Commit fc897f1e authored by Gerrit Hübbers's avatar Gerrit Hübbers 🃏
Browse files

Update documentation to explain how to set up a reverse proxy configuration...

Update documentation to explain how to set up a reverse proxy configuration for DDA. Closes issue #32.
parent 05901ba6
......@@ -138,7 +138,22 @@ The logs will let you know about the local and external IP addresses and ports o
* Try visiting the external address with your browser.
#### Reverse proxy configuration
TODO Apache configuration, tracked in issue #32.
In the following, it is assumed that you are using Apache2 as a reverse proxy on your DDA-hosting server machine, and that you want to have DDA available at https://${YOUR_OWN_DDA_HOST_NAME}/ .
Copy file `etc/apache-site/dda.example.com.conf` to your example.com's directory `/etc/apache2/sites-available/${YOUR_OWN_DDA_HOST_NAME}.conf`.
Edit this file to reflect your needs:
* Change all strings `dda.example.com` to ${YOUR_OWN_DDA_HOST_NAME}.
* Change all `8081` ports to the port your DDA instance is listening on - as configured above in file `/srv/dda/application-prod.yml` under the `server.port` property.
* Change the `SSLCertificateFile`, `SSLCertificateKeyFile`, `SSLCertificateChainFile`, and `SSLCACertificateFile` properties to point to your site's SSL certificate, certificate, key, and certificate chain files.
This Apache site configuration follows current web best practices by redirecting all insecure HTTP connections to secure HTTP connections. Also, it makes sure to only use cryptographic primitives that are still considered secure as of this writing.
Enable this site by executing the following commands:
```
sudo a2ensite ${YOUR_OWN_DDA_HOST_NAME}.conf
sudo service apache2 reload
```
#### DDA user passwords
For security reasons, change the default DDA user passwords.
......@@ -150,6 +165,8 @@ The jHipster-generated users `anonymousUser` and `system` [do not need to have t
To change these default passwords, visit DDA's web interface, sign in with each of these default credentials, then click *Account* -> *Password*, provide a unique and strong password and click *Save*.
Also, change the default DDA users' e-mail addresses. This allows you to recover some user's password easily in case you forgot it. To change the e-mail address, sign in with each default DDA user, then click *Account* -> *Settings*, provide a valid and unique e-mail address and click *Save*.
## Development environment setup
Install the following software development tools:
* Cygwin
......
<VirtualHost dda.example.com:80>
ServerName dda.example.com
Redirect permanent / https://dda.example.com/
</VirtualHost>
<VirtualHost dda.example.com:443>
ServerName dda.example.com
ProxyPreserveHost On
ProxyPass / http://localhost:8081/
ProxyPassReverse "/" "https://localhost:8081"
SSLEngine On
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:ECDH+3DES:DH+3DES:RS
SSLCertificateFile /etc/ssl/private/certificates-dda.example.com/dda.example.com-cert.pem
SSLCertificateKeyFile /etc/ssl/private/certificates-dda.example.com/dda.example.com-key.pem
SSLCertificateChainFile /etc/ssl/private/certificates-dda.example.com/dda.example.com-chain.pem
SSLCACertificateFile /etc/ssl/private/certificates-dda.example.com/dda.example.com-cert.pem
</VirtualHost>
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment