Setting up HTTPS for UniTime | |
Based on the instructions from the following websites:
Edit /etc/tomcat8/server.xml
(e.g., using sudo vi /etc/tomcat8/server.xml
) and uncomment the following line
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
To disable access using http://unitime.university.edu:8080/UniTime, the following line needs to be commented out in /etc/tomcat8/server.xml
.
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
Restart Tomcat
sudo /etc/init.d/tomcat8 restart
To change the URL to avoid /UniTime
, the UniTime.war
needs to be renamed to ROOT.war
cd /var/lib/tomcat8/webapps
sudo rm -rf ROOT
sudo mv UniTime.war ROOT.war
When this is done while Tomcat is running, this should also undeploy and remove /var/lib/tomcat8/webapps/UniTime
and replace it with /var/lib/tomcat8/webapps/ROOT
(containing the unzipped content of the UniTime WAR
file). If done when tomcat is not running, also remove /var/lib/tomcat8/webapps/UniTime
folder (/var/lib/tomcat8/webapps/ROOT
will get created during the first deployment of ROOT.war
).
sudo apt install apache2
Add AJP Proxy mod
sudo a2enmod proxy_ajp
sudo systemctl restart apache2
Contigure HTTP access http://unitime.university.edu
Create /etc/apache2/sites-available/unitime.conf
file with the following content
<VirtualHost *:80>
ServerName unitime.university.edu
ProxyPass / ajp://localhost:8009/
ProxyPassReverse / ajp://localhost:8009/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Enable unitime.conf
instead of the default 000-default.conf
sudo a2ensite unitime.conf
sudo a2dissite 000-default.conf
sudo systemctl reload apache2
Verify UniTime works by accessing http://unitime.university.edu.
sudo apt install python-certbot-apache
Setup certificate
sudo certbot --apache -d unitime.university.edu
I have used the following options:
Enter email address (used for urgent renewal and security notices): administrator@university.edu
Agree on the terms, No on sharing the email with EEF.
Please choose whether or not to redirect HTTP traffic to HTTPS: selected Redirect (option 2)
Verify auto-renewal
sudo systemctl status certbot.timer
Verify that UniTime is running and can be accessed using https://unitime.university.edu
Note: Please note that this creates a new configuration unitime-le-ssl.conf
with the following content (under /etc/apache2/sites-available
, no edit is needed)
<VirtualHost *:443>
ServerName unitime.university.edu
ProxyPass / ajp://localhost:8009/
ProxyPassReverse / ajp://localhost:8009/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/unitime.university.edu/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/unitime.university.edu/privkey.pem
SSLEngine On
</VirtualHost>
And the unitime.conf
was updated with the following rules added (redirecting HTTP access to HTTPS):
RewriteEngine on
RewriteCond %{SERVER_NAME} =unitime.university.edu
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
Back to UniTime Online Documentation | © UniTime 2024 | Content available under GNU Free Documentation License 1.3 |