Posted by
dimonic on
Oct 27, 2020; 1:32pm
URL: http://ofbiz.116.s1.nabble.com/How-to-Configure-Ofbiz-SSL-tp4720955p4761207.html
Yes, I did stumble upon that documentation eventually. It seems (as usual)
that google is a better way to search than a site's own index/search. I
think the main problem I encountered (re: docs) is that there appear to be
3 sets of documentation out there, with things pertaining to different
aspects being best served in different places.
Ultimately I did figure out everything about the install (Java 8 on debian
10, mariadb, SSL with Lets Encrypt, Apache proxying, direct serving static
content). However a bug in OFBiz itself is preventing me from actually
using it for accounting. It is impossible to enter postal addresses in a
clean install of 17.12.04, due to pull down for province/state not working.
I need a work-around for this. The state date is being imported from the
XML, it is in the database. Is there a specific release where this does
work?
On Tue, 27 Oct 2020 at 08:39, Jacques Le Roux <
[hidden email]>
wrote:
> Le 25/10/2020 à 14:36, dimonic a écrit :
>
> Jacques Le Roux wrote
>
> Short answer: preferably look at letsencrypt for a free certificate (must
> be renewed every 3 months but there are tools for that)
>
> For instance for the trunk demo we use
>
> ## SSL directives
> SSLEngine on
> SSLCertificateFile
> "/etc/letsencrypt/live/ofbiz-vm2.apache.org/cert.pem"
> SSLCertificateKeyFile
> "/etc/letsencrypt/live/ofbiz-vm2.apache.org/privkey.pem"
> SSLCertificateChainFile
> "/etc/letsencrypt/live/ofbiz-vm2.apache.org/chain.pem"
> SSLCACertificatePath "/etc/ssl/certs"
>
> ## Custom fragment
> ProxyRequests Off
> ProxyPreserveHost On
> # do not proxy letsencrypt cert renewal requests
> ProxyPass /.well-known !
> ProxyPass / ajp://localhost:8009/
>
> I let you figure the rest out
>
> We should really update the Apache+OFBiz+Technical+Production+Setup+Guide
>
> This looks like you expect us to proxy the ofbiz server - am I correct?
>
> You referred to
https://markmail.org/message/3uf5axg2xzvlxuh5 which is a
> thread about "a test deployment (on a given domain)", so yes!
>
>
> There is also a lack of documentation on how to achieve this. I am setting
> this up myself, and documenting as I go (because the available docs are
> fragmented, out of date and incomplete). I would be happy to submit working
> setup documentation for your consideration (once I can get SSL configured)?
>
> The setup I am documenting is debian based, and includes exactly how one has
> to setup Java 8 (which is not in mainline repos), how to configure for
> mariadb, leave out the demo data (but have the admin login available),
> launch (and stop) the server using systemd, how to replace the certs for
> working SSL (presumably with apache2 reverse proxy).
>
> How (with which tools) do you intend to document that?
> We now preferably use AsciiDoc and the documentation is generated at
>
https://ci.apache.org/projects/ofbiz/site/trunk/>
> This is not yet official, but it's the more up to date way.
> You can find more info into documentation_guidelines.adoc in docs\asciidoc
> (not generated yet, I just spotted, but you can read it as simple text
> anyway)
>
> You even have a CONTRIBUTING.adoc file in your local copy. Just linking
> for now to
>
>
https://cwiki.apache.org/confluence/display/OFBIZ/Apache+OFBiz+Contribution+and+Development> <
https://cwiki.apache.org/confluence/display/OFBIZ/Wiki+access>
>
> Be prepared, OFBiz is a wild beast :)
>
> HTH
>
> Jacques
>
>
> --
> Sent from:
http://ofbiz.135035.n4.nabble.com/OFBiz-User-f135036.html>
>
--
Dominic Amann
M 416-270-4587