>From what I can tell everything is in place in the puppet configuration for the demo sites to get things going:
- the configuration for the Apache HTTPD proxy in front of Apache OFBiz - the configuration for LetsEncrypt certificates - the cron job to ensure LetsEncrypt certificates keep getting renewed regularly All it needs is that it is checked through ssh that everything works together. Best regards, Pierre Smits ORRTIZ.COM <http://www.orrtiz.com> OFBiz based solutions & services OFBiz Extensions Marketplace http://oem.ofbizci.net/oci-2/ On Sun, Jan 15, 2017 at 8:59 AM, Jacques Le Roux < [email protected]> wrote: > Yes I know and implicitly referred to it if you follow from INFRA-11960 > > For those not aware, it's https://github.com/apache/infr > astructure-puppet/blob/a15791739bb5f6682cc6ee19c36f7d098f5ac > e38/data/nodes/ofbiz-vm2.apache.org.yaml > > Jacques > > > Le 15/01/2017 à 08:46, Pierre Smits a écrit : > >> There are yaml files for the Puppet scripts to configure the demo sites of >> OFBiz. >> >> Pierre Smits >> >> ORRTIZ.COM <http://www.orrtiz.com> >> >> OFBiz based solutions & services >> >> OFBiz Extensions Marketplace >> http://oem.ofbizci.net/oci-2/ >> >> On Sat, Jan 14, 2017 at 8:17 PM, Jacques Le Roux < >> [email protected]> wrote: >> >> Le 14/01/2017 à 17:06, Michael Brohl a écrit : >>> >>> Hi Jacques, >>>> >>>> inline also: >>>> >>>> Am 14.01.17 um 12:51 schrieb Jacques Le Roux: >>>> >>>> Hi Michael, >>>>> >>>>> Inline... >>>>> >>>>> Le 13/01/2017 à 16:56, Michael Brohl a écrit : >>>>> >>>>> Hi, >>>>>> >>>>>> we have several initiatives to raise the adoption of OFBiz by new >>>>>> users. For new users, one of the first steps to learn about OFBiz or >>>>>> look >>>>>> around what's in it, might be our OFBiz demo instances. >>>>>> >>>>>> Unfortunately, the currently used demo domain >>>>>> https://ofbiz-vm2.apache.org does not match the certificate's domain >>>>>> https://ofbiz-vm.apache.org. The certificate is valid though. >>>>>> >>>>>> How did you determine that the certificate's domain >>>>> https://ofbiz-vm.apache.org is valid? >>>>> >>>>> I said that the certificate is valid, not that the domain to this >>>> certificate exists ;-) >>>> >>>> Because AFAIK this domain no longer exists. When we switched to the new >>>>> machine it has certainly disappeared, at least you can't get to >>>>> https://ofbiz-vm.apache.org:8443/webtools >>>>> when you can get to >>>>> https://ofbiz-vm2.apache.org:8443/webtools >>>>> >>>>> It's a subdomain from apache.org so I guess it will not be too >>>> difficult >>>> to setup this again. It would be the easiest way to setup this subdomain >>>> again and route it to the IP of the current demo server. Then we just >>>> have >>>> to alter the links on the website and everything works as user can >>>> expect. >>>> >>>> I have no deeper experience with Infra but it should be easy. >>>> >>>> We currently use the self-signed certificate I created in 2104: >>>>> http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/conf >>>>> ig/README?view=markup >>>>> >>>>> With the latest browsers, you get a big error because of the >>>>> certificate >>>>> >>>>>> mismatch. Even if this is mentioned in red above the demo links, I >>>>>> guess >>>>>> that potential adopters will be pushed back by this. >>>>>> >>>>>> I think that we should take care of that and change the domain name, >>>>>> if >>>>>> possible. >>>>>> Is there anything preventing us from doing so? >>>>>> >>>>>> Best regards, >>>>>> Michael >>>>>> >>>>>> >>>>>> Actually, in relation with https://issues.apache.org/jira >>>>>> >>>>> /browse/OFBIZ-7928, Pierre already began to work on it >>>>> >>>>> I mentioned at https://issues.apache.org/jira >>>>> /browse/INFRA-11960?focusedCommentId=15779772&page=com. >>>>> atlassian.jira.plugin.system.issuetabpanels:comment- >>>>> tabpanel#comment-15779772 >>>>> >>>>> <<Ah just one thing, about changes for bigfiles, I don't think we need >>>>> the ofbiz-vm-bigfiles-443 section. It's only static videos...>> >>>>> >>>>> I believe it's not only useless but could be an issue. I did not get a >>>>> chance to get back to this yet. But the 1st thing I'd do is removing >>>>> the >>>>> ofbiz-vm-bigfiles-443 section. >>>>> >>>>> I briefly read this issue and to me it sounds much more complicated >>>> than >>>> I'm used to when hosting our customer's servers with Apache/ajp >>>> connection >>>> to OFBiz. Pierre suggested exactly the way we do it with proxy pass and >>>> it >>>> works like a charm. Maybe it is more complicated because of special >>>> environments of the ASF infrastructure... >>>> >>>> Anyway, if you want to help you are welcome :) >>>>> >>>>> I have no clue what I can do about it? There seems to be a solution >>>> since >>>> Dec. 27th. >>>> What would be the next steps? >>>> >>>> Jacques >>>>> >>>>> Thanks, >>>>> >>>> Michael >>>> >>>> >>>> The idea is to use a free Let's Encrypt certificate. So it needs to be >>>> >>> automatically renewed every 3 months. >>> >>> We have 3 sub domains to handle: >>> >>> demo-trunk-ofbiz.apache.org >>> >>> demo-stable-ofbiz.apache.org >>> >>> demo-old-ofbiz.apache.org >>> >>> And we would like to use the YAML puppet script like all advanced TLPs at >>> the ASF >>> >>> That's the specs :) >>> >>> Jacques >>> >>> >>> >
