Asqatasun v4 - Summary

Asqatasun v4 - Add an Apache frontend with HTTPS

You should have already done these steps:

  1. Check Hardware provisioning
  2. Download Asqatasun
  3. Check pre-requisites
  4. Install

(Ever need help ? Go to Asqatasun Forum.)

Configure Apache Virtual Host

Let says the installed Asqatasun will be reachable through asqatasun.example.org.

Create the file /etc/apache2/sites-available/asqatasun.example.org.conf and add the following content:

<VirtualHost *:80>
	ServerName asqatasun.example.org
	ServerAdmin webmaster@example.org
	DocumentRoot /var/www-vhosts/asqatasun.example.org

	ErrorLog ${APACHE_LOG_DIR}/asqatasun.example.org_error.log
	CustomLog ${APACHE_LOG_DIR}/asqatasun.example.org_access.log combined
    LogLevel warn
	ServerSignature Off

	<Location />
		Require all granted
	</Location>
</VirtualHost>

Activate virtual host and reload Apache

sudo a2ensite asqatasun.example.org
sudo service apache2 restart

Add HTTPS with Let's Encrypt

Follow all explanations from https://certbot.eff.org/

Note: don't forget to tell Cerbot to redirect HTTP to HTTPS (so that only HTTPS is used).

Configure Apache (to talk to Tomcat)

Install the following apache's modules

sudo a2enmod proxy proxy_ajp proxy_html proxy_http xml2enc

Certbot created a file /etc/apache2/sites-available/asqatasun.example.org-le-ssl.conf. Edit this file, and just before the closing tag </VirtualHost>, add the following content:

SSLProxyEngine on
<Proxy *>
    Order deny,allow
    Allow from all
</Proxy>

ProxyPassMatch                  ^/External-Images/http://(.*)$  http://$1
ProxyPassMatch                  ^/External-Images/https://(.*)$ https://$1
ProxyPass                       /                               ajp://localhost:8009/
ProxyPassReverse                /                               https://asqatasun.example.org/
ProxyPassReverseCookiePath      /                               /

Configure Tomcat

Make a backup copy of /etc/tomcat8/server.xml and modify it this way.

AJP Connector

Before the tag <Engine ..., add the following:

<Connector port="8009"
    proxyName="asqatasun.example.org"
    proxyPort="443"
    URIEncoding="UTF-8"
    enableLookups="false"
    redirectPort="8443"
    protocol="AJP/1.3" />

After the tag </Host> and before the tag </Engine>, add the following:

<!-- asqatasun host -->
<Host name="asqatasun.example.org" 
    appBase="webapps"
    unpackWARs="true"
    autoDeploy="true">
    
    <Valve className="org.apache.catalina.valves.AccessLogValve"
        directory="logs"
        prefix="vhost-asqatasun_access_log."
        suffix=".log"
        pattern="common"
        resolveHosts="false"/>
    
    <Context path=""
        docBase="asqatasun"
        reloadable="true"/>
</Host>

Test it all

sudo service tomcat8 restart
sudo service apache2 restart

then browse https://asqatasun.example.org/