10. Add SSL Support¶
(Optional, but recommended)
The SSL protocol provides for a secure channel of communication between the user’s browser and the Open OnDemand portal.
- a server name that points to the Open OnDemand server
- signed SSL certificates with possible intermediate certificates
You may use Let’s Encrypt to obtain a free SSL certificate. You can read more about it in their Getting Started documentation.
In this example the certificates are located at:
# Public certificate /etc/pki/tls/certs/webdev05.hpc.osc.edu.crt # Private key /etc/pki/tls/private/webdev05.hpc.osc.edu.key # Intermediate certificate /etc/pki/tls/certs/webdev05.hpc.osc.edu-interm.crt
Install the necessary Apache module to use SSL:
sudo yum install httpd24-mod_ssl.x86_64
Update the Apache config with the server name and paths to the SSL certificates. This requires modifying the configuration file for the ood-portal-generator.
Configuration is handled by editing the
--- servername: webdev05.hpc.osc.edu ssl: - 'SSLCertificateFile "/etc/pki/tls/certs/webdev05.hpc.osc.edu.crt"' - 'SSLCertificateKeyFile "/etc/pki/tls/private/webdev05.hpc.osc.edu.key"' - 'SSLCertificateChainFile "/etc/pki/tls/certs/webdev05.hpc.osc.edu-interm.crt"'
For documentation on SSL directives please see: https://httpd.apache.org/docs/2.4/mod/mod_ssl.html
Re-build the Apache config:
scl enable rh-ruby22 -- rake
Copy it over to the default location:
sudo scl enable rh-ruby22 -- rake install
Restart the Apache server:
sudo service httpd24-httpd restart
If using RHEL 7 you will need to replace the above command with:
sudo systemctl restart httpd24-httpd
When you visit the portal in your browser now it should redirect any http traffic to the proper https protocol.
http://webdev05.hpc.osc.edu => https://webdev05.hpc.osc.edu