1 |
|
---|
2 | # Setup
|
---|
3 |
|
---|
4 | sudo yum install subversion
|
---|
5 | sudo yum install ant
|
---|
6 |
|
---|
7 | sudo yum install gcc gcc-c++.x86_64
|
---|
8 |
|
---|
9 | # The following is needed for packages such as ExtUtils::MakeMaker
|
---|
10 | sudo yum install perl-devel
|
---|
11 |
|
---|
12 | yum install zlib-devel
|
---|
13 |
|
---|
14 | # JDK 1.8 alraedy present
|
---|
15 |
|
---|
16 | export JAVA_HOME=/usr/lib/jvm/java-1.8.0/
|
---|
17 | export PATH=$JAVA_HOME/bin:$PATH
|
---|
18 | export CFLAGS=-fPIC
|
---|
19 |
|
---|
20 | # Compile up
|
---|
21 |
|
---|
22 | ant
|
---|
23 | ant prepare
|
---|
24 | ant install
|
---|
25 |
|
---|
26 |
|
---|
27 | # Optional nicity
|
---|
28 |
|
---|
29 | sudo yum install emacs
|
---|
30 |
|
---|
31 | #====
|
---|
32 | # Set up a public facing web server
|
---|
33 | #====
|
---|
34 |
|
---|
35 | sudo yum -y install httpd
|
---|
36 | sudo service httpd start
|
---|
37 |
|
---|
38 | # In the AWS console, for the instance access 'security' group
|
---|
39 | # and add inbound rule for port 80
|
---|
40 |
|
---|
41 | #====
|
---|
42 | # Now configure it to operate over https
|
---|
43 | #----
|
---|
44 | # => Need to install certbot
|
---|
45 | #
|
---|
46 | # On AWS Linux2 this gets a bit fiddly ((yum install error concerning snapd/cerbot related to selinux)
|
---|
47 | # Next section of details cribbed from:
|
---|
48 | # https://aws.amazon.com/blogs/compute/extending-amazon-linux-2-with-epel-and-lets-encrypt/
|
---|
49 |
|
---|
50 |
|
---|
51 | pushd /tmp
|
---|
52 | wget --no-check-certificate -O epel.rpm ânv \
|
---|
53 | https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
|
---|
54 | sudo yum install -y ./epel.rpm
|
---|
55 | popd
|
---|
56 |
|
---|
57 | # The following doesn't give you the latest auto certbot script, but
|
---|
58 | # is enough to get the job done
|
---|
59 |
|
---|
60 | sudo yum install python2-certbot-apache.noarch
|
---|
61 |
|
---|
62 |
|
---|
63 | sudo certbot --apache
|
---|
64 |
|
---|
65 | # Note 1: got an error the first time mentioning a pki file that wasn't there
|
---|
66 | # when checked, it was there. running the command for a second time was then ok)
|
---|
67 | # Note 2: as this isn't the latest 'certbot' it looks like you need to set up your own
|
---|
68 | # certbot renew cronjob
|
---|
69 | #
|
---|
70 | # Example output when run on mars.sowemustthinkk.space
|
---|
71 |
|
---|
72 | <output>
|
---|
73 | ...
|
---|
74 | Select the appropriate numbers separated by commas and/or spaces, or leave input
|
---|
75 | blank to select all options shown (Enter 'c' to cancel): 1
|
---|
76 | Requesting a certificate for mars.sowemustthink.space
|
---|
77 | Performing the following challenges:
|
---|
78 | http-01 challenge for mars.sowemustthink.space
|
---|
79 | Waiting for verification...
