Setup Noosfero to use HTTPS
===========================
This document assumes that you have a fully and clean Noosfero
installation as explained at the `INSTALL.md` file.
SSL certificate
+++++++++++++++
You should get a valid SSL certificate, but if you want to test
your setup before, you could generate a self-signed certificate
as below:
    # mkdir /etc/noosfero/ssl
    # cd /etc/noosfero/ssl
	  # openssl genrsa 1024 > noosfero.key
    # openssl req -new -x509 -nodes -sha1 -days $[10*365] -key noosfero.key > noosfero.cert
    # cat noosfero.key noosfero.cert > noosfero.pem
There are two ways of using SSL with Noosfero: 1) If you are not using
Varnish; and 2) If you are using Varnish.
1) If you are are not using Varnish
+++++++++++++++++++++++++++++++++++
Simply do a redirect in apache to force all connections with SSL:
  
    ServerName test.stoa.usp.br
   
    Redirect / https://example.com/
  
And set a vhost to receive then:
  
    ServerName example.com
   
    SSLEngine On
    SSLCertificateFile    /etc/ssl/certs/cert.pem
    SSLCertificateKeyFile /etc/ssl/private/cert.key
   
    Include /etc/noosfero/apache/virtualhost.conf
  
Be aware that if you had configured varnish, the requests won't reach
it with this configuration.
2) If you are using Varnish
+++++++++++++++++++++++++++
Varnish isn't able to communicate with the SSL protocol, so we will
need some one who do this and Pound[1] can do the job. In order to
install it in Debian based systems:
  $ sudo apt-get install pound
Set Varnish to listen in other port than 80:
/etc/defaults/varnish
---------------------
  DAEMON_OPTS="-a localhost:6081 \
               -T localhost:6082 \ 
               -f /etc/varnish/default.vcl \ 
               -S /etc/varnish/secret \ 
               -s file,/var/lib/varnish/$INSTANCE/varnish_storage.bin,1G"
Configure Pound:
    # cp /usr/share/noosfero/etc/pound.cfg /etc/pound/
Edit /etc/pound.cfg and set the IP and domain of your server.
Configure Pound to start at system initialization:
/etc/default/pound
------------------
  startup=1
Set Apache to only listen to localhost:
/etc/apache2/ports.conf
-----------------------
  Listen 127.0.0.1:8080
Restart the services:
  $ sudo service apache2 restart
  $ sudo service varnish restart
Start pound:
  $ sudo service pound start
[1] http://www.apsis.ch/pound
Noosfero XMPP chat
++++++++++++++++++
If you want to use chat over HTTPS, then you should add the domain
and IP of your server in the /etc/hosts file, example:
/etc/hosts
----------
  192.168.1.86	mydomain.example.com
Also, it's recomended that you remove lines above from the file
`/etc/apache2/sites-enabled/noosfero`:
    RewriteEngine On
    Include /usr/share/noosfero/util/chat/apache/xmpp.conf