Re: How to Configure Ofbiz SSL

2020-10-28 Thread Michael Brohl 

Hi Dominic,

welcome to the OFBiz community!

If you think there is a bug, please file a Jira issue in our bug 
tracking system, describing the exact steps and possibly provide 
screenshots to be able to validate the problem.


Thanks,

Michael Brohl

ecomify GmbH - www.ecomify.de


Am 27.10.20 um 14:34 schrieb Dominic Amann:

Yes, I did stumble upon that documentation eventually. It seems (as usual)
that google is a better way to search than a site's own index/search. I
think the main problem I encountered (re: docs) is that there appear to be
3 sets of documentation out there, with things pertaining to different
aspects being best served in different places.

Ultimately I did figure out everything about the install (Java 8 on debian
10, mariadb, SSL with Lets Encrypt, Apache proxying, direct serving static
content). However a bug in OFBiz itself is preventing me from actually
using it for accounting. It is impossible to enter postal addresses in a
clean install of 17.12.04, due to pull down for province/state not working.
I need a work-around for this. The state date is being imported from the
XML, it is in the database. Is there a specific release where this does
work?

On Tue, 27 Oct 2020 at 08:39, Jacques Le Roux 
wrote:


Le 25/10/2020 à 14:36, dimonic a écrit :

Jacques Le Roux wrote

Short answer: preferably look at letsencrypt for a free certificate (must
be renewed every 3 months but there are tools for that)

For instance for the trunk demo we use

## SSL directives
SSLEngine on
SSLCertificateFile
"/etc/letsencrypt/live/ofbiz-vm2.apache.org/cert.pem"
SSLCertificateKeyFile
"/etc/letsencrypt/live/ofbiz-vm2.apache.org/privkey.pem"
SSLCertificateChainFile
"/etc/letsencrypt/live/ofbiz-vm2.apache.org/chain.pem"
SSLCACertificatePath"/etc/ssl/certs"

## Custom fragment
ProxyRequests Off
ProxyPreserveHost On
# do not proxy letsencrypt cert renewal requests
ProxyPass /.well-known !
ProxyPass / ajp://localhost:8009/

I let you figure the rest out

We should really update the Apache+OFBiz+Technical+Production+Setup+Guide

This looks like you expect us to proxy the ofbiz server - am I correct?

You referred to https://markmail.org/message/3uf5axg2xzvlxuh5 which is a
thread about  "a test deployment (on a given domain)", so yes!


There is also a lack of documentation on how to achieve this. I am setting
this up myself, and documenting as I go (because the available docs are
fragmented, out of date and incomplete). I would be happy to submit working
setup documentation for your consideration (once I can get SSL configured)?

The setup I am documenting is debian based, and includes exactly how one has
to setup Java 8 (which is not in mainline repos), how to configure for
mariadb, leave out the demo data (but have the admin login available),
launch (and stop) the server using systemd, how to replace the certs for
working SSL (presumably with apache2 reverse proxy).

How (with which tools) do you intend to document that?
We now preferably use AsciiDoc and the documentation is generated at
https://ci.apache.org/projects/ofbiz/site/trunk/

This is not yet official, but it's the more up to date way.
You can find more info into documentation_guidelines.adoc in docs\asciidoc
(not generated yet, I just spotted, but you can read it as simple text
anyway)

You even have a CONTRIBUTING.adoc file in your local copy. Just linking
for now to

https://cwiki.apache.org/confluence/display/OFBIZ/Apache+OFBiz+Contribution+and+Development


Be prepared, OFBiz is a wild beast :)

HTH

Jacques


--
Sent from: http://ofbiz.135035.n4.nabble.com/OFBiz-User-f135036.html






smime.p7s
Description: S/MIME Cryptographic Signature

Re: How to Configure Ofbiz SSL

2020-10-27 Thread Dominic Amann 
Yes, I did stumble upon that documentation eventually. It seems (as usual)
that google is a better way to search than a site's own index/search. I
think the main problem I encountered (re: docs) is that there appear to be
3 sets of documentation out there, with things pertaining to different
aspects being best served in different places.

