History

LanguageSelection » IndexEN »

Proxy LinShare by using Apache 2

Standard configuration

Create a virtualhost into Apache:

<VirtualHost *:80>

  ServerName linshare.example.com
  LimitRequestBody 0

  ProxyRequests Off
  ProxyVia On
  ProxyPreserveHost On
  ProxyPass / http://localhost:8080/
  ProxyPassReverse / http://localhost:8080/

  <Proxy *>
    Order Allow,Deny
    Allow from all
  </Proxy>

  LogLevel warn
  ErrorLog /var/log/apache2/linshare/error.log
  CustomLog /var/log/apache2/linshare/access.log combined

</Virtualhost>

Create logs directory:

# mkdir -p /var/log/apache2/linshare
# chown root:adm /var/log/apache2/linshare

Restarting LinShare:

# cd $INSTALL_DIR
# ./linshare stop
# ./linshare start

Enable SSL with Jetty (standard installation)

Create SSL certificates

Notes: The following steps allow you to create a local certificate authority and a valid server certificate.

Prepare environment:

# mkdir -p /etc/linshare/ssl
# cd /etc/linshare/ssl

Create the local certificate authority:

# openssl genrsa -out localca.key 2048
# openssl req -new -key localca.key -out localca.csr
# openssl x509 -req -days 1825 -in localca.csr -signkey localca.key -out localca.crt
# chmod 444 * && chmod 400 *.key
# chown root:root *

Once the local certificate authority is created, you could generate the server certificate. It will be signed by this local certificate authority. You could then send the certificate of the local certificate authority to users, so that they will be able to configure their internet browser to use it.

Note that OpenSSL will ask you some informations. Be careful, the common name parameter have to exactly contain the DNS name of your LinShare server. For example, if LinShare is available at https://linshare.example.com, then the common name parameter must contain "linshare.example.com".

# openssl genrsa -out linshare.key 2048
# openssl req -new -key linshare.key -out linshare.csr
# openssl x509 -req -in linshare.csr -CA ./localca.crt -CAkey ./localca.key -CAcreateserial -out linshare.crt -days 365
# chmod 444 * && chmod 400 *.key

The server certificate should be readable only by the system user which run the Apache server. For example, on Debian:

# chown www-data linshare.key

Configure Apache

Apache SSL and Headers modules have to be enabled:

# a2enmod ssl headers

Then, you have to configure your Apache server so that it could handle HTTPS requests. In this particular case, be careful to make Apache listening on the port 443, by including a listen directive. For example, on Debian, you could complete the file named /etc/apache2/ports.conf:

Listen 443

Then change the used NameVirtualHost used by LinShare:

<VirtualHost *:443>

Eventually, if it does not already exists, add the following lines before the virtual host of LinShare:

NameVirtualHost *:443

Add the following lines (in bold) into the virtual host of LinShare:

<VirtualHost *:443>
[...]
  SSLEngine On
  SSLCertificateFile /etc/linshare/ssl/linshare.crt
  SSLCertificateKeyFile /etc/linshare/ssl/linshare.key
  SSLCACertificateFile /etc/linshare/ssl/localca.crt
  RequestHeader add X-Forwarded-Scheme "https" 
[...]
</VirtualHost>

Configure Jetty

Jetty should take care of the protocol which it have to use (HTTP or HTTPS?). This is done through the X-Forwarded-Scheme HTTP header configured into Apache.

Open the file named jetty.xml into $INSTALL_DIR/jetty/etc directory, and add the following lines at the end:

[...]
    <!-- =========================================================== -->
    <!-- Configure Rewrite Handler                                   -->
    <!-- =========================================================== -->
    <Get id="oldhandler" name="handler"/>
    <Set name="handler">
      <New id="Rewrite" class="org.mortbay.jetty.handler.rewrite.RewriteHandler">
        <Set name="handler"><Ref id="oldhandler"/></Set>
        <Set name="rewriteRequestURI">true</Set>
        <Set name="rewritePathInfo">false</Set>
        <Set name="originalPathAttribute">requestedPath</Set>
        <Set name="rules">
          <Array type="org.mortbay.jetty.handler.rewrite.Rule">
            <Item>
              <New id="forwardedHttps" 
                  class="org.mortbay.jetty.handler.rewrite.ForwardedSchemeHeaderRule">
                <Set name="header">X-Forwarded-Scheme</Set>
                <Set name="headerValue">https</Set>
                <Set name="scheme">https</Set>
              </New>
            </Item>
          </Array>
        </Set>
      </New>
    </Set>
[...]
</Configure>

Now, you should be able to restart LinShare, and the Apache server.

Also available in: HTML TXT