HI Katie,
My apologies for you having to restate your issues several times.
That you have the basics in play (Your OFBiz implementation set up, running
and accessible via 8443) is a good thing, and now you're nearly there.
Please see inline for further comments.
I trust the information below helps.
However, should you still experience issues, please feel free to reach out.
Met vriendelijke groet,
Pierre Smits
*Proud* *contributor** of* Apache OFBiz <https://ofbiz.apache.org/> since
2008 (without privileges)
*Apache Trafodion <https://trafodion.apache.org>, Vice President*
*Apache Directory <https://directory.apache.org>, PMC Member*
Apache Incubator <https://incubator.apache.org>, committer
Apache Steve <https://steve.apache.org>, committer
On Fri, Jun 26, 2020 at 9:30 AM Katie Qiu <[email protected]>
wrote:
Hi,
I'm new to OFBiz, Please check the steps I have taken and pointed out what
I
miss because it's not working on production site
1. I was able to make it work on localhost. I'm also able to access data
that came with the project (ex:
<https://localhost:8443/webtools/control/entitymaint>
https://localhost:8443/webtools/control/entitymaint)
This is the easy part. Kudos
2. I installed SSL Certificate in Microsoft IIS for the project on
production site my Windows Server 2012 (I was able to access
<https://www.mywebsitedomain.com/> https://www.mywebsitedomain.com now)
a. I use virtual private server from IONOS and it provides me a free SSL.
I
imported .PFX file provided from IONOS, then the domain can be accessed as
https
b. As you suggested, I looked into <https://letsencrypt.org/>
https://letsencrypt.org/, but I didn't see any .PFX file neither other
certificate files that IONOS provided me (on the OFBiz Product Setup page,
it shows .cer files (which I also got from IONOS) is used to enter
Keystore.
Maybe I missed something. For now, I use SSL from IONOS, but if you think I
should use Let's encrypt, then please let me know if have to have the .PFX
and cer files
Using ssl certificates from Letsencrypt for the web server is, when using
web servers like Apache HTTPD and NGINX straight forward. However, I don't
know how that works for IIIS. Maybe their documentation will tell.
3. I installed Apache 24 on Windows server as well. I was able to access
localhost and see the index page showing "it works"
Great, the second step of the combination Apache HTTPD - Apache OFBiz is
now concluded.
As said earlier, setting up Letsencrypt for Apache HTTPD is straight
forward. Please look at the documentation there. If set up properly, you
will get:
- the Apache HTTPD starter page accessible via: https://<yourIpAddress>/
or e.g. https://localhost/
If done correctly you'll see in (one of) your HTTPD config files (some of)
following lines appear:
SSLEngine on
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/TheFQDOfYourDomain>/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/TheFQDOfYourDomain>
/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/TheFQDOfYourDomain>
/chain.pem
The only thing now to do is to tie your Apache HTTPD implementation to your
Apache OFBiz implementation.
Please have a look at following setup in my Apache HTTP configuration for
the oem.ofbizci.net site:
<VirtualHost *:80>
ServerName oem.ofbizci.net
DocumentRoot /var/www/html
Redirect permanent / https://www.ofbizci.net/
ErrorLog /proglog/ofbizci/error.log
CustomLog /proglog/ofbizci/access.log combined
</VirtualHost>
<VirtualHost *:443>
ServerName oem.ofbizci.net
SSLEngine on
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/ofbizci.net/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/ofbizci.net/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/ofbizci.net/chain.pem
ProxyRequests Off
ProxyPreserveHost On
proxyPass / ajp://10.0.0.22:8009/
ProxyPassReverse / ajp://10.0.0.22:8009/
ErrorLog /proglog/ofbizci/oem-ofbizci-net-ssl-error.log
CustomLog /proglog/ofbizci/oem-ofbizci-net-ssl-access.log combined
</VirtualHost>
In the configuration abovy, you'll see that the following:
proxyPass / ajp://10.0.0.22:8009/
ProxyPassReverse / ajp://10.0.0.22:8009/
The internal IpAddress 10.0.0.22 is where the OFBiz implementation
resides/runs. (my HTTPD web server and and my OFBiz application serverfor
oem.ofbizci.net run on different virtual machines). In your case, e.g. when
having both on 1 (virtual) machine this could b:
proxyPass / ajp://localhost:8009/
ProxyPassReverse / ajp://localhost:8009/
>From the lines you also get that I am using the ajp protocol. This is an
extension (mod) available with the Apache HTTPD product, but may require
some additional installation on your HTTPD implementation. See
documentation provided by the Apache HTTPD project.
When using that protocol (and the associated HTTPD extension/mod) you
bypass the need to set up ssl certificates - or change ports - on the OFBiz
implementation.
4. I have edited "keystoreFile" and "KeyPass" in ofbiz-component at
apache-ofbiz-17.12.03\framework\catalina
<property name="keystoreFile" value="C:\Program Files\Apache Software
Foundation\Tomcat 9.0\webapps\apache-ofbiz-17.12.03\keystore.jks"/>
<property name="keystoreType" value="JKS"/>
<property name="keyAlias" value="ofbiz"/>
<property name="keyPass" value="Mypassword"/>
5. I then tried to follow <https://s.apache.org/vmemj>
https://s.apache.org/vmemj and edit httpd.conf file and httpd-ssl.conf,
but
when trying to Start Apache 24, it gives me some error messages (I got no
error before editing the two files).
a. I have edited ofbiz-containers.xml and url.properties file (change 8080
to 80 and 8443 to 443)
b. For httpd.conf: not recognizing some words like "RewriteEngine On"
"Order"....
c. For httpd-ssl.conf, for example, I get error "AH00526: Syntax error on
line 177 of c:/Apache24/conf/extra/httpd-ssl.conf: SSLCertificate KeyFile:
file 'c:/Apache24/conf/server.key' does not exit or is empty" - It's true,
I don't have such file, but I'm not sure where I can get it.
Thank you very much in advance
Katie
