# Setup Noosfero to use HTTPS
This document assumes that you have a fully and clean Noosfero
installation as explained at the `INSTALL.md` file.
## Creating a self-signed SSL certificate
You should get a valid SSL certificate, but if you want to test
your setup before, you could generate a self-signed certificate
as below:
# mkdir /etc/noosfero/ssl
# cd /etc/noosfero/ssl
# openssl genrsa 2048 > noosfero.key
# openssl req -new -x509 -sha256 -nodes -days $[10*365] -key noosfero.key > noosfero.cert
# cat noosfero.key noosfero.cert > noosfero.pem
## Web server configuration
There are two ways of using SSL with Noosfero: 1) If you are not using
Varnish; and 2) If you are using Varnish.
### 1) If you are are not using Varnish
Simply do a redirect in apache to force all connections with SSL:
```
ServerName test.stoa.usp.br
Redirect / https://example.com/
```
And set a vhost to receive then:
```
ServerName example.com
SSLEngine On
SSLCertificateFile /etc/ssl/certs/cert.pem
SSLCertificateKeyFile /etc/ssl/private/cert.key
Include /etc/noosfero/apache/virtualhost.conf
```
Be aware that if you had configured varnish, the requests won't reach
it with this configuration.
### 2) If you are using Varnish
Varnish isn't able to communicate with the SSL protocol, so we will need some
one else who do this and [Pound](http://www.apsis.ch/pound) can do the job. In
order to install it in Debian based systems:
```
$ sudo apt-get install pound
```
Set Varnish to listen in other port than 80 in `/etc/defaults/varnish`:
```
DAEMON_OPTS="-a localhost:6081 \
-T localhost:6082 \
-f /etc/varnish/default.vcl \
-S /etc/varnish/secret \
-s file,/var/lib/varnish/$INSTANCE/varnish_storage.bin,1G"
```
Configure Pound:
```
# cp /usr/share/noosfero/etc/pound.cfg /etc/pound/
```
Edit `/etc/pound.cfg` and set the IP and domain of your server.
Configure Pound to start at system initialization. At `/etc/default/pound`:
------------------
```
startup=1
```
Set Apache to only listen to localhost, at `/etc/apache2/ports.conf`:
```
Listen 127.0.0.1:8080
```
Restart the services:
```
$ sudo service apache2 restart
$ sudo service varnish restart
```
Start pound:
```
$ sudo service pound start
```
## Noosfero XMPP chat
If you want to use chat over HTTPS, then you should add the domain
and IP of your server in the /etc/hosts file, example
`/etc/hosts:`
```
192.168.1.86 mydomain.example.com
```
Also, it's recomended that you remove the lines below from the file
`/etc/apache2/sites-enabled/noosfero`:
```
RewriteEngine On
Include /usr/share/noosfero/util/chat/apache/xmpp.conf
```