How to Configure Ofbiz SSL

> Yes, I did stumble upon that documentation eventually. It seems (as usual)
> that google is a better way to search than a site's own index/search. I
> think the main problem I encountered (re: docs) is that there appear to be
> 3 sets of documentation out there, with things pertaining to different
> aspects being best served in different places.
>
> Ultimately I did figure out everything about the install (Java 8 on debian
> 10, mariadb, SSL with Lets Encrypt, Apache proxying, direct serving static
> content). However a bug in OFBiz itself is preventing me from actually
> using it for accounting. It is impossible to enter postal addresses in a
> clean install of 17.12.04, due to pull down for province/state not working.
> I need a work-around for this. The state date is being imported from the
> XML, it is in the database. Is there a specific release where this does
> work?
>
> On Tue, 27 Oct 2020 at 08:39, Jacques Le Roux <[hidden email]>
> wrote:
>
>> Le 25/10/2020 à 14:36, dimonic a écrit :
>>
>> Jacques Le Roux wrote
>>
>> Short answer: preferably look at letsencrypt for a free certificate (must
>> be renewed every 3 months but there are tools for that)
>>
>> For instance for the trunk demo we use
>>
>>     ## SSL directives
>>     SSLEngine on
>>     SSLCertificateFile
>> "/etc/letsencrypt/live/ofbiz-vm2.apache.org/cert.pem"
>>     SSLCertificateKeyFile
>> "/etc/letsencrypt/live/ofbiz-vm2.apache.org/privkey.pem"
>>     SSLCertificateChainFile
>> "/etc/letsencrypt/live/ofbiz-vm2.apache.org/chain.pem"
>>     SSLCACertificatePath    "/etc/ssl/certs"
>>
>>     ## Custom fragment
>>     ProxyRequests Off
>>     ProxyPreserveHost On
>>     # do not proxy letsencrypt cert renewal requests
>>     ProxyPass /.well-known !
>>     ProxyPass / ajp://localhost:8009/
>>
>> I let you figure the rest out
>>
>> We should really update the Apache+OFBiz+Technical+Production+Setup+Guide
>>
>> This looks like you expect us to proxy the ofbiz server - am I correct?
>>
>> You referred to https://markmail.org/message/3uf5axg2xzvlxuh5 which is a
>> thread about  "a test deployment (on a given domain)", so yes!
>>
>>
>> There is also a lack of documentation on how to achieve this. I am setting
>> this up myself, and documenting as I go (because the available docs are
>> fragmented, out of date and incomplete). I would be happy to submit working
>> setup documentation for your consideration (once I can get SSL configured)?
>>
>> The setup I am documenting is debian based, and includes exactly how one has
>> to setup Java 8 (which is not in mainline repos), how to configure for
>> mariadb, leave out the demo data (but have the admin login available),
>> launch (and stop) the server using systemd, how to replace the certs for
>> working SSL (presumably with apache2 reverse proxy).
>>
>> How (with which tools) do you intend to document that?
>> We now preferably use AsciiDoc and the documentation is generated at
>> https://ci.apache.org/projects/ofbiz/site/trunk/
>>
>> This is not yet official, but it's the more up to date way.
>> You can find more info into documentation_guidelines.adoc in docs\asciidoc
>> (not generated yet, I just spotted, but you can read it as simple text
>> anyway)
>>
>> You even have a CONTRIBUTING.adoc file in your local copy. Just linking
>> for now to
>>
>> https://cwiki.apache.org/confluence/display/OFBIZ/Apache+OFBiz+Contribution+and+Development
>> <https://cwiki.apache.org/confluence/display/OFBIZ/Wiki+access>
>>
>> Be prepared, OFBiz is a wild beast :)
>>
>> HTH
>>
>> Jacques
>>
>>
>> --
>> Sent from: http://ofbiz.135035.n4.nabble.com/OFBiz-User-f135036.html
>>
>>