2f634f2862
New option koha-create --letsencrypt - installs the letsencrypt package if needed - creates <instance> - generates letsencrypt certificates for <instance> - sets up a https-only website for <instance> - redirects http to https for <instance> ! you need to enable jessie backports to install letsencrypt: add deb http://http.debian.net/debian jessie-backports main contrib non-free to your /etc/apt/sources.list ! this patch uses the letsencrypt staging server to create real certificates, apply thy "LE production server" patch Test plan: - build a debian package with patch applied - use apache mod_ssl sudo a2enmod ssl - make sure the machine is accessible on 80 (needed for letsencrypt) and 443 from the internet - install koha with your new package - Put your (existing) domain options in /etc/koha/koha-sites.conf - use koha-create with the new options: sudo koha-create --create-db --letsencrypt <instance> - if you do not have the letsencrypt package installed, you will be prompted to do that [ if there is no package available, a symlink to the git checkout will work: on your test server, get letsencrypt via git git clone https://github.com/letsencrypt/letsencrypt create a symlink from /usr/bin/letsencrypt to letsencrypt-auto sudo ln -s /path/to/letsencrypt/letsencrypt-auto /usr/bin/letsencrypt ] - wait until setup is finished, check that you got a working OPAC and staff client with certificates - check that http redirects to https Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
70 lines
2.8 KiB
Text
70 lines
2.8 KiB
Text
# Koha instance __KOHASITE__ Apache config.
|
|
|
|
# redirect http to https
|
|
#<VirtualHost *:80> #nohttps
|
|
# ServerName __OPACSERVER__ #nohttps
|
|
# ServerAlias __INTRASERVER__ #nohttps
|
|
# RewriteEngine On #nohttps
|
|
# RewriteCond %{HTTPS} !=on #nohttps
|
|
# RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] #nohttps
|
|
#</VirtualHost> #nohttps
|
|
|
|
# OPAC
|
|
<VirtualHost *:80> #https
|
|
# SSLEngine on
|
|
# SSLProtocol +TLSv1.2 +TLSv1.1 +TLSv1
|
|
# SSLCompression off
|
|
# SSLHonorCipherOrder on
|
|
# SSLCipherSuite "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-SA-
|
|
# SSLCertificateKeyFile /etc/letsencrypt/live/__OPACSERVER__/privkey.pem
|
|
# SSLCertificateFile /etc/letsencrypt/live/__OPACSERVER__/cert.pem
|
|
# SSLCertificateChainFile /etc/letsencrypt/live/__OPACSERVER__/chain.pem
|
|
|
|
<IfVersion >= 2.4>
|
|
Define instance "__KOHASITE__"
|
|
</IfVersion>
|
|
Include /etc/koha/apache-shared.conf
|
|
# Include /etc/koha/apache-shared-disable.conf
|
|
# Include /etc/koha/apache-shared-opac-plack.conf
|
|
Include /etc/koha/apache-shared-opac.conf
|
|
|
|
ServerName __OPACSERVER__
|
|
SetEnv KOHA_CONF "/etc/koha/sites/__KOHASITE__/koha-conf.xml"
|
|
SetEnv MEMCACHED_SERVERS "__MEMCACHED_SERVERS__"
|
|
SetEnv MEMCACHED_NAMESPACE "__MEMCACHED_NAMESPACE__"
|
|
AssignUserID __UNIXUSER__ __UNIXGROUP__
|
|
|
|
ErrorLog /var/log/koha/__KOHASITE__/opac-error.log
|
|
# TransferLog /var/log/koha/__KOHASITE__/opac-access.log
|
|
# RewriteLog /var/log/koha/__KOHASITE__/opac-rewrite.log
|
|
</VirtualHost>
|
|
|
|
# Intranet
|
|
<VirtualHost *:80> #https
|
|
# SSLEngine on
|
|
# SSLProtocol +TLSv1.2 +TLSv1.1 +TLSv1
|
|
# SSLCompression off
|
|
# SSLHonorCipherOrder on
|
|
# SSLCipherSuite "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES
|
|
# SSLCertificateKeyFile /etc/letsencrypt/live/__OPACSERVER__/privkey.pem
|
|
# SSLCertificateFile /etc/letsencrypt/live/__OPACSERVER__/cert.pem
|
|
# SSLCertificateChainFile /etc/letsencrypt/live/__OPACSERVER__/chain.pem
|
|
|
|
<IfVersion >= 2.4>
|
|
Define instance "__KOHASITE__"
|
|
</IfVersion>
|
|
Include /etc/koha/apache-shared.conf
|
|
# Include /etc/koha/apache-shared-disable.conf
|
|
# Include /etc/koha/apache-shared-intranet-plack.conf
|
|
Include /etc/koha/apache-shared-intranet.conf
|
|
|
|
ServerName __INTRASERVER__
|
|
SetEnv KOHA_CONF "/etc/koha/sites/__KOHASITE__/koha-conf.xml"
|
|
SetEnv MEMCACHED_SERVERS "__MEMCACHED_SERVERS__"
|
|
SetEnv MEMCACHED_NAMESPACE "__MEMCACHED_NAMESPACE__"
|
|
AssignUserID __UNIXUSER__ __UNIXGROUP__
|
|
|
|
ErrorLog /var/log/koha/__KOHASITE__/intranet-error.log
|
|
# TransferLog /var/log/koha/__KOHASITE__/intranet-access.log
|
|
# RewriteLog /var/log/koha/__KOHASITE__/intranet-rewrite.log
|
|
</VirtualHost>
|