Re: [dspace-tech] how to add https support?

[Phillip jan]

Is triny ngrok a good alternative? I do not know how to generate an ssl 
certificate file through ngrok, because I think ssl is already provided 
once i tunnel with it.

On Sunday, March 13, 2022 at 11:15:52 AM UTC+8 Phillip jan wrote:

> Is it a good idea to just use cloudflare? are there like any drawbacks?
>
> On Saturday, March 12, 2022 at 5:48:46 PM UTC+8 alo...@gmail.com wrote:
>
>> It's Impractical but you still can make the domain verification somewhere 
>> else on any publicly accessible server that you control if you point your 
>> domain to that server IP address and ran the same previous command. You 
>> then need to copy the generated 90 days valid certificates to your Windows 
>> 10 workstation!.
>>
>> It's better to go for a self signed certificate instead.
>> On Saturday, March 12, 2022 at 7:18:24 AM UTC+3 phillip...@gmail.com 
>> wrote:
>>
>>> Hi!
>>>
>>> Apparently,  my ISP uses a CGNAT setup. This makes port forwarding 
>>> impossible in my case, are there some alternatives on how to get SSL 
>>> certificates from let's encrypt?
>>>
>>> On Friday, March 11, 2022 at 11:32:36 PM UTC+8 alo...@gmail.com wrote:
>>>
 It's debatable but a bad idea in general unless you doing it for 
 testing purposes and temporarily. It's much safer to get a ( Linux - NO 
 Windows ) server in one of the public clouds and run dspace on it for 
 whatever purpose you intend to run it for.

 Good luck
 On Friday, March 11, 2022 at 2:54:06 AM UTC+3 phillip...@gmail.com 
 wrote:

> Hi!
>
> Thank you for this. The reason why I can't make an SSL certificate 
> using Certbot is that I haven't port forwarded my public IP to my private 
> IP. However, I'm afraid because according to the internet there will be a 
> vulnerability issue with port forwarding, is there a solution that can 
> resolve or lessen these vulnerabilities?
>
> On Thursday, March 10, 2022 at 8:00:26 PM UTC+8 alo...@gmail.com 
> wrote:
>
>> If this is a home office network make sure 124.107.184.212 does match 
>> what you get when you visit  https://whatismyipaddress.com 
>> afterwards just redirect traffic coming from the internet to port 80 and 
>> 443 on 124.107.184.212 to go to the private IP address of the Windows 
>> Workstation you installed DSpace on and it should work for you. ( You 
>> should find these settings in the Home Router - See the screenshot 
>> attached 
>> for hints )
>> [image: 2022-03-10_14-54-34.png]
>>
>> On Thursday, March 10, 2022 at 4:05:09 AM UTC+3 phillip...@gmail.com 
>> wrote:
>>
>>> I directed my A address to my ipv4 through my domain name's dns 
>>> manager (godaddy) and opened port 80 and 443 on firewall to domain, 
>>> private, and public, i did it to both inbound and outbounds. I still 
>>> get 
>>> this error, 
>>> [image: Capture.PNG]
>>>
>>> I am using Apache + Windows 10 + Certbot + Let's Encrypt.
>>> On Wednesday, March 9, 2022 at 11:19:25 PM UTC+8 alo...@gmail.com 
>>> wrote:
>>>
 On Wednesday, March 9, 2022 at 1:47:31 PM UTC+3 
 phillip...@gmail.com wrote:

> Yes, it asked for a path. I don't know what I should input into 
> it. What path should I include here? thanks!!


 httpd.conf path is what you suppose to write as a path there ( It 
 needs to fetch the ServerName value from the config file ) but it 
 won't 
 work because the installation script will fail to reach your server 
 from 
 the outside to verify you are the real owner of 
 repository-uecal.com. Why? because from what I see from here port 
 80 and 443 on repository-uecal.com is blocked by a firewall. For 
 this to work you have to have an A record in the Authoritative DNS for 
 repository-uecal.com pointing to the IP address of your Windows 
 2019 server and also you have to have port 80 and 443 opened in the 
 firewall/firewalls and both ports are publicly accessible once these 
 are 
 set you can proceed with the lengthy and messy tutorial you were 
 following 
 or you can just install 
 https://dl.eff.org/certbot-beta-installer-win32.exe, stop the 
 apache server and execute this command  ( certbot certonly -n 
 --standalone -d  repository-uecal.com   --agree-tos --email 
 your-email-here ) to generate the certificate and it's key and 
 place them for you as you see them below.

 Successfully received certificate.
 Certificate is saved at: C:\Certbot\live\repository-uecal.com
 \fullchain.pem
 Key is saved at: C:\Certbot\live\repository-uecal.com
 \privkey.pem
 This certificate expires on 2022-06-07.
 These files will be updated when the certificate renews.
 Certbot has s

Re: [dspace-tech] how to add https support?

[Phillip jan]

Is it a good idea to just use cloudflare? are there like any drawbacks?

On Saturday, March 12, 2022 at 5:48:46 PM UTC+8 alo...@gmail.com wrote:

> It's Impractical but you still can make the domain verification somewhere 
> else on any publicly accessible server that you control if you point your 
> domain to that server IP address and ran the same previous command. You 
> then need to copy the generated 90 days valid certificates to your Windows 
> 10 workstation!.
>
> It's better to go for a self signed certificate instead.
> On Saturday, March 12, 2022 at 7:18:24 AM UTC+3 phillip...@gmail.com 
> wrote:
>
>> Hi!
>>
>> Apparently,  my ISP uses a CGNAT setup. This makes port forwarding 
>> impossible in my case, are there some alternatives on how to get SSL 
>> certificates from let's encrypt?
>>
>> On Friday, March 11, 2022 at 11:32:36 PM UTC+8 alo...@gmail.com wrote:
>>
>>> It's debatable but a bad idea in general unless you doing it for testing 
>>> purposes and temporarily. It's much safer to get a ( Linux - NO Windows ) 
>>> server in one of the public clouds and run dspace on it for whatever 
>>> purpose you intend to run it for.
>>>
>>> Good luck
>>> On Friday, March 11, 2022 at 2:54:06 AM UTC+3 phillip...@gmail.com 
>>> wrote:
>>>
 Hi!

 Thank you for this. The reason why I can't make an SSL certificate 
 using Certbot is that I haven't port forwarded my public IP to my private 
 IP. However, I'm afraid because according to the internet there will be a 
 vulnerability issue with port forwarding, is there a solution that can 
 resolve or lessen these vulnerabilities?

 On Thursday, March 10, 2022 at 8:00:26 PM UTC+8 alo...@gmail.com wrote:

> If this is a home office network make sure 124.107.184.212 does match 
> what you get when you visit  https://whatismyipaddress.com afterwards 
> just redirect traffic coming from the internet to port 80 and 443 on 
> 124.107.184.212 to go to the private IP address of the Windows 
> Workstation 
> you installed DSpace on and it should work for you. ( You should find 
> these 
> settings in the Home Router - See the screenshot attached for hints )
> [image: 2022-03-10_14-54-34.png]
>
> On Thursday, March 10, 2022 at 4:05:09 AM UTC+3 phillip...@gmail.com 
> wrote:
>
>> I directed my A address to my ipv4 through my domain name's dns 
>> manager (godaddy) and opened port 80 and 443 on firewall to domain, 
>> private, and public, i did it to both inbound and outbounds. I still get 
>> this error, 
>> [image: Capture.PNG]
>>
>> I am using Apache + Windows 10 + Certbot + Let's Encrypt.
>> On Wednesday, March 9, 2022 at 11:19:25 PM UTC+8 alo...@gmail.com 
>> wrote:
>>
>>> On Wednesday, March 9, 2022 at 1:47:31 PM UTC+3 phillip...@gmail.com 
>>> wrote:
>>>
 Yes, it asked for a path. I don't know what I should input into it. 
 What path should I include here? thanks!!
>>>
>>>
>>> httpd.conf path is what you suppose to write as a path there ( It 
>>> needs to fetch the ServerName value from the config file ) but it won't 
>>> work because the installation script will fail to reach your server 
>>> from 
>>> the outside to verify you are the real owner of repository-uecal.com. 
>>> Why? because from what I see from here port 80 and 443 on 
>>> repository-uecal.com is blocked by a firewall. For this to work you 
>>> have to have an A record in the Authoritative DNS for 
>>> repository-uecal.com pointing to the IP address of your Windows 
>>> 2019 server and also you have to have port 80 and 443 opened in the 
>>> firewall/firewalls and both ports are publicly accessible once these 
>>> are 
>>> set you can proceed with the lengthy and messy tutorial you were 
>>> following 
>>> or you can just install 
>>> https://dl.eff.org/certbot-beta-installer-win32.exe, stop the 
>>> apache server and execute this command  ( certbot certonly -n 
>>> --standalone -d  repository-uecal.com   --agree-tos --email 
>>> your-email-here ) to generate the certificate and it's key and 
>>> place them for you as you see them below.
>>>
>>> Successfully received certificate.
>>> Certificate is saved at: C:\Certbot\live\repository-uecal.com
>>> \fullchain.pem
>>> Key is saved at: C:\Certbot\live\repository-uecal.com
>>> \privkey.pem
>>> This certificate expires on 2022-06-07.
>>> These files will be updated when the certificate renews.
>>> Certbot has set up a scheduled task to automatically renew this 
>>> certificate in the background.
>>>
>>> What you need to add into the apache SSL config file after the 
>>> certificate and it's key is saved in your server:
>>> SSLCertificateFile "C:\Certbot\live\repository-uecal.com
>>> \fullchain.pem"
>>> SSLCertificateKeyFile "C:\Certbot\live\

Re: [dspace-tech] how to add https support?

[Mohammad S. AlMutairi]

It's Impractical but you still can make the domain verification somewhere 
else on any publicly accessible server that you control if you point your 
domain to that server IP address and ran the same previous command. You 
then need to copy the generated 90 days valid certificates to your Windows 
10 workstation!.

It's better to go for a self signed certificate instead.
On Saturday, March 12, 2022 at 7:18:24 AM UTC+3 phillip...@gmail.com wrote:

> Hi!
>
> Apparently,  my ISP uses a CGNAT setup. This makes port forwarding 
> impossible in my case, are there some alternatives on how to get SSL 
> certificates from let's encrypt?
>
> On Friday, March 11, 2022 at 11:32:36 PM UTC+8 alo...@gmail.com wrote:
>
>> It's debatable but a bad idea in general unless you doing it for testing 
>> purposes and temporarily. It's much safer to get a ( Linux - NO Windows ) 
>> server in one of the public clouds and run dspace on it for whatever 
>> purpose you intend to run it for.
>>
>> Good luck
>> On Friday, March 11, 2022 at 2:54:06 AM UTC+3 phillip...@gmail.com wrote:
>>
>>> Hi!
>>>
>>> Thank you for this. The reason why I can't make an SSL certificate using 
>>> Certbot is that I haven't port forwarded my public IP to my private IP. 
>>> However, I'm afraid because according to the internet there will be a 
>>> vulnerability issue with port forwarding, is there a solution that can 
>>> resolve or lessen these vulnerabilities?
>>>
>>> On Thursday, March 10, 2022 at 8:00:26 PM UTC+8 alo...@gmail.com wrote:
>>>
 If this is a home office network make sure 124.107.184.212 does match 
 what you get when you visit  https://whatismyipaddress.com afterwards 
 just redirect traffic coming from the internet to port 80 and 443 on 
 124.107.184.212 to go to the private IP address of the Windows Workstation 
 you installed DSpace on and it should work for you. ( You should find 
 these 
 settings in the Home Router - See the screenshot attached for hints )
 [image: 2022-03-10_14-54-34.png]

 On Thursday, March 10, 2022 at 4:05:09 AM UTC+3 phillip...@gmail.com 
 wrote:

> I directed my A address to my ipv4 through my domain name's dns 
> manager (godaddy) and opened port 80 and 443 on firewall to domain, 
> private, and public, i did it to both inbound and outbounds. I still get 
> this error, 
> [image: Capture.PNG]
>
> I am using Apache + Windows 10 + Certbot + Let's Encrypt.
> On Wednesday, March 9, 2022 at 11:19:25 PM UTC+8 alo...@gmail.com 
> wrote:
>
>> On Wednesday, March 9, 2022 at 1:47:31 PM UTC+3 phillip...@gmail.com 
>> wrote:
>>
>>> Yes, it asked for a path. I don't know what I should input into it. 
>>> What path should I include here? thanks!!
>>
>>
>> httpd.conf path is what you suppose to write as a path there ( It 
>> needs to fetch the ServerName value from the config file ) but it won't 
>> work because the installation script will fail to reach your server from 
>> the outside to verify you are the real owner of repository-uecal.com. 
>> Why? because from what I see from here port 80 and 443 on 
>> repository-uecal.com is blocked by a firewall. For this to work you 
>> have to have an A record in the Authoritative DNS for 
>> repository-uecal.com pointing to the IP address of your Windows 2019 
>> server and also you have to have port 80 and 443 opened in the 
>> firewall/firewalls and both ports are publicly accessible once these are 
>> set you can proceed with the lengthy and messy tutorial you were 
>> following 
>> or you can just install 
>> https://dl.eff.org/certbot-beta-installer-win32.exe, stop the apache 
>> server and execute this command  ( certbot certonly -n --standalone 
>> -d  repository-uecal.com   --agree-tos --email your-email-here ) to 
>> generate the certificate and it's key and place them for you as you see 
>> them below.
>>
>> Successfully received certificate.
>> Certificate is saved at: C:\Certbot\live\repository-uecal.com
>> \fullchain.pem
>> Key is saved at: C:\Certbot\live\repository-uecal.com
>> \privkey.pem
>> This certificate expires on 2022-06-07.
>> These files will be updated when the certificate renews.
>> Certbot has set up a scheduled task to automatically renew this 
>> certificate in the background.
>>
>> What you need to add into the apache SSL config file after the 
>> certificate and it's key is saved in your server:
>> SSLCertificateFile "C:\Certbot\live\repository-uecal.com
>> \fullchain.pem"
>> SSLCertificateKeyFile "C:\Certbot\live\repository-uecal.com
>> \privkey.pem"
>>
>>
>> Good luck
>>
>>
>>  [image: path.PNG]
>>>
>>> On Wednesday, March 9, 2022 at 4:57:26 PM UTC+8 euler wrote:
>>>
 Hi Phillip,

 For the verification, did you choose [http-01] 

Re: [dspace-tech] how to add https support?

