Differences

This shows you the differences between two versions of the page.

--- en:user_advanced:gs3_https [2025/02/13 00:46] – [Getting things to run as sudo with no password] kjdon
+++ en:user_advanced:gs3_https [2025/02/13 01:02] (current) – [Using Apache to reverse proxy Tomcat] kjdon
@@ Line 6: / Line 6: @@
 ===== Using Apache to reverse proxy Tomcat =====
+Install and setup Apache with certbot SSL certificates. Then in the le-ssl.conf file (eg /etc/httpd/sites-enabled/000-defualt-le-ssl.conf) add teh following into the <VirtualHost *:443> node:
+       ProxyPass /greenstone3 http://localhost:8383/greenstone3
+       ProxyPassReverse /greenstone3 http://localhost:8383/greenstone3
+       <Location /greenstone3>
+            ProxyPassReverseCookiePath /greenstone3 /greenstone3
+       </Location>
+       ProxyPass /webswing-server/ http://localhost:8383/webswing-server/ upgrade=websocket
+In build.properties, you will need to set the revproxy settings:
+    revproxy.protocol=https
+    revproxy.domain=<DOMAIN>
+    ##revproxy.opt_port=8080  - this can stay commented out if you don't want a port number to appear in the public URL
+    ##revproxy.context=/greenstone3  - this can stay commented out if you are using the same context as greenstone3.context
 ===== Linux: Getting SSL certificates using certbot =====
-A
 To have your webserver running under https, you need an SSL certificate. Many hosting platforms have tools to let you use HTTPS. See [[https://certbot.eff.org/hosting_providers]] to check your hosting provider.
@@ Line 19: / Line 38: @@
 Take note of the "What you need" section. Then, choose your webserver ('apache' or 'other' for Tomcat) and operating system, and it will give you instructions to install certbot, plus also instructions to run it to get certificates.
+Port 80 must be open to obtain and renew a certificate.
 Once you have certbot installed, if you are using Apache, you can run
@@ Line 88: / Line 108: @@
 to be restarted to use the new certificate.
-You can set commands to be run before/after renewal using hook arguments to the certbot renew command. Once certbot has renewed a certificate, what we need to do is shutdown Tomcat, convert the certificate, copy it in to Tomcat's area, then restart.
+You can set commands to be run before/after renewal using hook arguments to the certbot renew command. ([[https://eff-certbot.readthedocs.io/en/latest/using.html#renewing-certificates]]) Once certbot has renewed a certificate, what we need to do is shutdown Tomcat, convert the certificate, copy it in to Tomcat's area, then restart.
 There is a script in Greenstone3 - ''ant-update-https-cert-and-restart.sh'' - which does these things. You can add this script as a deploy-hook. To get this added to the renewal options, run a forced renewal.
-'' sudo certbot renew --deploy-hook <PATH-TO-GREENSTONE3>/ant-update-https-cert-and-restart.sh --force-renewal
+'' sudo certbot renew --deploy-hook <PATH-TO-GREENSTONE3>/ant-update-https-cert-and-restart.sh --force-renewal''
-You can see the options for a renewal at /etc/letsencrypt/renewal/<DOMAIN>.conf. If you run a force-renewal it will save your new options.  Also, you can edit this file.
+You can see the options for a renewal at ''/etc/letsencrypt/renewal/<DOMAIN>.conf''. If you run a force-renewal it will save your new options.  Also, you can edit this file.
 Note, automatic running of this script requires some setup for sudo to be run with no password. See below.