source: local/greenstone3/linux-64bit/README--aws-linux2-ami-to-https-greenstone3.txt@ 34664

Last change on this file since 34664 was 34664, checked in by davidb, 3 years ago

Rename to more descriptive name
File size: 4.6 KB
Line 
1
2# Setup
3
4sudo yum install subversion
5sudo yum install ant
6
7sudo yum install gcc gcc-c++.x86_64
8
9# The following is needed for packages such as ExtUtils::MakeMaker
10sudo yum install perl-devel
11
12yum install zlib-devel
13
14# JDK 1.8 alraedy present
15
16export JAVA_HOME=/usr/lib/jvm/java-1.8.0/
17export PATH=$JAVA_HOME/bin:$PATH
18export CFLAGS=-fPIC
19
20# Compile up
21
22ant
23ant prepare
24ant install
25
26
27# Optional nicity
28
29sudo yum install emacs
30
31#====
32# Set up a public facing web server
33#====
34
35sudo yum -y install httpd
36sudo service httpd start
37
38# In the AWS console, for the instance access 'security' group
39# and add inbound rule for port 80
40
41#====
42# Now configure it to operate over https
43#----
44# => Need to install certbot
45#
46# On AWS Linux2 this gets a bit fiddly ((yum install error concerning snapd/cerbot related to selinux)
47# Next section of details cribbed from:
48# https://aws.amazon.com/blogs/compute/extending-amazon-linux-2-with-epel-and-lets-encrypt/
49
50
51pushd /tmp
52wget --no-check-certificate -O epel.rpm –nv \
53 https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
54sudo yum install -y ./epel.rpm
55popd
56
57# The following doesn't give you the latest auto certbot script, but
58# is enough to get the job done
59
60sudo yum install python2-certbot-apache.noarch
61
62
63sudo certbot --apache
64
65# Note 1: got an error the first time mentioning a pki file that wasn't there
66# when checked, it was there. running the command for a second time was then ok)
67# Note 2: as this isn't the latest 'certbot' it looks like you need to set up your own
68# certbot renew cronjob
69#
70# Example output when run on mars.sowemustthinkk.space
71
72<output>
73 ...
74 Select the appropriate numbers separated by commas and/or spaces, or leave input
75 blank to select all options shown (Enter 'c' to cancel): 1
76 Requesting a certificate for mars.sowemustthink.space
77 Performing the following challenges:
78 http-01 challenge for mars.sowemustthink.space
79 Waiting for verification...
80 Cleaning up challenges
81 Created an SSL vhost at /etc/httpd/conf/httpd-le-ssl.conf
82 Deploying Certificate to VirtualHost /etc/httpd/conf/httpd-le-ssl.conf
83 Enabling site /etc/httpd/conf/httpd-le-ssl.conf by adding Include to root configuration
84 Redirecting vhost in /etc/httpd/conf/httpd.conf to ssl vhost in /etc/httpd/conf/httpd-le-ssl.conf
85
86 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
87 Congratulations! You have successfully enabled https://mars.sowemustthink.space
88 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
89
90 IMPORTANT NOTES:
91 - Congratulations! Your certificate and chain have been saved at:
92 /etc/letsencrypt/live/mars.sowemustthink.space/fullchain.pem
93 Your key file has been saved at:
94 /etc/letsencrypt/live/mars.sowemustthink.space/privkey.pem
95 Your cert will expire on 2021-04-13. To obtain a new or tweaked
96 version of this certificate in the future, simply run certbot again
97 with the "certonly" option. To non-interactively renew *all* of
98 your certificates, run "certbot renew"
99 - If you like Certbot, please consider supporting our work by:
100
101 Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
102 Donating to EFF: https://eff.org/donate-le
103</output>
104
105#----
106# Add inbound rule in AWS console for https
107#----
108
109#----
110# Set up the apache2 httpd config rules to plumb in Greenstone3
111
112emacs /etc/httpd/conf/httpd.conf
113
114#--
115<VirtualHost *:80>
116 ServerName mars.sowemustthink.space
117
118RewriteEngine on
119RewriteCond %{SERVER_NAME} =mars.sowemustthink.space
120RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
121
122</VirtualHost>
123#--
124
125
126emacs /etc/httpd/conf/httpd-le-se.conf
127
128#--
129<VirtualHost *:443>
130 ServerName mars.sowemustthink.space
131
132 ProxyPass /greenstone3 http://localhost:8383/greenstone3
133 ProxyPassReverse /greenstone3 http://localhost:8383/greenstone3
134 ProxyPassReverseCookiePath /greenstone3 /greenstone3
135
136# And in theory for another Greenstone3 install on the same computer, you
137# would want something like the follow
138#
139# ProxyPass /other-greenstone3 http://localhost:9393/greenstone3
140# ProxyPassReverse /other-greenstone3 http://localhost:9393/greenstone3
141# <Locaation /other-greenstone3>
142# ProxyPassReverseCookiePath /greenstone3 /other-greenstone3
143# </Location>
144
145SSLCertificateFile /etc/letsencrypt/live/mars.sowemustthink.space/fullchain.pem
146SSLCertificateKeyFile /etc/letsencrypt/live/mars.sowemustthink.space/privkey.pem
147Include /etc/letsencrypt/options-ssl-apache.conf
148
149 RewriteEngine on
150 RewriteRule "^/$" "/greenstone3/library" [R]
151
152</VirtualHost>
153#--
154
155#----
156# Restart web server
157#----
158
159sudo systemctl restart httpd
Note: See TracBrowser for help on using the repository browser.