[Phillip jan]

Hi!

Apparently,  my ISP uses a CGNAT setup. This makes port forwarding 
impossible in my case, are there some alternatives on how to get SSL 
certificates from let's encrypt?

On Friday, March 11, 2022 at 11:32:36 PM UTC+8 alo...@gmail.com wrote:

> It's debatable but a bad idea in general unless you doing it for testing 
> purposes and temporarily. It's much safer to get a ( Linux - NO Windows ) 
> server in one of the public clouds and run dspace on it for whatever 
> purpose you intend to run it for.
>
> Good luck
> On Friday, March 11, 2022 at 2:54:06 AM UTC+3 phillip...@gmail.com wrote:
>
>> Hi!
>>
>> Thank you for this. The reason why I can't make an SSL certificate using 
>> Certbot is that I haven't port forwarded my public IP to my private IP. 
>> However, I'm afraid because according to the internet there will be a 
>> vulnerability issue with port forwarding, is there a solution that can 
>> resolve or lessen these vulnerabilities?
>>
>> On Thursday, March 10, 2022 at 8:00:26 PM UTC+8 alo...@gmail.com wrote:
>>
>>> If this is a home office network make sure 124.107.184.212 does match 
>>> what you get when you visit  https://whatismyipaddress.com afterwards 
>>> just redirect traffic coming from the internet to port 80 and 443 on 
>>> 124.107.184.212 to go to the private IP address of the Windows Workstation 
>>> you installed DSpace on and it should work for you. ( You should find these 
>>> settings in the Home Router - See the screenshot attached for hints )
>>> [image: 2022-03-10_14-54-34.png]
>>>
>>> On Thursday, March 10, 2022 at 4:05:09 AM UTC+3 phillip...@gmail.com 
>>> wrote:
>>>
 I directed my A address to my ipv4 through my domain name's dns manager 
 (godaddy) and opened port 80 and 443 on firewall to domain, private, and 
 public, i did it to both inbound and outbounds. I still get this error, 
 [image: Capture.PNG]

 I am using Apache + Windows 10 + Certbot + Let's Encrypt.
 On Wednesday, March 9, 2022 at 11:19:25 PM UTC+8 alo...@gmail.com 
 wrote:

> On Wednesday, March 9, 2022 at 1:47:31 PM UTC+3 phillip...@gmail.com 
> wrote:
>
>> Yes, it asked for a path. I don't know what I should input into it. 
>> What path should I include here? thanks!!
>
>
> httpd.conf path is what you suppose to write as a path there ( It 
> needs to fetch the ServerName value from the config file ) but it won't 
> work because the installation script will fail to reach your server from 
> the outside to verify you are the real owner of repository-uecal.com. 
> Why? because from what I see from here port 80 and 443 on 
> repository-uecal.com is blocked by a firewall. For this to work you 
> have to have an A record in the Authoritative DNS for 
> repository-uecal.com pointing to the IP address of your Windows 2019 
> server and also you have to have port 80 and 443 opened in the 
> firewall/firewalls and both ports are publicly accessible once these are 
> set you can proceed with the lengthy and messy tutorial you were 
> following 
> or you can just install 
> https://dl.eff.org/certbot-beta-installer-win32.exe, stop the apache 
> server and execute this command  ( certbot certonly -n --standalone 
> -d  repository-uecal.com   --agree-tos --email your-email-here ) to 
> generate the certificate and it's key and place them for you as you see 
> them below.
>
> Successfully received certificate.
> Certificate is saved at: C:\Certbot\live\repository-uecal.com
> \fullchain.pem
> Key is saved at: C:\Certbot\live\repository-uecal.com
> \privkey.pem
> This certificate expires on 2022-06-07.
> These files will be updated when the certificate renews.
> Certbot has set up a scheduled task to automatically renew this 
> certificate in the background.
>
> What you need to add into the apache SSL config file after the 
> certificate and it's key is saved in your server:
> SSLCertificateFile "C:\Certbot\live\repository-uecal.com
> \fullchain.pem"
> SSLCertificateKeyFile "C:\Certbot\live\repository-uecal.com
> \privkey.pem"
>
>
> Good luck
>
>
>  [image: path.PNG]
>>
>> On Wednesday, March 9, 2022 at 4:57:26 PM UTC+8 euler wrote:
>>
>>> Hi Phillip,
>>>
>>> For the verification, did you choose [http-01] Serve verification 
>>> files on (network) path? In your virtual host conf, create this rule:
>>>
>>> ProxyPass /.well-known !
>>>
>>> right above the:
>>> ProxyPass /server ajp://localhost:8009/server
>>> ProxyPassReverse /server ajp://localhost:8009/server
>>>
>>> This is to ensure that when Let's Encrypt tries to access that URL, 
>>> it will not proxy to your dspace instance. Make sure to create this 
>>> folder 
>>> first under the htdocs directory. Based on my experience when using 
>>> Let's 
>>> Encr

Re: [dspace-tech] how to add https support?

[Phillip jan]

Can I use ngrok instead? Because I think my ISP disabled port 80 
connections...

On Friday, March 11, 2022 at 11:32:36 PM UTC+8 alo...@gmail.com wrote:

> It's debatable but a bad idea in general unless you doing it for testing 
> purposes and temporarily. It's much safer to get a ( Linux - NO Windows ) 
> server in one of the public clouds and run dspace on it for whatever 
> purpose you intend to run it for.
>
> Good luck
> On Friday, March 11, 2022 at 2:54:06 AM UTC+3 phillip...@gmail.com wrote:
>
>> Hi!
>>
>> Thank you for this. The reason why I can't make an SSL certificate using 
>> Certbot is that I haven't port forwarded my public IP to my private IP. 
>> However, I'm afraid because according to the internet there will be a 
>> vulnerability issue with port forwarding, is there a solution that can 
>> resolve or lessen these vulnerabilities?
>>
>> On Thursday, March 10, 2022 at 8:00:26 PM UTC+8 alo...@gmail.com wrote:
>>
>>> If this is a home office network make sure 124.107.184.212 does match 
>>> what you get when you visit  https://whatismyipaddress.com afterwards 
>>> just redirect traffic coming from the internet to port 80 and 443 on 
>>> 124.107.184.212 to go to the private IP address of the Windows Workstation 
>>> you installed DSpace on and it should work for you. ( You should find these 
>>> settings in the Home Router - See the screenshot attached for hints )
>>> [image: 2022-03-10_14-54-34.png]
>>>
>>> On Thursday, March 10, 2022 at 4:05:09 AM UTC+3 phillip...@gmail.com 
>>> wrote:
>>>
 I directed my A address to my ipv4 through my domain name's dns manager 
 (godaddy) and opened port 80 and 443 on firewall to domain, private, and 
 public, i did it to both inbound and outbounds. I still get this error, 
 [image: Capture.PNG]

 I am using Apache + Windows 10 + Certbot + Let's Encrypt.
 On Wednesday, March 9, 2022 at 11:19:25 PM UTC+8 alo...@gmail.com 
 wrote:

> On Wednesday, March 9, 2022 at 1:47:31 PM UTC+3 phillip...@gmail.com 
> wrote:
>
>> Yes, it asked for a path. I don't know what I should input into it. 
>> What path should I include here? thanks!!
>
>
> httpd.conf path is what you suppose to write as a path there ( It 
> needs to fetch the ServerName value from the config file ) but it won't 
> work because the installation script will fail to reach your server from 
> the outside to verify you are the real owner of repository-uecal.com. 
> Why? because from what I see from here port 80 and 443 on 
> repository-uecal.com is blocked by a firewall. For this to work you 
> have to have an A record in the Authoritative DNS for 
> repository-uecal.com pointing to the IP address of your Windows 2019 
> server and also you have to have port 80 and 443 opened in the 
> firewall/firewalls and both ports are publicly accessible once these are 
> set you can proceed with the lengthy and messy tutorial you were 
> following 
> or you can just install 
> https://dl.eff.org/certbot-beta-installer-win32.exe, stop the apache 
> server and execute this command  ( certbot certonly -n --standalone 
> -d  repository-uecal.com   --agree-tos --email your-email-here ) to 
> generate the certificate and it's key and place them for you as you see 
> them below.
>
> Successfully received certificate.
> Certificate is saved at: C:\Certbot\live\repository-uecal.com
> \fullchain.pem
> Key is saved at: C:\Certbot\live\repository-uecal.com
> \privkey.pem
> This certificate expires on 2022-06-07.
> These files will be updated when the certificate renews.
> Certbot has set up a scheduled task to automatically renew this 
> certificate in the background.
>
> What you need to add into the apache SSL config file after the 
> certificate and it's key is saved in your server:
> SSLCertificateFile "C:\Certbot\live\repository-uecal.com
> \fullchain.pem"
> SSLCertificateKeyFile "C:\Certbot\live\repository-uecal.com
> \privkey.pem"
>
>
> Good luck
>
>
>  [image: path.PNG]
>>
>> On Wednesday, March 9, 2022 at 4:57:26 PM UTC+8 euler wrote:
>>
>>> Hi Phillip,
>>>
>>> For the verification, did you choose [http-01] Serve verification 
>>> files on (network) path? In your virtual host conf, create this rule:
>>>
>>> ProxyPass /.well-known !
>>>
>>> right above the:
>>> ProxyPass /server ajp://localhost:8009/server
>>> ProxyPassReverse /server ajp://localhost:8009/server
>>>
>>> This is to ensure that when Let's Encrypt tries to access that URL, 
>>> it will not proxy to your dspace instance. Make sure to create this 
>>> folder 
>>> first under the htdocs directory. Based on my experience when using 
>>> Let's 
>>> Encrypt, it will try to upload a verification file to the path 
>>> /.well-known 
>>> so it

Re: [dspace-tech] how to add https support?

[Mohammad S. AlMutairi]

It's debatable but a bad idea in general unless you doing it for testing 
purposes and temporarily. It's much safer to get a ( Linux - NO Windows ) 
server in one of the public clouds and run dspace on it for whatever 
purpose you intend to run it for.

Good luck
On Friday, March 11, 2022 at 2:54:06 AM UTC+3 phillip...@gmail.com wrote:

> Hi!
>
> Thank you for this. The reason why I can't make an SSL certificate using 
> Certbot is that I haven't port forwarded my public IP to my private IP. 
> However, I'm afraid because according to the internet there will be a 
> vulnerability issue with port forwarding, is there a solution that can 
> resolve or lessen these vulnerabilities?
>
> On Thursday, March 10, 2022 at 8:00:26 PM UTC+8 alo...@gmail.com wrote:
>
>> If this is a home office network make sure 124.107.184.212 does match 
>> what you get when you visit  https://whatismyipaddress.com afterwards 
>> just redirect traffic coming from the internet to port 80 and 443 on 
>> 124.107.184.212 to go to the private IP address of the Windows Workstation 
>> you installed DSpace on and it should work for you. ( You should find these 
>> settings in the Home Router - See the screenshot attached for hints )
>> [image: 2022-03-10_14-54-34.png]
>>
>> On Thursday, March 10, 2022 at 4:05:09 AM UTC+3 phillip...@gmail.com 
>> wrote:
>>
>>> I directed my A address to my ipv4 through my domain name's dns manager 
>>> (godaddy) and opened port 80 and 443 on firewall to domain, private, and 
>>> public, i did it to both inbound and outbounds. I still get this error, 
>>> [image: Capture.PNG]
>>>
>>> I am using Apache + Windows 10 + Certbot + Let's Encrypt.
>>> On Wednesday, March 9, 2022 at 11:19:25 PM UTC+8 alo...@gmail.com wrote:
>>>
 On Wednesday, March 9, 2022 at 1:47:31 PM UTC+3 phillip...@gmail.com 
 wrote:

> Yes, it asked for a path. I don't know what I should input into it. 
> What path should I include here? thanks!!


 httpd.conf path is what you suppose to write as a path there ( It needs 
 to fetch the ServerName value from the config file ) but it won't work 
 because the installation script will fail to reach your server from the 
 outside to verify you are the real owner of repository-uecal.com. Why? 
 because from what I see from here port 80 and 443 on 
 repository-uecal.com is blocked by a firewall. For this to work you 
 have to have an A record in the Authoritative DNS for 
 repository-uecal.com pointing to the IP address of your Windows 2019 
 server and also you have to have port 80 and 443 opened in the 
 firewall/firewalls and both ports are publicly accessible once these are 
 set you can proceed with the lengthy and messy tutorial you were following 
 or you can just install 
 https://dl.eff.org/certbot-beta-installer-win32.exe, stop the apache 
 server and execute this command  ( certbot certonly -n --standalone 
 -d  repository-uecal.com   --agree-tos --email your-email-here ) to 
 generate the certificate and it's key and place them for you as you see 
 them below.

