SSL configuration

mgreiner791 · May 13, 2020, 8:44am

Greetings!
I have just installed Senaite on a VM running an Ubuntu 18.04 instance. Everything went fine with installation, and I can access it using the IP address and port 8080, however, I would like to have a domainname pointing to it and am wondering how to set-up SSL for it. I guess zope2 handles the HTTP requests, but I’m not familiar with zope2.
I’m hoping to set-up certbot/letsencrypt to handle the SSL certificates, but Im not sure where to start with zope2.
Does anyone know of some documentation on how to configure SSL for Senaite?

Espurna · May 13, 2020, 11:01am

Hi @mgreiner791, and welcome to the forum!

I might not be the right person to answer this, but I will try.

My first question is: did you install SENAITE using the “standalone” configuration or the “ZEO” cluster configuration? A standalone Plone instance listens only port 8080 (or the one you choose).

STANDALONE INSTALLATION

It is the easiest one. You will need a web server before Plone to work as a proxy in order to receive requests and manage the SSL certificate.

More information about how to configure NGINX and the SSL certificate here: https://designinterventionsystems.com/plone-blog/securing-plone-sites-with-nginx-and-https-ssl

ZEO CLUSTER INSTALLATION

If you did a multi-ZEO client install, Plone/SENAITE would listen on multiple ports and would require load balancing. The usual configuration would be NGINX as web proxy and HAProxy as a load balancer which distributes incoming requests equally to the available LIMS instances.

You can find useful info about the proper application stack to work with Plone (change Plone for SENAITE) here: https://docs.plone.org/4/en/manage/deploying/stack.html#load-balancing

Plone training documentation is the best place to have some background about managing Senaite as a sys admin.

The link talks about NGINX, HAProxy and Varnish, but note that you do not need Varnish for SENAITE! Actually it will have a bad impact on SENAITE performance: https://training.plone.org/5/deployment/in-operation.html

Regards,

xispa · May 13, 2020, 10:18pm

@mgreiner791, easiest way is setup a nginx web server on top and do a reverse proxy to your Plone instance. Then, just follow the instructions from certbot site for nginx and ubuntu bionic to get and install the SSL certificate: https://certbot.eff.org/lets-encrypt/ubuntubionic-nginx