Dear Gurus,
Can anyone be so kind to show me how to configure ofbiz ssl for a test deployment (on a given domain)? I'd been struggling on this topic for days but still without any clue. What I have done is as follows: 1. I try the link https://cwiki.apache.org/confluence/display/OFBIZ/Apache+OFBiz+Technical+Production+Setup+Guide But it ask us to submit the CSR to a third CA authority like VeriSign. I would like to test it only so if possible I would go for a free CA service first. Then with www.sslforfree.com<http://www.sslforfree.com> I could download the following 3 files: 1.1 ca_bundle.crt 1.2 certificate.crt 1.3 private.key What should I do then? 2. Another option is with keytool function I would like to create a self-signed CA. But it still failed and I guessed I didn't do it in the right way. Pls help!!! Best Regards Schumann |
Administrator
|
Short answer: preferably look at letsencrypt for a free certificate (must be renewed every 3 months but there are tools for that)
For instance for the trunk demo we use ## SSL directives SSLEngine on SSLCertificateFile "/etc/letsencrypt/live/ofbiz-vm2.apache.org/cert.pem" SSLCertificateKeyFile "/etc/letsencrypt/live/ofbiz-vm2.apache.org/privkey.pem" SSLCertificateChainFile "/etc/letsencrypt/live/ofbiz-vm2.apache.org/chain.pem" SSLCACertificatePath "/etc/ssl/certs" ## Custom fragment ProxyRequests Off ProxyPreserveHost On # do not proxy letsencrypt cert renewal requests ProxyPass /.well-known ! ProxyPass / ajp://localhost:8009/ I let you figure the rest out We should really update the Apache+OFBiz+Technical+Production+Setup+Guide HTH Jacques Le 21/03/2018 à 12:09, Schumann Ye a écrit : > Dear Gurus, > > Can anyone be so kind to show me how to configure ofbiz ssl for a test deployment (on a given domain)? > I'd been struggling on this topic for days but still without any clue. > > What I have done is as follows: > 1. I try the link https://cwiki.apache.org/confluence/display/OFBIZ/Apache+OFBiz+Technical+Production+Setup+Guide > But it ask us to submit the CSR to a third CA authority like VeriSign. > I would like to test it only so if possible I would go for a free CA service first. > Then with www.sslforfree.com<http://www.sslforfree.com> I could download the following 3 files: > 1.1 ca_bundle.crt > 1.2 certificate.crt > 1.3 private.key > What should I do then? > 2. Another option is with keytool function I would like to create a self-signed CA. > But it still failed and I guessed I didn't do it in the right way. > > Pls help!!! > > Best Regards > Schumann > > |
Dear Jacques,
Thanks for your guide, though I still haven't figured it out. I will try it myself first until I could not. Thanks and have a nice day! B.R. Schumann +86-1800-150-1800 -------- Originalnachricht -------- Betreff: Re: How to Configure Ofbiz SSL Von: Jacques Le Roux An: [hidden email] Cc: Short answer: preferably look at letsencrypt for a free certificate (must be renewed every 3 months but there are tools for that) For instance for the trunk demo we use ## SSL directives SSLEngine on SSLCertificateFile "/etc/letsencrypt/live/ofbiz-vm2.apache.org/cert.pem" SSLCertificateKeyFile "/etc/letsencrypt/live/ofbiz-vm2.apache.org/privkey.pem" SSLCertificateChainFile "/etc/letsencrypt/live/ofbiz-vm2.apache.org/chain.pem" SSLCACertificatePath "/etc/ssl/certs" ## Custom fragment ProxyRequests Off ProxyPreserveHost On # do not proxy letsencrypt cert renewal requests ProxyPass /.well-known ! ProxyPass / ajp://localhost:8009/ I let you figure the rest out We should really update the Apache+OFBiz+Technical+Production+Setup+Guide HTH Jacques Le 21/03/2018 à 12:09, Schumann Ye a écrit : > Dear Gurus, > > Can anyone be so kind to show me how to configure ofbiz ssl for a test deployment (on a given domain)? > I'd been struggling on this topic for days but still without any clue. > > What I have done is as follows: > 1. I try the link https://cwiki.apache.org/confluence/display/OFBIZ/Apache+OFBiz+Technical+Production+Setup+Guide > But it ask us to submit the CSR to a third CA authority like VeriSign. > I would like to test it only so if possible I would go for a free CA service first. > Then with www.sslforfree.com I could download the following 3 files: > 1.1 ca_bundle.crt > 1.2 certificate.crt > 1.3 private.key > What should I do then? > 2. Another option is with keytool function I would like to create a self-signed CA. > But it still failed and I guessed I didn't do it in the right way. > > Pls help!!! > > Best Regards > Schumann > > |
