[Koha] ssl for koha login
Alvaro Cornejo
cornejo.alvaro at gmail.com
Sun Jun 10 16:25:17 NZST 2018
Hi
I have just do the suggestions and it worked like a charm.
About the renewal cron, will have to wait until my certs are for renew and
see what happens
Thanks!!!
Alvaro
|-----------------------------------------------------------------------------------------------------------------|
Envíe y Reciba Datos y mensajes de Texto (SMS) hacia y desde cualquier
celular y Nextel
en el Perú, México y en mas de 180 paises. Use aplicaciones 2 vias via SMS
y GPRS online
Visitenos en www.perusms.com
2018-06-06 0:20 GMT-05:00 Mason James <mtj at kohaaloha.com>:
>
>
> On 6/06/18 4:06 pm, Mason James wrote:
> >
> > On 6/06/18 3:45 pm, Mason James wrote:
> >> On 5/06/18 2:18 pm, Alvaro Cornejo wrote:
> >>> Hi
> >>>
> >>> I´m trying to setup a ssl connection to Koha (using letsEncrypt certs
> ) so
> >>> my users, admin and opac can have a secure connection.
> >>>
> >>> I´ve folllowed letsEncrypt & certbot instrucctions but neither opac nor
> >>> admin pages work.
> >>>
> >>> I´ve tried directing connections manually and configuring apache for
> >>> redirect unsuccessfully.
> >>>
> >>> Any hints on this?
> >>>
> >>> This is mostly to avoid the upcoming chrome config where it will
> display an
> >>> unsafe site warning to any site requiring login that does not use ssl
> >>>
> >>> Regards,
> >>>
> >>> Alvaro
> >>> _______________________________________________
> >>> Koha mailing list http://koha-community.org
> >>> Koha at lists.katipo.co.nz
> >>> https://lists.katipo.co.nz/mailman/listinfo/koha
> >> hi Alvaro
> >>
> >> here's an apache config that has worked well for me
> >>
> >> it has some extra magic to improve it's SSL score
> >>
> >> the config now gets an 'A+' on the following site...
> >> https://www.ssllabs.com/ssltest
> >>
> >> i'll aim to add this to the Koha wiki
> >>
> >> cheers, Mason
> >>
> >>
> > ...and here's a nice 'cert renew' solution, using LE's cli.ini file
> >
> >
> > root at deb8:/# cat /etc/letsencrypt/cli.ini
> > domains = demo.foo.org, demo-admin.foo.org
> >
> >
> > root at deb8:/# cat /etc/cron.d/certbot
> > # /etc/cron.d/certbot: crontab entries for the certbot package
> > #
> > # Upstream recommends attempting renewal twice a day
> > #
> > SHELL=/bin/sh
> > PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
> >
> > # -n for non-interactive
> > 0 1 * * * root service apache2 stop ; perl -e 'sleep
> > int(rand(3600))' && /usr/bin/certbot certonly --expand -n
> > --standalone --config /etc/letsencrypt/cli.ini ; service apache2 start
>
> oops, a bad cut/paste
>
> this looks like a better way, using pre/post hooks...
> 0 1 * * * root perl -e 'sleep int(rand(3600))' && /usr/bin/certbot
> certonly --expand -n --standalone --config /etc/letsencrypt/cli.ini
> --pre-hook 'service apache2 stop' --post-hook 'service apache2 start'
>
>
More information about the Koha
mailing list