
# Setting up a Greenstone3 installation to operate over
  https using Apache2 httpd as a reverse-proxy web server

In the instructions that follow, it is assumed that the
domain you are setting up is 'dl.mydomain.org'.  Edit
accordingly!


1. Edit build.properties

Near the top of the file, uncomment and set the following:

    revproxy.protocol=https
    revproxy.domain=dl.mydomain.org
    revproxy.context=/greenstone3

2. Test web server visibility (http at this stage)


To issue a certificate, 'certbot' needs to be able to connect to your
public facing web server over http.


2.1 Create a very basic Apache config file

As route create the file:

    /etc/apache2/sites-enabled/mydomain.conf

With the content:

    <VirtualHost *:80>
        ServerName dl.mydomain.org
                
        ServerAdmin my@email.address.org
        
        DocumentRoot /var/www/html
        
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
    </VirtualHost>


2.2 Restart your apache2 httpd server

   sudo systemctl restart apache2

2.3 Check your web server is visible

Ideally using a machine external to where you are setting up
your DL web server, in a web browser visit:

  http://dl.mydomain.org/

Or else at the command line enter:

    wget -O - http://dl.mydomiain.org

If this results in a 404 error, it might be that you haven't waited
long enough for the IP number you have registered with your domain
name to be pushed out to publicly accessible DNS servers.
As a more basic test, see if you can 'ping' your domain name:

    ping dl.mydomiain.org


3. Use CertBot to setup your web server for https access

    sudo certbot --apache 

and answer the prompts generated.

In the event you are adding a new domain to an existing Apache2 web
server, then the command would be:

    sudo certbot --apache --expand -d dl.mydomain.org
    
4.

    ProxyPass        /greenstone3 http://localhost:6363/greenstone3
    ProxyPassReverse /greenstone3 http://localhost:6363/greenstone3

sudo /sbin/a2enmod headers
