[Koha] Enabling https only using SSL

Mon May 13 05:38:42 NZST 2019

Thanks for your inputs and response! Could you please provide a sample
virtualhost file by providing a working copy or by referring to the
template available from
https://github.com/Koha-Community/Koha/blob/master/debian/templates/apache-site-https.conf.in
?

On Sun, May 12, 2019 at 7:26 PM Coehoorn, Joel <jcoehoorn at york.edu> wrote:

> You must change the *:80 at the top to *:443. You will also want to copy
> the original virtualhost section, before adding the sslengine settings, and
> change it to redirect to the https url.
>
> On Sun, May 12, 2019, 5:18 AM TechOut Solutions <
> techoutsolutions00 at gmail.com> wrote:
>
>> Hi Joel,
>>
>> I couldn't find the four entries of virtual hosts but I did the following
>> by searching for similar problems but others are using letsencrypt
>> certificates.
>>
>> # OPAC
>> <VirtualHost *:80>
>>    Include /etc/koha/apache-shared.conf
>> #  Include /etc/koha/apache-shared-disable.conf
>>    Include /etc/koha/apache-shared-opac.conf
>>
>>    ServerName ssb
>>    SetEnv KOHA_CONF "/etc/koha/sites/ssb/koha-conf.xml"
>>    SetEnv MEMCACHED_SERVERS ""
>>    SetEnv MEMCACHED_NAMESPACE ""
>>    AssignUserID ssb-koha ssb-koha
>>
>>    ErrorLog    /var/log/koha/ssb/opac-error.log
>> #  TransferLog /var/log/koha/ssb/opac-access.log
>> #  RewriteLog  /var/log/koha/ssb/opac-rewrite.log
>>    SSLEngine on
>>    SSLProtocol  +TLSv1.2 +TLSv1.1 +TLSv1
>>    SSLCipherSuite
>> "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"
>>    SSLHonorCipherOrder     on
>>    SSLCompression          off
>>
>>    SSLCertificateFile /etc/apache2/ssl/apache.crt
>>    SSLCertificateKeyFile /etc/apache2/ssl/apache.key
>> </VirtualHost>
>>
>> I couldn't make the https protocol to load the OPAC using the above
>> configuration. Do I need to use the letsencrypt certificate for it to work?
>>
>> Thanks!
>>
>> On Sun, May 12, 2019 at 10:43 AM Coehoorn, Joel <jcoehoorn at york.edu>
>> wrote:
>>
>>> I'm not at a place where I can check, but if you look at your Apache
>>> site .conf file, there will likely be 4 virtual host entries: an http
>>> and https option for both the opac and staff client. You can remove most
>>> everything from inside the http entries and replace them with Redirect
>>> directives which point to the correct https urls.
>>>
>>> On Sat, May 11, 2019, 11:41 PM TechOut Solutions <
>>> techoutsolutions00 at gmail.com> wrote:
>>>
>>>> Hi there,
>>>>
>>>> I am trying to setup Koha OPAC and Staff-Client using https protocol
>>>> only
>>>> using SSL and want to disable http access to Koha. I'd appreciate if I
>>>> could get the sample apache virtualhost site configuration to achieve
>>>> the
>>>> result. Thank you.
>>>>
>>>> Regards,
>>>> Nirvana
>>>> _______________________________________________
>>>> Koha mailing list  http://koha-community.org
>>>> Koha at lists.katipo.co.nz
>>>> https://lists.katipo.co.nz/mailman/listinfo/koha
>>>>
>>>