Thanks for your inputs and response! Could you please provide a sample virtualhost file by providing a working copy or by referring to the template available from https://github.com/Koha-Community/Koha/blob/master/debian/templates/apache-s... ? On Sun, May 12, 2019 at 7:26 PM Coehoorn, Joel <jcoehoorn@york.edu> wrote:
You must change the *:80 at the top to *:443. You will also want to copy the original virtualhost section, before adding the sslengine settings, and change it to redirect to the https url.
On Sun, May 12, 2019, 5:18 AM TechOut Solutions < techoutsolutions00@gmail.com> wrote:
Hi Joel,
I couldn't find the four entries of virtual hosts but I did the following by searching for similar problems but others are using letsencrypt certificates.
# OPAC <VirtualHost *:80> Include /etc/koha/apache-shared.conf # Include /etc/koha/apache-shared-disable.conf Include /etc/koha/apache-shared-opac.conf
ServerName ssb SetEnv KOHA_CONF "/etc/koha/sites/ssb/koha-conf.xml" SetEnv MEMCACHED_SERVERS "" SetEnv MEMCACHED_NAMESPACE "" AssignUserID ssb-koha ssb-koha
ErrorLog /var/log/koha/ssb/opac-error.log # TransferLog /var/log/koha/ssb/opac-access.log # RewriteLog /var/log/koha/ssb/opac-rewrite.log SSLEngine on SSLProtocol +TLSv1.2 +TLSv1.1 +TLSv1 SSLCipherSuite "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA" SSLHonorCipherOrder on SSLCompression off
SSLCertificateFile /etc/apache2/ssl/apache.crt SSLCertificateKeyFile /etc/apache2/ssl/apache.key </VirtualHost>
I couldn't make the https protocol to load the OPAC using the above configuration. Do I need to use the letsencrypt certificate for it to work?
Thanks!
On Sun, May 12, 2019 at 10:43 AM Coehoorn, Joel <jcoehoorn@york.edu> wrote:
I'm not at a place where I can check, but if you look at your Apache site .conf file, there will likely be 4 virtual host entries: an http and https option for both the opac and staff client. You can remove most everything from inside the http entries and replace them with Redirect directives which point to the correct https urls.
On Sat, May 11, 2019, 11:41 PM TechOut Solutions < techoutsolutions00@gmail.com> wrote:
Hi there,
I am trying to setup Koha OPAC and Staff-Client using https protocol only using SSL and want to disable http access to Koha. I'd appreciate if I could get the sample apache virtualhost site configuration to achieve the result. Thank you.
Regards, Nirvana _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha