| 1 |
|
|---|
| 2 | # Setting up a Greenstone3 installation to operate over
|
|---|
| 3 | https using Apache2 httpd as a reverse-proxy web server
|
|---|
| 4 |
|
|---|
| 5 | In the instructions that follow, it is assumed that the
|
|---|
| 6 | domain you are setting up is 'dl.mydomain.org'. Edit
|
|---|
| 7 | accordingly!
|
|---|
| 8 |
|
|---|
| 9 |
|
|---|
| 10 | 1. Edit build.properties
|
|---|
| 11 |
|
|---|
| 12 | Near the top of the file, uncomment and set the following:
|
|---|
| 13 |
|
|---|
| 14 | revproxy.protocol=https
|
|---|
| 15 | revproxy.domain=dl.mydomain.org
|
|---|
| 16 | revproxy.context=/greenstone3
|
|---|
| 17 |
|
|---|
| 18 | 2. Test web server visibility (http at this stage)
|
|---|
| 19 |
|
|---|
| 20 |
|
|---|
| 21 | To issue a certificate, 'certbot' needs to be able to connect to your
|
|---|
| 22 | public facing web server over http.
|
|---|
| 23 |
|
|---|
| 24 |
|
|---|
| 25 | 2.1 Create a very basic Apache config file
|
|---|
| 26 |
|
|---|
| 27 | As route create the file:
|
|---|
| 28 |
|
|---|
| 29 | /etc/apache2/sites-enabled/mydomain.conf
|
|---|
| 30 |
|
|---|
| 31 | With the content:
|
|---|
| 32 |
|
|---|
| 33 | <VirtualHost *:80>
|
|---|
| 34 | ServerName dl.mydomain.org
|
|---|
| 35 |
|
|---|
| 36 | ServerAdmin [email protected]
|
|---|
| 37 |
|
|---|
| 38 | DocumentRoot /var/www/html
|
|---|
| 39 |
|
|---|
| 40 | ErrorLog ${APACHE_LOG_DIR}/error.log
|
|---|
| 41 | CustomLog ${APACHE_LOG_DIR}/access.log combined
|
|---|
| 42 | </VirtualHost>
|
|---|
| 43 |
|
|---|
| 44 |
|
|---|
| 45 | 2.2 Restart your apache2 httpd server
|
|---|
| 46 |
|
|---|
| 47 | sudo systemctl restart apache2
|
|---|
| 48 |
|
|---|
| 49 | 2.3 Check your web server is visible
|
|---|
| 50 |
|
|---|
| 51 | Ideally using a machine external to where you are setting up
|
|---|
| 52 | your DL web server, in a web browser visit:
|
|---|
| 53 |
|
|---|
| 54 | http://dl.mydomain.org/
|
|---|
| 55 |
|
|---|
| 56 | Or else at the command line enter:
|
|---|
| 57 |
|
|---|
| 58 | wget -O - http://dl.mydomiain.org
|
|---|
| 59 |
|
|---|
| 60 | If this results in a 404 error, it might be that you haven't waited
|
|---|
| 61 | long enough for the IP number you have registered with your domain
|
|---|
| 62 | name to be pushed out to publicly accessible DNS servers.
|
|---|
| 63 | As a more basic test, see if you can 'ping' your domain name:
|
|---|
| 64 |
|
|---|
| 65 | ping dl.mydomiain.org
|
|---|
| 66 |
|
|---|
| 67 |
|
|---|
| 68 | 3. Use CertBot to setup your web server for https access
|
|---|
| 69 |
|
|---|
| 70 | sudo certbot --apache
|
|---|
| 71 |
|
|---|
| 72 | and answer the prompts generated.
|
|---|
| 73 |
|
|---|
| 74 | In the event you are adding a new domain to an existing Apache2 web
|
|---|
| 75 | server, then the command would be:
|
|---|
| 76 |
|
|---|
| 77 | sudo certbot --apache --expand -d dl.mydomain.org
|
|---|
| 78 |
|
|---|
| 79 | 4.
|
|---|
| 80 |
|
|---|
| 81 | ProxyPass /greenstone3 http://localhost:6363/greenstone3
|
|---|
| 82 | ProxyPassReverse /greenstone3 http://localhost:6363/greenstone3
|
|---|
| 83 |
|
|---|
| 84 | sudo /sbin/a2enmod headers
|
|---|
