Changes between Version 1 and Version 2 of idpiam2018
- Timestamp:
- Sep 3, 2018, 7:18:31 AM (6 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
idpiam2018
| v1 | v2 | |
|---|---|---|
| 193 | 193 | |
| 194 | 194 | * |
| 195 | ||
| 195 | {{{ | |
| 196 | 196 | add-apt-repository ppa:certbot/certbot |
| 197 | 197 | }}} |
| 198 | 198 | * |
| 199 | ||
| 199 | {{{ | |
| 200 | 200 | apt install python-certbot-apache |
| 201 | 201 | }}} |
| 202 | 202 | * |
| 203 | ||
| 203 | {{{ | |
| 204 | 204 | certbot --apache -d idp.YOUR-DOMAIN |
| 205 | 205 | }}} |
| … | … | |
| 256 | 256 | 13. (OPTIONAL) If you haven't follow the letsencrypt method Create a Certificate and a Key self-signed for HTTPS |
| 257 | 257 | * |
| 258 | ||
| 258 | {{{ | |
| 259 | 259 | mkdir /root/certificates |
| 260 | 260 | }}} |
| 261 | 261 | * |
| 262 | ||
| 262 | {{{ | |
| 263 | 263 | openssl req -x509 -newkey rsa:4096 -keyout /root/certificates/idp-key-server.key -out /root/certificates/idp-cert-server.crt -nodes -days 1095 |
| 264 | 264 | }}} |
| … | … | |
| 266 | 266 | |
| 267 | 267 | * |
| 268 | ||
| 268 | {{{ | |
| 269 | 269 | mv /location-to-crts/idp-cert-server.crt /root/certificates |
| 270 | 270 | }}} |
| 271 | 271 | * |
| 272 | ||
| 272 | {{{ | |
| 273 | 273 | mv /location-to-crts/idp-key-server.key /root/certificates |
| 274 | 274 | }}} |
| 275 | 275 | * |
| 276 | ||
| 276 | {{{ | |
| 277 | 277 | mv /location-to-crts/PublicCA.crt /root/certificates |
| 278 | 278 | }}} |
| … | … | |
| 281 | 281 | |
| 282 | 282 | * |
| 283 | ||
| 283 | {{{ | |
| 284 | 284 | chmod 400 /root/certificates/idp-key-server.key |
| 285 | 285 | }}} |
| 286 | 286 | * |
| 287 | ||
| 287 | {{{ | |
| 288 | 288 | chmod 644 /root/certificates/idp-cert-server.crt |
| 289 | 289 | }}} |
| 290 | 290 | * |
| 291 | ||
| 291 | {{{ | |
| 292 | 292 | chmod 644 /root/certificates/PublicCA.crt |
| 293 | 293 | }}} |
| … | … | |
| 295 | 295 | Create the file `/etc/apache2/sites-available/idp-ssl.conf` as follows: |
| 296 | 296 | |
| 297 | ||
| 297 | {{{ | |
| 298 | 298 | <IfModule mod_ssl.c> |
| 299 | 299 | SSLStaplingCache shmcb:/var/run/ocsp(128000) |
| … | … | |
| 331 | 331 | Enable '''proxy_http''', '''SSL''' and '''headers''' Apache2 modules: |
| 332 | 332 | * |
| 333 | ||
| 333 | {{{ | |
| 334 | 334 | a2enmod proxy_http ssl headers alias include negotiation |
| 335 | 335 | }}} |
| 336 | 336 | * |
| 337 | ||
| 337 | {{{ | |
| 338 | 338 | a2ensite idp-ssl.conf |
| 339 | 339 | }}} |
| 340 | 340 | * |
| 341 | ||
| 341 | {{{ | |
| 342 | 342 | service apache2 restart |
| 343 | 343 | }}} |
| … | … | |
| 345 | 345 | Configure Apache2 to redirect all on HTTPS: |
| 346 | 346 | * |
| 347 | ||
| 347 | {{{ | |
| 348 | 348 | vim /etc/apache2/sites-enabled/000-default.conf |
| 349 | 349 | }}} |
| … | … | |
| 361 | 361 | 14. Modify `server.xml`: |
| 362 | 362 | * |
| 363 | ||
| 363 | {{{ | |
| 364 | 364 | vim /etc/tomcat8/server.xml |
| 365 | 365 | }}} |
