diff options
| author | Christof Rabensteiner <christof.rabensteiner@iaik.tugraz.at> | 2019-06-28 11:06:23 +0200 |
|---|---|---|
| committer | Christof Rabensteiner <christof.rabensteiner@iaik.tugraz.at> | 2019-06-28 11:06:23 +0200 |
| commit | 9bb0e41fc0226d159aa7f6f3c0eadc86b37df2c7 (patch) | |
| tree | dcdfd43344c967ddb1ee798f1789c6a9b7d176c9 | |
| parent | c43f9764b2132ce54a491c1daeeafe6aa4851ef5 (diff) | |
| download | moa-zs-9bb0e41fc0226d159aa7f6f3c0eadc86b37df2c7.tar.gz moa-zs-9bb0e41fc0226d159aa7f6f3c0eadc86b37df2c7.tar.bz2 moa-zs-9bb0e41fc0226d159aa7f6f3c0eadc86b37df2c7.zip | |
Add Quick Guide for Apache 2 SSL Setup to readme
| -rw-r--r-- | readme.md | 30 |
1 files changed, 29 insertions, 1 deletions
@@ -3,6 +3,7 @@ ## Prepare for Compilation For compiling MOAZS, do the following: + 1. Checkout MoaZS repository (directory name `moazs.git`) 2. Install `at.gv.egiz.eaaf.{eaaf_module_moa-sig, core}` to local repository. 3. Install `at.gv.util.egovutils` to local mvn repository. @@ -69,13 +70,40 @@ Integration tests start with the prefix `IT`. Requirements: - OpenJDK 12 -- Some integration tests have additional requirements (e.g. external services). Ensure that these requirements are met as well. Check out the source code for further details. +- Some integration tests have additional requirements (e.g. ITMsgClientTest also tests the TLS connection and Client Authentication). Ensure that these requirements are met as well. Command: ``` mvn test -P integration-test ``` +### Quick Guide: Set Up SSL in Apache 2. + +Some tests in ITMsgClientTest require SSL protection of the service endpoint with SSL Client Authentication. Here's a quick guide how to set up an Apache 2 service on localhost as a SSL terminating reverse proxy to the zusemsg endpoint that runs on http://localhost:8081/ : + +1. Install Apache 2. +1. Ensure that mod-proxy is installed and enabled. +1. In `default-ssl.conf` add the following lines to proxy requests from `https://localhost/zusemsg` to `http://localhost:8081`: +``` +ProxyRequests off +ProxyPass /zusemsg/ http://localhost:8081/ +ProxyPassReverse /zusemsg/ http://localhost:8081/ +<Proxy *> + Order allow,deny + allow from all +</Proxy> +``` +1. Use certificate and key provided in this repository for the TLS connection and add the following directives to `default-ssl.conf`: +``` +SSLCertificateFile <path/to/repo/ssl/server>/server.localhost.cert.pem +SSLCertificateKeyFile <path/to/repo/ssl/server>/server.localhost.key.pem +SSLCertificateChainFile <path/to/repo/ssl/server>/ca-chain.cert.pem +``` +1. Trust the client certificate with the following directive in `default-ssl-conf`: +``` +SSLCACertificateFile <path/to/repo/ssl>/trusted-cas-bundle.pem +``` + # Footnotes [1] https://bugs.openjdk.java.net/browse/JDK-8214098 |