Changes between Version 1 and Version 2 of idpiam2018
- Timestamp:
- Sep 3, 2018, 7:18:31 AM (6 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
idpiam2018
v1 | v2 | |
---|---|---|
193 | 193 | |
194 | 194 | * |
195 | ||
195 | {{{ | |
196 | 196 | add-apt-repository ppa:certbot/certbot |
197 | 197 | }}} |
198 | 198 | * |
199 | ||
199 | {{{ | |
200 | 200 | apt install python-certbot-apache |
201 | 201 | }}} |
202 | 202 | * |
203 | ||
203 | {{{ | |
204 | 204 | certbot --apache -d idp.YOUR-DOMAIN |
205 | 205 | }}} |
… | … | |
256 | 256 | 13. (OPTIONAL) If you haven't follow the letsencrypt method Create a Certificate and a Key self-signed for HTTPS |
257 | 257 | * |
258 | ||
258 | {{{ | |
259 | 259 | mkdir /root/certificates |
260 | 260 | }}} |
261 | 261 | * |
262 | ||
262 | {{{ | |
263 | 263 | openssl req -x509 -newkey rsa:4096 -keyout /root/certificates/idp-key-server.key -out /root/certificates/idp-cert-server.crt -nodes -days 1095 |
264 | 264 | }}} |
… | … | |
266 | 266 | |
267 | 267 | * |
268 | ||
268 | {{{ | |
269 | 269 | mv /location-to-crts/idp-cert-server.crt /root/certificates |
270 | 270 | }}} |
271 | 271 | * |
272 | ||
272 | {{{ | |
273 | 273 | mv /location-to-crts/idp-key-server.key /root/certificates |
274 | 274 | }}} |
275 | 275 | * |
276 | ||
276 | {{{ | |
277 | 277 | mv /location-to-crts/PublicCA.crt /root/certificates |
278 | 278 | }}} |
… | … | |
281 | 281 | |
282 | 282 | * |
283 | ||
283 | {{{ | |
284 | 284 | chmod 400 /root/certificates/idp-key-server.key |
285 | 285 | }}} |
286 | 286 | * |
287 | ||
287 | {{{ | |
288 | 288 | chmod 644 /root/certificates/idp-cert-server.crt |
289 | 289 | }}} |
290 | 290 | * |
291 | ||
291 | {{{ | |
292 | 292 | chmod 644 /root/certificates/PublicCA.crt |
293 | 293 | }}} |
… | … | |
295 | 295 | Create the file `/etc/apache2/sites-available/idp-ssl.conf` as follows: |
296 | 296 | |
297 | ||
297 | {{{ | |
298 | 298 | <IfModule mod_ssl.c> |
299 | 299 | SSLStaplingCache shmcb:/var/run/ocsp(128000) |
… | … | |
331 | 331 | Enable '''proxy_http''', '''SSL''' and '''headers''' Apache2 modules: |
332 | 332 | * |
333 | ||
333 | {{{ | |
334 | 334 | a2enmod proxy_http ssl headers alias include negotiation |
335 | 335 | }}} |
336 | 336 | * |
337 | ||
337 | {{{ | |
338 | 338 | a2ensite idp-ssl.conf |
339 | 339 | }}} |
340 | 340 | * |
341 | ||
341 | {{{ | |
342 | 342 | service apache2 restart |
343 | 343 | }}} |
… | … | |
345 | 345 | Configure Apache2 to redirect all on HTTPS: |
346 | 346 | * |
347 | ||
347 | {{{ | |
348 | 348 | vim /etc/apache2/sites-enabled/000-default.conf |
349 | 349 | }}} |
… | … | |
361 | 361 | 14. Modify `server.xml`: |
362 | 362 | * |
363 | ||
363 | {{{ | |
364 | 364 | vim /etc/tomcat8/server.xml |
365 | 365 | }}} |