 Successfully received certificate.
 Certificate is saved at: C:\Certbot\live\repository-uecal.com
 \fullchain.pem
 Key is saved at: C:\Certbot\live\repository-uecal.com
 \privkey.pem
 This certificate expires on 2022-06-07.
 These files will be updated when the certificate renews.
 Certbot has set up a scheduled task to automatically renew this 
 certificate in the background.

 What you need to add into the apache SSL config file after the 
 certificate and it's key is saved in your server:
 SSLCertificateFile "C:\Certbot\live\repository-uecal.com\fullchain.pem"
 SSLCertificateKeyFile "C:\Certbot\live\repository-uecal.com
 \privkey.pem"


 Good luck


  [image: path.PNG]
>
> On Wednesday, March 9, 2022 at 4:57:26 PM UTC+8 euler wrote:
>
>> Hi Phillip,
>>
>> For the verification, did you choose [http-01] Serve verification 
>> files on (network) path? In your virtual host conf, create this rule:
>>
>> ProxyPass /.well-known !
>>
>> right above the:
>> ProxyPass /server ajp://localhost:8009/server
>> ProxyPassReverse /server ajp://localhost:8009/server
>>
>> This is to ensure that when Let's Encrypt tries to access that URL, 
>> it will not proxy to your dspace instance. Make sure to create this 
>> folder 
>> first under the htdocs directory. Based on my experience when using 
>> Let's 
>> Encrypt, it will try to upload a verification file to the path 
>> /.well-known 
>> so it is important that this path is accessible to the public.
>>
>> Hope this helps,
>> euler
>> On Wednesday, March 9, 2022 at 10:33:18 AM UTC+8 phillip...@gmail.com 
>> wrote:
>>
>>> Hello, Euler!
>>>
>>> Thank you for this, I am following the instruc

Re: [dspace-tech] how to add https support?

[Phillip jan]

Hi!

Thank you for this. The reason why I can't make an SSL certificate using 
Certbot is that I haven't port forwarded my public IP to my private IP. 
However, I'm afraid because according to the internet there will be a 
vulnerability issue with port forwarding, is there a solution that can 
resolve or lessen these vulnerabilities?

On Thursday, March 10, 2022 at 8:00:26 PM UTC+8 alo...@gmail.com wrote:

> If this is a home office network make sure 124.107.184.212 does match what 
> you get when you visit  https://whatismyipaddress.com afterwards just 
> redirect traffic coming from the internet to port 80 and 443 on 
> 124.107.184.212 to go to the private IP address of the Windows Workstation 
> you installed DSpace on and it should work for you. ( You should find these 
> settings in the Home Router - See the screenshot attached for hints )
> [image: 2022-03-10_14-54-34.png]
>
> On Thursday, March 10, 2022 at 4:05:09 AM UTC+3 phillip...@gmail.com 
> wrote:
>
>> I directed my A address to my ipv4 through my domain name's dns manager 
>> (godaddy) and opened port 80 and 443 on firewall to domain, private, and 
>> public, i did it to both inbound and outbounds. I still get this error, 
>> [image: Capture.PNG]
>>
>> I am using Apache + Windows 10 + Certbot + Let's Encrypt.
>> On Wednesday, March 9, 2022 at 11:19:25 PM UTC+8 alo...@gmail.com wrote:
>>
>>> On Wednesday, March 9, 2022 at 1:47:31 PM UTC+3 phillip...@gmail.com 
>>> wrote:
>>>
 Yes, it asked for a path. I don't know what I should input into it. 
 What path should I include here? thanks!!
>>>
>>>
>>> httpd.conf path is what you suppose to write as a path there ( It needs 
>>> to fetch the ServerName value from the config file ) but it won't work 
>>> because the installation script will fail to reach your server from the 
>>> outside to verify you are the real owner of repository-uecal.com. Why? 
>>> because from what I see from here port 80 and 443 on 
>>> repository-uecal.com is blocked by a firewall. For this to work you 
>>> have to have an A record in the Authoritative DNS for 
>>> repository-uecal.com pointing to the IP address of your Windows 2019 
>>> server and also you have to have port 80 and 443 opened in the 
>>> firewall/firewalls and both ports are publicly accessible once these are 
>>> set you can proceed with the lengthy and messy tutorial you were following 
>>> or you can just install 
>>> https://dl.eff.org/certbot-beta-installer-win32.exe, stop the apache 
>>> server and execute this command  ( certbot certonly -n --standalone -d  
>>> repository-uecal.com   --agree-tos --email your-email-here ) to 
>>> generate the certificate and it's key and place them for you as you see 
>>> them below.
>>>
>>> Successfully received certificate.
>>> Certificate is saved at: C:\Certbot\live\repository-uecal.com
>>> \fullchain.pem
>>> Key is saved at: C:\Certbot\live\repository-uecal.com
>>> \privkey.pem
>>> This certificate expires on 2022-06-07.
>>> These files will be updated when the certificate renews.
>>> Certbot has set up a scheduled task to automatically renew this 
>>> certificate in the background.
>>>
>>> What you need to add into the apache SSL config file after the 
>>> certificate and it's key is saved in your server:
>>> SSLCertificateFile "C:\Certbot\live\repository-uecal.com\fullchain.pem"
>>> SSLCertificateKeyFile "C:\Certbot\live\repository-uecal.com\privkey.pem"
>>>
>>>
>>> Good luck
>>>
>>>
>>>  [image: path.PNG]

 On Wednesday, March 9, 2022 at 4:57:26 PM UTC+8 euler wrote:

> Hi Phillip,
>
> For the verification, did you choose [http-01] Serve verification 
> files on (network) path? In your virtual host conf, create this rule:
>
> ProxyPass /.well-known !
>
> right above the:
> ProxyPass /server ajp://localhost:8009/server
> ProxyPassReverse /server ajp://localhost:8009/server
>
> This is to ensure that when Let's Encrypt tries to access that URL, it 
> will not proxy to your dspace instance. Make sure to create this folder 
> first under the htdocs directory. Based on my experience when using Let's 
> Encrypt, it will try to upload a verification file to the path 
> /.well-known 
> so it is important that this path is accessible to the public.
>
> Hope this helps,
> euler
> On Wednesday, March 9, 2022 at 10:33:18 AM UTC+8 phillip...@gmail.com 
> wrote:
>
>> Hello, Euler!
>>
>> Thank you for this, I am following the instructions and I seem to be 
>> in the right path. However, I got stuck on step 5: Issue certificate. I 
>> just don't know how to verify that I bought and own the domain name on 
>> godaddy. Do you have an idea as to how I could verify that I own this 
>> domain? Thanks.
>> On Sunday, March 6, 2022 at 9:40:56 PM UTC+8 euler wrote:
>>
>>> Hi,
>>>
>>> I used this guide on how to setup Let's Encrypt SSL certificate on 
>>> Windows: 
>

Re: [dspace-tech] how to add https support?

[Phillip jan]

I directed my A address to my ipv4 through my domain name's dns manager 
(godaddy) and opened port 80 and 443 on firewall to domain, private, and 
public, i did it to both inbound and outbounds. I still get this error, 
[image: Capture.PNG]

I am using Apache + Windows 10 + Certbot + Let's Encrypt.
On Wednesday, March 9, 2022 at 11:19:25 PM UTC+8 alo...@gmail.com wrote:

> On Wednesday, March 9, 2022 at 1:47:31 PM UTC+3 phillip...@gmail.com 
> wrote:
>
>> Yes, it asked for a path. I don't know what I should input into it. What 
>> path should I include here? thanks!!
>
>
> httpd.conf path is what you suppose to write as a path there ( It needs to 
> fetch the ServerName value from the config file ) but it won't work because 
> the installation script will fail to reach your server from the outside to 
> verify you are the real owner of repository-uecal.com. Why? because from 
> what I see from here port 80 and 443 on repository-uecal.com is blocked 
> by a firewall. For this to work you have to have an A record in the 
> Authoritative DNS for repository-uecal.com pointing to the IP address of 
> your Windows 2019 server and also you have to have port 80 and 443 opened 
> in the firewall/firewalls and both ports are publicly accessible once these 
> are set you can proceed with the lengthy and messy tutorial you were 
> following or you can just install 
> https://dl.eff.org/certbot-beta-installer-win32.exe, stop the apache 
> server and execute this command  ( certbot certonly -n --standalone -d  
> repository-uecal.com   --agree-tos --email your-email-here ) to generate 
> the certificate and it's key and place them for you as you see them below.
>
> Successfully received certificate.
> Certificate is saved at: C:\Certbot\live\repository-uecal.com
> \fullchain.pem
> Key is saved at: C:\Certbot\live\repository-uecal.com\privkey.pem
> This certificate expires on 2022-06-07.
> These files will be updated when the certificate renews.
> Certbot has set up a scheduled task to automatically renew this 
> certificate in the background.
>
> What you need to add into the apache SSL config file after the certificate 
> and it's key is saved in your server:
> SSLCertificateFile "C:\Certbot\live\repository-uecal.com\fullchain.pem"
> SSLCertificateKeyFile "C:\Certbot\live\repository-uecal.com\privkey.pem"
>
>
> Good luck
>
>
>  [image: path.PNG]
>>
>> On Wednesday, March 9, 2022 at 4:57:26 PM UTC+8 euler wrote:
>>
>>> Hi Phillip,
>>>
>>> For the verification, did you choose [http-01] Serve verification files 
>>> on (network) path? In your virtual host conf, create this rule:
>>>
>>> ProxyPass /.well-known !
>>>
>>> right above the:
>>> ProxyPass /server ajp://localhost:8009/server
>>> ProxyPassReverse /server ajp://localhost:8009/server
>>>
>>> This is to ensure that when Let's Encrypt tries to access that URL, it 
>>> will not proxy to your dspace instance. Make sure to create this folder 
>>> first under the htdocs directory. Based on my experience when using Let's 
>>> Encrypt, it will try to upload a verification file to the path /.well-known 
>>> so it is important that this path is accessible to the public.
>>>
>>> Hope this helps,
>>> euler
>>> On Wednesday, March 9, 2022 at 10:33:18 AM UTC+8 phillip...@gmail.com 
>>> wrote:
>>>
 Hello, Euler!

 Thank you for this, I am following the instructions and I seem to be in 
 the right path. However, I got stuck on step 5: Issue certificate. I just 
 don't know how to verify that I bought and own the domain name on godaddy. 
 Do you have an idea as to how I could verify that I own this domain? 
 Thanks.
 On Sunday, March 6, 2022 at 9:40:56 PM UTC+8 euler wrote:

> Hi,
>
> I used this guide on how to setup Let's Encrypt SSL certificate on 
> Windows: 
> https://www.snel.com/support/install-lets-encrypt-with-apache-on-windows-server-2019/
>
> Hope this helps.
> euler
>
> On Sunday, March 6, 2022 at 7:13:13 PM UTC+8 phillip...@gmail.com 
> wrote:
>
>> Hello! Is there a tutorial on how to generate an SSL certificate on 
>> windows I am using apache httpd? I've done the virtual hosting and was 
>> able 
>> to proxy to apache tomcat. However, I do not know how to get an SSL 
>> certificate using let's encrypt for my domain name that I bought on 
>> GoDaddy.
>>
>> On Friday, March 4, 2022 at 6:39:10 PM UTC+8 Phillip jan wrote:
>>
>>> Now, I am back to this issue with HTTPS. I cannot seem to generate a 
>>> certificate with let's encrypt using certbot. It returns this, [image: 
>>> yes.PNG]
>>>
>>> On Friday, March 4, 2022 at 12:31:37 PM UTC+8 Phillip jan wrote:
>>>
 It now works for me. thanks for this. apparently, I'm only 
 accessing the URL "repository-uecal.com" instead of "
 repository-uecal.com/server". I am just a newbie at setting up 
 apache.

 On Friday, March 4, 2022 a

Re: [dspace-tech] how to add https support?

