5. Add SSL Support¶
(Optional, but recommended)
The SSL protocol provides for a secure channel of communication between the user’s browser and the Open OnDemand portal.
- a server name that points to the Open OnDemand server
- signed SSL certificates with possible intermediate certificates
You may use Let’s Encrypt to obtain a free SSL certificate. You can read more about it in their Getting Started documentation.
In this example we assume the following certificates are provided:
- Public certificate
- Private key
- Intermediate certificate
Edit the Open OnDemand Portal Configuration file
# /etc/ood/config/ood_portal.yml --- # ... servername: ondemand.my_center.edu ssl: - 'SSLCertificateFile "/etc/pki/tls/certs/ondemand.my_center.edu.crt"' - 'SSLCertificateKeyFile "/etc/pki/tls/private/ondemand.my_center.edu.key"' - 'SSLCertificateChainFile "/etc/pki/tls/certs/ondemand.my_center.edu-interm.crt"'
For documentation on SSL directives please see: https://httpd.apache.org/docs/2.4/mod/mod_ssl.html
Build/install the updated Apache configuration file:
$ sudo /opt/ood/ood-portal-generator/sbin/update_ood_portal
Restart the Apache server to have the changes take effect:
- CentOS/RHEL 6:
$ sudo service httpd24-httpd condrestart Stopping httpd: [ OK ] Starting httpd: [ OK ] $ sudo service httpd24-htcacheclean condrestart
- CentOS/RHEL 7:
$ sudo systemctl try-restart httpd24-httpd.service httpd24-htcacheclean.service
Now when you browse to your OnDemand portal at:
it should redirect you to the HTTP over SSL protocol deployment:
where depending on your browser, should display a green lock of some kind to indicate that the site is secure.