noosfero | Update pound setup instructions
Antonio Terceiro
gitlab at gitlab.com
Tue Jan 27 12:34:56 BRST 2015
Antonio Terceiro pushed to refs/heads/master at <a href="https://gitlab.com/noosfero/noosfero">Noosfero / noosfero</a>
Commits:
<a href="https://gitlab.com/noosfero/noosfero/commit/3a38934e6417baca9c1b35698645fbb7b98ff91e">3a38934e</a> by Antonio Terceiro
Update pound setup instructions
- - - - -
Changes:
=====================================
INSTALL.https.md
=====================================
--- a/INSTALL.https.md
+++ b/INSTALL.https.md
@@ -1,11 +1,9 @@
-Setup Noosfero to use HTTPS
-===========================
+# Setup Noosfero to use HTTPS
This document assumes that you have a fully and clean Noosfero
installation as explained at the `INSTALL.md` file.
-SSL certificate
-+++++++++++++++
+## Creating a self-signed SSL certificate
You should get a valid SSL certificate, but if you want to test
your setup before, you could generate a self-signed certificate
@@ -17,99 +15,106 @@ as below:
# openssl req -new -x509 -nodes -sha1 -days $[10*365] -key noosfero.key > noosfero.cert
# cat noosfero.key noosfero.cert > noosfero.pem
+## Web server configuration
+
There are two ways of using SSL with Noosfero: 1) If you are not using
Varnish; and 2) If you are using Varnish.
-1) If you are are not using Varnish
-+++++++++++++++++++++++++++++++++++
+### 1) If you are are not using Varnish
Simply do a redirect in apache to force all connections with SSL:
- <VirtualHost *:8080>
- ServerName test.stoa.usp.br
-
- Redirect / https://example.com/
- </VirtualHost>
+```
+<VirtualHost *:8080>
+ ServerName test.stoa.usp.br
+ Redirect / https://example.com/
+</VirtualHost>
+```
And set a vhost to receive then:
- <VirtualHost *:443>
- ServerName example.com
-
- SSLEngine On
- SSLCertificateFile /etc/ssl/certs/cert.pem
- SSLCertificateKeyFile /etc/ssl/private/cert.key
-
- Include /etc/noosfero/apache/virtualhost.conf
- </VirtualHost>
+```
+<VirtualHost *:443>
+ ServerName example.com
+ SSLEngine On
+ SSLCertificateFile /etc/ssl/certs/cert.pem
+ SSLCertificateKeyFile /etc/ssl/private/cert.key
+ Include /etc/noosfero/apache/virtualhost.conf
+</VirtualHost>
+```
Be aware that if you had configured varnish, the requests won't reach
it with this configuration.
-2) If you are using Varnish
-+++++++++++++++++++++++++++
-
-Varnish isn't able to communicate with the SSL protocol, so we will
-need some one who do this and Pound[1] can do the job. In order to
-install it in Debian based systems:
+### 2) If you are using Varnish
- $ sudo apt-get install pound
+Varnish isn't able to communicate with the SSL protocol, so we will need some
+one else who do this and [Pound](http://www.apsis.ch/pound) can do the job. In
+order to install it in Debian based systems:
-Set Varnish to listen in other port than 80:
+```
+$ sudo apt-get install pound
+```
-/etc/defaults/varnish
----------------------
+Set Varnish to listen in other port than 80 in `/etc/defaults/varnish`:
- DAEMON_OPTS="-a localhost:6081 \
- -T localhost:6082 \
- -f /etc/varnish/default.vcl \
- -S /etc/varnish/secret \
- -s file,/var/lib/varnish/$INSTANCE/varnish_storage.bin,1G"
+```
+DAEMON_OPTS="-a localhost:6081 \
+ -T localhost:6082 \
+ -f /etc/varnish/default.vcl \
+ -S /etc/varnish/secret \
+ -s file,/var/lib/varnish/$INSTANCE/varnish_storage.bin,1G"
+```
Configure Pound:
- # cp /usr/share/noosfero/etc/pound.cfg /etc/pound/
-
-Edit /etc/pound.cfg and set the IP and domain of your server.
+```
+# cp /usr/share/noosfero/etc/pound.cfg /etc/pound/
+```
-Configure Pound to start at system initialization:
+Edit `/etc/pound.cfg` and set the IP and domain of your server.
-/etc/default/pound
+Configure Pound to start at system initialization. At `/etc/default/pound`:
------------------
- startup=1
+```
+startup=1
+```
-Set Apache to only listen to localhost:
+Set Apache to only listen to localhost, at `/etc/apache2/ports.conf`:
-/etc/apache2/ports.conf
------------------------
-
- Listen 127.0.0.1:8080
+```
+Listen 127.0.0.1:8080
+```
Restart the services:
- $ sudo service apache2 restart
- $ sudo service varnish restart
+```
+$ sudo service apache2 restart
+$ sudo service varnish restart
+```
Start pound:
- $ sudo service pound start
-
-[1] http://www.apsis.ch/pound
+```
+$ sudo service pound start
+```
-Noosfero XMPP chat
-++++++++++++++++++
+## Noosfero XMPP chat
If you want to use chat over HTTPS, then you should add the domain
-and IP of your server in the /etc/hosts file, example:
+and IP of your server in the /etc/hosts file, example
-/etc/hosts
-----------
+`/etc/hosts:`
- 192.168.1.86 mydomain.example.com
+```
+192.168.1.86 mydomain.example.com
+```
-Also, it's recomended that you remove lines above from the file
+Also, it's recomended that you remove the lines below from the file
`/etc/apache2/sites-enabled/noosfero`:
- RewriteEngine On
- Include /usr/share/noosfero/util/chat/apache/xmpp.conf
+```
+RewriteEngine On
+Include /usr/share/noosfero/util/chat/apache/xmpp.conf
+```
=====================================
etc/pound.cfg
=====================================
--- a/etc/pound.cfg
+++ b/etc/pound.cfg
@@ -5,7 +5,7 @@ TimeOut 300
Control "/var/run/pound/poundctl.socket"
ListenHTTP
- Address 192.168.1.86
+ Address 0.0.0.0
Port 80
xHTTP 1
# uncomment code above if you are using chat
@@ -22,7 +22,7 @@ ListenHTTP
End
ListenHTTPS
- Address 192.168.1.86
+ Address 0.0.0.0
Port 443
Cert "/etc/noosfero/ssl/noosfero.pem"
Ciphers "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20150127/33fea97e/attachment.html>
More information about the Noosfero-dev
mailing list