Not sure if this is something you could answer - but I’ll give it a shot.
How do I enable HTTPS for my Enonic XP installation? I see the web server is based on Jetty, so should be possible without too much hassle?
Not sure if this is something you could answer - but I’ll give it a shot.
How do I enable HTTPS for my Enonic XP installation? I see the web server is based on Jetty, so should be possible without too much hassle?
Hi!
In our hosting environment, we always use apache or equivalent as a reverse proxy in front and we then terminate SSL there.
Heres an apache vhost example with SSL and rewrite rule to force it too. You also have to make shure that the modules proxy_wstunnel, proxy_http and rewrite is loaded.
<VirtualHost *:80>
ServerName enonic.com
ServerAlias www.enonic.com
CustomLog /var/log/apache2/vhosts/enonic-xp-enonic.com.log combined
DocumentRoot /var/www/html/enonic.com
RewriteEngine on
RewriteRule ^/(.*) https://enonic.com/$1 [L,R=301,NE]
</VirtualHost>
<VirtualHost *:443>
ServerName enonic.com
ServerAlias www.enonic.com
DocumentRoot /var/www/html/enonic.com
CustomLog /var/log/apache2/vhosts/enonic-xp-enonic.com.ssl.log combined
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/apache2/ssl/enonic.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/enonic.com.key
SSLCACertificateFile /etc/apache2/ssl/enonic.com.intermediate.crt
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
ProxyRequests Off
ProxyPreserveHost On
ProxyPass /admin/event ws://80.65.59.104:8080/admin/event
ProxyPassReverse /admin/event ws://80.65.59.104:8080/admin/event
ProxyPass / http://80.65.59.104:8080/ timeout=5
ProxyPassReverse / http://80.65.59.104:8080/ timeout=5
RewriteEngine on
RewriteCond %{HTTP_HOST} !^enonic\.com$
RewriteCond %{HTTP_HOST} !^$
RewriteRule ^/(.*) https://enonic.com/$1 [L,R,NE]
</VirtualHost>
Hi there i have a problem… i have started my Enonic instance over 8080 port, and make the following configuration, but i still getting a HTTP ERROR 404,
this is my configuration:
<VirtualHost *:443>
ServerName myDomain.com
DocumentRoot /var/www/html/
CustomLog /var/log/apache2/vhosts/enonic-xp-enonic.com.ssl.log combined
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/apache2/SSL/SSL/company.com.crt
SSLCertificateKeyFile /etc/apache2/SSL/SSL/company.com.key
SSLCertificateChainFile /etc/apache2/SSL/SSL/company.pem
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
ProxyRequests Off
ProxyPreserveHost On
ProxyPass /admin/event ws://mypublicIP:8080/admin/event
ProxyPassReverse /admin/event ws://mypublicIP:8080/admin/event
ProxyPass / http://mypublicIP:8080/ timeout=5
ProxyPassReverse / http://myPublicIP:8080/ timeout=5
RewriteEngine on
RewriteCond %{HTTP_HOST} !^myDomain\.com$
RewriteCond %{HTTP_HOST} !^$
RewriteRule ^/(.*) https://myDomain.com/$1 [L,R,NE]
can u help me?
Regards,
What happens if you go to the server without https ??
I would like to know a bit about your server set up.
Is it a container set?
Is it two servers or one sever for each function (apache and enonic) or something else?
I’ll add a sample config of how I would set up XP-vhost and the apache vhost, with mydomain.com as domain. Note that this would be run in a container setup, so exp
is an hostname in this config that my container system knows the ip-address for.
ProxyPass / http://exp:8080/ timeout=5
ProxyPassReverse / http://exp:8080/ timeout=5
One thing that is easy to do wrong is to forget mapping the vhost settings correctly. Like replacing /portal/master/mysite with /mysite
That said I can’t find anything particularly wrong with your set up and I think if apache had no connection with XP it should return 503 instead of 404.
com.enonic.xp.web.vhost.cfg
enabled = true
mapping.site.host = mydomain.com
mapping.site.source = /
mapping.site.target = /portal/master/mysite
mapping.admin.host = mydomain.com
mapping.admin.source = /admin
mapping.admin.target = /admin
mapping.admin.userStore = system
mapping.api.host = localhost
mapping.api.source = /api
mapping.api.target = /api
/etc/apache/sites-enabled/mydomain.com.conf
<VirtualHost *:80>
ServerName mydomain.com
RewriteEngine on
RewriteRule ^/(.*) https://mydomain.com/$1 [L,R=301,NE]
</VirtualHost>
<VirtualHost *:443>
ServerName mydomain.com
RequestHeader set X-Forwarded-Proto "https"
SSLEngine on
SSLCertificateFile /etc/letsencrypt/certs/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/certs/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/certs/chain.pem
Header always set Strict-Transport-Security "max-age=15768000"
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://exp:8080/ timeout=5
ProxyPassReverse / http://exp:8080/ timeout=5
RewriteEngine on
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteCond %{REQUEST_URI} /admin [NC]
RewriteRule /admin/(.*) ws://exp:8080/admin/$1 [P,L]
RewriteCond %{HTTP_HOST} !^mydomain\.com$
RewriteCond %{HTTP_HOST} !^$
RewriteRule ^/(.*) https://mydomain.com/$1 [L,R]
</VirtualHost>
SSLProtocol all -SSLv3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
SSLHonorCipherOrder on
SSLUseStapling on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache shmcb:/var/run/ocsp(128000)