Differences

This shows you the differences between two versions of the page.

--- en:release:3.09_release_notes [2018/09/13 02:59] – anupama
+++ en:release:3.09_release_notes [2018/09/25 09:29] – [Further instructions] anupama
@@ Line 56: / Line 56: @@
 ===== Further instructions =====
+==== Set up your Greenstone to run over https ====
+The more secure https protocol is increasingly required by browsers and gradually superseding http. Given that you meet the following requirements and configure your GS3 as below, Greenstone 3 has now been automated to obtain an https certificate for you from the free Certification Authority "Let's Encrypt".
+Requirements: because we need to temporarily run a server on port 80 to get a certificate issued and because port 80 has some access restrictions surrounding it on most machines,
+  * On unix (linux and mac) systems you need to have sudo permissions
+  * On windows, you probably need admin rights
+  * Ensure nothing is running on port 80 when you're ready to set up https certification your GS3
+Steps:
+  - Edit build.properties as follows:
+     * set ''tomcat.server'' to the //primary// hostname/domain name that you want your Greenstone3 to run as and which is to be registered in your certificate. This would be the host name of your machine.
+     * set a value for ''keystore.pass''.\\ This will be the password on your final certificate used by tomcat.
+     * Ensure ''server.protocols'' contains ''https''.\\ The ''server.protocols'' property is a comma-separated list that indicates which protocols are to be supported by your Greenstone 3 server. This property can be set to one of ''http'', ''https'', ''http, https'' or ''https, http''. The first in the list becomes the default protocol used for previewing with the GS3 server application, ''gs3-server''.
+     * By default ''tomcat.port.https'' is set to 8443. Ensure this port is not already in use, otherwise change it to a port value that's not in use.
+  - Make sure you have read and agree with the [[https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf|Let's Encrypt Subscriber Agreement]]
+  - Use a terminal to go into your GS3 installation folder, run ''gs3-setup'' on windows and ''source ./gs3-setup'' on linux and mac to set up the GS3 environment, then run the ''ant setup-https-cert'' target. For example,\\ <code>cd /path/to/GS3
+source ./gs3-setup
+ant setup-https-cert
+</code>\\ You'll be asked for an **email** that Let's Encrypt can optionally communicate to you on, as well as **any additional domain names** you want in the //same// certificate (additional domains are **untested**), and whether you **agree** with the Let's Encrypt Subscriber Agreement.\\ On linux or mac, you may be asked to provide your sudo password to run a server on port 80. (On Mac and windows, the GS3 tomcat server will be run on port 80 since we use ZeroSSL to get Let's Encrypt to issue certificates on Mac and Windows. On linux, a standalone temporary server will run on port 80, as we use //Let's Encrypt//'s own certbot-auto script for the certification process.)
+  - Once the setup-https-cert ant target has finished, you can start your web GS3 server by either running the gs3-server application or by running "ant start" from the terminal.
+  - If you ran the gs3-server application, press the Enter Library button to open your DL home page. If you ran ''ant start'' from the command line, then open a browser manually. Point your browser to ''https://<tomcat.server>:<tomcat.port.https>/greenstone3/library'', adjusting the tomcat.server and tomcat.port.https values as per what you set for thse properties in your GS3 installation folder's toplevel ''build.properties'' file.
+  - Once your https home page has loaded, confirm that your certificate is properly installed by looking for a green padlock next to the address bar. (Depending on your browser, you can click the padlock to get more information on the certificate issuer.)
 ====Changing the admin password====
 Login to the administration page, 'edit' the admin account, and click 'change password'. Alternatively, you can login as admin via the login button at the top right of each page. Once you are logged in, this button will change to say 'admin'. Click this button and select 'account settings'. From there, you can select 'change password'.
@@ Line 220: / Line 241: @@
 ===== Important Changes and Bug Fixes =====
+  * HTTPS support: Greenstone will obtain a certificate from the Certification Authority Let's Encrypt to run your GS3 tomcat over https. However, on unix systems (macs and linux), you will need to have sudo permissions. And on Windows you will probably need admin rights.
 ===== IMPORTANT information =====
@@ Line 235: / Line 256: @@
 Things to try:
-* Close all tabs in firefox and restart firefox in the usual way. Try logging in and visiting other pages to see if it remembers your login now.
+  * Close all tabs in firefox and restart firefox in the usual way. Try logging in and visiting other pages to see if it remembers your login now.
-* If that made no difference, try launching a Private Window (Ctrl + Shift + P on firefox), visit your GS3 digital library and login again, then check whether it's being remembered across Greenstone pages now.
+  *  If that made no difference, try launching a Private Window (Ctrl + Shift + P on firefox), visit your GS3 digital library and login again, then check whether it's being remembered across Greenstone pages now.
-* If that also made no difference then the most likely cause is Firefox plugins or extensions or addons, or maybe its hardware acceleration feature needs to be switched off. To find out if any of this is the case, quit firefox once more by first close all tabs in firefox and quit it. Then try re-launching Firefox in Safe Mode as explained at https://support.mozilla.org/en-US/questions/1213229
+  * If that also made no difference then the most likely cause is Firefox plugins or extensions or addons, or maybe its hardware acceleration feature needs to be switched off. To find out if any of this is the case, quit firefox once more by first close all tabs in firefox and quit it. Then try re-launching Firefox in Safe Mode as explained at https://support.mozilla.org/en-US/questions/1213229
 > [[https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-using-safe-mode|Start Firefox in Safe Mode]] by holding down the <Shift> (Mac=Options) key, and then starting Firefox.