[Mohammad S. AlMutairi]

On Wednesday, March 9, 2022 at 1:47:31 PM UTC+3 phillip...@gmail.com wrote:

> Yes, it asked for a path. I don't know what I should input into it. What 
> path should I include here? thanks!!


httpd.conf path is what you suppose to write as a path there ( It needs to 
fetch the ServerName value from the config file ) but it won't work because 
the installation script will fail to reach your server from the outside to 
verify you are the real owner of repository-uecal.com. Why? because from 
what I see from here port 80 and 443 on repository-uecal.com is blocked by 
a firewall. For this to work you have to have an A record in the 
Authoritative DNS for repository-uecal.com pointing to the IP address of 
your Windows 2019 server and also you have to have port 80 and 443 opened 
in the firewall/firewalls and both ports are publicly accessible once these 
are set you can proceed with the lengthy and messy tutorial you were 
following or you can just 
install https://dl.eff.org/certbot-beta-installer-win32.exe, stop the 
apache server and execute this command  ( certbot certonly -n --standalone 
-d  repository-uecal.com   --agree-tos --email your-email-here ) to 
generate the certificate and it's key and place them for you as you see 
them below.

Successfully received certificate.
Certificate is saved at: C:\Certbot\live\repository-uecal.com\fullchain.pem
Key is saved at: C:\Certbot\live\repository-uecal.com\privkey.pem
This certificate expires on 2022-06-07.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate 
in the background.

What you need to add into the apache SSL config file after the certificate 
and it's key is saved in your server:
SSLCertificateFile "C:\Certbot\live\repository-uecal.com\fullchain.pem"
SSLCertificateKeyFile "C:\Certbot\live\repository-uecal.com\privkey.pem"


Good luck


 [image: path.PNG]
>
> On Wednesday, March 9, 2022 at 4:57:26 PM UTC+8 euler wrote:
>
>> Hi Phillip,
>>
>> For the verification, did you choose [http-01] Serve verification files 
>> on (network) path? In your virtual host conf, create this rule:
>>
>> ProxyPass /.well-known !
>>
>> right above the:
>> ProxyPass /server ajp://localhost:8009/server
>> ProxyPassReverse /server ajp://localhost:8009/server
>>
>> This is to ensure that when Let's Encrypt tries to access that URL, it 
>> will not proxy to your dspace instance. Make sure to create this folder 
>> first under the htdocs directory. Based on my experience when using Let's 
>> Encrypt, it will try to upload a verification file to the path /.well-known 
>> so it is important that this path is accessible to the public.
>>
>> Hope this helps,
>> euler
>> On Wednesday, March 9, 2022 at 10:33:18 AM UTC+8 phillip...@gmail.com 
>> wrote:
>>
>>> Hello, Euler!
>>>
>>> Thank you for this, I am following the instructions and I seem to be in 
>>> the right path. However, I got stuck on step 5: Issue certificate. I just 
>>> don't know how to verify that I bought and own the domain name on godaddy. 
>>> Do you have an idea as to how I could verify that I own this domain? Thanks.
>>> On Sunday, March 6, 2022 at 9:40:56 PM UTC+8 euler wrote:
>>>
 Hi,

 I used this guide on how to setup Let's Encrypt SSL certificate on 
 Windows: 
 https://www.snel.com/support/install-lets-encrypt-with-apache-on-windows-server-2019/

 Hope this helps.
 euler

 On Sunday, March 6, 2022 at 7:13:13 PM UTC+8 phillip...@gmail.com 
 wrote:

> Hello! Is there a tutorial on how to generate an SSL certificate on 
> windows I am using apache httpd? I've done the virtual hosting and was 
> able 
> to proxy to apache tomcat. However, I do not know how to get an SSL 
> certificate using let's encrypt for my domain name that I bought on 
> GoDaddy.
>
> On Friday, March 4, 2022 at 6:39:10 PM UTC+8 Phillip jan wrote:
>
>> Now, I am back to this issue with HTTPS. I cannot seem to generate a 
>> certificate with let's encrypt using certbot. It returns this, [image: 
>> yes.PNG]
>>
>> On Friday, March 4, 2022 at 12:31:37 PM UTC+8 Phillip jan wrote:
>>
>>> It now works for me. thanks for this. apparently, I'm only accessing 
>>> the URL "repository-uecal.com" instead of "
>>> repository-uecal.com/server". I am just a newbie at setting up 
>>> apache.
>>>
>>> On Friday, March 4, 2022 at 10:00:47 AM UTC+8 Eric Montague wrote:
>>>
 I am running on Windows 19 Server.
 Using the mod_proxy instead of ajp, works for me.
 I also do not  use ProxyPreserveHost 

 Something like this might work for you.

 

 ServerName myserver.com
 ServerAlias www.myserver.com

 ProxyPass /server http://localhost:8080/server
 ProxyPassReverse /server http://localhost:8080/server

 
>

Re: [dspace-tech] how to add https support?

[Phillip jan]

Yes, it asked for a path. I don't know what I should input into it. What 
path should I include here? thanks!!
 [image: path.PNG]

On Wednesday, March 9, 2022 at 4:57:26 PM UTC+8 euler wrote:

> Hi Phillip,
>
> For the verification, did you choose [http-01] Serve verification files on 
> (network) path? In your virtual host conf, create this rule:
>
> ProxyPass /.well-known !
>
> right above the:
> ProxyPass /server ajp://localhost:8009/server
> ProxyPassReverse /server ajp://localhost:8009/server
>
> This is to ensure that when Let's Encrypt tries to access that URL, it 
> will not proxy to your dspace instance. Make sure to create this folder 
> first under the htdocs directory. Based on my experience when using Let's 
> Encrypt, it will try to upload a verification file to the path /.well-known 
> so it is important that this path is accessible to the public.
>
> Hope this helps,
> euler
> On Wednesday, March 9, 2022 at 10:33:18 AM UTC+8 phillip...@gmail.com 
> wrote:
>
>> Hello, Euler!
>>
>> Thank you for this, I am following the instructions and I seem to be in 
>> the right path. However, I got stuck on step 5: Issue certificate. I just 
>> don't know how to verify that I bought and own the domain name on godaddy. 
>> Do you have an idea as to how I could verify that I own this domain? Thanks.
>> On Sunday, March 6, 2022 at 9:40:56 PM UTC+8 euler wrote:
>>
>>> Hi,
>>>
>>> I used this guide on how to setup Let's Encrypt SSL certificate on 
>>> Windows: 
>>> https://www.snel.com/support/install-lets-encrypt-with-apache-on-windows-server-2019/
>>>
>>> Hope this helps.
>>> euler
>>>
>>> On Sunday, March 6, 2022 at 7:13:13 PM UTC+8 phillip...@gmail.com wrote:
>>>
 Hello! Is there a tutorial on how to generate an SSL certificate on 
 windows I am using apache httpd? I've done the virtual hosting and was 
 able 
 to proxy to apache tomcat. However, I do not know how to get an SSL 
 certificate using let's encrypt for my domain name that I bought on 
 GoDaddy.

 On Friday, March 4, 2022 at 6:39:10 PM UTC+8 Phillip jan wrote:

> Now, I am back to this issue with HTTPS. I cannot seem to generate a 
> certificate with let's encrypt using certbot. It returns this, [image: 
> yes.PNG]
>
> On Friday, March 4, 2022 at 12:31:37 PM UTC+8 Phillip jan wrote:
>
>> It now works for me. thanks for this. apparently, I'm only accessing 
>> the URL "repository-uecal.com" instead of "
>> repository-uecal.com/server". I am just a newbie at setting up 
>> apache.
>>
>> On Friday, March 4, 2022 at 10:00:47 AM UTC+8 Eric Montague wrote:
>>
>>> I am running on Windows 19 Server.
>>> Using the mod_proxy instead of ajp, works for me.
>>> I also do not  use ProxyPreserveHost 
>>>
>>> Something like this might work for you.
>>>
>>> 
>>>
>>> ServerName myserver.com
>>> ServerAlias www.myserver.com
>>>
>>> ProxyPass /server http://localhost:8080/server
>>> ProxyPassReverse /server http://localhost:8080/server
>>>
>>> 
>>>
>>> This should redirect myserver.com/server to 
>>> http://localhost:8080/server.
>>>
>>> If you want to redirect myserver.com to http://localhost:8080/server. 
>>>
>>> I think you would have to use
>>>
>>> ProxyPass / http://localhost:8080/server
>>> ProxyPassReverse / http://localhost:8080/server
>>>
>>> But I'm not sure what you are trying to accomplish.
>>> The subject line says 'how to add https support'.
>>> But later in the thread you say you just want to 'proxy requests to 
>>> tomcat via reverse proxying'
>>>
>>> - eric
>>> On 2/7/2022 5:58 AM, Phillip jan wrote:
>>>
>>> Hi! I am running on windows 10. 
>>> On Monday, February 7, 2022 at 9:38:25 PM UTC+8 Mark H. Wood wrote:
>>>
 On Sun, Feb 06, 2022 at 08:48:07AM -0800, Phillip jan wrote: 
 > Hi! I am having issues with the backend installation, 
 particularly step 16. 
 > I don't know how to setup a virtualhost using https/port443 proxy 
 to proxy 
 > all requests to apache and how to create an ssl certificate. I am 
 new to 
 > deploying a website in production environment. Can someone help 
 me? thanks 
 > in advance. 

 The details will depend on your operating system. Is this on Linux 
 or 
 Windows? If Linux, what distribution (Ubuntu, Red Hat, etc.) and 
 version? 

 Some general notes: 

 o Virtual hosting and proxying are two separate issues. The proxy 
 connection will run within the virtual host. 

 o Proxying between Tomcat and HTTPD can be done using HTTP or AJP. 
 You need to choose one. The two services must both be configured 
 to agree on the details of their connection. 

 o Do you 

Re: [dspace-tech] how to add https support?

[Phillip jan]

yes, i chose that option. it asked for a path, which i dont know where...

On Wednesday, March 9, 2022 at 4:57:26 PM UTC+8 euler wrote:

> Hi Phillip,
>
> For the verification, did you choose [http-01] Serve verification files on 
> (network) path? In your virtual host conf, create this rule:
>
> ProxyPass /.well-known !
>
> right above the:
> ProxyPass /server ajp://localhost:8009/server
> ProxyPassReverse /server ajp://localhost:8009/server
>
> This is to ensure that when Let's Encrypt tries to access that URL, it 
> will not proxy to your dspace instance. Make sure to create this folder 
> first under the htdocs directory. Based on my experience when using Let's 
> Encrypt, it will try to upload a verification file to the path /.well-known 
> so it is important that this path is accessible to the public.
>
> Hope this helps,
> euler
> On Wednesday, March 9, 2022 at 10:33:18 AM UTC+8 phillip...@gmail.com 
> wrote:
>
>> Hello, Euler!
>>
>> Thank you for this, I am following the instructions and I seem to be in 
>> the right path. However, I got stuck on step 5: Issue certificate. I just 
>> don't know how to verify that I bought and own the domain name on godaddy. 
>> Do you have an idea as to how I could verify that I own this domain? Thanks.
>> On Sunday, March 6, 2022 at 9:40:56 PM UTC+8 euler wrote:
>>
>>> Hi,
>>>
>>> I used this guide on how to setup Let's Encrypt SSL certificate on 
>>> Windows: 
>>> https://www.snel.com/support/install-lets-encrypt-with-apache-on-windows-server-2019/
>>>
>>> Hope this helps.
>>> euler
>>>
>>> On Sunday, March 6, 2022 at 7:13:13 PM UTC+8 phillip...@gmail.com wrote:
>>>
 Hello! Is there a tutorial on how to generate an SSL certificate on 
 windows I am using apache httpd? I've done the virtual hosting and was 
 able 
 to proxy to apache tomcat. However, I do not know how to get an SSL 
 certificate using let's encrypt for my domain name that I bought on 
 GoDaddy.