In reply to this post by Jacques Le Roux
Jacques Le Roux wrote
> Short answer: preferably look at letsencrypt for a free certificate (must > be renewed every 3 months but there are tools for that) > > For instance for the trunk demo we use > > ## SSL directives > SSLEngine on > SSLCertificateFile > "/etc/letsencrypt/live/ofbiz-vm2.apache.org/cert.pem" > SSLCertificateKeyFile > "/etc/letsencrypt/live/ofbiz-vm2.apache.org/privkey.pem" > SSLCertificateChainFile > "/etc/letsencrypt/live/ofbiz-vm2.apache.org/chain.pem" > SSLCACertificatePath "/etc/ssl/certs" > > ## Custom fragment > ProxyRequests Off > ProxyPreserveHost On > # do not proxy letsencrypt cert renewal requests > ProxyPass /.well-known ! > ProxyPass / ajp://localhost:8009/ > > I let you figure the rest out > > We should really update the Apache+OFBiz+Technical+Production+Setup+Guide This looks like you expect us to proxy the ofbiz server - am I correct? There is also a lack of documentation on how to achieve this. I am setting this up myself, and documenting as I go (because the available docs are fragmented, out of date and incomplete). I would be happy to submit working setup documentation for your consideration (once I can get SSL configured)? The setup I am documenting is debian based, and includes exactly how one has to setup Java 8 (which is not in mainline repos), how to configure for mariadb, leave out the demo data (but have the admin login available), launch (and stop) the server using systemd, how to replace the certs for working SSL (presumably with apache2 reverse proxy). -- Sent from: http://ofbiz.135035.n4.nabble.com/OFBiz-User-f135036.html |
Administrator
|
Le 25/10/2020 à 14:36, dimonic a écrit :
> Jacques Le Roux wrote >> Short answer: preferably look at letsencrypt for a free certificate (must >> be renewed every 3 months but there are tools for that) >> >> For instance for the trunk demo we use >> >> ## SSL directives >> SSLEngine on >> SSLCertificateFile >> "/etc/letsencrypt/live/ofbiz-vm2.apache.org/cert.pem" >> SSLCertificateKeyFile >> "/etc/letsencrypt/live/ofbiz-vm2.apache.org/privkey.pem" >> SSLCertificateChainFile >> "/etc/letsencrypt/live/ofbiz-vm2.apache.org/chain.pem" >> SSLCACertificatePath "/etc/ssl/certs" >> >> ## Custom fragment >> ProxyRequests Off >> ProxyPreserveHost On >> # do not proxy letsencrypt cert renewal requests >> ProxyPass /.well-known ! >> ProxyPass / ajp://localhost:8009/ >> >> I let you figure the rest out >> >> We should really update the Apache+OFBiz+Technical+Production+Setup+Guide > This looks like you expect us to proxy the ofbiz server - am I correct? You referred to https://markmail.org/message/3uf5axg2xzvlxuh5 which is a thread about "a test deployment (on a given domain)", so yes! > There is also a lack of documentation on how to achieve this. I am setting > this up myself, and documenting as I go (because the available docs are > fragmented, out of date and incomplete). I would be happy to submit working > setup documentation for your consideration (once I can get SSL configured)? > > The setup I am documenting is debian based, and includes exactly how one has > to setup Java 8 (which is not in mainline repos), how to configure for > mariadb, leave out the demo data (but have the admin login available), > launch (and stop) the server using systemd, how to replace the certs for > working SSL (presumably with apache2 reverse proxy). How (with which tools) do you intend to document that? We now preferably use AsciiDoc and the documentation is generated at https://ci.apache.org/projects/ofbiz/site/trunk/ This is not yet official, but it's the more up to date way. You can find more info into documentation_guidelines.adoc in docs\asciidoc (not generated yet, I just spotted, but you can read it as simple text anyway) You even have a CONTRIBUTING.adoc file in your local copy. Just linking for now to https://cwiki.apache.org/confluence/display/OFBIZ/Apache+OFBiz+Contribution+and+Development <https://cwiki.apache.org/confluence/display/OFBIZ/Wiki+access> Be prepared, OFBiz is a wild beast :) HTH Jacques > > > > -- > Sent from:http://ofbiz.135035.n4.nabble.com/OFBiz-User-f135036.html |
