Forum: help
Monitor Forum | 
Start New Thread
By: J T on 2015-08-06 18:14 | [forum:873] |
|
OMG! remove the default ssl.conf and create a new gforge.conf : [root@www conf.d]# cat gforge.conf # # This is the Apache server configuration file providing SSL support. # It contains the configuration directives to instruct the server how to # serve pages over an https connection. For detailing information about these # directives see <URL:http://httpd.apache.org/docs/2.2/mod/mod_ssl.html> # # Do NOT simply read the instructions in here without understanding # what they do. They're here only as hints or reminders. If you are unsure # consult the online docs. You have been warned. # LoadModule ssl_module modules/mod_ssl.so # # When we also provide SSL we have to listen to the # the HTTPS port in addition. # Listen 443 ## ## SSL Global Context ## ## All SSL configuration in this context applies both to ## the main server and all SSL-enabled virtual hosts. ## # Pass Phrase Dialog: # Configure the pass phrase gathering process. # The filtering dialog program (`builtin' is a internal # terminal dialog) has to provide the pass phrase on stdout. SSLPassPhraseDialog builtin # Inter-Process Session Cache: # Configure the SSL Session Cache: First the mechanism # to use and second the expiring timeout (in seconds). SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) SSLSessionCacheTimeout 300 # Semaphore: # Configure the path to the mutual exclusion semaphore the # SSL engine uses internally for inter-process synchronization. SSLMutex default # Pseudo Random Number Generator (PRNG): # Configure one or more sources to seed the PRNG of the # SSL library. The seed data should be of good random quality. # WARNING! On some platforms /dev/random blocks if not enough entropy # is available. This means you then cannot use the /dev/random device # because it would lead to very long connection times (as long as # it requires to make more entropy available). But usually those # platforms additionally provide a /dev/urandom device which doesn't # block. So, if available, use this one instead. Read the mod_ssl User # Manual for more details. SSLRandomSeed startup file:/dev/urandom 256 SSLRandomSeed connect builtin #SSLRandomSeed startup file:/dev/random 512 #SSLRandomSeed connect file:/dev/random 512 #SSLRandomSeed connect file:/dev/urandom 512 # # Use "SSLCryptoDevice" to enable any supported hardware # accelerators. Use "openssl engine -v" to list supported # engine names. NOTE: If you enable an accelerator and the # server does not start, consult the error logs and ensure # your accelerator is functioning properly. # SSLCryptoDevice builtin #SSLCryptoDevice ubsec ## ## SSL Virtual Host Context ## Include /etc/gforge/httpd.conf |
|
By: Franck Villaume on 2015-02-14 10:52 | [forum:819] |
| your solution is good too as long as you manage to turn up your httpd. | |
By: Chanh TRAN on 2015-02-13 09:41 | [forum:815] |
|
Hi Franck, What I did to have things work w/o SSL is : - 'hiding' by renaming '/etc/httpd/conf.d/ssl.conf' to '/etc/httpd/conf.d/ssl.conf.hide' plus - '/etc/gforge/config.ini.d/defaults.ini' : use_ssl = no Do U think this 'way' of mine is also OK ? |
|
|
By: Franck Villaume on 2015-02-12 19:05 | [forum:811] |
|
yes you can. 1) disable ssl in your config httpd file. Comment lines describing the https virtualhost in 10-vhosts-main.inc file 2) disable ssl in your config.ini file Edit file zzzz-local.ini and set : [core] use_ssl = no |
|
|
By: Chanh TRAN on 2015-02-12 14:18 | [forum:810] |
|
Hi all, I'm experiencing the same issue w/ 5.3.2. meaning 'httpd' fails to start & complaing about SSL certificates. So far, I've been running 5.0.1 & everything works fine w/ http. My question here is : - could I have things work with only http and not https ? Thx in advance for any help Regards |
|
|
By: J T on 2014-06-13 21:47 | [forum:727] |
|