 On Friday, March 4, 2022 at 6:39:10 PM UTC+8 Phillip jan wrote:

> Now, I am back to this issue with HTTPS. I cannot seem to generate a 
> certificate with let's encrypt using certbot. It returns this, [image: 
> yes.PNG]
>
> On Friday, March 4, 2022 at 12:31:37 PM UTC+8 Phillip jan wrote:
>
>> It now works for me. thanks for this. apparently, I'm only accessing 
>> the URL "repository-uecal.com" instead of "
>> repository-uecal.com/server". I am just a newbie at setting up 
>> apache.
>>
>> On Friday, March 4, 2022 at 10:00:47 AM UTC+8 Eric Montague wrote:
>>
>>> I am running on Windows 19 Server.
>>> Using the mod_proxy instead of ajp, works for me.
>>> I also do not  use ProxyPreserveHost 
>>>
>>> Something like this might work for you.
>>>
>>> 
>>>
>>> ServerName myserver.com
>>> ServerAlias www.myserver.com
>>>
>>> ProxyPass /server http://localhost:8080/server
>>> ProxyPassReverse /server http://localhost:8080/server
>>>
>>> 
>>>
>>> This should redirect myserver.com/server to 
>>> http://localhost:8080/server.
>>>
>>> If you want to redirect myserver.com to http://localhost:8080/server. 
>>>
>>> I think you would have to use
>>>
>>> ProxyPass / http://localhost:8080/server
>>> ProxyPassReverse / http://localhost:8080/server
>>>
>>> But I'm not sure what you are trying to accomplish.
>>> The subject line says 'how to add https support'.
>>> But later in the thread you say you just want to 'proxy requests to 
>>> tomcat via reverse proxying'
>>>
>>> - eric
>>> On 2/7/2022 5:58 AM, Phillip jan wrote:
>>>
>>> Hi! I am running on windows 10. 
>>> On Monday, February 7, 2022 at 9:38:25 PM UTC+8 Mark H. Wood wrote:
>>>
 On Sun, Feb 06, 2022 at 08:48:07AM -0800, Phillip jan wrote: 
 > Hi! I am having issues with the backend installation, 
 particularly step 16. 
 > I don't know how to setup a virtualhost using https/port443 proxy 
 to proxy 
 > all requests to apache and how to create an ssl certificate. I am 
 new to 
 > deploying a website in production environment. Can someone help 
 me? thanks 
 > in advance. 

 The details will depend on your operating system. Is this on Linux 
 or 
 Windows? If Linux, what distribution (Ubuntu, Red Hat, etc.) and 
 version? 

 Some general notes: 

 o Virtual hosting and proxying are two separate issues. The proxy 
 connection will run within the virtual host. 

 o Proxying between Tomcat and HTTPD can be done using HTTP or AJP. 
 You need to choose one. The two services must both be configured 
 to agree on the details of their connection. 

 o Do you want to create a self-signed certificate, or obtain a 
>

Re: [dspace-tech] how to add https support?

[euler]

Hi Phillip,

For the verification, did you choose [http-01] Serve verification files on 
(network) path? In your virtual host conf, create this rule:

ProxyPass /.well-known !

right above the:
ProxyPass /server ajp://localhost:8009/server
ProxyPassReverse /server ajp://localhost:8009/server

This is to ensure that when Let's Encrypt tries to access that URL, it will 
not proxy to your dspace instance. Make sure to create this folder first 
under the htdocs directory. Based on my experience when using Let's 
Encrypt, it will try to upload a verification file to the path /.well-known 
so it is important that this path is accessible to the public.

Hope this helps,
euler
On Wednesday, March 9, 2022 at 10:33:18 AM UTC+8 phillip...@gmail.com wrote:

> Hello, Euler!
>
> Thank you for this, I am following the instructions and I seem to be in 
> the right path. However, I got stuck on step 5: Issue certificate. I just 
> don't know how to verify that I bought and own the domain name on godaddy. 
> Do you have an idea as to how I could verify that I own this domain? Thanks.
> On Sunday, March 6, 2022 at 9:40:56 PM UTC+8 euler wrote:
>
>> Hi,
>>
>> I used this guide on how to setup Let's Encrypt SSL certificate on 
>> Windows: 
>> https://www.snel.com/support/install-lets-encrypt-with-apache-on-windows-server-2019/
>>
>> Hope this helps.
>> euler
>>
>> On Sunday, March 6, 2022 at 7:13:13 PM UTC+8 phillip...@gmail.com wrote:
>>
>>> Hello! Is there a tutorial on how to generate an SSL certificate on 
>>> windows I am using apache httpd? I've done the virtual hosting and was able 
>>> to proxy to apache tomcat. However, I do not know how to get an SSL 
>>> certificate using let's encrypt for my domain name that I bought on GoDaddy.
>>>
>>> On Friday, March 4, 2022 at 6:39:10 PM UTC+8 Phillip jan wrote:
>>>
 Now, I am back to this issue with HTTPS. I cannot seem to generate a 
 certificate with let's encrypt using certbot. It returns this, [image: 
 yes.PNG]

 On Friday, March 4, 2022 at 12:31:37 PM UTC+8 Phillip jan wrote:

> It now works for me. thanks for this. apparently, I'm only accessing 
> the URL "repository-uecal.com" instead of "repository-uecal.com/server". 
> I am just a newbie at setting up apache.
>
> On Friday, March 4, 2022 at 10:00:47 AM UTC+8 Eric Montague wrote:
>
>> I am running on Windows 19 Server.
>> Using the mod_proxy instead of ajp, works for me.
>> I also do not  use ProxyPreserveHost 
>>
>> Something like this might work for you.
>>
>> 
>>
>> ServerName myserver.com
>> ServerAlias www.myserver.com
>>
>> ProxyPass /server http://localhost:8080/server
>> ProxyPassReverse /server http://localhost:8080/server
>>
>> 
>>
>> This should redirect myserver.com/server to 
>> http://localhost:8080/server.
>>
>> If you want to redirect myserver.com to http://localhost:8080/server. 
>>
>> I think you would have to use
>>
>> ProxyPass / http://localhost:8080/server
>> ProxyPassReverse / http://localhost:8080/server
>>
>> But I'm not sure what you are trying to accomplish.
>> The subject line says 'how to add https support'.
>> But later in the thread you say you just want to 'proxy requests to 
>> tomcat via reverse proxying'
>>
>> - eric
>> On 2/7/2022 5:58 AM, Phillip jan wrote:
>>
>> Hi! I am running on windows 10. 
>> On Monday, February 7, 2022 at 9:38:25 PM UTC+8 Mark H. Wood wrote:
>>
>>> On Sun, Feb 06, 2022 at 08:48:07AM -0800, Phillip jan wrote: 
>>> > Hi! I am having issues with the backend installation, particularly 
>>> step 16. 
>>> > I don't know how to setup a virtualhost using https/port443 proxy 
>>> to proxy 
>>> > all requests to apache and how to create an ssl certificate. I am 
>>> new to 
>>> > deploying a website in production environment. Can someone help 
>>> me? thanks 
>>> > in advance. 
>>>
>>> The details will depend on your operating system. Is this on Linux 
>>> or 
>>> Windows? If Linux, what distribution (Ubuntu, Red Hat, etc.) and 
>>> version? 
>>>
>>> Some general notes: 
>>>
>>> o Virtual hosting and proxying are two separate issues. The proxy 
>>> connection will run within the virtual host. 
>>>
>>> o Proxying between Tomcat and HTTPD can be done using HTTP or AJP. 
>>> You need to choose one. The two services must both be configured 
>>> to agree on the details of their connection. 
>>>
>>> o Do you want to create a self-signed certificate, or obtain a 
>>> certificate from a certificate authority? Self-signed certificates 
>>> are easier and quicker to create, but will not be trusted by 
>>> browsers. They are useful for testing, or in closed environments. 
>>> A commercial or corporate certificate should be automatically 
>>

Re: [dspace-tech] how to add https support?

[Phillip jan]

Hello, Euler!

Thank you for this, I am following the instructions and I seem to be in the 
right path. However, I got stuck on step 5: Issue certificate. I just don't 
know how to verify that I bought and own the domain name on godaddy. Do you 
have an idea as to how I could verify that I own this domain? Thanks.
On Sunday, March 6, 2022 at 9:40:56 PM UTC+8 euler wrote:

> Hi,
>
> I used this guide on how to setup Let's Encrypt SSL certificate on 
> Windows: 
> https://www.snel.com/support/install-lets-encrypt-with-apache-on-windows-server-2019/
>
> Hope this helps.
> euler
>
> On Sunday, March 6, 2022 at 7:13:13 PM UTC+8 phillip...@gmail.com wrote:
>
>> Hello! Is there a tutorial on how to generate an SSL certificate on 
>> windows I am using apache httpd? I've done the virtual hosting and was able 
>> to proxy to apache tomcat. However, I do not know how to get an SSL 
>> certificate using let's encrypt for my domain name that I bought on GoDaddy.
>>
>> On Friday, March 4, 2022 at 6:39:10 PM UTC+8 Phillip jan wrote:
>>
>>> Now, I am back to this issue with HTTPS. I cannot seem to generate a 
>>> certificate with let's encrypt using certbot. It returns this, [image: 
>>> yes.PNG]
>>>
>>> On Friday, March 4, 2022 at 12:31:37 PM UTC+8 Phillip jan wrote:
>>>
 It now works for me. thanks for this. apparently, I'm only accessing 
 the URL "repository-uecal.com" instead of "repository-uecal.com/server". 
 I am just a newbie at setting up apache.

 On Friday, March 4, 2022 at 10:00:47 AM UTC+8 Eric Montague wrote:

> I am running on Windows 19 Server.
> Using the mod_proxy instead of ajp, works for me.
> I also do not  use ProxyPreserveHost 
>
> Something like this might work for you.
>
> 
>
> ServerName myserver.com
> ServerAlias www.myserver.com
>
> ProxyPass /server http://localhost:8080/server
> ProxyPassReverse /server http://localhost:8080/server
>
> 
>
> This should redirect myserver.com/server to 
> http://localhost:8080/server.
>
> If you want to redirect myserver.com to http://localhost:8080/server. 
> I think you would have to use
>
> ProxyPass / http://localhost:8080/server
> ProxyPassReverse / http://localhost:8080/server
>
> But I'm not sure what you are trying to accomplish.
> The subject line says 'how to add https support'.
> But later in the thread you say you just want to 'proxy requests to 
> tomcat via reverse proxying'
>
> - eric
> On 2/7/2022 5:58 AM, Phillip jan wrote:
>
> Hi! I am running on windows 10. 
> On Monday, February 7, 2022 at 9:38:25 PM UTC+8 Mark H. Wood wrote:
>
>> On Sun, Feb 06, 2022 at 08:48:07AM -0800, Phillip jan wrote: 
>> > Hi! I am having issues with the backend installation, particularly 
>> step 16. 
>> > I don't know how to setup a virtualhost using https/port443 proxy 
>> to proxy 
>> > all requests to apache and how to create an ssl certificate. I am 
>> new to 
>> > deploying a website in production environment. Can someone help me? 
>> thanks 
>> > in advance. 
>>
>> The details will depend on your operating system. Is this on Linux or 
>> Windows? If Linux, what distribution (Ubuntu, Red Hat, etc.) and 
>> version? 
>>
>> Some general notes: 
>>
>> o Virtual hosting and proxying are two separate issues. The proxy 
>> connection will run within the virtual host. 
>>
>> o Proxying between Tomcat and HTTPD can be done using HTTP or AJP. 
>> You need to choose one. The two services must both be configured 
>> to agree on the details of their connection. 
>>
>> o Do you want to create a self-signed certificate, or obtain a 
>> certificate from a certificate authority? Self-signed certificates 
>> are easier and quicker to create, but will not be trusted by 
>> browsers. They are useful for testing, or in closed environments. 
>> A commercial or corporate certificate should be automatically 
>> trusted within the scope of the authority which signed it. To make 
>> your repository generally available, you will most likely want a 
>> commercial certificate. 
>>
>> o It may be best to get these things working one at a time. 
>> That is: first set up the virtual host and test that you can get 
>> service from it with a simple static page. Then set up the proxy 
>> connection and test that you can get service from DSpace. Then add 
>> the certificate and set up HTTPS. 
>>
>> -- 
>> Mark H. Wood 
>> Lead Technology Analyst 
>>
>> University Library 
>> Indiana University - Purdue University Indianapolis 
>> 755 W. Michigan Street 
>> Indianapolis, IN 46202 
>> 317-274-0749 <(317)%20274-0749> 
>> www.ulib.iupui.edu 
>>
> -- 
> All messages to this mailing list should adhere to t

Re: [dspace-tech] how to add https support?

[euler]

Hi,

I used this guide on how to setup Let's Encrypt SSL certificate on 
Windows: 
https://www.snel.com/support/install-lets-encrypt-with-apache-on-windows-server-2019/

Hope this helps.
euler

On Sunday, March 6, 2022 at 7:13:13 PM UTC+8 phillip...@gmail.com wrote:

> Hello! Is there a tutorial on how to generate an SSL certificate on 
> windows I am using apache httpd? I've done the virtual hosting and was able 
> to proxy to apache tomcat. However, I do not know how to get an SSL 
> certificate using let's encrypt for my domain name that I bought on GoDaddy.
>
> On Friday, March 4, 2022 at 6:39:10 PM UTC+8 Phillip jan wrote:
>
>> Now, I am back to this issue with HTTPS. I cannot seem to generate a 
>> certificate with let's encrypt using certbot. It returns this, [image: 
>> yes.PNG]
>>
>> On Friday, March 4, 2022 at 12:31:37 PM UTC+8 Phillip jan wrote:
>>
>>> It now works for me. thanks for this. apparently, I'm only accessing the 
>>> URL "repository-uecal.com" instead of "repository-uecal.com/server". I 
>>> am just a newbie at setting up apache.
>>>
>>> On Friday, March 4, 2022 at 10:00:47 AM UTC+8 Eric Montague wrote:
>>>
 I am running on Windows 19 Server.
 Using the mod_proxy instead of ajp, works for me.
 I also do not  use ProxyPreserveHost 

 Something like this might work for you.

