[34656] | 1 |
|
---|
| 2 | # Setup
|
---|
| 3 |
|
---|
| 4 | sudo yum install subversion
|
---|
| 5 | sudo yum install ant
|
---|
| 6 |
|
---|
| 7 | sudo yum install gcc gcc-c++.x86_64
|
---|
| 8 |
|
---|
| 9 | # The following is needed for packages such as ExtUtils::MakeMaker
|
---|
| 10 | sudo yum install perl-devel
|
---|
| 11 |
|
---|
| 12 | yum install zlib-devel
|
---|
| 13 |
|
---|
| 14 | # JDK 1.8 alraedy present
|
---|
| 15 |
|
---|
| 16 | export JAVA_HOME=/usr/lib/jvm/java-1.8.0/
|
---|
| 17 | export PATH=$JAVA_HOME/bin:$PATH
|
---|
| 18 | export CFLAGS=-fPIC
|
---|
| 19 |
|
---|
| 20 | # Compile up
|
---|
| 21 |
|
---|
| 22 | ant
|
---|
| 23 | ant prepare
|
---|
| 24 | ant install
|
---|
| 25 |
|
---|
| 26 |
|
---|
| 27 | # Optional nicity
|
---|
| 28 |
|
---|
| 29 | sudo yum install emacs
|
---|
| 30 |
|
---|
| 31 | #====
|
---|
| 32 | # Set up a public facing web server
|
---|
| 33 | #====
|
---|
| 34 |
|
---|
| 35 | sudo yum -y install httpd
|
---|
| 36 | sudo service httpd start
|
---|
| 37 |
|
---|
| 38 | # In the AWS console, for the instance access 'security' group
|
---|
| 39 | # and add inbound rule for port 80
|
---|
| 40 |
|
---|
| 41 | #====
|
---|
| 42 | # Now configure it to operate over https
|
---|
| 43 | #----
|
---|
| 44 | # => Need to install certbot
|
---|
| 45 | #
|
---|
| 46 | # On AWS Linux2 this gets a bit fiddly ((yum install error concerning snapd/cerbot related to selinux)
|
---|
| 47 | # Next section of details cribbed from:
|
---|
| 48 | # https://aws.amazon.com/blogs/compute/extending-amazon-linux-2-with-epel-and-lets-encrypt/
|
---|
| 49 |
|
---|
| 50 |
|
---|
| 51 | pushd /tmp
|
---|
| 52 | wget --no-check-certificate -O epel.rpm ânv \
|
---|
| 53 | https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
|
---|
| 54 | sudo yum install -y ./epel.rpm
|
---|
| 55 | popd
|
---|
| 56 |
|
---|
| 57 | # The following doesn't give you the latest auto certbot script, but
|
---|
| 58 | # is enough to get the job done
|
---|
| 59 |
|
---|
| 60 | sudo yum install python2-certbot-apache.noarch
|
---|
| 61 |
|
---|
| 62 |
|
---|
| 63 | sudo certbot --apache
|
---|
| 64 |
|
---|
| 65 | # Note 1: got an error the first time mentioning a pki file that wasn't there
|
---|
| 66 | # when checked, it was there. running the command for a second time was then ok)
|
---|
| 67 | # Note 2: as this isn't the latest 'certbot' it looks like you need to set up your own
|
---|
| 68 | # certbot renew cronjob
|
---|
| 69 | #
|
---|
| 70 | # Example output when run on mars.sowemustthinkk.space
|
---|
| 71 |
|
---|
| 72 | <output>
|
---|
| 73 | ...
|
---|
| 74 | Select the appropriate numbers separated by commas and/or spaces, or leave input
|
---|
| 75 | blank to select all options shown (Enter 'c' to cancel): 1
|
---|
| 76 | Requesting a certificate for mars.sowemustthink.space
|
---|
| 77 | Performing the following challenges:
|
---|
| 78 | http-01 challenge for mars.sowemustthink.space
|
---|
| 79 | Waiting for verification...
