[Koha] Enabling https only using SSL

TechOut Solutions techoutsolutions00 at gmail.com
Sun May 12 22:18:44 NZST 2019 

Hi Joel,

I couldn't find the four entries of virtual hosts but I did the following
by searching for similar problems but others are using letsencrypt
certificates.

# OPAC
<VirtualHost *:80>
   Include /etc/koha/apache-shared.conf
#  Include /etc/koha/apache-shared-disable.conf
   Include /etc/koha/apache-shared-opac.conf

   ServerName ssb
   SetEnv KOHA_CONF "/etc/koha/sites/ssb/koha-conf.xml"
   SetEnv MEMCACHED_SERVERS ""
   SetEnv MEMCACHED_NAMESPACE ""
   AssignUserID ssb-koha ssb-koha

   ErrorLog    /var/log/koha/ssb/opac-error.log
#  TransferLog /var/log/koha/ssb/opac-access.log
#  RewriteLog  /var/log/koha/ssb/opac-rewrite.log
   SSLEngine on
   SSLProtocol  +TLSv1.2 +TLSv1.1 +TLSv1
   SSLCipherSuite
"ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"
   SSLHonorCipherOrder     on
   SSLCompression          off

   SSLCertificateFile /etc/apache2/ssl/apache.crt
   SSLCertificateKeyFile /etc/apache2/ssl/apache.key
</VirtualHost>

I couldn't make the https protocol to load the OPAC using the above
configuration. Do I need to use the letsencrypt certificate for it to work?

Thanks!

On Sun, May 12, 2019 at 10:43 AM Coehoorn, Joel <jcoehoorn at york.edu> wrote:

> I'm not at a place where I can check, but if you look at your Apache site
> .conf file, there will likely be 4 virtual host entries: an http and https
> option for both the opac and staff client. You can remove most everything
> from inside the http entries and replace them with Redirect directives
> which point to the correct https urls.
>
> On Sat, May 11, 2019, 11:41 PM TechOut Solutions <
> techoutsolutions00 at gmail.com> wrote:
>
>> Hi there,
>>
>> I am trying to setup Koha OPAC and Staff-Client using https protocol only
>> using SSL and want to disable http access to Koha. I'd appreciate if I
>> could get the sample apache virtualhost site configuration to achieve the
>> result. Thank you.
>>
>> Regards,
>> Nirvana
>> _______________________________________________
>> Koha mailing list  http://koha-community.org
>> Koha at lists.katipo.co.nz
>> https://lists.katipo.co.nz/mailman/listinfo/koha
>>
>

More information about the Koha mailing list