[Koha] Enabling SSL for Koha staff view

Martin Renvoize martin.renvoize at ptfs-europe.com
Fri May 13 20:33:09 NZST 2011


You could however,

Use Name based Virtualhosts (like kohaapoc.yourlibrary.com and
kohastaff.yourlibrary.com) and run both on port 443 for secure.  To do this
you'll either need two certificates (one for each domain) or a SAN shared
certificate with both domain names in it.

An example http.conf might look like (assuming the
two certificate approach);

## OPAC Default Access
<VirtualHost 127.0.1.1:80>
   DocumentRoot /home/koha/kohaclone/koha-tmpl
   ServerName kohalibrary.halton.gov.uk
   . . .
</VirtualHost>

## OPAC Secure
<VirtualHost 127.0.1.1:443>
   DocumentRoot /home/koha/kohaclone/koha-tmpl
   ServerName kohalibrary.halton.gov.uk
   . . .

# SSL Setup
# CA Root and Intermediate Certificates
   SSLEngine On
   SSLCACertificatePath /etc/apache2/ssl/certs/
   SSLCACertificateFile /etc/apache2/ssl/certs/gs_combined_ca.crt

   SSLCertificateFile /etc/apache2/ssl/certs/kohalibrary.crt
   SSLCertificateKeyFile /etc/apache2/ssl/certs/kohalibrary.key

</VirtualHost>

## Intranet Secure
<VirtualHost 109.75.173.120:443>
   DocumentRoot /home/koha/kohaclone/koha-tmpl
   ServerName kohastaff.halton.gov.uk
   . . .
# SSL Setup
# CA Root and Intermediate Certificates
   SSLEngine On
   SSLCACertificatePath /etc/apache2/ssl/certs/
   SSLCACertificateFile /etc/apache2/ssl/certs/gs_combined_ca.crt

   SSLCertificateFile /etc/apache2/ssl/certs/kohastaff.crt
   SSLCertificateKeyFile /etc/apache2/ssl/certs/kohastaff.key
</VirtualHost>



2011/5/8 Mizst Audens <mizstik at gmail.com>

> No, it's not possible due to the limitation of the architecture. A port can
> serve only http or https but not both at the same time.
>
> The transparency of http/https in normal websites is due to the
> standardization of port 80 and 443. (port 80 runs http, and port 443 runs
> https, so each port only runs one type of connection) When you don't use
> these standard ports, you will need to specify the correct combination of
> protocol and port in order to reach a service.
>
> --Mizst
>
>
> On Sun, May 8, 2011 at 12:33 PM, Altaf Mahmud <altaf.mahmud at gmail.com>wrote:
>
>> Is it possible to use port 8080 for both purposes (HTTP and HTTPS)?
>> Actually, I just wanted to secure port 8080, can I do that?
>>
>> Thanks a lot!
>>
>>
>> On Sat, May 7, 2011 at 8:34 PM, Mizst Audens <mizstik at gmail.com> wrote:
>>
>>> You must create another virtual host at another port (for example, 8081)
>>> for the staff area and enable SSL for that virtual host, and it will require
>>> another SSL certificate. Your staff will need to use (example)
>>> https://127.0.1.1:8081 if they want to use SSL, and
>>> http://127.0.1.1:8080 if they don't want to use SSL.
>>>
>>> Note that https://127.0.1.1 is in fact an alias for
>>> https://127.0.1.1:443. You already used 443 for the OPAC, so you'll need
>>> another port for the staff.
>>>
>>> --Mizst
>>>
>>>
>>> 2011/5/7 Altaf Mahmud <altaf.mahmud at gmail.com>
>>>
>>>> Hello,
>>>>
>>>> I'm trying to implement SSL in my Koha server running on Debian 6.0
>>>> (squeeze). I've implemented it for my OPAC view, I've created another file
>>>> 'koha-ssl' in ../apache2/sites-available/ directory and enabled it. I've
>>>> edited ../apache2/sites-available/koha like following:
>>>>
>>>> NameVirtualHost *:80
>>>> <VirtualHost 127.0.1.1:80>
>>>>
>>>>     .....
>>>>     .....
>>>>
>>>> </VirtualHost>
>>>>
>>>> And ../apache2/sites-available/koha-ssl like following:
>>>>
>>>> NameVirtualHost *:443
>>>> <VirtualHost 127.0.1.1:443>
>>>>     .....
>>>>
>>>>    SSLEngine On
>>>>    SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem
>>>>    SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
>>>>
>>>>     .....
>>>> </VirtualHost>
>>>>
>>>> Now https://127.0.1.1/ is showing the OPAC. But I can't figure it out
>>>> how to implement it for staff-view <VirtualHost 127.0.1.1:8080>
>>>> Request for port 80 is redirecting to port 443, how can I do that for
>>>> port 8080? In fact, I don't have any prior idea on doing this; a descriptive
>>>> suggestion is appropriate for me.
>>>>
>>>> Thanks.
>>>>
>>>>
>>>>
>>>> --
>>>> Altaf Mahmud
>>>> System Programmer
>>>> Ayesha Abed Library
>>>> BRAC University
>>>> Bangladesh.
>>>>
>>>>
>>>> _______________________________________________
>>>> Koha mailing list  http://koha-community.org
>>>> Koha at lists.katipo.co.nz
>>>> http://lists.katipo.co.nz/mailman/listinfo/koha
>>>>
>>>>
>>>
>>
>>
>> --
>> Altaf Mahmud
>> System Programmer
>> Ayesha Abed Library
>> BRAC University
>> Bangladesh.
>>
>>
>
> _______________________________________________
> Koha mailing list  http://koha-community.org
> Koha at lists.katipo.co.nz
> http://lists.katipo.co.nz/mailman/listinfo/koha
>
>


-- 
Martin Renvoize
Software Developer, PTFS Europe Ltd
Content Management and Library Solutions
martin.renvoize at ptfs-europe.com
skype: Martin Renvoize

http://www.ptfs-europe.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.katipo.co.nz/pipermail/koha/attachments/20110513/3617e4bf/attachment.htm 


More information about the Koha mailing list