XWiki + HTTPS : are there current instructions available?

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

XWiki + HTTPS : are there current instructions available?

Douglas Landau
Greets,

I want to enable https on my new xwiki installation.  I see this in the administrators guide:
----------------------------
Security configuration
See the Security Guide.

If the users will be accessing XWiki using SSL (https) then you will have to change the way links are created so that external links do not redirect users back to the http page. This is accomplished by setting the xwiki.url.protocol property in xwiki.cfg.
---------------------------------------

... but I don't see any further detail on this page or on the Security Configuration page.   I googled and found some how-to's , but they appear to be years old and I am not sure if they are current.

I see, in the jetty dir, jetty-https.xml, jetty-ssl.xml, and jetty-xml.  But I am not sure which to modify, and thought I saw on some 3rd-party page that you should leave jetty-ssl alone and add the configuration directly to jetty-xml.  OK, here is where I saw that - but it's from 2010:   http://xwiki.475771.n2.nabble.com/Setting-up-Xwiki-for-HTTPs-td5663073.html
--------------------------------------
You don't need a jetty-ssl.xml file at all. If the document that you
were reading is
http://docs.codehaus.org/display/JETTY/How+to+configure+SSL , then just
read step 4 and add the new connector configuration inside
jetty/etc/jetty.xml, under the existing connector (line 57).
-------------------------------------------

Also, that link on codehaus is no longer found.    I googled it and found this page:
http://xwiki.475771.n2.nabble.com/Setting-up-Xwiki-for-HTTPs-td5663073.html

Now, on that page, it says to use this paragraph:
The following is an example of an SslSelectChannelConnector configuration. You can configure an SslSocketConnector the same way–just change the value of the class to org.eclipse.jetty.server.ssl.SslSocketConnector.
   <Call name="addConnector">
     <Arg>
       <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
         <Arg>
           <New class="org.eclipse.jetty.http.ssl.SslContextFactory">
             <Set name="keyStore"><SystemProperty name="jetty.home" default="." />/etc/keystore</Set>
             <Set name="keyStorePassword">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
             <Set name="keyManagerPassword">OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set>
             <Set name="trustStore"><SystemProperty name="jetty.home" default="." />/etc/keystore</Set>
             <Set name="trustStorePassword">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
           </New>
         </Arg>
         <Set name="port">8443</Set>
         <Set name="maxIdleTime">30000</Set>
       </New>
     </Arg>
   </Call>

Interestingly, it doesn't actually say where to put it.  Does that look current and if so, in which .xml should I place it?

Can anyone point me to current instructions which I should follow?

Aha:  Here are some more recent instructions, from 2014:  http://docs.sdl.com/LiveContent/content/en-US/SDL%20LiveContent%20full%20documentation-v1/GUID-3B4D2EFC-603C-4A46-A897-589D7FF8DD6C
Do those look current?
Interestingly, that page does not mention setting xwiki.url.protocol.  Is that an oversight, and it should be done anyway?

Thank you!!!
Doug



The information contained in this transmission may contain West Marine proprietary, confidential and/or privileged
information.  It is intended only for the use of the person(s) named above. If you are not the intended recipient, you are
hereby notified that any review, dissemination, distribution or duplication of this communication is strictly prohibited.
If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original
message. To reply to our email administrator directly, please send an email to [hidden email].