Ultimately I did figure out everything about the install (Java 8 on debian
10, mariadb, SSL with Lets Encrypt, Apache proxying, direct serving static
content). However a bug in OFBiz itself is preventing me from actually
using it for accounting. It is impossible to enter postal addresses in a
clean install of 17.12.04, due to pull down for province/state not working.
I need a work-around for this. The state date is being imported from the
XML, it is in the database. Is there a specific release where this does
work?

On Tue, 27 Oct 2020 at 08:39, Jacques Le Roux 
wrote:

> Le 25/10/2020 à 14:36, dimonic a écrit :
>
> Jacques Le Roux wrote
>
> Short answer: preferably look at letsencrypt for a free certificate (must
> be renewed every 3 months but there are tools for that)
>
> For instance for the trunk demo we use
>
>## SSL directives
>SSLEngine on
>SSLCertificateFile
> "/etc/letsencrypt/live/ofbiz-vm2.apache.org/cert.pem"
>SSLCertificateKeyFile
> "/etc/letsencrypt/live/ofbiz-vm2.apache.org/privkey.pem"
>SSLCertificateChainFile
> "/etc/letsencrypt/live/ofbiz-vm2.apache.org/chain.pem"
>SSLCACertificatePath"/etc/ssl/certs"
>
>## Custom fragment
>ProxyRequests Off
>ProxyPreserveHost On
># do not proxy letsencrypt cert renewal requests
>ProxyPass /.well-known !
>ProxyPass / ajp://localhost:8009/
>
> I let you figure the rest out
>
> We should really update the Apache+OFBiz+Technical+Production+Setup+Guide
>
> This looks like you expect us to proxy the ofbiz server - am I correct?
>
> You referred to https://markmail.org/message/3uf5axg2xzvlxuh5 which is a
> thread about  "a test deployment (on a given domain)", so yes!
>
>
> There is also a lack of documentation on how to achieve this. I am setting
> this up myself, and documenting as I go (because the available docs are
> fragmented, out of date and incomplete). I would be happy to submit working
> setup documentation for your consideration (once I can get SSL configured)?
>
> The setup I am documenting is debian based, and includes exactly how one has
> to setup Java 8 (which is not in mainline repos), how to configure for
> mariadb, leave out the demo data (but have the admin login available),
> launch (and stop) the server using systemd, how to replace the certs for
> working SSL (presumably with apache2 reverse proxy).
>
> How (with which tools) do you intend to document that?
> We now preferably use AsciiDoc and the documentation is generated at
> https://ci.apache.org/projects/ofbiz/site/trunk/
>
> This is not yet official, but it's the more up to date way.
> You can find more info into documentation_guidelines.adoc in docs\asciidoc
> (not generated yet, I just spotted, but you can read it as simple text
> anyway)
>
> You even have a CONTRIBUTING.adoc file in your local copy. Just linking
> for now to
>
> https://cwiki.apache.org/confluence/display/OFBIZ/Apache+OFBiz+Contribution+and+Development
> 
>
> Be prepared, OFBiz is a wild beast :)
>
> HTH
>
> Jacques
>
>
> --
> Sent from: http://ofbiz.135035.n4.nabble.com/OFBiz-User-f135036.html
>
>

-- 


Dominic Amann

M 416-270-4587

Re: How to Configure Ofbiz SSL

2020-10-27 Thread Jacques Le Roux 

Le 25/10/2020 à 14:36, dimonic a écrit :

Jacques Le Roux wrote

Short answer: preferably look at letsencrypt for a free certificate (must
be renewed every 3 months but there are tools for that)

For instance for the trunk demo we use

    ## SSL directives
    SSLEngine on
    SSLCertificateFile
"/etc/letsencrypt/live/ofbiz-vm2.apache.org/cert.pem"
    SSLCertificateKeyFile
"/etc/letsencrypt/live/ofbiz-vm2.apache.org/privkey.pem"
    SSLCertificateChainFile
"/etc/letsencrypt/live/ofbiz-vm2.apache.org/chain.pem"
    SSLCACertificatePath    "/etc/ssl/certs"

    ## Custom fragment
    ProxyRequests Off
    ProxyPreserveHost On
    # do not proxy letsencrypt cert renewal requests
    ProxyPass /.well-known !
    ProxyPass / ajp://localhost:8009/

I let you figure the rest out

We should really update the Apache+OFBiz+Technical+Production+Setup+Guide

This looks like you expect us to proxy the ofbiz server - am I correct?


