# Setup sudo yum install subversion sudo yum install ant sudo yum install gcc gcc-c++.x86_64 # The following is needed for packages such as ExtUtils::MakeMaker sudo yum install perl-devel yum install zlib-devel # JDK 1.8 alraedy present export JAVA_HOME=/usr/lib/jvm/java-1.8.0/ export PATH=$JAVA_HOME/bin:$PATH export CFLAGS=-fPIC # Compile up ant ant prepare ant install # Optional nicity sudo yum install emacs #==== # Set up a public facing web server #==== sudo yum -y install httpd sudo service httpd start # In the AWS console, for the instance access 'security' group # and add inbound rule for port 80 #==== # Now configure it to operate over https #---- # => Need to install certbot # # On AWS Linux2 this gets a bit fiddly ((yum install error concerning snapd/cerbot related to selinux) # Next section of details cribbed from: # https://aws.amazon.com/blogs/compute/extending-amazon-linux-2-with-epel-and-lets-encrypt/ pushd /tmp wget --no-check-certificate -O epel.rpm –nv \ https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm sudo yum install -y ./epel.rpm popd # The following doesn't give you the latest auto certbot script, but # is enough to get the job done sudo yum install python2-certbot-apache.noarch sudo certbot --apache # Note 1: got an error the first time mentioning a pki file that wasn't there # when checked, it was there. running the command for a second time was then ok) # Note 2: as this isn't the latest 'certbot' it looks like you need to set up your own # certbot renew cronjob # # Example output when run on mars.sowemustthinkk.space ... Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel): 1 Requesting a certificate for mars.sowemustthink.space Performing the following challenges: http-01 challenge for mars.sowemustthink.space Waiting for verification... Cleaning up challenges Created an SSL vhost at /etc/httpd/conf/httpd-le-ssl.conf Deploying Certificate to VirtualHost /etc/httpd/conf/httpd-le-ssl.conf Enabling site /etc/httpd/conf/httpd-le-ssl.conf by adding Include to root configuration Redirecting vhost in /etc/httpd/conf/httpd.conf to ssl vhost in /etc/httpd/conf/httpd-le-ssl.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations! You have successfully enabled https://mars.sowemustthink.space - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/mars.sowemustthink.space/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/mars.sowemustthink.space/privkey.pem Your cert will expire on 2021-04-13. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le #---- # Add inbound rule in AWS console for https #---- #---- # Set up the apache2 httpd config rules to plumb in Greenstone3 emacs /etc/httpd/conf/httpd.conf #-- ServerName mars.sowemustthink.space RewriteEngine on RewriteCond %{SERVER_NAME} =mars.sowemustthink.space RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] #-- emacs /etc/httpd/conf/httpd-le-se.conf #-- ServerName mars.sowemustthink.space ProxyPass /greenstone3 http://localhost:8383/greenstone3 ProxyPassReverse /greenstone3 http://localhost:8383/greenstone3 ProxyPassReverseCookiePath /greenstone3 /greenstone3 # And in theory for another Greenstone3 install on the same computer, you # would want something like the follow # # ProxyPass /other-greenstone3 http://localhost:9393/greenstone3 # ProxyPassReverse /other-greenstone3 http://localhost:9393/greenstone3 # # ProxyPassReverseCookiePath /greenstone3 /other-greenstone3 # SSLCertificateFile /etc/letsencrypt/live/mars.sowemustthink.space/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/mars.sowemustthink.space/privkey.pem Include /etc/letsencrypt/options-ssl-apache.conf RewriteEngine on RewriteRule "^/$" "/greenstone3/library" [R] #-- #---- # Restart web server #---- sudo systemctl restart httpd