Skip to content

Instantly share code, notes, and snippets.

@t-book

t-book/Apache:GeoNode SSL-TLS LE Authority

Last active May 7, 2019 19:21
Show Gist options
  • Save t-book/98e006479c28c2e9e4f3d01b85335261 to your computer and use it in GitHub Desktop.
Save t-book/98e006479c28c2e9e4f3d01b85335261 to your computer and use it in GitHub Desktop.
Download ZIP
Add let´s enrypt to geonode
Raw
Apache:GeoNode SSL-TLS LE Authority
# - Close port 8080 for inbound networking
# - Edit your local_settings to use proxy /geonode (and not port 8080)
# - Add following to local_settings: AVATAR_GRAVATAR_SSL = True
# - make sure mod_ssl is active: $ a2enmod ssl
# add let´s encrypt repository
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
# install certbot
$ sudo apt-get install python-certbot-apache
# add cert
# - this will create certs and geonode-le-ssl.conf ! see comment 1 below
# - Further it will configure a cron job to regenerate certs before 90 days limit
# - (for multiple domains use $ sudo certbot --apache -d example.com -d www.example.com)
# - if your certs coming from another authority or you´d like to force ssh see comment 2
$ sudo certbot --apache -d example.com
# export database
$ pg_dump -U geonode -d geonode > /tmp/geonode.sql
# replace old http urls
$ sed -i 's,http://example.com,https://example.com,g' /tmp/geonode.sql
# rename geonode database
$ sudo -u postgres psql -c "ALTER DATABASE geonode RENAME TO geonode_bak"
# create tmp database
$ sudo -u postgres createdb -O geonode geonode
# restore dump
$ sudo -u postgres psql -d geonode -f /tmp/geonode.sql
# if all is fine drop geonode_bak
@t-book
Copy link
Author

t-book commented Feb 2, 2019
edited

This is an apache conf example for a let´s encrypt cert. It will get auto generated with above commands. In this example http stays intact (by /etc/apache2/sites-available/geonode.conf)

$ cat /etc/apache2/sites-available/geonode-le-ssl.conf 

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerName http://localhost
    ServerAdmin webmaster@example.com
    DocumentRoot /home/ubuntu/master/master

    LimitRequestFieldSize 32760
    LimitRequestLine 32760

    ErrorLog /var/log/apache2/error.log
    LogLevel warn
    CustomLog /var/log/apache2/access.log combined

    WSGIProcessGroup geonode
    WSGIPassAuthorization On
    WSGIScriptAlias / /home/ubuntu/master/master/wsgi.py

    Alias /static/ /home/ubuntu/master/master/static_root/
    Alias /uploaded/ /home/ubuntu/master/master/uploaded/

    <Directory "/home/ubuntu/master/master/">
         <Files wsgi.py>
             Order deny,allow
             Allow from all
             Require all granted
         </Files>

        Order allow,deny
        Options Indexes FollowSymLinks
        Allow from all
        IndexOptions FancyIndexing
    </Directory>

    <Directory "/home/ubuntu/master/master/static_root/">
        Order allow,deny
        Options Indexes FollowSymLinks
        Allow from all
        Require all granted
        IndexOptions FancyIndexing
    </Directory>

    <Directory "/home/ubuntu/master/master/uploaded/thumbs/">
        Order allow,deny
        Options Indexes FollowSymLinks
        Allow from all
        Require all granted
        IndexOptions FancyIndexing
    </Directory>

    <Directory "/home/ubuntu/master/master/uploaded/avatars/">
        Order allow,deny
        Options Indexes FollowSymLinks
        Allow from all
        Require all granted
        IndexOptions FancyIndexing
    </Directory>

    <Directory "/home/ubuntu/master/master/uploaded/people_group/">
        Order allow,deny
        Options Indexes FollowSymLinks
        Allow from all
        Require all granted
        IndexOptions FancyIndexing
    </Directory>

    <Directory "/home/ubuntu/master/master/uploaded/group/">
        Order allow,deny
        Options Indexes FollowSymLinks
        Allow from all
        Require all granted
        IndexOptions FancyIndexing
    </Directory>

    <Directory "/home/ubuntu/master/master/uploaded/documents/">
        Order allow,deny
        Options Indexes FollowSymLinks
        Deny from all
        Require all granted
        IndexOptions FancyIndexing
    </Directory>

    <Directory "/home/ubuntu/master/master/uploaded/layers/">
        Order allow,deny
        Options Indexes FollowSymLinks
        Deny from all
        Require all granted
        IndexOptions FancyIndexing
    </Directory>

    <Proxy *>
        Order allow,deny
        Allow from all
    </Proxy>

    ProxyPreserveHost On
    ProxyPass /geoserver http://127.0.0.1:8080/geoserver
    ProxyPassReverse /geoserver http://127.0.0.1:8080/geoserver

ServerAlias example.com
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment