Configuring Apache for SSL - Instructions
- Article Type: General
- Product: Aleph
- Product Version: 20, 21, 22, 23
Description:
Instructions for SSL configuration in Aleph 18 (and higher):
Resolution:
Instructions for SSL configuration in Aleph18 (and higher):
Please note that some parts of this instruction may be irrelevant for the installations after special customer configuration.
-------------------
1. Put the certificates to the $httpd_root/SSLconf/conf
2. In file $alephe_root/www_server.conf - be sure following definitions are correct:
setenv server_httpsd "https://<IP>:443"
setenv server_css_ssl "https://<IP>:443"
3. Edit $alephe_root/apache/conf/ssl.conf and correct the ssl keys+certificate file locations.
4. Edit $alephe_root/apache/bin/apachectl and add to the HTTPD command –DSSL
5. In $alephe_root/apache/bin/apachectl_auto:
Replace
$httpd_bin/httpd -d $httpd_root
with
$httpd_bin/httpd -d $httpd_root -DSSL
6. In the file $alephe_root/www_f_eng/login Replace <form method=post
name="form1"
action="&server_f">
with
<form method=post
name="form1"
action="&server_f_ssl">
<input type="hidden" name="ssl_flag" value="Y">
7. In the $alephe_root/www_f_eng/login-session file Replace the:
<form method=post
name="form1"
action="&server_f">
With the :
<form method=post
name="form1"
action="&server_f_ssl">
<input type="hidden" name="ssl_flag" value="Y">
8. Make the changes shown in Additional Information below in order to make http queries be redirected to https.
9. restart apache (as root) by running $alephe_root/apache/bin/apachectl_auto
10. restart WWW_server by using util w/3/1. WWW Server
Additional Information
Redirect from http->https requires additional configuration in apache. There are 2 ways described at Apache wiki:
1. using virtual hosts (recommended, requires apache 2.2.x) - https://wiki.apache.org/httpd/RedirectSSL
2. using mod_rewrite (not recommended, but easier to set up) - https://wiki.apache.org/httpd/RewriteHTTPToHTTPS
To apply the second approach, please follow the instructions below in your $httpd_root/conf/httpd.conf :
...
STANDARD
# by default do not activate PDS security block
#RewriteMap hosts-allow txt:/exlibris/aleph/u23_1/alephe/apache/conf/hosts-allow
#RewriteCond %{QUERY_STRING} ^func=get-attribute&attribute=BOR_INFO [NC]
#RewriteCond ${hosts-allow:%{REMOTE_ADDR}|NOT-FOUND} NOT-FOUND
#RewriteRule ^.*$ /PDSAccessNotAllowed.html
4 LINES ADDED HERE PLUS START AND END COMMENTS
# redirect http->https
#RewriteCond %{HTTP_HOST} !^localhost [NC]
#RewriteCond %{REMOTE_ADDR} !^127\.0\.0\.1$
#RewriteCond %{HTTPS} !=on
#RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
# end http->https
STANDARD AGAIN
DocumentRoot "/exlibris/aleph/u23_1/alephe/apache/htdocs"
...
Those four lines need to be uncommented and Apache restarted.
Aleph versions 21, 22 and 23 should be able to implement both.
- Article last edited: 12-Oct-2017