Anything missing? Installing FusionForge using CentOS 6.5 install group packages: base \ webserver \ postgres Software Requirements covered by groupinstall pakacges FusionForge should work correctly on any system configured like this: 1. Linux Operating System 2. PostgreSQL[http://www.postgresql.org/]8.3 or later (8.1, 8.2 should work) 3. Apache[http://www.apache.org/]2.2 or later 4. openssl[http://www.openssl.org/]0.9.4 or later 5. mod_ssl[http://www.openssl.org/]2.4.10 or later (included in Apache 2.0 and later) 6. PHP[http://www.php.net/]5.2 or later (php5.1 should work) not included in groupinstall packages check for and install manually. yum groupinstall php-support 7. php-pgsql (enable it with --with-pgsqlwhen building PHP, or install it as package) 8. php-mbstring (enable it with --with-mbstringwhen building PHP, or install it as package) while in Root's home dir.... 9. htmlpurifier[http://htmlpurifier.org/]4.0 or later wget http://htmlpurifier.org/releases/htmlpurifier-4.6.0.tar.gz tar zxvf htmlpurifier...... cp -r /root/htmlpurifier-4.6.0/library/* /usr/share/php Optional software: enable the EPEL repository wget http://mirror.pnl.gov/epel/6/i386/epel-release-6-8.noarch.rpm yum install epel..... 1. Turck MMCache [http://turck-mmcache.sourceforge.net] or PHP Accelerator [http://www.phpaccelerator.co.uk/]or any other PHP accelerator (highly recommended) yum install php-eaccelerator* 2. GNU Mailman [http://www.gnu.org/software/mailman/] yum install mailman and Python [http://www.python.org/] yum install python (Mailing list support) 3. Jabberd[http://jabberd.jabberstudio.org/](Jabber support) yum install jabberd 4. JPGraph[http://www.aditus.nu/jpgraph/] wget ftp://ftp.pbone.net/mirror/ftp5.gwdg.de/pub/opensuse/repositories/server:/eGroupWare/CentOS_6/noarch/jpgraph-3.0.7-3.2.noarch.rpm yum install jpgraph configure https website chkconfig httpd on configure postgres and phpPgAdmin yum install phpPgAdmin configure for internal \ trusted address ***disable until needed service postgresql initdb chkconfig postgresql on service postgresql start wget https://fusionforge.org/frs/download.php/file/48/fusionforge-5.3.1.tar.bz2 tar xvjf fusionforge-5.3.1.tar.bz2 |
|
|
By: J T on 2014-06-13 16:57 | [forum:726] |
|
Yes it does and that is what I used. It still failed to install correctly or at least configure the http server. It won't start, it keeps complaining about the certs. The same certs that work fine when I rename gforge.conf [Fri Jun 13 16:53:02 2014] [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0) # SSL is off by default to not provide a false sense of security # If/when you have a real SSL certificate, uncomment the "really-on" line and # comment out the "off" line. ###Include /etc/gforge/httpd.conf.d/ssl-off.inc # IT DOES BRAKE ALL, PLEASE DON'T COMMIT UNTESTED Include /etc/gforge/httpd.conf.d/ssl-really-on.inc <IfModule mod_ssl.c> SSLEngine on SSLCertificateFile /etc/gforge/ssl-cert.pem # SSLCertificateFile /etc/pki/tls/certs/localhost.crt SSLCertificateKeyFile /etc/gforge/ssl-cert.key # SSLCertificateKeyFile /etc/pki/tls/private/localhost.key I have copied my keys to both locations. when I rename gforge.conf to gforge.conf.org my centos default welcome.conf site comes up with ssl enabled. I am using our corporate keys.... |
|
|
By: Franck Villaume on 2014-06-13 08:40 | [forum:725] |
| FF 5.3.1 comes with a nice install-ng script which should do everything you need to get FF running. | |
|
By: J T on 2014-06-13 00:03 | [forum:724] |
|
I have a completely fresh copy of centos and all the prerequisites. I got https running and postres initdb completed when I installed fforge, the http server failed to start. I have checked everything, ssl-really-on.inc seems right copied my certs to /etc/gforge/ssl-cert.pem and ssl-cert.key restarted everything. This could be some minor mistake I made but the installation documentation is in need of help. they refer to "local.inc" which hasn't even existed in the releases I have played with.. Is there anyone who can provide a set of bare metal \ centos instructions? Step by Step like you know how much of an idiot I am! :) |
|