="https"/></not></bool> 
     1674      <fail>To setup https certification, the server.protocols property in file build.properties must contain 'https'</fail> 
     1675    </if> 
     1676 
    16831677    <input addproperty="https.cert.email">Enter an email that Let's Encrypt, the certification authority, can send any important notifications to</input> 
    16841678    <input addproperty="https.other.domains">Besides tomcat.server=${tomcat.server}, enter a comma separated list of additional domains to support, if any</input> 
     
    18321826     
    18331827  </target> 
    1834    
     1828 
     1829 
     1830  <!-- On Mac as on Linux, we need sudo permissions to setup https certification. 
     1831    But unlike on Linux, on Mac we only need to sudo when running tomcat on port 80 
     1832    and when stopping tomcat running on port 80. But we don't need to sudo on a Mac when calling le.pl. 
     1833    This also means all the files in https_cert have the correct (user, not root) permissions. 
     1834  --> 
    18351835  <target name="setup-https-cert-mac"> 
    18361836     
     
    19011901    </exec> 
    19021902 
    1903     <!-- need regular user permissions on both the Certificate Signing Request file and the certicate, 
    1904      so as user, we copy the files from /tmp where they were generated as root to user location --> 
    1905     <!--<copy file="/tmp/${tomcat.server}.csr" tofile="${packages.home}/tomcat/conf/https_cert/${tomcat.server}.csr"/> 
    1906     <copy file="/tmp/fullchain_and_prvtkey.crt" tofile="${packages.home}/tomcat/conf/https_cert/fullchain_and_prvtkey.crt"/>--> 
    1907  
    19081903    <!-- stop the tomcat running on port 80 --> 
    19091904    <antcall target="stop"> 
     
    20052000       ==staging or ==test-cert flag, that flag must be passed to the revoke subcommand." 
    20062001  --> 
    2007   <target name="remove-https-cert" depends="check-os-for-https-cert-support"> 
     2002  <target name="remove-https-cert"> 
    20082003    <echo> 
    20092004      NOTE: If you're on Linux, you need to have sudo permissions to execute this target.