|
---|
| 80 | Cleaning up challenges
|
---|
| 81 | Created an SSL vhost at /etc/httpd/conf/httpd-le-ssl.conf
|
---|
| 82 | Deploying Certificate to VirtualHost /etc/httpd/conf/httpd-le-ssl.conf
|
---|
| 83 | Enabling site /etc/httpd/conf/httpd-le-ssl.conf by adding Include to root configuration
|
---|
| 84 | Redirecting vhost in /etc/httpd/conf/httpd.conf to ssl vhost in /etc/httpd/conf/httpd-le-ssl.conf
|
---|
| 85 |
|
---|
| 86 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
---|
| 87 | Congratulations! You have successfully enabled https://mars.sowemustthink.space
|
---|
| 88 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
---|
| 89 |
|
---|
| 90 | IMPORTANT NOTES:
|
---|
| 91 | - Congratulations! Your certificate and chain have been saved at:
|
---|
| 92 | /etc/letsencrypt/live/mars.sowemustthink.space/fullchain.pem
|
---|
| 93 | Your key file has been saved at:
|
---|
| 94 | /etc/letsencrypt/live/mars.sowemustthink.space/privkey.pem
|
---|
| 95 | Your cert will expire on 2021-04-13. To obtain a new or tweaked
|
---|
| 96 | version of this certificate in the future, simply run certbot again
|
---|
| 97 | with the "certonly" option. To non-interactively renew *all* of
|
---|
| 98 | your certificates, run "certbot renew"
|
---|
| 99 | - If you like Certbot, please consider supporting our work by:
|
---|
| 100 |
|
---|
| 101 | Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
|
---|
| 102 | Donating to EFF: https://eff.org/donate-le
|
---|
| 103 | </output>
|
---|
| 104 |
|
---|
| 105 | #----
|
---|
| 106 | # Add inbound rule in AWS console for https
|
---|
| 107 | #----
|
---|
| 108 |
|
---|
| 109 | #----
|
---|
| 110 | # Set up the apache2 httpd config rules to plumb in Greenstone3
|
---|
| 111 |
|
---|
| 112 | emacs /etc/httpd/conf/httpd.conf
|
---|
| 113 |
|
---|
| 114 | #--
|
---|
| 115 | <VirtualHost *:80>
|
---|
| 116 | ServerName mars.sowemustthink.space
|
---|
| 117 |
|
---|
| 118 | RewriteEngine on
|
---|
| 119 | RewriteCond %{SERVER_NAME} =mars.sowemustthink.space
|
---|
| 120 | RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
|
---|
| 121 |
|
---|
| 122 | </VirtualHost>
|
---|
| 123 | #--
|
---|
| 124 |
|
---|
| 125 |
|
---|
| 126 | emacs /etc/httpd/conf/httpd-le-se.conf
|
---|
| 127 |
|
---|
| 128 | #--
|
---|
| 129 | <VirtualHost *:443>
|
---|
| 130 | ServerName mars.sowemustthink.space
|
---|
| 131 |
|
---|
| 132 | ProxyPass /greenstone3 http://localhost:8383/greenstone3
|
---|
| 133 | ProxyPassReverse /greenstone3 http://localhost:8383/greenstone3
|
---|
| 134 | ProxyPassReverseCookiePath /greenstone3 /greenstone3
|
---|
| 135 |
|
---|
| 136 | # And in theory for another Greenstone3 install on the same computer, you
|
---|
| 137 | # would want something like the follow
|
---|
| 138 | #
|
---|
| 139 | # ProxyPass /other-greenstone3 http://localhost:9393/greenstone3
|
---|
| 140 | # ProxyPassReverse /other-greenstone3 http://localhost:9393/greenstone3
|
---|
| 141 | # <Locaation /other-greenstone3>
|
---|
| 142 | # ProxyPassReverseCookiePath /greenstone3 /other-greenstone3
|
---|
| 143 | # </Location>
|
---|
| 144 |
|
---|
| 145 | SSLCertificateFile /etc/letsencrypt/live/mars.sowemustthink.space/fullchain.pem
|
---|
| 146 | SSLCertificateKeyFile /etc/letsencrypt/live/mars.sowemustthink.space/privkey.pem
|
---|
| 147 | Include /etc/letsencrypt/options-ssl-apache.conf
|
---|
| 148 |
|
---|
| 149 | RewriteEngine on
|
---|
| 150 | RewriteRule "^/$" "/greenstone3/library" [R]
|
---|
| 151 |
|
---|
| 152 | </VirtualHost>
|
---|
| 153 | #--
|
---|
| 154 |
|
---|
| 155 | #----
|
---|
| 156 | # Restart web server
|
---|
| 157 | #----
|
---|
| 158 |
|
---|
| 159 | sudo systemctl restart httpd
|
---|