|
---|
80 | Cleaning up challenges
|
---|
81 | Created an SSL vhost at /etc/httpd/conf/httpd-le-ssl.conf
|
---|
82 | Deploying Certificate to VirtualHost /etc/httpd/conf/httpd-le-ssl.conf
|
---|
83 | Enabling site /etc/httpd/conf/httpd-le-ssl.conf by adding Include to root configuration
|
---|
84 | Redirecting vhost in /etc/httpd/conf/httpd.conf to ssl vhost in /etc/httpd/conf/httpd-le-ssl.conf
|
---|
85 |
|
---|
86 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
---|
87 | Congratulations! You have successfully enabled https://mars.sowemustthink.space
|
---|
88 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
---|
89 |
|
---|
90 | IMPORTANT NOTES:
|
---|
91 | - Congratulations! Your certificate and chain have been saved at:
|
---|
92 | /etc/letsencrypt/live/mars.sowemustthink.space/fullchain.pem
|
---|
93 | Your key file has been saved at:
|
---|
94 | /etc/letsencrypt/live/mars.sowemustthink.space/privkey.pem
|
---|
95 | Your cert will expire on 2021-04-13. To obtain a new or tweaked
|
---|
96 | version of this certificate in the future, simply run certbot again
|
---|
97 | with the "certonly" option. To non-interactively renew *all* of
|
---|
98 | your certificates, run "certbot renew"
|
---|
99 | - If you like Certbot, please consider supporting our work by:
|
---|
100 |
|
---|
101 | Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
|
---|
102 | Donating to EFF: https://eff.org/donate-le
|
---|
103 | </output>
|
---|
104 |
|
---|
105 | #----
|
---|
106 | # Add inbound rule in AWS console for https
|
---|
107 | #----
|
---|
108 |
|
---|
109 | #----
|
---|
110 | # Set up the apache2 httpd config rules to plumb in Greenstone3
|
---|
111 |
|
---|
112 | emacs /etc/httpd/conf/httpd.conf
|
---|
113 |
|
---|
114 | #--
|
---|
115 | <VirtualHost *:80>
|
---|
116 | ServerName mars.sowemustthink.space
|
---|
117 |
|
---|
118 | RewriteEngine on
|
---|
119 | RewriteCond %{SERVER_NAME} =mars.sowemustthink.space
|
---|
120 | RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
|
---|
121 |
|
---|
122 | </VirtualHost>
|
---|
123 | #--
|
---|
124 |
|
---|
125 |
|
---|
126 | emacs /etc/httpd/conf/httpd-le-se.conf
|
---|
127 |
|
---|
128 | #--
|
---|
129 | <VirtualHost *:443>
|
---|
130 | ServerName mars.sowemustthink.space
|
---|
131 |
|
---|
132 | ProxyPass /greenstone3 http://localhost:8383/greenstone3
|
---|
133 | ProxyPassReverse /greenstone3 http://localhost:8383/greenstone3
|
---|
134 | ProxyPassReverseCookiePath /greenstone3 /greenstone3
|
---|
135 |
|
---|
136 | # And in theory for another Greenstone3 install on the same computer, you
|
---|
137 | # would want something like the follow
|
---|
138 | #
|
---|
139 | # ProxyPass /other-greenstone3 http://localhost:9393/greenstone3
|
---|
140 | # ProxyPassReverse /other-greenstone3 http://localhost:9393/greenstone3
|
---|
141 | # <Locaation /other-greenstone3>
|
---|
142 | # ProxyPassReverseCookiePath /greenstone3 /other-greenstone3
|
---|
143 | # </Location>
|
---|
144 |
|
---|
145 | SSLCertificateFile /etc/letsencrypt/live/mars.sowemustthink.space/fullchain.pem
|
---|
146 | SSLCertificateKeyFile /etc/letsencrypt/live/mars.sowemustthink.space/privkey.pem
|
---|
147 | Include /etc/letsencrypt/options-ssl-apache.conf
|
---|
148 |
|
---|
149 | RewriteEngine on
|
---|
150 | RewriteRule "^/$" "/greenstone3/library" [R]
|
---|
151 |
|
---|
152 | </VirtualHost>
|
---|
153 | #--
|
---|
154 |
|
---|
155 | #----
|
---|
156 | # Restart web server
|
---|
157 | #----
|
---|
158 |
|
---|
159 | sudo systemctl restart httpd
|
---|