Yes, I did stumble upon that documentation eventually. It seems (as usual)
that google is a better way to search than a site's own index/search. I think the main problem I encountered (re: docs) is that there appear to be 3 sets of documentation out there, with things pertaining to different aspects being best served in different places. Ultimately I did figure out everything about the install (Java 8 on debian 10, mariadb, SSL with Lets Encrypt, Apache proxying, direct serving static content). However a bug in OFBiz itself is preventing me from actually using it for accounting. It is impossible to enter postal addresses in a clean install of 17.12.04, due to pull down for province/state not working. I need a work-around for this. The state date is being imported from the XML, it is in the database. Is there a specific release where this does work? On Tue, 27 Oct 2020 at 08:39, Jacques Le Roux <[hidden email]> wrote: > Le 25/10/2020 à 14:36, dimonic a écrit : > > Jacques Le Roux wrote > > Short answer: preferably look at letsencrypt for a free certificate (must > be renewed every 3 months but there are tools for that) > > For instance for the trunk demo we use > > ## SSL directives > SSLEngine on > SSLCertificateFile > "/etc/letsencrypt/live/ofbiz-vm2.apache.org/cert.pem" > SSLCertificateKeyFile > "/etc/letsencrypt/live/ofbiz-vm2.apache.org/privkey.pem" > SSLCertificateChainFile > "/etc/letsencrypt/live/ofbiz-vm2.apache.org/chain.pem" > SSLCACertificatePath "/etc/ssl/certs" > > ## Custom fragment > ProxyRequests Off > ProxyPreserveHost On > # do not proxy letsencrypt cert renewal requests > ProxyPass /.well-known ! > ProxyPass / ajp://localhost:8009/ > > I let you figure the rest out > > We should really update the Apache+OFBiz+Technical+Production+Setup+Guide > > This looks like you expect us to proxy the ofbiz server - am I correct? > > You referred to https://markmail.org/message/3uf5axg2xzvlxuh5 which is a > thread about "a test deployment (on a given domain)", so yes! > > > There is also a lack of documentation on how to achieve this. I am setting > this up myself, and documenting as I go (because the available docs are > fragmented, out of date and incomplete). I would be happy to submit working > setup documentation for your consideration (once I can get SSL configured)? > > The setup I am documenting is debian based, and includes exactly how one has > to setup Java 8 (which is not in mainline repos), how to configure for > mariadb, leave out the demo data (but have the admin login available), > launch (and stop) the server using systemd, how to replace the certs for > working SSL (presumably with apache2 reverse proxy). > > How (with which tools) do you intend to document that? > We now preferably use AsciiDoc and the documentation is generated at > https://ci.apache.org/projects/ofbiz/site/trunk/ > > This is not yet official, but it's the more up to date way. > You can find more info into documentation_guidelines.adoc in docs\asciidoc > (not generated yet, I just spotted, but you can read it as simple text > anyway) > > You even have a CONTRIBUTING.adoc file in your local copy. Just linking > for now to > > https://cwiki.apache.org/confluence/display/OFBIZ/Apache+OFBiz+Contribution+and+Development > <https://cwiki.apache.org/confluence/display/OFBIZ/Wiki+access> > > Be prepared, OFBiz is a wild beast :) > > HTH > > Jacques > > > -- > Sent from: http://ofbiz.135035.n4.nabble.com/OFBiz-User-f135036.html > > -- Dominic Amann M 416-270-4587 |
