1 |
|
---|
2 | # Setting up a Greenstone3 installation to operate over
|
---|
3 | https using Apache2 httpd as a reverse-proxy web server
|
---|
4 |
|
---|
5 | In the instructions that follow, it is assumed that the
|
---|
6 | domain you are setting up is 'dl.mydomain.org'. Edit
|
---|
7 | accordingly!
|
---|
8 |
|
---|
9 |
|
---|
10 | 1. Edit build.properties
|
---|
11 |
|
---|
12 | Near the top of the file, uncomment and set the following:
|
---|
13 |
|
---|
14 | revproxy.protocol=https
|
---|
15 | revproxy.domain=dl.mydomain.org
|
---|
16 | revproxy.context=/greenstone3
|
---|
17 |
|
---|
18 | 2. Test web server visibility (http at this stage)
|
---|
19 |
|
---|
20 |
|
---|
21 | To issue a certificate, 'certbot' needs to be able to connect to your
|
---|
22 | public facing web server over http.
|
---|
23 |
|
---|
24 |
|
---|
25 | 2.1 Create a very basic Apache config file
|
---|
26 |
|
---|
27 | As route create the file:
|
---|
28 |
|
---|
29 | /etc/apache2/sites-enabled/mydomain.conf
|
---|
30 |
|
---|
31 | With the content:
|
---|
32 |
|
---|
33 | <VirtualHost *:80>
|
---|
34 | ServerName dl.mydomain.org
|
---|
35 |
|
---|
36 | ServerAdmin [email protected]
|
---|
37 |
|
---|
38 | DocumentRoot /var/www/html
|
---|
39 |
|
---|
40 | ErrorLog ${APACHE_LOG_DIR}/error.log
|
---|
41 | CustomLog ${APACHE_LOG_DIR}/access.log combined
|
---|
42 | </VirtualHost>
|
---|
43 |
|
---|
44 |
|
---|
45 | 2.2 Restart your apache2 httpd server
|
---|
46 |
|
---|
47 | sudo systemctl restart apache2
|
---|
48 |
|
---|
49 | 2.3 Check your web server is visible
|
---|
50 |
|
---|
51 | Ideally using a machine external to where you are setting up
|
---|
52 | your DL web server, in a web browser visit:
|
---|
53 |
|
---|
54 | http://dl.mydomain.org/
|
---|
55 |
|
---|
56 | Or else at the command line enter:
|
---|
57 |
|
---|
58 | wget -O - http://dl.mydomiain.org
|
---|
59 |
|
---|
60 | If this results in a 404 error, it might be that you haven't waited
|
---|
61 | long enough for the IP number you have registered with your domain
|
---|
62 | name to be pushed out to publicly accessible DNS servers.
|
---|
63 | As a more basic test, see if you can 'ping' your domain name:
|
---|
64 |
|
---|
65 | ping dl.mydomiain.org
|
---|
66 |
|
---|
67 |
|
---|
68 | 3. Use CertBot to setup your web server for https access
|
---|
69 |
|
---|
70 | sudo certbot --apache
|
---|
71 |
|
---|
72 | and answer the prompts generated.
|
---|
73 |
|
---|
74 | In the event you are adding a new domain to an existing Apache2 web
|
---|
75 | server, then the command would be:
|
---|
76 |
|
---|
77 | sudo certbot --apache --expand -d dl.mydomain.org
|
---|
78 |
|
---|
79 | 4.
|
---|
80 |
|
---|
81 | ProxyPass /greenstone3 http://localhost:6363/greenstone3
|
---|
82 | ProxyPassReverse /greenstone3 http://localhost:6363/greenstone3
|
---|
83 |
|
---|
84 | sudo /sbin/a2enmod headers
|
---|