You referred to https://markmail.org/message/3uf5axg2xzvlxuh5 which is a thread about  
"a test deployment (on a given domain)", so yes!



There is also a lack of documentation on how to achieve this. I am setting
this up myself, and documenting as I go (because the available docs are
fragmented, out of date and incomplete). I would be happy to submit working
setup documentation for your consideration (once I can get SSL configured)?

The setup I am documenting is debian based, and includes exactly how one has
to setup Java 8 (which is not in mainline repos), how to configure for
mariadb, leave out the demo data (but have the admin login available),
launch (and stop) the server using systemd, how to replace the certs for
working SSL (presumably with apache2 reverse proxy).


How (with which tools) do you intend to document that?
We now preferably use AsciiDoc and the documentation is generated at
https://ci.apache.org/projects/ofbiz/site/trunk/

This is not yet official, but it's the more up to date way.
You can find more info into documentation_guidelines.adoc in docs\asciidoc (not 
generated yet, I just spotted, but you can read it as simple text anyway)

You even have a CONTRIBUTING.adoc file in your local copy. Just linking for now 
to
https://cwiki.apache.org/confluence/display/OFBIZ/Apache+OFBiz+Contribution+and+Development 



Be prepared, OFBiz is a wild beast :)

HTH

Jacques





--
Sent from:http://ofbiz.135035.n4.nabble.com/OFBiz-User-f135036.html

Re: How to Configure Ofbiz SSL

2020-10-27 Thread dimonic 
Jacques Le Roux wrote
> Short answer: preferably look at letsencrypt for a free certificate (must
> be renewed every 3 months but there are tools for that)
> 
> For instance for the trunk demo we use
> 
>    ## SSL directives
>    SSLEngine on
>    SSLCertificateFile
> "/etc/letsencrypt/live/ofbiz-vm2.apache.org/cert.pem"
>    SSLCertificateKeyFile
> "/etc/letsencrypt/live/ofbiz-vm2.apache.org/privkey.pem"
>    SSLCertificateChainFile
> "/etc/letsencrypt/live/ofbiz-vm2.apache.org/chain.pem"
>    SSLCACertificatePath    "/etc/ssl/certs"
> 
>    ## Custom fragment
>    ProxyRequests Off
>    ProxyPreserveHost On
>    # do not proxy letsencrypt cert renewal requests
>    ProxyPass /.well-known !
>    ProxyPass / ajp://localhost:8009/
> 
> I let you figure the rest out
> 
> We should really update the Apache+OFBiz+Technical+Production+Setup+Guide

This looks like you expect us to proxy the ofbiz server - am I correct?
There is also a lack of documentation on how to achieve this. I am setting
this up myself, and documenting as I go (because the available docs are
fragmented, out of date and incomplete). I would be happy to submit working
setup documentation for your consideration (once I can get SSL configured)?

The setup I am documenting is debian based, and includes exactly how one has
to setup Java 8 (which is not in mainline repos), how to configure for
mariadb, leave out the demo data (but have the admin login available),
launch (and stop) the server using systemd, how to replace the certs for
working SSL (presumably with apache2 reverse proxy).



--
Sent from: http://ofbiz.135035.n4.nabble.com/OFBiz-User-f135036.html

AW: How to Configure Ofbiz SSL

2018-03-22 Thread Schumann Ye 
Dear Jacques,

Thanks for your guide, though I still haven't figured it out.
I will try it myself first until I could not.
Thanks and have a nice day!

B.R.
Schumann
+86-1800-150-1800


 Originalnachricht 
Betreff: Re: How to Configure Ofbiz SSL
Von: Jacques Le Roux
An: user@ofbiz.apache.org
Cc:


Short answer: preferably look at letsencrypt for a free certificate (must be 
renewed every 3 months but there are tools for that)

For instance for the trunk demo we use

  ## SSL directives
  SSLEngine on
  SSLCertificateFile "/etc/letsencrypt/live/ofbiz-vm2.apache.org/cert.pem"
  SSLCertificateKeyFile "/etc/letsencrypt/live/ofbiz-vm2.apache.org/privkey.pem"
  SSLCertificateChainFile "/etc/letsencrypt/live/ofbiz-vm2.apache.org/chain.pem"
  SSLCACertificatePath"/etc/ssl/certs"

