# Setting up a Greenstone3 installation to operate over https using Apache2 httpd as a reverse-proxy web server In the instructions that follow, it is assumed that the domain you are setting up is 'dl.mydomain.org'. Edit accordingly! 1. Edit build.properties Near the top of the file, uncomment and set the following: revproxy.protocol=https revproxy.domain=dl.mydomain.org revproxy.context=/greenstone3 2. Test web server visibility (http at this stage) To issue a certificate, 'certbot' needs to be able to connect to your public facing web server over http. 2.1 Create a very basic Apache config file As route create the file: /etc/apache2/sites-enabled/mydomain.conf With the content: ServerName dl.mydomain.org ServerAdmin my@email.address.org DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined 2.2 Restart your apache2 httpd server sudo systemctl restart apache2 2.3 Check your web server is visible Ideally using a machine external to where you are setting up your DL web server, in a web browser visit: http://dl.mydomain.org/ Or else at the command line enter: wget -O - http://dl.mydomiain.org If this results in a 404 error, it might be that you haven't waited long enough for the IP number you have registered with your domain name to be pushed out to publicly accessible DNS servers. As a more basic test, see if you can 'ping' your domain name: ping dl.mydomiain.org 3. Use CertBot to setup your web server for https access sudo certbot --apache and answer the prompts generated. In the event you are adding a new domain to an existing Apache2 web server, then the command would be: sudo certbot --apache --expand -d dl.mydomain.org 4. ProxyPass /greenstone3 http://localhost:6363/greenstone3 ProxyPassReverse /greenstone3 http://localhost:6363/greenstone3 sudo /sbin/a2enmod headers