> Jacques Le Roux wrote
>> Short answer: preferably look at letsencrypt for a free certificate (must
>> be renewed every 3 months but there are tools for that)
>>
>> For instance for the trunk demo we use
>>
>>     ## SSL directives
>>     SSLEngine on
>>     SSLCertificateFile
>> "/etc/letsencrypt/live/ofbiz-vm2.apache.org/cert.pem"
>>     SSLCertificateKeyFile
>> "/etc/letsencrypt/live/ofbiz-vm2.apache.org/privkey.pem"
>>     SSLCertificateChainFile
>> "/etc/letsencrypt/live/ofbiz-vm2.apache.org/chain.pem"
>>     SSLCACertificatePath    "/etc/ssl/certs"
>>
>>     ## Custom fragment
>>     ProxyRequests Off
>>     ProxyPreserveHost On
>>     # do not proxy letsencrypt cert renewal requests
>>     ProxyPass /.well-known !
>>     ProxyPass / ajp://localhost:8009/
>>
>> I let you figure the rest out
>>
>> We should really update the Apache+OFBiz+Technical+Production+Setup+Guide
> This looks like you expect us to proxy the ofbiz server - am I correct?

> There is also a lack of documentation on how to achieve this. I am setting
> this up myself, and documenting as I go (because the available docs are
> fragmented, out of date and incomplete). I would be happy to submit working
> setup documentation for your consideration (once I can get SSL configured)?
>
> The setup I am documenting is debian based, and includes exactly how one has
> to setup Java 8 (which is not in mainline repos), how to configure for
> mariadb, leave out the demo data (but have the admin login available),
> launch (and stop) the server using systemd, how to replace the certs for
> working SSL (presumably with apache2 reverse proxy).