  ## Custom fragment
  ProxyRequests Off
  ProxyPreserveHost On
  # do not proxy letsencrypt cert renewal requests
  ProxyPass /.well-known !
  ProxyPass / ajp://localhost:8009/

I let you figure the rest out

We should really update the Apache+OFBiz+Technical+Production+Setup+Guide

HTH

Jacques


Le 21/03/2018 à 12:09, Schumann Ye a écrit :
> Dear Gurus,
>
> Can anyone be so kind to show me how to configure ofbiz ssl for a test 
> deployment (on a given domain)?
> I'd been struggling on this topic for days but still without any clue.
>
> What I have done is as follows:
> 1. I try the link 
> https://cwiki.apache.org/confluence/display/OFBIZ/Apache+OFBiz+Technical+Production+Setup+Guide
> But it ask us to submit the CSR to a third CA authority like VeriSign.
> I would like to test it only so if possible I would go for a free CA service 
> first.
> Then with www.sslforfree.com I could download the following 3 files:
> 1.1 ca_bundle.crt
> 1.2 certificate.crt
> 1.3 private.key
> What should I do then?
> 2. Another option is with keytool function I would like to create a 
> self-signed CA.
> But it still failed and I guessed I didn't do it in the right way.
>
> Pls help!!!
>
> Best Regards
> Schumann
>
>

Re: How to Configure Ofbiz SSL

2018-03-21 Thread Jacques Le Roux 

Short answer: preferably look at letsencrypt for a free certificate (must be 
renewed every 3 months but there are tools for that)

For instance for the trunk demo we use

  ## SSL directives
  SSLEngine on
  SSLCertificateFile "/etc/letsencrypt/live/ofbiz-vm2.apache.org/cert.pem"
  SSLCertificateKeyFile "/etc/letsencrypt/live/ofbiz-vm2.apache.org/privkey.pem"
  SSLCertificateChainFile "/etc/letsencrypt/live/ofbiz-vm2.apache.org/chain.pem"
  SSLCACertificatePath    "/etc/ssl/certs"

  ## Custom fragment
  ProxyRequests Off
  ProxyPreserveHost On
  # do not proxy letsencrypt cert renewal requests
  ProxyPass /.well-known !
  ProxyPass / ajp://localhost:8009/

I let you figure the rest out

We should really update the Apache+OFBiz+Technical+Production+Setup+Guide

HTH

Jacques


Le 21/03/2018 à 12:09, Schumann Ye a écrit :

Dear Gurus,

Can anyone be so kind to show me how to configure ofbiz ssl for a test 
deployment (on a given domain)?
I'd been struggling on this topic for days but still without any clue.

What I have done is as follows:
1.  I try the link 
https://cwiki.apache.org/confluence/display/OFBIZ/Apache+OFBiz+Technical+Production+Setup+Guide
But it ask us to submit the CSR to a third CA authority like VeriSign.
I would like to test it only so if possible I would go for a free CA 
service first.
Then with www.sslforfree.com<http://www.sslforfree.com> I could download 
the following 3 files:
1.1 ca_bundle.crt
1.2 certificate.crt
1.3 private.key
What should I do then?
2.  Another option is with keytool function I would like to create a 
self-signed CA.
But it still failed and I guessed I didn't do it in the right way.

Pls help!!!

Best Regards
Schumann

How to Configure Ofbiz SSL

2018-03-21 Thread Schumann Ye 
Dear Gurus,

Can anyone be so kind to show me how to configure ofbiz ssl for a test 
deployment (on a given domain)?
I'd been struggling on this topic for days but still without any clue.

What I have done is as follows:
1.  I try the link 
https://cwiki.apache.org/confluence/display/OFBIZ/Apache+OFBiz+Technical+Production+Setup+Guide
   But it ask us to submit the CSR to a third CA authority like VeriSign.
   I would like to test it only so if possible I would go for a free CA service 
first.
   Then with www.sslforfree.com<http://www.sslforfree.com> I could download the 
following 3 files:
1.1 ca_bundle.crt
1.2 certificate.crt
1.3 private.key
   What should I do then?
2.  Another option is with keytool function I would like to create a 
self-signed CA.
   But it still failed and I guessed I didn't do it in the right way.

Pls help!!!

Best Regards
Schumann