[Koha] ssl for koha login

Mark Alexander marka at pobox.com
Wed Jun 6 03:28:47 NZST 2018 

Excerpts from Alvaro Cornejo's message of 2018-06-04 21:18:57 -0500:
> I´m trying to setup a ssl connection to Koha  (using letsEncrypt certs ) so
> my users, admin and opac can have a secure connection.
> 
> I´ve folllowed letsEncrypt & certbot instrucctions but neither opac nor
> admin pages work.

I used certbot on Debian 8 to get the OPAC and staff clients to use
SSL.  If I recall correctly, certbot attempted to modify my Apache
config file to add references to the LetsEncrypt certificate files,
but I think it chose the wrong file to modify.  So I hand-modified the
Koha-specific config file to point to the certificates.

Below is the resulting /etc/apache2/sites-available/LIB.conf.  Replace
LIB with the actual Koha instance name, and replace KOHA.MYLIBRARY.COM
with the actual hostname.  Note also that I chose port 81 for the OPAC
and port 82 for the staff client; you will probably need to change
those numbers.

# Koha instance LIB Apache config.

# OPAC
<VirtualHost *:81>
  <IfVersion >= 2.4>
   Define instance "LIB"
  </IfVersion>
   Include /etc/koha/apache-shared.conf
#  Include /etc/koha/apache-shared-disable.conf
  Include /etc/koha/apache-shared-opac-plack.conf
   Include /etc/koha/apache-shared-opac.conf

   ServerName KOHA.MYLIBRARY.COM
   SetEnv KOHA_CONF "/etc/koha/sites/LIB/koha-conf.xml"
   SetEnv MEMCACHED_SERVERS "127.0.0.1:11211"
   SetEnv MEMCACHED_NAMESPACE "koha_LIB"
   AssignUserID LIB-koha LIB-koha

   ErrorLog    /var/log/koha/LIB/opac-error.log
#  TransferLog /var/log/koha/LIB/opac-access.log
#  RewriteLog  /var/log/koha/LIB/opac-rewrite.log
SSLCertificateFile /etc/letsencrypt/live/KOHA.MYLIBRARY.COM/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/KOHA.MYLIBRARY.COM/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>

# Intranet
<VirtualHost *:82>
  <IfVersion >= 2.4>
   Define instance "LIB"
  </IfVersion>
   Include /etc/koha/apache-shared.conf
#  Include /etc/koha/apache-shared-disable.conf
  Include /etc/koha/apache-shared-intranet-plack.conf
   Include /etc/koha/apache-shared-intranet.conf
   
   ServerName KOHA.MYLIBRARY.COM
   SetEnv KOHA_CONF "/etc/koha/sites/LIB/koha-conf.xml"
   SetEnv MEMCACHED_SERVERS "127.0.0.1:11211"
   SetEnv MEMCACHED_NAMESPACE "koha_LIB"
   AssignUserID LIB-koha LIB-koha

   ErrorLog    /var/log/koha/LIB/intranet-error.log
#  TransferLog /var/log/koha/LIB/intranet-access.log
#  RewriteLog  /var/log/koha/LIB/intranet-rewrite.log
SSLCertificateFile /etc/letsencrypt/live/KOHA.MYLIBRARY.COM/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/KOHA.MYLIBRARY.COM/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>

More information about the Koha mailing list