Jacques Le Roux wrote > Short answer: preferably look at letsencrypt for a free certificate (must > be renewed every 3 months but there are tools for that) > > For instance for the trunk demo we use > > ## SSL directives > SSLEngine on > SSLCertificateFile > "/etc/letsencrypt/live/ofbiz-vm2.apache.org/cert.pem" > SSLCertificateKeyFile > "/etc/letsencrypt/live/ofbiz-vm2.apache.org/privkey.pem" > SSLCertificateChainFile > "/etc/letsencrypt/live/ofbiz-vm2.apache.org/chain.pem" > SSLCACertificatePath "/etc/ssl/certs" > > ## Custom fragment > ProxyRequests Off > ProxyPreserveHost On > # do not proxy letsencrypt cert renewal requests > ProxyPass /.well-known ! > ProxyPass / ajp://localhost:8009/ > > I let you figure the rest out > > We should really update the Apache+OFBiz+Technical+Production+Setup+Guide
This looks like you expect us to proxy the ofbiz server - am I correct? There is also a lack of documentation on how to achieve this. I am setting this up myself, and documenting as I go (because the available docs are fragmented, out of date and incomplete). I would be happy to submit working setup documentation for your consideration (once I can get SSL configured)? The setup I am documenting is debian based, and includes exactly how one has to setup Java 8 (which is not in mainline repos), how to configure for mariadb, leave out the demo data (but have the admin login available), launch (and stop) the server using systemd, how to replace the certs for working SSL (presumably with apache2 reverse proxy). -- Sent from: http://ofbiz.135035.n4.nabble.com/OFBiz-User-f135036.html
