[Koha] ssl for koha login

Mason James mtj at kohaaloha.com
Wed Jun 6 17:20:35 NZST 2018 


On 6/06/18 4:06 pm, Mason James wrote:
>
> On 6/06/18 3:45 pm, Mason James wrote:
>> On 5/06/18 2:18 pm, Alvaro Cornejo wrote:
>>> Hi
>>>
>>> I´m trying to setup a ssl connection to Koha  (using letsEncrypt certs ) so
>>> my users, admin and opac can have a secure connection.
>>>
>>> I´ve folllowed letsEncrypt & certbot instrucctions but neither opac nor
>>> admin pages work.
>>>
>>> I´ve tried directing connections manually and configuring apache for
>>> redirect unsuccessfully.
>>>
>>> Any hints on this?
>>>
>>> This is mostly to avoid the upcoming chrome config where it will display an
>>> unsafe site warning to any site requiring login that does not use ssl
>>>
>>> Regards,
>>>
>>> Alvaro
>>> _______________________________________________
>>> Koha mailing list  http://koha-community.org
>>> Koha at lists.katipo.co.nz
>>> https://lists.katipo.co.nz/mailman/listinfo/koha
>> hi Alvaro
>>
>> here's an apache config that has worked well for me
>>
>> it has some extra magic to improve it's SSL score
>>
>> the config now gets an 'A+' on the following site...
>>  https://www.ssllabs.com/ssltest
>>
>> i'll aim to add this to the Koha wiki
>>
>> cheers, Mason
>>
>>
> ...and here's a nice 'cert renew' solution, using LE's cli.ini file
>
>
> root at deb8:/# cat /etc/letsencrypt/cli.ini
> domains = demo.foo.org, demo-admin.foo.org
>
>
> root at deb8:/# cat /etc/cron.d/certbot
> # /etc/cron.d/certbot: crontab entries for the certbot package
> #
> # Upstream recommends attempting renewal twice a day
> #
> SHELL=/bin/sh
> PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
>
> # -n for non-interactive
> 0 1 * * * root   service apache2 stop ;   perl -e 'sleep
> int(rand(3600))' &&  /usr/bin/certbot  certonly   --expand  -n   
> --standalone  --config  /etc/letsencrypt/cli.ini ;  service apache2 start

oops, a bad cut/paste

this looks like a better way, using pre/post hooks...
0 1 * * * root   perl -e 'sleep int(rand(3600))' && /usr/bin/certbot
certonly --expand -n --standalone --config /etc/letsencrypt/cli.ini
--pre-hook 'service apache2 stop' --post-hook 'service apache2 start'

More information about the Koha mailing list