The only other one caring, Jacques? Op za 27 jun. 2020 10:24 schreef Jacques Le Roux < jacques.le.r...@les7arts.com>:
> Thanks Pierre for the help! > > Jacques > > Le 27/06/2020 à 09:32, Pierre Smits a écrit : > > HI Katie, > > My apologies for you having to restate your issues several times. > > > > That you have the basics in play (Your OFBiz implementation set up, > running > > and accessible via 8443) is a good thing, and now you're nearly there. > > > > Please see inline for further comments. > > I trust the information below helps. > > > > However, should you still experience issues, please feel free to reach > out. > > > > > > Met vriendelijke groet, > > > > Pierre Smits > > *Proud* *contributor** of* Apache OFBiz <https://ofbiz.apache.org/> > since > > 2008 (without privileges) > > > > *Apache Trafodion <https://trafodion.apache.org>, Vice President* > > *Apache Directory <https://directory.apache.org>, PMC Member* > > Apache Incubator <https://incubator.apache.org>, committer > > Apache Steve <https://steve.apache.org>, committer > > > > > > On Fri, Jun 26, 2020 at 9:30 AM Katie Qiu <katie_...@polluniverse.com> > > wrote: > > > >> Hi, > >> > >> I'm new to OFBiz, Please check the steps I have taken and pointed out > what > >> I > >> miss because it's not working on production site > >> > >> > >> > >> 1. I was able to make it work on localhost. I'm also able to access data > >> that came with the project (ex: > >> <https://localhost:8443/webtools/control/entitymaint> > >> https://localhost:8443/webtools/control/entitymaint) > >> > >> > >> This is the easy part. Kudos > > > >> 2. I installed SSL Certificate in Microsoft IIS for the project on > >> production site my Windows Server 2012 (I was able to access > >> <https://www.mywebsitedomain.com/> https://www.mywebsitedomain.com now) > >> > >> > >> > >> a. I use virtual private server from IONOS and it provides me a free > SSL. > >> I > >> imported .PFX file provided from IONOS, then the domain can be accessed > as > >> https > >> > >> > >> > >> b. As you suggested, I looked into <https://letsencrypt.org/> > >> https://letsencrypt.org/, but I didn't see any .PFX file neither other > >> certificate files that IONOS provided me (on the OFBiz Product Setup > page, > >> it shows .cer files (which I also got from IONOS) is used to enter > >> Keystore. > >> Maybe I missed something. For now, I use SSL from IONOS, but if you > think I > >> should use Let's encrypt, then please let me know if have to have the > .PFX > >> and cer files > >> > >> > >> Using ssl certificates from Letsencrypt for the web server is, when > using > > web servers like Apache HTTPD and NGINX straight forward. However, I > don't > > know how that works for IIIS. Maybe their documentation will tell. > > > > > > > >> 3. I installed Apache 24 on Windows server as well. I was able to access > >> localhost and see the index page showing "it works" > >> > >> Great, the second step of the combination Apache HTTPD - Apache OFBiz is > > now concluded. > > > > As said earlier, setting up Letsencrypt for Apache HTTPD is straight > > forward. Please look at the documentation there. If set up properly, you > > will get: > > > > - the Apache HTTPD starter page accessible via: https:// > <yourIpAddress>/ > > or e.g. https://localhost/ > > > > If done correctly you'll see in (one of) your HTTPD config files (some > of) > > following lines appear: > > > > SSLEngine on > > > > Include /etc/letsencrypt/options-ssl-apache.conf > > > > SSLCertificateFile > /etc/letsencrypt/live/TheFQDOfYourDomain>/cert.pem > > > > SSLCertificateKeyFile /etc/letsencrypt/live/TheFQDOfYourDomain> > > /privkey.pem > > > > SSLCertificateChainFile /etc/letsencrypt/live/TheFQDOfYourDomain> > > /chain.pem > > > > > > The only thing now to do is to tie your Apache HTTPD implementation to > your > > Apache OFBiz implementation. > > > > Please have a look at following setup in my Apache HTTP configuration for > > the oem.ofbizci.net site: > > > > <VirtualHost *:80> > > > > ServerName oem.ofbizci.net > > > > DocumentRoot /var/www/html > > > > Redirect permanent / https://www.ofbizci.net/ > > > > > > ErrorLog /proglog/ofbizci/error.log > > > > CustomLog /proglog/ofbizci/access.log combined > > > > </VirtualHost> > > > > > > <VirtualHost *:443> > > > > ServerName oem.ofbizci.net > > > > > > SSLEngine on > > > > Include /etc/letsencrypt/options-ssl-apache.conf > > > > SSLCertificateFile /etc/letsencrypt/live/ofbizci.net/cert.pem > > > > SSLCertificateKeyFile /etc/letsencrypt/live/ > ofbizci.net/privkey.pem > > > > SSLCertificateChainFile /etc/letsencrypt/live/ > ofbizci.net/chain.pem > > > > ProxyRequests Off > > > > ProxyPreserveHost On > > > > > > proxyPass / ajp://10.0.0.22:8009/ > > > > ProxyPassReverse / ajp://10.0.0.22:8009/ > > > > > > ErrorLog /proglog/ofbizci/oem-ofbizci-net-ssl-error.log > > > > CustomLog /proglog/ofbizci/oem-ofbizci-net-ssl-access.log combined > > > > </VirtualHost> > > > > > > In the configuration abovy, you'll see that the following: > > > > proxyPass / ajp://10.0.0.22:8009/ > > > > ProxyPassReverse / ajp://10.0.0.22:8009/ > > > > The internal IpAddress 10.0.0.22 is where the OFBiz implementation > > resides/runs. (my HTTPD web server and and my OFBiz application serverfor > > oem.ofbizci.net run on different virtual machines). In your case, e.g. > when > > having both on 1 (virtual) machine this could b: > > > > proxyPass / ajp://localhost:8009/ > > > > ProxyPassReverse / ajp://localhost:8009/ > > > > >From the lines you also get that I am using the ajp protocol. This is an > > extension (mod) available with the Apache HTTPD product, but may require > > some additional installation on your HTTPD implementation. See > > documentation provided by the Apache HTTPD project. > > > > When using that protocol (and the associated HTTPD extension/mod) you > > bypass the need to set up ssl certificates - or change ports - on the > OFBiz > > implementation. > > > > > >> > >> 4. I have edited "keystoreFile" and "KeyPass" in ofbiz-component at > >> apache-ofbiz-17.12.03\framework\catalina > >> > >> <property name="keystoreFile" value="C:\Program Files\Apache Software > >> Foundation\Tomcat 9.0\webapps\apache-ofbiz-17.12.03\keystore.jks"/> > >> > >> <property name="keystoreType" value="JKS"/> > >> > >> <property name="keyAlias" value="ofbiz"/> > >> > >> <property name="keyPass" value="Mypassword"/> > >> > >> > >> > >> 5. I then tried to follow <https://s.apache.org/vmemj> > >> https://s.apache.org/vmemj and edit httpd.conf file and httpd-ssl.conf, > >> but > >> when trying to Start Apache 24, it gives me some error messages (I got > no > >> error before editing the two files). > >> > >> a. I have edited ofbiz-containers.xml and url.properties file (change > 8080 > >> to 80 and 8443 to 443) > >> > >> b. For httpd.conf: not recognizing some words like "RewriteEngine On" > >> "Order".... > >> > >> c. For httpd-ssl.conf, for example, I get error "AH00526: Syntax error > on > >> line 177 of c:/Apache24/conf/extra/httpd-ssl.conf: SSLCertificate > KeyFile: > >> file 'c:/Apache24/conf/server.key' does not exit or is empty" - It's > true, > >> I don't have such file, but I'm not sure where I can get it. > >> > >> > >> > >> Thank you very much in advance > >> > >> Katie > >> > >> > >> > >> >