INSTALL.https.md 2.7 KB
Edit Raw Blame History Permalink


Setup Noosfero to use HTTPS
This document assumes that you have a fully and clean Noosfero
installation as explained at the INSTALL.md file.
Creating a self-signed SSL certificate
You should get a valid SSL certificate, but if you want to test
your setup before, you could generate a self-signed certificate
as below:


    # mkdir /etc/noosfero/ssl
# cd /etc/noosfero/ssl
# openssl genrsa 2048 > noosfero.key
# openssl req -new -x509 -sha256 -nodes -days $[10*365] -key noosfero.key > noosfero.cert
# cat noosfero.key noosfero.cert > noosfero.pem

  
Web server configuration
There are two ways of using SSL with Noosfero: 1) If you are not using
Varnish; and 2) If you are using Varnish.
1) If you are are not using Varnish
Simply do a redirect in apache to force all connections with SSL:


    <VirtualHost *:8080>
  ServerName test.stoa.usp.br
  Redirect / https://example.com/
</VirtualHost>

  
And set a vhost to receive then:


    <VirtualHost *:443>
  ServerName example.com
  SSLEngine On
  SSLCertificateFile    /etc/ssl/certs/cert.pem
  SSLCertificateKeyFile /etc/ssl/private/cert.key
  Include /etc/noosfero/apache/virtualhost.conf
</VirtualHost>

  
Be aware that if you had configured varnish, the requests won't reach
it with this configuration.
2) If you are using Varnish
Varnish isn't able to communicate with the SSL protocol, so we will need some
one else who do this and Pound can do the job. In
order to install it in Debian based systems:


    $ sudo apt-get install pound

  
Set Varnish to listen in other port than 80 in /etc/defaults/varnish:


    DAEMON_OPTS="-a localhost:6081 \
             -T localhost:6082 \
             -f /etc/varnish/default.vcl \
             -S /etc/varnish/secret \
             -s file,/var/lib/varnish/$INSTANCE/varnish_storage.bin,1G"

  
Configure Pound:


    # cp /usr/share/noosfero/etc/pound.cfg /etc/pound/

  
Edit /etc/pound.cfg and set the IP and domain of your server.
Configure Pound to start at system initialization. At /etc/default/pound:

  
    startup=1

  
Set Apache to only listen to localhost, at /etc/apache2/ports.conf:


    Listen 127.0.0.1:8080

  
Restart the services:


    $ sudo service apache2 restart
$ sudo service varnish restart

  
Start pound:


    $ sudo service pound start

  
Noosfero XMPP chat
If you want to use chat over HTTPS, then you should add the domain
and IP of your server in the /etc/hosts file, example

/etc/hosts:


    192.168.1.86    mydomain.example.com

  
Also, it's recomended that you remove the lines below from the file
/etc/apache2/sites-enabled/noosfero:


    RewriteEngine On
Include /usr/share/noosfero/util/chat/apache/xmpp.conf