This patch removes Memcached configurations from the shipped apache files.
Note: testing is not actually needed for this patch, as it is really trivial. But I
include testing steps, just in case QA members require it.
To test:
- Apply the patch
- Do a (standard/dev/single) Koah install
=> SUCCESS: Verify the resulting koha-httpd.conf file doens't include memcached data
- Have a packages install
- Replace
* /etc/koha/apache-site-https.conf.in
* /etc/koha/apache-site.conf.in
with the ones from this patch
- Create an instance
=> SUCCESS: The apache configuration doesn't include memcached configurations
- Sign off :-D
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
New option koha-create --letsencrypt
- installs the letsencrypt package if needed
- creates <instance>
- generates letsencrypt certificates for <instance>
- sets up a https-only website for <instance>
- redirects http to https for <instance>
! you need to enable jessie backports to install letsencrypt: add
deb http://http.debian.net/debian jessie-backports main contrib non-free
to your /etc/apt/sources.list
! this patch uses the letsencrypt staging server
to create real certificates, apply thy "LE production server" patch
Test plan:
- build a debian package with patch applied
- use apache mod_ssl
sudo a2enmod ssl
- make sure the machine is accessible on 80 (needed for letsencrypt) and 443 from the internet
- install koha with your new package
- Put your (existing) domain options in /etc/koha/koha-sites.conf
- use koha-create with the new options:
sudo koha-create --create-db --letsencrypt <instance>
- if you do not have the letsencrypt package installed, you will be prompted to do that
[
if there is no package available, a symlink to the git checkout will work:
on your test server, get letsencrypt via git
git clone https://github.com/letsencrypt/letsencrypt
create a symlink from /usr/bin/letsencrypt to letsencrypt-auto
sudo ln -s /path/to/letsencrypt/letsencrypt-auto /usr/bin/letsencrypt
]
- wait until setup is finished, check that you got a working OPAC and staff client with certificates
- check that http redirects to https
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>