 

 ServerName myserver.com
 ServerAlias www.myserver.com

 ProxyPass /server http://localhost:8080/server
 ProxyPassReverse /server http://localhost:8080/server

 

 This should redirect myserver.com/server to 
 http://localhost:8080/server.

 If you want to redirect myserver.com to http://localhost:8080/server. 
 I think you would have to use

 ProxyPass / http://localhost:8080/server
 ProxyPassReverse / http://localhost:8080/server

 But I'm not sure what you are trying to accomplish.
 The subject line says 'how to add https support'.
 But later in the thread you say you just want to 'proxy requests to 
 tomcat via reverse proxying'

 - eric
 On 2/7/2022 5:58 AM, Phillip jan wrote:

 Hi! I am running on windows 10. 
 On Monday, February 7, 2022 at 9:38:25 PM UTC+8 Mark H. Wood wrote:

> On Sun, Feb 06, 2022 at 08:48:07AM -0800, Phillip jan wrote: 
> > Hi! I am having issues with the backend installation, particularly 
> step 16. 
> > I don't know how to setup a virtualhost using https/port443 proxy to 
> proxy 
> > all requests to apache and how to create an ssl certificate. I am 
> new to 
> > deploying a website in production environment. Can someone help me? 
> thanks 
> > in advance. 
>
> The details will depend on your operating system. Is this on Linux or 
> Windows? If Linux, what distribution (Ubuntu, Red Hat, etc.) and 
> version? 
>
> Some general notes: 
>
> o Virtual hosting and proxying are two separate issues. The proxy 
> connection will run within the virtual host. 
>
> o Proxying between Tomcat and HTTPD can be done using HTTP or AJP. 
> You need to choose one. The two services must both be configured 
> to agree on the details of their connection. 
>
> o Do you want to create a self-signed certificate, or obtain a 
> certificate from a certificate authority? Self-signed certificates 
> are easier and quicker to create, but will not be trusted by 
> browsers. They are useful for testing, or in closed environments. 
> A commercial or corporate certificate should be automatically 
> trusted within the scope of the authority which signed it. To make 
> your repository generally available, you will most likely want a 
> commercial certificate. 
>
> o It may be best to get these things working one at a time. 
> That is: first set up the virtual host and test that you can get 
> service from it with a simple static page. Then set up the proxy 
> connection and test that you can get service from DSpace. Then add 
> the certificate and set up HTTPS. 
>
> -- 
> Mark H. Wood 
> Lead Technology Analyst 
>
> University Library 
> Indiana University - Purdue University Indianapolis 
> 755 W. Michigan Street 
> Indianapolis, IN 46202 
> 317-274-0749 <(317)%20274-0749> 
> www.ulib.iupui.edu 
>
 -- 
 All messages to this mailing list should adhere to the Code of Conduct: 
 https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx
 --- 
 You received this message because you are subscribed to the Google 
 Groups "DSpace Technical Support" group.
 To unsubscribe from this group and stop receiving emails from it, send 
 an email to dspace-tech...@googlegroups.com.
 To view this discussion on the web visit 
 https://groups.google.com/d/msgid/dspace-tech/1a34d9dd-311d-4378-b0cb-447a9fbc10edn%40googlegroups.com
  

Re: [dspace-tech] how to add https support?

[Phillip jan]

Hello! Is there a tutorial on how to generate an SSL certificate on windows 
I am using apache httpd? I've done the virtual hosting and was able to 
proxy to apache tomcat. However, I do not know how to get an SSL 
certificate using let's encrypt for my domain name that I bought on GoDaddy.

On Friday, March 4, 2022 at 6:39:10 PM UTC+8 Phillip jan wrote:

> Now, I am back to this issue with HTTPS. I cannot seem to generate a 
> certificate with let's encrypt using certbot. It returns this, [image: 
> yes.PNG]
>
> On Friday, March 4, 2022 at 12:31:37 PM UTC+8 Phillip jan wrote:
>
>> It now works for me. thanks for this. apparently, I'm only accessing the 
>> URL "repository-uecal.com" instead of "repository-uecal.com/server". I 
>> am just a newbie at setting up apache.
>>
>> On Friday, March 4, 2022 at 10:00:47 AM UTC+8 Eric Montague wrote:
>>
>>> I am running on Windows 19 Server.
>>> Using the mod_proxy instead of ajp, works for me.
>>> I also do not  use ProxyPreserveHost 
>>>
>>> Something like this might work for you.
>>>
>>> 
>>>
>>> ServerName myserver.com
>>> ServerAlias www.myserver.com
>>>
>>> ProxyPass /server http://localhost:8080/server
>>> ProxyPassReverse /server http://localhost:8080/server
>>>
>>> 
>>>
>>> This should redirect myserver.com/server to http://localhost:8080/server
>>> .
>>>
>>> If you want to redirect myserver.com to http://localhost:8080/server. 
>>> I think you would have to use
>>>
>>> ProxyPass / http://localhost:8080/server
>>> ProxyPassReverse / http://localhost:8080/server
>>>
>>> But I'm not sure what you are trying to accomplish.
>>> The subject line says 'how to add https support'.
>>> But later in the thread you say you just want to 'proxy requests to 
>>> tomcat via reverse proxying'
>>>
>>> - eric
>>> On 2/7/2022 5:58 AM, Phillip jan wrote:
>>>
>>> Hi! I am running on windows 10. 
>>> On Monday, February 7, 2022 at 9:38:25 PM UTC+8 Mark H. Wood wrote:
>>>
 On Sun, Feb 06, 2022 at 08:48:07AM -0800, Phillip jan wrote: 
 > Hi! I am having issues with the backend installation, particularly 
 step 16. 
 > I don't know how to setup a virtualhost using https/port443 proxy to 
 proxy 
 > all requests to apache and how to create an ssl certificate. I am new 
 to 
 > deploying a website in production environment. Can someone help me? 
 thanks 
 > in advance. 

 The details will depend on your operating system. Is this on Linux or 
 Windows? If Linux, what distribution (Ubuntu, Red Hat, etc.) and 
 version? 

 Some general notes: 

 o Virtual hosting and proxying are two separate issues. The proxy 
 connection will run within the virtual host. 

 o Proxying between Tomcat and HTTPD can be done using HTTP or AJP. 
 You need to choose one. The two services must both be configured 
 to agree on the details of their connection. 

 o Do you want to create a self-signed certificate, or obtain a 
 certificate from a certificate authority? Self-signed certificates 
 are easier and quicker to create, but will not be trusted by 
 browsers. They are useful for testing, or in closed environments. 
 A commercial or corporate certificate should be automatically 
 trusted within the scope of the authority which signed it. To make 
 your repository generally available, you will most likely want a 
 commercial certificate. 

 o It may be best to get these things working one at a time. 
 That is: first set up the virtual host and test that you can get 
 service from it with a simple static page. Then set up the proxy 
 connection and test that you can get service from DSpace. Then add 
 the certificate and set up HTTPS. 

 -- 
 Mark H. Wood 
 Lead Technology Analyst 

 University Library 
 Indiana University - Purdue University Indianapolis 
 755 W. Michigan Street 
 Indianapolis, IN 46202 
 317-274-0749 <(317)%20274-0749> 
 www.ulib.iupui.edu 

>>> -- 
>>> All messages to this mailing list should adhere to the Code of Conduct: 
>>> https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx
>>> --- 
>>> You received this message because you are subscribed to the Google 
>>> Groups "DSpace Technical Support" group.
>>> To unsubscribe from this group and stop receiving emails from it, send 
>>> an email to dspace-tech...@googlegroups.com.
>>> To view this discussion on the web visit 
>>> https://groups.google.com/d/msgid/dspace-tech/1a34d9dd-311d-4378-b0cb-447a9fbc10edn%40googlegroups.com
>>>  
>>> 
>>> .
>>>
>>>

-- 
All messages to this mailing list should adhere to the Code of Conduct: 
https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx
--- 
You received this message because you are subscribed to the Google Groups 
"DSpace Technic

Re: [dspace-tech] how to add https support?

[Phillip jan]

Hello! Is there a tutorial on how to generate an SSL certificate on windows 
I am using apache httpd? I've done the virtual hosting and was able to 
proxy to apache tomcat.

On Friday, March 4, 2022 at 6:39:10 PM UTC+8 Phillip jan wrote:

> Now, I am back to this issue with HTTPS. I cannot seem to generate a 
> certificate with let's encrypt using certbot. It returns this, [image: 
> yes.PNG]
>
> On Friday, March 4, 2022 at 12:31:37 PM UTC+8 Phillip jan wrote:
>
>> It now works for me. thanks for this. apparently, I'm only accessing the 
>> URL "repository-uecal.com" instead of "repository-uecal.com/server". I 
>> am just a newbie at setting up apache.
>>
>> On Friday, March 4, 2022 at 10:00:47 AM UTC+8 Eric Montague wrote:
>>
>>> I am running on Windows 19 Server.
>>> Using the mod_proxy instead of ajp, works for me.
>>> I also do not  use ProxyPreserveHost 
>>>
>>> Something like this might work for you.
>>>
>>> 
>>>
>>> ServerName myserver.com
>>> ServerAlias www.myserver.com
>>>
>>> ProxyPass /server http://localhost:8080/server
>>> ProxyPassReverse /server http://localhost:8080/server
>>>
>>> 
>>>
>>> This should redirect myserver.com/server to http://localhost:8080/server
>>> .
>>>
>>> If you want to redirect myserver.com to http://localhost:8080/server. 
>>> I think you would have to use
>>>
>>> ProxyPass / http://localhost:8080/server
>>> ProxyPassReverse / http://localhost:8080/server
>>>
>>> But I'm not sure what you are trying to accomplish.
>>> The subject line says 'how to add https support'.
>>> But later in the thread you say you just want to 'proxy requests to 
>>> tomcat via reverse proxying'
>>>
>>> - eric
>>> On 2/7/2022 5:58 AM, Phillip jan wrote:
>>>
>>> Hi! I am running on windows 10. 
>>> On Monday, February 7, 2022 at 9:38:25 PM UTC+8 Mark H. Wood wrote:
>>>
 On Sun, Feb 06, 2022 at 08:48:07AM -0800, Phillip jan wrote: 
 > Hi! I am having issues with the backend installation, particularly 
 step 16. 
 > I don't know how to setup a virtualhost using https/port443 proxy to 
 proxy 
 > all requests to apache and how to create an ssl certificate. I am new 
 to 
 > deploying a website in production environment. Can someone help me? 
 thanks 
 > in advance. 

 The details will depend on your operating system. Is this on Linux or 
 Windows? If Linux, what distribution (Ubuntu, Red Hat, etc.) and 
 version? 

 Some general notes: 

 o Virtual hosting and proxying are two separate issues. The proxy 
 connection will run within the virtual host. 

 o Proxying between Tomcat and HTTPD can be done using HTTP or AJP. 
 You need to choose one. The two services must both be configured 
 to agree on the details of their connection. 

 o Do you want to create a self-signed certificate, or obtain a 
 certificate from a certificate authority? Self-signed certificates 
 are easier and quicker to create, but will not be trusted by 
 browsers. They are useful for testing, or in closed environments. 
 A commercial or corporate certificate should be automatically 
 trusted within the scope of the authority which signed it. To make 
 your repository generally available, you will most likely want a 
 commercial certificate. 

 o It may be best to get these things working one at a time. 
 That is: first set up the virtual host and test that you can get 
 service from it with a simple static page. Then set up the proxy 
 connection and test that you can get service from DSpace. Then add 
 the certificate and set up HTTPS. 

 -- 
 Mark H. Wood 
 Lead Technology Analyst 

 University Library 
 Indiana University - Purdue University Indianapolis 
 755 W. Michigan Street 
 Indianapolis, IN 46202 
 317-274-0749 <(317)%20274-0749> 
 www.ulib.iupui.edu 

>>> -- 
>>> All messages to this mailing list should adhere to the Code of Conduct: 
>>> https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx
>>> --- 
>>> You received this message because you are subscribed to the Google 
>>> Groups "DSpace Technical Support" group.
>>> To unsubscribe from this group and stop receiving emails from it, send 
>>> an email to dspace-tech...@googlegroups.com.
>>> To view this discussion on the web visit 
>>> https://groups.google.com/d/msgid/dspace-tech/1a34d9dd-311d-4378-b0cb-447a9fbc10edn%40googlegroups.com
>>>  
>>> 
>>> .
>>>
>>>

-- 
All messages to this mailing list should adhere to the Code of Conduct: 
https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx
--- 
You received this message because you are subscribed to the Google Groups 
"DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to dspace-tech+unsu

Re: [dspace-tech] how to add https support?