Hi Dominic,
welcome to the OFBiz community! If you think there is a bug, please file a Jira issue in our bug tracking system, describing the exact steps and possibly provide screenshots to be able to validate the problem. Thanks, Michael Brohl ecomify GmbH - www.ecomify.de Am 27.10.20 um 14:34 schrieb Dominic Amann: > Yes, I did stumble upon that documentation eventually. It seems (as usual) > that google is a better way to search than a site's own index/search. I > think the main problem I encountered (re: docs) is that there appear to be > 3 sets of documentation out there, with things pertaining to different > aspects being best served in different places. > > Ultimately I did figure out everything about the install (Java 8 on debian > 10, mariadb, SSL with Lets Encrypt, Apache proxying, direct serving static > content). However a bug in OFBiz itself is preventing me from actually > using it for accounting. It is impossible to enter postal addresses in a > clean install of 17.12.04, due to pull down for province/state not working. > I need a work-around for this. The state date is being imported from the > XML, it is in the database. Is there a specific release where this does > work? > > On Tue, 27 Oct 2020 at 08:39, Jacques Le Roux <[hidden email]> > wrote: > >> Le 25/10/2020 à 14:36, dimonic a écrit : >> >> Jacques Le Roux wrote >> >> Short answer: preferably look at letsencrypt for a free certificate (must >> be renewed every 3 months but there are tools for that) >> >> For instance for the trunk demo we use >> >> ## SSL directives >> SSLEngine on >> SSLCertificateFile >> "/etc/letsencrypt/live/ofbiz-vm2.apache.org/cert.pem" >> SSLCertificateKeyFile >> "/etc/letsencrypt/live/ofbiz-vm2.apache.org/privkey.pem" >> SSLCertificateChainFile >> "/etc/letsencrypt/live/ofbiz-vm2.apache.org/chain.pem" >> SSLCACertificatePath "/etc/ssl/certs" >> >> ## Custom fragment >> ProxyRequests Off >> ProxyPreserveHost On >> # do not proxy letsencrypt cert renewal requests >> ProxyPass /.well-known ! >> ProxyPass / ajp://localhost:8009/ >> >> I let you figure the rest out >> >> We should really update the Apache+OFBiz+Technical+Production+Setup+Guide >> >> This looks like you expect us to proxy the ofbiz server - am I correct? >> >> You referred to https://markmail.org/message/3uf5axg2xzvlxuh5 which is a >> thread about "a test deployment (on a given domain)", so yes! >> >> >> There is also a lack of documentation on how to achieve this. I am setting >> this up myself, and documenting as I go (because the available docs are >> fragmented, out of date and incomplete). I would be happy to submit working >> setup documentation for your consideration (once I can get SSL configured)? >> >> The setup I am documenting is debian based, and includes exactly how one has >> to setup Java 8 (which is not in mainline repos), how to configure for >> mariadb, leave out the demo data (but have the admin login available), >> launch (and stop) the server using systemd, how to replace the certs for >> working SSL (presumably with apache2 reverse proxy). >> >> How (with which tools) do you intend to document that? >> We now preferably use AsciiDoc and the documentation is generated at >> https://ci.apache.org/projects/ofbiz/site/trunk/ >> >> This is not yet official, but it's the more up to date way. >> You can find more info into documentation_guidelines.adoc in docs\asciidoc >> (not generated yet, I just spotted, but you can read it as simple text >> anyway) >> >> You even have a CONTRIBUTING.adoc file in your local copy. Just linking >> for now to >> >> https://cwiki.apache.org/confluence/display/OFBIZ/Apache+OFBiz+Contribution+and+Development >> <https://cwiki.apache.org/confluence/display/OFBIZ/Wiki+access> >> >> Be prepared, OFBiz is a wild beast :) >> >> HTH >> >> Jacques >> >> >> -- >> Sent from: http://ofbiz.135035.n4.nabble.com/OFBiz-User-f135036.html >> >> smime.p7s (5K) Download Attachment |
Free forum by Nabble | Edit this page |