Configuring Apache for SSL - Instructions

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Article Type: General
Product: Aleph
Product Version: 20, 21, 22, 23

Description:
Instructions for SSL configuration in Aleph 18 (and higher):

Resolution:
Instructions for SSL configuration in Aleph18 (and higher):
Please note that some parts of this instruction may be irrelevant for the installations after special customer configuration.
-------------------

1. Put the certificates to the $httpd_root/SSLconf/conf

2. In file $alephe_root/www_server.conf - be sure following definitions are correct:

setenv server_httpsd "https://<IP>:443"
setenv server_css_ssl "https://<IP>:443"

3. Edit $alephe_root/apache/conf/ssl.conf and correct the ssl keys+certificate file locations.

4. Edit $alephe_root/apache/bin/apachectl and add to the HTTPD command –DSSL

5. In $alephe_root/apache/bin/apachectl_auto:
Replace

$httpd_bin/httpd -d $httpd_root

with

$httpd_bin/httpd -d $httpd_root -DSSL

6. In the file $alephe_root/www_f_eng/login Replace <form method=post
name="form1"
action="&server_f">

with

<form method=post
name="form1"
action="&server_f_ssl">
<input type="hidden" name="ssl_flag" value="Y">

7. In the $alephe_root/www_f_eng/login-session file Replace the:
<form method=post
name="form1"
action="&server_f">

With the :
<form method=post
name="form1"
action="&server_f_ssl">
<input type="hidden" name="ssl_flag" value="Y">

8. Make the changes shown in Additional Information below in order to make http queries be redirected to https.

9. restart apache (as root) by running $alephe_root/apache/bin/apachectl_auto

10. restart WWW_server by using util w/3/1. WWW Server

Additional Information

Redirect from http->https requires additional configuration in apache. There are 2 ways described at Apache wiki:

1. using virtual hosts (recommended, requires apache 2.2.x) - https://wiki.apache.org/httpd/RedirectSSL
2. using mod_rewrite (not recommended, but easier to set up) - https://wiki.apache.org/httpd/RewriteHTTPToHTTPS

To apply the second approach, please follow the instructions below in your $httpd_root/conf/httpd.conf :
...
STANDARD
# by default do not activate PDS security block
#RewriteMap hosts-allow txt:/exlibris/aleph/u23_1/alephe/apache/conf/hosts-allow
#RewriteCond %{QUERY_STRING} ^func=get-attribute&attribute=BOR_INFO [NC]
#RewriteCond ${hosts-allow:%{REMOTE_ADDR}|NOT-FOUND} NOT-FOUND
#RewriteRule ^.*$ /PDSAccessNotAllowed.html

4 LINES ADDED HERE PLUS START AND END COMMENTS
# redirect http->https
#RewriteCond %{HTTP_HOST} !^localhost [NC]
#RewriteCond %{REMOTE_ADDR} !^127\.0\.0\.1$
#RewriteCond %{HTTPS} !=on
#RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
# end http->https

STANDARD AGAIN
DocumentRoot "/exlibris/aleph/u23_1/alephe/apache/htdocs"
...

Those four lines need to be uncommented and Apache restarted.

Aleph versions 21, 22 and 23 should be able to implement both.

Article last edited: 12-Oct-2017