[Phillip jan]

Now, I am back to this issue with HTTPS. I cannot seem to generate a 
certificate with let's encrypt using certbot. It returns this, [image: 
yes.PNG]

On Friday, March 4, 2022 at 12:31:37 PM UTC+8 Phillip jan wrote:

> It now works for me. thanks for this. apparently, I'm only accessing the 
> URL "repository-uecal.com" instead of "repository-uecal.com/server". I am 
> just a newbie at setting up apache.
>
> On Friday, March 4, 2022 at 10:00:47 AM UTC+8 Eric Montague wrote:
>
>> I am running on Windows 19 Server.
>> Using the mod_proxy instead of ajp, works for me.
>> I also do not  use ProxyPreserveHost 
>>
>> Something like this might work for you.
>>
>> 
>>
>> ServerName myserver.com
>> ServerAlias www.myserver.com
>>
>> ProxyPass /server http://localhost:8080/server
>> ProxyPassReverse /server http://localhost:8080/server
>>
>> 
>>
>> This should redirect myserver.com/server to http://localhost:8080/server.
>>
>> If you want to redirect myserver.com to http://localhost:8080/server. 
>> I think you would have to use
>>
>> ProxyPass / http://localhost:8080/server
>> ProxyPassReverse / http://localhost:8080/server
>>
>> But I'm not sure what you are trying to accomplish.
>> The subject line says 'how to add https support'.
>> But later in the thread you say you just want to 'proxy requests to 
>> tomcat via reverse proxying'
>>
>> - eric
>> On 2/7/2022 5:58 AM, Phillip jan wrote:
>>
>> Hi! I am running on windows 10. 
>> On Monday, February 7, 2022 at 9:38:25 PM UTC+8 Mark H. Wood wrote:
>>
>>> On Sun, Feb 06, 2022 at 08:48:07AM -0800, Phillip jan wrote: 
>>> > Hi! I am having issues with the backend installation, particularly 
>>> step 16. 
>>> > I don't know how to setup a virtualhost using https/port443 proxy to 
>>> proxy 
>>> > all requests to apache and how to create an ssl certificate. I am new 
>>> to 
>>> > deploying a website in production environment. Can someone help me? 
>>> thanks 
>>> > in advance. 
>>>
>>> The details will depend on your operating system. Is this on Linux or 
>>> Windows? If Linux, what distribution (Ubuntu, Red Hat, etc.) and 
>>> version? 
>>>
>>> Some general notes: 
>>>
>>> o Virtual hosting and proxying are two separate issues. The proxy 
>>> connection will run within the virtual host. 
>>>
>>> o Proxying between Tomcat and HTTPD can be done using HTTP or AJP. 
>>> You need to choose one. The two services must both be configured 
>>> to agree on the details of their connection. 
>>>
>>> o Do you want to create a self-signed certificate, or obtain a 
>>> certificate from a certificate authority? Self-signed certificates 
>>> are easier and quicker to create, but will not be trusted by 
>>> browsers. They are useful for testing, or in closed environments. 
>>> A commercial or corporate certificate should be automatically 
>>> trusted within the scope of the authority which signed it. To make 
>>> your repository generally available, you will most likely want a 
>>> commercial certificate. 
>>>
>>> o It may be best to get these things working one at a time. 
>>> That is: first set up the virtual host and test that you can get 
>>> service from it with a simple static page. Then set up the proxy 
>>> connection and test that you can get service from DSpace. Then add 
>>> the certificate and set up HTTPS. 
>>>
>>> -- 
>>> Mark H. Wood 
>>> Lead Technology Analyst 
>>>
>>> University Library 
>>> Indiana University - Purdue University Indianapolis 
>>> 755 W. Michigan Street 
>>> Indianapolis, IN 46202 
>>> 317-274-0749 <(317)%20274-0749> 
>>> www.ulib.iupui.edu 
>>>
>> -- 
>> All messages to this mailing list should adhere to the Code of Conduct: 
>> https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "DSpace Technical Support" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to dspace-tech...@googlegroups.com.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/dspace-tech/1a34d9dd-311d-4378-b0cb-447a9fbc10edn%40googlegroups.com
>>  
>> 
>> .
>>
>>

-- 
All messages to this mailing list should adhere to the Code of Conduct: 
https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx
--- 
You received this message because you are subscribed to the Google Groups 
"DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to dspace-tech+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/dspace-tech/7950cc66-045f-4652-aca5-4e58be54f55fn%40googlegroups.com.

Re: [dspace-tech] how to add https support?

[Phillip jan]

It now works for me. thanks for this. apparently, I'm only accessing the 
URL "repository-uecal.com" instead of "repository-uecal.com/server". I am 
just a newbie at setting up apache.

On Friday, March 4, 2022 at 10:00:47 AM UTC+8 Eric Montague wrote:

> I am running on Windows 19 Server.
> Using the mod_proxy instead of ajp, works for me.
> I also do not  use ProxyPreserveHost 
>
> Something like this might work for you.
>
> 
>
> ServerName myserver.com
> ServerAlias www.myserver.com
>
> ProxyPass /server http://localhost:8080/server
> ProxyPassReverse /server http://localhost:8080/server
>
> 
>
> This should redirect myserver.com/server to http://localhost:8080/server.
>
> If you want to redirect myserver.com to http://localhost:8080/server. 
> I think you would have to use
>
> ProxyPass / http://localhost:8080/server
> ProxyPassReverse / http://localhost:8080/server
>
> But I'm not sure what you are trying to accomplish.
> The subject line says 'how to add https support'.
> But later in the thread you say you just want to 'proxy requests to tomcat 
> via reverse proxying'
>
> - eric
> On 2/7/2022 5:58 AM, Phillip jan wrote:
>
> Hi! I am running on windows 10. 
> On Monday, February 7, 2022 at 9:38:25 PM UTC+8 Mark H. Wood wrote:
>
>> On Sun, Feb 06, 2022 at 08:48:07AM -0800, Phillip jan wrote: 
>> > Hi! I am having issues with the backend installation, particularly step 
>> 16. 
>> > I don't know how to setup a virtualhost using https/port443 proxy to 
>> proxy 
>> > all requests to apache and how to create an ssl certificate. I am new 
>> to 
>> > deploying a website in production environment. Can someone help me? 
>> thanks 
>> > in advance. 
>>
>> The details will depend on your operating system. Is this on Linux or 
>> Windows? If Linux, what distribution (Ubuntu, Red Hat, etc.) and 
>> version? 
>>
>> Some general notes: 
>>
>> o Virtual hosting and proxying are two separate issues. The proxy 
>> connection will run within the virtual host. 
>>
>> o Proxying between Tomcat and HTTPD can be done using HTTP or AJP. 
>> You need to choose one. The two services must both be configured 
>> to agree on the details of their connection. 
>>
>> o Do you want to create a self-signed certificate, or obtain a 
>> certificate from a certificate authority? Self-signed certificates 
>> are easier and quicker to create, but will not be trusted by 
>> browsers. They are useful for testing, or in closed environments. 
>> A commercial or corporate certificate should be automatically 
>> trusted within the scope of the authority which signed it. To make 
>> your repository generally available, you will most likely want a 
>> commercial certificate. 
>>
>> o It may be best to get these things working one at a time. 
>> That is: first set up the virtual host and test that you can get 
>> service from it with a simple static page. Then set up the proxy 
>> connection and test that you can get service from DSpace. Then add 
>> the certificate and set up HTTPS. 
>>
>> -- 
>> Mark H. Wood 
>> Lead Technology Analyst 
>>
>> University Library 
>> Indiana University - Purdue University Indianapolis 
>> 755 W. Michigan Street 
>> Indianapolis, IN 46202 
>> 317-274-0749 <(317)%20274-0749> 
>> www.ulib.iupui.edu 
>>
> -- 
> All messages to this mailing list should adhere to the Code of Conduct: 
> https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx
> --- 
> You received this message because you are subscribed to the Google Groups 
> "DSpace Technical Support" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to dspace-tech...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/dspace-tech/1a34d9dd-311d-4378-b0cb-447a9fbc10edn%40googlegroups.com
>  
> 
> .
>
>

-- 
All messages to this mailing list should adhere to the Code of Conduct: 
https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx
--- 
You received this message because you are subscribed to the Google Groups 
"DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to dspace-tech+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/dspace-tech/45ae0a13-554f-457b-9781-52601bf23c60n%40googlegroups.com.

Re: [dspace-tech] how to add https support?

[Eric Montague]

I am running on Windows 19 Server.
Using the mod_proxy instead of ajp, works for me.
I also do not  use ProxyPreserveHost

Something like this might work for you.



    ServerName myserver.com
    ServerAlias www.myserver.com

    ProxyPass /server http://localhost:8080/server
    ProxyPassReverse /server http://localhost:8080/server



This should redirect myserver.com/server to http://localhost:8080/server.

If you want to redirect myserver.com to http://localhost:8080/server.
I think you would have to use

    ProxyPass / http://localhost:8080/server
    ProxyPassReverse / http://localhost:8080/server

But I'm not sure what you are trying to accomplish.
The subject line says 'how to add https support'.
But later in the thread you say you just want to 'proxy requests to 
tomcat via reverse proxying'


- eric

On 2/7/2022 5:58 AM, Phillip jan wrote:

Hi! I am running on windows 10.
On Monday, February 7, 2022 at 9:38:25 PM UTC+8 Mark H. Wood wrote:

On Sun, Feb 06, 2022 at 08:48:07AM -0800, Phillip jan wrote:
> Hi! I am having issues with the backend installation,
particularly step 16.
> I don't know how to setup a virtualhost using https/port443
proxy to proxy
> all requests to apache and how to create an ssl certificate. I
am new to
> deploying a website in production environment. Can someone help
me? thanks
> in advance.

The details will depend on your operating system. Is this on Linux or
Windows? If Linux, what distribution (Ubuntu, Red Hat, etc.) and
version?

Some general notes:

o Virtual hosting and proxying are two separate issues. The proxy
connection will run within the virtual host.

o Proxying between Tomcat and HTTPD can be done using HTTP or AJP.
You need to choose one. The two services must both be configured
to agree on the details of their connection.

o Do you want to create a self-signed certificate, or obtain a
certificate from a certificate authority? Self-signed certificates
are easier and quicker to create, but will not be trusted by
browsers. They are useful for testing, or in closed environments.
A commercial or corporate certificate should be automatically
trusted within the scope of the authority which signed it. To make
your repository generally available, you will most likely want a
commercial certificate.

o It may be best to get these things working one at a time.
That is: first set up the virtual host and test that you can get
service from it with a simple static page. Then set up the proxy
connection and test that you can get service from DSpace. Then add
the certificate and set up HTTPS.

-- 
Mark H. Wood

Lead Technology Analyst

University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749 
www.ulib.iupui.edu 

--
All messages to this mailing list should adhere to the Code of 
Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx

---
You received this message because you are subscribed to the Google 
Groups "DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to dspace-tech+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/dspace-tech/1a34d9dd-311d-4378-b0cb-447a9fbc10edn%40googlegroups.com 
.


--
All messages to this mailing list should adhere to the Code of Conduct: 
https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx
--- 
You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to dspace-tech+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/dspace-tech/86642daf-b3cc-d0a3-6f0f-127e95816dea%40comcast.net.

Re: [dspace-tech] how to add https support?

[Phillip jan]

Hi, Federico!

Thanks for the response! Unfortunately, I am using DSpace 7.x, I don't 
think it uses jspui anymore. Also I do not have an SSL certificate yet, I 
just want to configure my apache to proxy requests to tomcat via reverse 
proxying with ajp or HTTP on port 80 without a certificate. 
On Thursday, March 3, 2022 at 9:51:01 PM UTC+8 federico@gmail.com wrote:

> Hi Jan,
>
> Try using mok_jk instead of reverse proxying.  Its simpler and works 
> better.
> Your apache ssl config should look like this (for jspui):
>
> 
> .
> RedirectMatch ^/$ /jspui
>
> JkMount /jspui* ajp13_worker
> JkMount /oai* ajp13_worker
> JkMount /swordv2* ajp13_worker
> .
>
> After enabling mok_jk and configuring the worker in workers.properties.
>
> Regards
>
> El jueves, 3 de marzo de 2022 a las 9:53:29 UTC-3, phillip...@gmail.com 
> escribió:
>
>> Hi, can you help me? I cannot get service from DSpace by reverse proxying 
>> apache to tomcat. It only shows the static page in  "${SRVROOT}/htdocs". 
>>
>> this is my httpd-vhosts.conf (this .conf file is alread included in my 
>> httpd.conf):
>>
>> 
>> ProxyPreserveHost On
>> ServerName repository-uecal.com
>> ProxyPass /server ajp://localhost:8009/server
>> ProxyPassReverse /server ajp://localhost:8009/server
>> 
>>
>>
>> On Monday, February 7, 2022 at 9:58:38 PM UTC+8 Phillip jan wrote:
>>
>>> Hi! I am running on windows 10.
>>> On Monday, February 7, 2022 at 9:38:25 PM UTC+8 Mark H. Wood wrote:
>>>
 On Sun, Feb 06, 2022 at 08:48:07AM -0800, Phillip jan wrote: 
 > Hi! I am having issues with the backend installation, particularly 
 step 16. 
 > I don't know how to setup a virtualhost using https/port443 proxy to 
 proxy 
 > all requests to apache and how to create an ssl certificate. I am new 
 to 
 > deploying a website in production environment. Can someone help me? 
 thanks 
 > in advance. 

