Plone Installation with Apache SSL Redirection

A fresh installation of Fedora 17 is taken. To get most of the dependencies installed in a easier way, a group install of Development Tools is performed with root permission.

yum -y groupinstall "Development Tools"

 After some trial and error of missing dependencies while installing Plone and it's add-ons, the following are also installed to simplify Plone installation at the later stage

yum -y install zlib-devel openssl-devel libjpeg-devel mod_ssl httpd

 Download the latest plone from http://plone.org/. untar it and install the plone as root. installation will take sometime to complete. If any error thorws up, read carefully and install the missing plugins.

./install.sh standalone

Once the installation is complete, read the README.html under /usr/local/Plone/zinstance/README.html
Start the Plone by running ./bin/plonectl start from within the directory /usr/local/Plone/zinstance/

Open up a browser and navigate to the site http://localhost:8080 to check whether your Plone installation is fine and log in using the credentials as shown in the image above.


Generate the key file for the new ssl certificate using openssl.
openssl genrsa -des3 -out www.abc.com.key 2048

Remove the passphrase from key
cp www.abc.com.key www.abc.com.key.org
openssl rsa -in www.abc.com.key.org -out www.abc.com.key

Generating self-sign certificate (good for 3 years)
openssl x509 -req -days 1095 -in www.abc.com.csr -signkey www.abc.com.key -out www.abc.com.crt

Copy the generated crt and key to the following folders respectively
/etc/pki/tls/certs/
/etc/pki/tls/private/

Enable VirtualHost and the redirection
Redirect permanent / https://www.abc.com/

Edit the ssl.conf file under /etc/httpd/conf.d/ as shown in the figure below.

The IP address with port 8080 (if enabled) must be used in the greyed area and instead of Intranet, key in your site name created in Plone.

Once done, open up a browser and navigate to the site http://localhost:8080 like before. It will be automatically redirected to the ssl enabled site https://localhost or the https://IPADDRESS.





Comments

Post a Comment

Popular posts from this blog

Wireless DPSK setup with Ruckus Zone Director

Image
Configure the AAA Server (Using local database howto is out of this scope) Log in to the zone director and configure the AAA Server from Configure > AAA Servers as shown in the figure below. Name: Give a name for the AAA Server for identification {jcua for this example} Type: Active Directory Global Catalog: {leave it un-check} IP Address: IP address of the domain controller Port: 389 {ldap port} Windows Domain Name: domain name {test.com for this example}   Configure the Hotspot Service Configure a Hotspot to authenticate the users before allowing the traffic from Configure > Hotspot Services as shown in the figure below. Name: Give a name for the hotspot service {JCU-Wireless-Provisioning for this example} Login Page: https://wireless.test.com/activate {or https://zonedirectorIP/activate} Start Page: I leave to redirect to the URL that the user intends to visit Authentication Server: The AAA server that we created {i.e., jcua} Accounting Server: none {out...
Read more

Access denied for user 'bacula'@'localhost' (using password: YES)

Image
While installing a test backup server (Bacula), I got the error "Access denied for user 'bacula'@'localhost' (using password: YES)" while connecting to the MySQL database. Root access was fine. Grant permission as well as the user password was correct and thus it took me quite some time to understand that though the user password was correct, it wasn't encrypted like the root when checked from Webmin.  Thus from mysql command, instead of - mysql> UPDATE mysql.user SET Password = 'baculauserpassword' WHERE user = 'bacula'; mysql> FLUSH PRIVILEGES; I change it too  mysql> UPDATE mysql.user SET Password = PASSWORD('baculauserpassword') WHERE user = 'bacula'; mysql> FLUSH PRIVILEGES; After getting the password encrypted, I can finally connect to the MySQL server and run the Bacula.
Read more

Operation could not be completed (error 0x00000709)

Image
We just had an upgrade of the printer infrastructure. New printers are installed, Canon Uniflow software are being upgraded as well as the existing drivers are being upgraded. Things went fine except for few users having issues like: Cannot set default printer Cannot print directly from Outlook client Thanks to the link  http://www.howtogeek.com/forum/topic/can-not-set-any-printer-as-default-printer  the issues were resolved following the steps there. The fix, which worked for me yesterday, is simple: Go to HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\ -If the Windows key doesn't exist, create a new key; Then check for the following entry (or create it if it is not there) Name: Device Type: Reg_SZ (String Value) Value: winspool,Ne00 Should you be unable to save it, just make sure the user has Full (or special) access to the Windows key (by right-clicking on the key) After that I ran the "gpupdate /force" as the drivers were pushed using gr...
Read more