Adding SSL to my KOHA installation (Dynamic DNS and 2 Ports)
Hi there, Our Koha installation uses two ports: 8080 for the client and 8081 for the OPAC. Furthermore, we use dynamic dns (dynu.net) in order to go public/online. Now the time has come to use SSL for both client and OPAC. As far as I know we have to install SSL in apache (our server is UBUNTU). I am not sure how we are going to do this because of our parameters (two ports and dynamic dns). What actions we have to do from the "kohl-side" if any? Thank you in advance. -- Sent from: http://koha.1045719.n5.nabble.com/Koha-general-f3047918.html
Are you using Apache as HTTP frontend? If so, I would recommend you to use port TCP/443 for both cases (OPAC & management) $ sudo a2enmod ssl At /etc/apache2/sites-enabled/biblio.conf : <VirtualHost *:443> ServerName biblio.example.net SSLEngine on SSLCertificateChainFile ".../chain.pem" SSLCertificateFile ".../fullchain.pem" SSLCertificateKeyFile ".../privkey.pem" (...) <VirtualHost *:443> ServerName biblio-intra.example.net SSLEngine on SSLCertificateChainFile ".../chain.pem" SSLCertificateFile ".../fullchain.pem" SSLCertificateKeyFile ".../privkey.pem" (...) And you will have possible to enter through: https://biblio.example.net/ https://biblio-intra.example.net/ El 29/06/18 a les 09:23, niksdr ha escrit:
Hi there,
Our Koha installation uses two ports:
8080 for the client and 8081 for the OPAC.
Furthermore, we use dynamic dns (dynu.net) in order to go public/online.
Now the time has come to use SSL for both client and OPAC. As far as I know we have to install SSL in apache (our server is UBUNTU).
I am not sure how we are going to do this because of our parameters (two ports and dynamic dns). What actions we have to do from the "kohl-side" if any?
Thank you in advance.
-- Sent from: http://koha.1045719.n5.nabble.com/Koha-general-f3047918.html _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
Thank you Narcis for your response. Yes, I am using Apache. This is my /etc/koha/koha-sites.conf ## Apache virtual hosts creation variables # # Please note that the URLs are built like this: # OPAC: http://<OPACPREFIX><INSTANCE NAME><OPACSUFFIX><DOMAIN>:<OPACPORT> # STAFF: http://<INTRAPREFIX><INSTANCE NAME><INTRASUFFIX><DOMAIN>:<INTRAPORT> DOMAIN=".myDNSname.org" INTRAPORT="8080" INTRAPREFIX="" INTRASUFFIX="" OPACPORT="8081" OPACPREFIX="" OPACSUFFIX="" I don't use a domain. Instead I use dynamic dns. So I am able to see my site via: http://example.dynu.net:8080 http://example.dynu.net:8081 Do I need a specific configuration? Kind Regards -- Sent from: http://koha.1045719.n5.nabble.com/Koha-general-f3047918.html
example.dynu.net is a domain. I have these at /etc/koha/koha-sites.conf and it works through port specified for Apache profile anyway: INTRAPORT="80" INTRASUFFIX="-intra" OPACPORT="80" El 29/06/18 a les 10:25, niksdr ha escrit:
Thank you Narcis for your response.
Yes, I am using Apache.
This is my /etc/koha/koha-sites.conf
## Apache virtual hosts creation variables # # Please note that the URLs are built like this: # OPAC: http://<OPACPREFIX><INSTANCE NAME><OPACSUFFIX><DOMAIN>:<OPACPORT> # STAFF: http://<INTRAPREFIX><INSTANCE NAME><INTRASUFFIX><DOMAIN>:<INTRAPORT> DOMAIN=".myDNSname.org" INTRAPORT="8080" INTRAPREFIX="" INTRASUFFIX="" OPACPORT="8081" OPACPREFIX="" OPACSUFFIX=""
I don't use a domain. Instead I use dynamic dns. So I am able to see my site via: http://example.dynu.net:8080 http://example.dynu.net:8081
Do I need a specific configuration?
Kind Regards
-- Sent from: http://koha.1045719.n5.nabble.com/Koha-general-f3047918.html _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
Hello again, I would like to ask if I will need two SSL Certificates for both the opal and the client. Thank you! -- Sent from: http://koha.1045719.n5.nabble.com/Koha-general-f3047918.html
Hi, On Mon 2 Jul, 2018, 10:48 AM niksdr, <sideris.nik@me.com> wrote:
Hello again,
I would like to ask if I will need two SSL Certificates for both the opal and the client. Thank you!
No. An SNI cert can handle both domains. Cheers Indranil
-- Sent from: http://koha.1045719.n5.nabble.com/Koha-general-f3047918.html _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
Hi there, I am trying to enable ssl for Koha but still no luck This my configuration: # OPAC <VirtualHost *:8081> ServerName my domain.here SSLEngine on SSLEngine on SSLCertificateChainFile "/home/kohadmin/Intermediate1.cer" SSLCertificateFile "/home/kohadmin/mycertificatefilehere.cer" SSLCertificateKeyFile "home/kohadmin/mykeyhere.key" DocumentRoot /usr/share/koha/opac/htdocs <IfVersion >= 2.4> Define instance "library" </IfVersion> Include /etc/koha/apache-shared.conf # Include /etc/koha/apache-shared-disable.conf # Include /etc/koha/apache-shared-opac-plack.conf Include /etc/koha/apache-shared-opac.conf ... I am sure I miss something... -- Sent from: http://koha.1045719.n5.nabble.com/Koha-general-f3047918.html
Only if they had different domain (FQDN). Not for different port. El 02/07/18 a les 07:18, niksdr ha escrit:
Hello again,
I would like to ask if I will need two SSL Certificates for both the opal and the client. Thank you!
-- Sent from: http://koha.1045719.n5.nabble.com/Koha-general-f3047918.html _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
participants (3)
-
Indranil Das Gupta -
Narcis Garcia -
niksdr