 The details will depend on your operating system. Is this on Linux or 
 Windows? If Linux, what distribution (Ubuntu, Red Hat, etc.) and 
 version? 

 Some general notes: 

 o Virtual hosting and proxying are two separate issues. The proxy 
 connection will run within the virtual host. 

 o Proxying between Tomcat and HTTPD can be done using HTTP or AJP. 
 You need to choose one. The two services must both be configured 
 to agree on the details of their connection. 

 o Do you want to create a self-signed certificate, or obtain a 
 certificate from a certificate authority? Self-signed certificates 
 are easier and quicker to create, but will not be trusted by 
 browsers. They are useful for testing, or in closed environments. 
 A commercial or corporate certificate should be automatically 
 trusted within the scope of the authority which signed it. To make 
 your repository generally available, you will most likely want a 
 commercial certificate. 

 o It may be best to get these things working one at a time. 
 That is: first set up the virtual host and test that you can get 
 service from it with a simple static page. Then set up the proxy 
 connection and test that you can get service from DSpace. Then add 
 the certificate and set up HTTPS. 

 -- 
 Mark H. Wood 
 Lead Technology Analyst 

 University Library 
 Indiana University - Purdue University Indianapolis 
 755 W. Michigan Street 
 Indianapolis, IN 46202 
 317-274-0749 <(317)%20274-0749> 
 www.ulib.iupui.edu 

>>>

-- 
All messages to this mailing list should adhere to the Code of Conduct: 
https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx
--- 
You received this message because you are subscribed to the Google Groups 
"DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to dspace-tech+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/dspace-tech/d15d60cf-5dc3-4ccd-96ba-3a8105b08543n%40googlegroups.com.

Re: [dspace-tech] how to add https support?

[federico....@gmail.com]

Hi Jan,

Try using mok_jk instead of reverse proxying.  Its simpler and works better.
Your apache ssl config should look like this (for jspui):


.
RedirectMatch ^/$ /jspui

JkMount /jspui* ajp13_worker
JkMount /oai* ajp13_worker
JkMount /swordv2* ajp13_worker
.

After enabling mok_jk and configuring the worker in workers.properties.

Regards

El jueves, 3 de marzo de 2022 a las 9:53:29 UTC-3, phillip...@gmail.com 
escribió:

> Hi, can you help me? I cannot get service from DSpace by reverse proxying 
> apache to tomcat. It only shows the static page in  "${SRVROOT}/htdocs". 
>
> this is my httpd-vhosts.conf (this .conf file is alread included in my 
> httpd.conf):
>
> 
> ProxyPreserveHost On
> ServerName repository-uecal.com
> ProxyPass /server ajp://localhost:8009/server
> ProxyPassReverse /server ajp://localhost:8009/server
> 
>
>
> On Monday, February 7, 2022 at 9:58:38 PM UTC+8 Phillip jan wrote:
>
>> Hi! I am running on windows 10.
>> On Monday, February 7, 2022 at 9:38:25 PM UTC+8 Mark H. Wood wrote:
>>
>>> On Sun, Feb 06, 2022 at 08:48:07AM -0800, Phillip jan wrote: 
>>> > Hi! I am having issues with the backend installation, particularly 
>>> step 16. 
>>> > I don't know how to setup a virtualhost using https/port443 proxy to 
>>> proxy 
>>> > all requests to apache and how to create an ssl certificate. I am new 
>>> to 
>>> > deploying a website in production environment. Can someone help me? 
>>> thanks 
>>> > in advance. 
>>>
>>> The details will depend on your operating system. Is this on Linux or 
>>> Windows? If Linux, what distribution (Ubuntu, Red Hat, etc.) and 
>>> version? 
>>>
>>> Some general notes: 
>>>
>>> o Virtual hosting and proxying are two separate issues. The proxy 
>>> connection will run within the virtual host. 
>>>
>>> o Proxying between Tomcat and HTTPD can be done using HTTP or AJP. 
>>> You need to choose one. The two services must both be configured 
>>> to agree on the details of their connection. 
>>>
>>> o Do you want to create a self-signed certificate, or obtain a 
>>> certificate from a certificate authority? Self-signed certificates 
>>> are easier and quicker to create, but will not be trusted by 
>>> browsers. They are useful for testing, or in closed environments. 
>>> A commercial or corporate certificate should be automatically 
>>> trusted within the scope of the authority which signed it. To make 
>>> your repository generally available, you will most likely want a 
>>> commercial certificate. 
>>>
>>> o It may be best to get these things working one at a time. 
>>> That is: first set up the virtual host and test that you can get 
>>> service from it with a simple static page. Then set up the proxy 
>>> connection and test that you can get service from DSpace. Then add 
>>> the certificate and set up HTTPS. 
>>>
>>> -- 
>>> Mark H. Wood 
>>> Lead Technology Analyst 
>>>
>>> University Library 
>>> Indiana University - Purdue University Indianapolis 
>>> 755 W. Michigan Street 
>>> Indianapolis, IN 46202 
>>> 317-274-0749 <(317)%20274-0749> 
>>> www.ulib.iupui.edu 
>>>
>>

-- 
All messages to this mailing list should adhere to the Code of Conduct: 
https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx
--- 
You received this message because you are subscribed to the Google Groups 
"DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to dspace-tech+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/dspace-tech/0a7bbe0b-8b04-49e7-b033-638ae1383c34n%40googlegroups.com.

Re: [dspace-tech] how to add https support?

[Phillip jan]

Hi, can you help me? I cannot get service from DSpace by reverse proxying 
apache to tomcat. It only shows the static page in  "${SRVROOT}/htdocs". 

this is my httpd-vhosts.conf (this .conf file is alread included in my 
httpd.conf):


ProxyPreserveHost On
ServerName repository-uecal.com
ProxyPass /server ajp://localhost:8009/server
ProxyPassReverse /server ajp://localhost:8009/server



On Monday, February 7, 2022 at 9:58:38 PM UTC+8 Phillip jan wrote:

> Hi! I am running on windows 10.
> On Monday, February 7, 2022 at 9:38:25 PM UTC+8 Mark H. Wood wrote:
>
>> On Sun, Feb 06, 2022 at 08:48:07AM -0800, Phillip jan wrote:
>> > Hi! I am having issues with the backend installation, particularly step 
>> 16. 
>> > I don't know how to setup a virtualhost using https/port443 proxy to 
>> proxy 
>> > all requests to apache and how to create an ssl certificate. I am new 
>> to 
>> > deploying a website in production environment. Can someone help me? 
>> thanks 
>> > in advance.
>>
>> The details will depend on your operating system. Is this on Linux or
>> Windows? If Linux, what distribution (Ubuntu, Red Hat, etc.) and
>> version?
>>
>> Some general notes:
>>
>> o Virtual hosting and proxying are two separate issues. The proxy
>> connection will run within the virtual host.
>>
>> o Proxying between Tomcat and HTTPD can be done using HTTP or AJP.
>> You need to choose one. The two services must both be configured
>> to agree on the details of their connection.
>>
>> o Do you want to create a self-signed certificate, or obtain a
>> certificate from a certificate authority? Self-signed certificates
>> are easier and quicker to create, but will not be trusted by
>> browsers. They are useful for testing, or in closed environments.
>> A commercial or corporate certificate should be automatically
>> trusted within the scope of the authority which signed it. To make
>> your repository generally available, you will most likely want a
>> commercial certificate.
>>
>> o It may be best to get these things working one at a time.
>> That is: first set up the virtual host and test that you can get
>> service from it with a simple static page. Then set up the proxy
>> connection and test that you can get service from DSpace. Then add
>> the certificate and set up HTTPS.
>>
>> -- 
>> Mark H. Wood
>> Lead Technology Analyst
>>
>> University Library
>> Indiana University - Purdue University Indianapolis
>> 755 W. Michigan Street
>> Indianapolis, IN 46202
>> 317-274-0749 <(317)%20274-0749>
>> www.ulib.iupui.edu
>>
>

-- 
All messages to this mailing list should adhere to the Code of Conduct: 
https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx
--- 
You received this message because you are subscribed to the Google Groups 
"DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to dspace-tech+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/dspace-tech/16f1f5d6-ef6c-4152-b158-a3100bd26a8dn%40googlegroups.com.

Re: [dspace-tech] how to add https support?

[Phillip jan]

Hi! I am running on windows 10.
On Monday, February 7, 2022 at 9:38:25 PM UTC+8 Mark H. Wood wrote:

> On Sun, Feb 06, 2022 at 08:48:07AM -0800, Phillip jan wrote:
> > Hi! I am having issues with the backend installation, particularly step 
> 16. 
> > I don't know how to setup a virtualhost using https/port443 proxy to 
> proxy 
> > all requests to apache and how to create an ssl certificate. I am new to 
> > deploying a website in production environment. Can someone help me? 
> thanks 
> > in advance.
>
> The details will depend on your operating system. Is this on Linux or
> Windows? If Linux, what distribution (Ubuntu, Red Hat, etc.) and
> version?
>
> Some general notes:
>
> o Virtual hosting and proxying are two separate issues. The proxy
> connection will run within the virtual host.
>
> o Proxying between Tomcat and HTTPD can be done using HTTP or AJP.
> You need to choose one. The two services must both be configured
> to agree on the details of their connection.
>
> o Do you want to create a self-signed certificate, or obtain a
> certificate from a certificate authority? Self-signed certificates
> are easier and quicker to create, but will not be trusted by
> browsers. They are useful for testing, or in closed environments.
> A commercial or corporate certificate should be automatically
> trusted within the scope of the authority which signed it. To make
> your repository generally available, you will most likely want a
> commercial certificate.
>
> o It may be best to get these things working one at a time.
> That is: first set up the virtual host and test that you can get
> service from it with a simple static page. Then set up the proxy
> connection and test that you can get service from DSpace. Then add
> the certificate and set up HTTPS.
>
> -- 
> Mark H. Wood
> Lead Technology Analyst
>
> University Library
> Indiana University - Purdue University Indianapolis
> 755 W. Michigan Street
> Indianapolis, IN 46202
> 317-274-0749 <(317)%20274-0749>
> www.ulib.iupui.edu
>

-- 
All messages to this mailing list should adhere to the Code of Conduct: 
https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx
--- 
You received this message because you are subscribed to the Google Groups 
"DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to dspace-tech+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/dspace-tech/1a34d9dd-311d-4378-b0cb-447a9fbc10edn%40googlegroups.com.

Re: [dspace-tech] how to add https support?

[Mark H. Wood]

On Sun, Feb 06, 2022 at 08:48:07AM -0800, Phillip jan wrote:
> Hi! I am having issues with the backend installation, particularly step 16. 
> I don't know how to setup a virtualhost using https/port443 proxy to proxy 
> all requests to apache and how to create an ssl certificate. I am new to 
> deploying a website in production environment. Can someone help me? thanks 
> in advance.

The details will depend on your operating system.  Is this on Linux or
Windows?  If Linux, what distribution (Ubuntu, Red Hat, etc.) and
version?

Some general notes:

o  Virtual hosting and proxying are two separate issues.  The proxy
   connection will run within the virtual host.

o  Proxying between Tomcat and HTTPD can be done using HTTP or AJP.
   You need to choose one.  The two services must both be configured
   to agree on the details of their connection.

o  Do you want to create a self-signed certificate, or obtain a
   certificate from a certificate authority?  Self-signed certificates
   are easier and quicker to create, but will not be trusted by
   browsers.  They are useful for testing, or in closed environments.
   A commercial or corporate certificate should be automatically
   trusted within the scope of the authority which signed it.  To make
   your repository generally available, you will most likely want a
   commercial certificate.

o  It may be best to get these things working one at a time.
   That is:  first set up the virtual host and test that you can get
   service from it with a simple static page.  Then set up the proxy
   connection and test that you can get service from DSpace.  Then add
   the certificate and set up HTTPS.

-- 
Mark H. Wood
Lead Technology Analyst

University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
www.ulib.iupui.edu

-- 
All messages to this mailing list should adhere to the Code of Conduct: 
https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx
--- 
You received this message because you are subscribed to the Google Groups 
"DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to dspace-tech+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/dspace-tech/YgEgzJDa3Ms2ocSJ%40IUPUI.Edu.


signature.asc
Description: PGP signature

[dspace-tech] how to add https support?

[Phillip jan]

Hi! I am having issues with the backend installation, particularly step 16. 
I don't know how to setup a virtualhost using https/port443 proxy to proxy 
all requests to apache and how to create an ssl certificate. I am new to 
deploying a website in production environment. Can someone help me? thanks 
in advance.

-- 
All messages to this mailing list should adhere to the Code of Conduct: 
https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx
--- 
You received this message because you are subscribed to the Google Groups 
"DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to dspace-tech+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/dspace-tech/edb76afe-df8a-44d1-9246-094f52c2be6dn%40googlegroups.com.