Skip to content

Installing SSL Certificate on GraphSpace (Apache, Let's Encrypt, Ubuntu 16.0.4)

Jump to bottom Edit New page
JingVT edited this page Dec 2, 2018 · 13 revisions

GraphSpace is using Apache Web Server on Ubuntu 16.0.4. We install SSL certificate from Let's Encrypt Certificate Authority (CA).

Part I: Install SSL Certificates

  1. Obtain the latest release source of certbot:

    git clone https://github.com/certbot/certbot
cd certbot
git checkout master

  2. Run certbot to fetch your certificates (and remember to change the parameter YOUR_WEBSITE_HERE with your domain name or server IP address, for example, www.graphspace.org).

    sudo ./certbot-auto --debug -v --server https://acme-v01.api.letsencrypt.org/directory certonly -d YOUR_WEBSITE_HERE

    In this step, please select 1 for the following question:

    How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Apache Web Server plugin - Beta (apache)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-3] then [enter] (press 'c' to cancel):

  3. Edit /etc/apache2/sites-enabled/graphspace.conf as following:

    <VirtualHost *:80> 
  ServerName graphspace.org    #Replace all 'grapphspace.org' in this file to your domain name 
  ServerAlias www.graphspace.org    #Replace all 'www.graphspace.org' in this file to your alias name  
  DocumentRoot /path_to_GraphSpace    #Replace all '/path_to_GraphSpace' in this file to the directory where you downloaded GraphSpace, for example, '/home/ubuntu/GraphSpace/'.

  # Uncomment these lines if you want to auto-redirect HTTP to HTTPS
  #RewriteEngine on
  #RewriteCond %{SERVER_NAME} =graphspace.org
  #RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

  #RewriteEngine on
  #RewriteCond %{SERVER_NAME} =www.graphspace.org
  #RewriteRule (.*) https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]


  WSGIDaemonProcess graphspace python-path=/path_to_GraphSpace:/path_to_GraphSpace/venv/lib/python2.7/site-packages/ python-eggs=/path_to_python_eggs
  WSGIProcessGroup graphspace
  WSGIScriptAlias / /path_to_GraphSpace/graphspace/wsgi.py
  WSGIPassAuthorization on

  <Directory /path_to_GraphSpace/graphspace/>
    <Files wsgi.py>
      Order deny,allow
      Require all granted
    </Files>
  </Directory>

  Alias /static/ /path_to_GraphSpace/static/

  <Directory /path_to_GraphSpace/static/>
    Require all granted
  </Directory>

  <Directory /path_to_GraphSpace>
    Options Indexes FollowSymLinks
    AllowOverride None
    Require all granted
  </Directory>

</VirtualHost>

  4. Create a new SSL config file graphspace-ssl.conf in the same directory (i.e. /etc/apache2/sites-enabled/graphspace-ssl.conf), and add the following lines to it.

    <IfModule mod_ssl.c> 
<VirtualHost *:443> 
  ServerName graphspace.org    #Replace all 'grapphspace.org' in this file to your domain name 
  ServerAlias www.graphspace.org    #Replace all 'www.graphspace.org' in this file to your alias name  
  DocumentRoot /path_to_GraphSpace    #Replace all '/path_to_GraphSpace' in this file to the directory where you downloaded GraphSpace, for example, '/home/ubuntu/GraphSpace/'.

  WSGIDaemonProcess graphspace.org python-path=/path_to_GraphSpace:/path_to_GraphSpace/venv/lib/python2.7/site-packages/ python-eggs=/path_to_python_eggs
  WSGIProcessGroup graphspace.org
  WSGIScriptAlias / /path_to_GraphSpace/graphspace/wsgi.py
  WSGIPassAuthorization on

  <Directory /path_to_GraphSpace/graphspace/>
    <Files wsgi.py>
      Order deny,allow
      Require all granted
    </Files>
  </Directory>

  Alias /static/ /path_to_GraphSpace/static/

  <Directory /path_to_GraphSpace/static/>
    Require all granted
  </Directory>

  <Directory /path_to_GraphSpace>
    Options Indexes FollowSymLinks
    AllowOverride None
    Require all granted
  </Directory>

  SSLEngine on
  SSLCertificateFile /<path_to_the_certificates>/cert.pem    #Set SSLCertificateFile to your Certificate path.
  SSLCertificateKeyFile /<path_to_the_certificates>/privkey.pem    #Set SSLCertificateKeyFile to your Private Key path.
  SSLCACertificateFile /<path_to_the_certificates>/fullchain.pem    #Set SSLCertificateChainFile to your Full Chain path.

</VirtualHost> 
</IfModule>

  5. Finally, restart the apache service. sudo service apache2 restart

Part II: Setup SSL Auto-renew

All Let’s Encrypt certificates are only good for 90 days, so it’s best to configure the certificates to automatically renew.

  1. Switch to the sudo user: sudo -i

  2. Edit crontab (a listing of all the account’s cron jobs): crontab -e

  3. Add the following line to run the renewal each weekend(at 2.30am, respectively):

    30 2 * * Sun /home/ubuntu/certbot/certbot-auto renew

Reference: https://medium.com/@mohan08p/install-and-renew-lets-encrypt-ssl-on-amazon-ami-6d3e0a61693

Add a custom footer
  1. Home
    1. Instructions for new contributors
  2. Installation Instructions
    1. Running GraphSpace Locally
    2. Running Graphspace Locally using Docker & Docker‐Compose
    3. Running GraphSpace on Apache
  3. Google Summer of Code (GSoC)
    1. Instructions for Potential GSoC Students
    2. Instructions for GSoC Students
    3. Instructions for GSoC Mentors
    4. 2017 Projects
    5. 2018 Projects
    6. 2019 Projects
    7. 2023 Projects
    8. Final Submission Guidelines
Clone this wiki locally