I forgot, there was a PR for some automation, which might also be helpful to look at: https://openedx.atlassian.net/browse/OSPR-1394
On Thursday, January 25, 2018 at 8:06:36 PM UTC+1, Ibo Sy wrote: > > Have you used any ssl certificates before? For free ones, I recommend > letsencrypt (https://letsencrypt.org/) - they are quick and free, but: > - They are only valid for 90 days, so you need to rotate (automatically) > more often. > - They use a acme-challenge process for authentication - you need to > slightly modify your server to enable this. > > edx uses nginx, lentsencrypt offers a tool called certbot to manage certs. > > Now, it depends on whether you are installing a new server and want to > enable ssl from the beginning, in which case there is an ansible playbook > which should pick up the vars: > NGINX_ENABLE_SSL: true > NGINX_SSL_CERTIFICATE: '/mycert_chain.pem' > NGINX_SSL_KEY: '/mycert_key.pem' > > I cannot find the proper documentation for this at the moment, but there > should be a note somewhere. The configuration scripts/playbooks are here: > https://github.com/edx/configuration > > If you want to change a running server, I recommend to take a look at the > following two resources: > > https://github.com/CDOT-EDX/ProductionStackDocs/wiki/Configuring-SSL-for-NGINX > https://gist.github.com/cecilemuller/a26737699a7e70a7093d4dc115915de8 > > Where the first one is edx fullstack specific, but the second one has a > more extensive ssl config. > Note that both are not usable for your case without further modification! > It's just a reference. The important parts: > - nginx config files: /etc/nginx/sites-enabled/lms > and /etc/nginx/sites-enabled/cms > - add a ssl listen to your server > listen 443 ssl; > > - provide cert and key > ssl_certificate /full/path/fullchain.pem; > ssl_certificate_key /full/path/privkey.pem; > > - setup your challenge dir and serve it ( > location ~ /.well-known { > allow all; > root /var/www/letsencrypt; > } > > > Process-wise, you need to go backwards - first setup the challenge dir, > reload nginx, use certbot to get a certificate, then enable it in nginx and > reload. (You cannot reload the nginx config if there is an error, eg. cert > file not found. You can always test your config with sudo nginx -t) > > Finally, once you have it running, don't forget about the renewal. > > > On Tuesday, January 23, 2018 at 3:21:49 PM UTC+1, amira reda wrote: >> >> hi, >> please help me am new in openedx platform and i want my course page >> like this page in picture how to do that ? >> enable feature or design? >> thanks for all. >> >> >> <https://lh3.googleusercontent.com/-wdE5sVFPg1c/WmdErP2ugOI/AAAAAAAABj4/PJTYQr1uUaUDU_cVMmloCz8LkKH8IZp3gCLcBGAs/s1600/subsections_student.png> >> > -- You received this message because you are subscribed to the Google Groups "General Open edX discussion" group. To view this discussion on the web visit https://groups.google.com/d/msgid/edx-code/4f33bfd1-9cf8-4fdc-bdd4-487b2a4d7531%40googlegroups.com.
