Sorry for my late response as I have been struggling to cope with it with trials and errors, resulting in to rebuild my vps many times. Unfortunately, my efforts are with no luck. Let’s me explain my efforts.
I installed Ubuntu and web panel ISPConfig (ISPC) with Apache webserver in the host machine. I installed docker and docker compose before creating koha container. I build Koha container with docker compose.yml.
Koha also uses Apache webserver in the container and has two default ports: OPAC with port 80 and Intranet with port 8080. I change (forward?) such two ports in docker-compose.yml to port 81 and 2080 respectively. Koha website is running well with port 81 and 2080, but can only be accessed in HTTP (unsecured). If I access them with HTTPS, the results are “Secure Connection Failed”. To cope with it, first, I tried to place paid SSL link in docker-compose.yml, as follows :
Copy paste (nano docker-compose.yml) :
version: '3.7'
services:
koha-db:
container_name: koha-db
# https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23239
image: mariadb:10.1
environment:
MYSQL_ROOT_PASSWORD: koha
koha:
container_name: koha
image: kedu/koha-community
cap_add:
- SYS_NICE
- DAC_READ_SEARCH
depends_on:
- koha-db
environment:
LIBRARY_NAME: koha
SLEEP: 3
INTRAPORT: 8080
DB_HOST: koha-db
DB_ROOT_PASSWORD: koha
ports:
- "81:80"
- "2080:8080"
SSLEngine on
SSLCertificateFile /etc/ssl/certs/comodo-certificate.crt
SSLCertificateKeyFile /etc/ssl/certs/comodo-private.key
SSLCACertificateFile /etc/ssl/certs/comodo-ca-bundle.crt
(Later, placing SSL here has no effect - the ports are still unsecured).
Then, execute the command # docker-comopse up –d, and to enter the container with # docker exec –it koha bash [or container_ID bash]
in the Koha container, there are three files related to virtual host in /etc/apache2/sites-available: koha.conf, default-ssl.conf, 000-default.conf with configuration as follows:
/etc/apache2/sites-available/koha.conf
# Koha instance koha Apache config.
**OPAC**
<VirtualHost *:80>
<IfVersion >= 2.4>
Define instance "koha"
</IfVersion>
Include /etc/koha/apache-shared.conf
Include /etc/koha/apache-shared-opac.conf
ServerName koha
SetEnv KOHA_CONF "/etc/koha/sites/koha/koha-conf.xml"
AssignUserID koha-koha koha-koha
ErrorLog /var/log/koha/koha/opac-error.log
</VirtualHost>
**Intranet**
<VirtualHost *:8080>
<IfVersion >= 2.4>
Define instance "koha"
</IfVersion>
Include /etc/koha/apache-shared.conf
Include /etc/koha/apache-shared-intranet.conf
ServerName koha
SetEnv KOHA_CONF "/etc/koha/sites/koha/koha-conf.xml"
AssignUserID koha-koha koha-koha
ErrorLog /var/log/koha/koha/intranet-error.log
</VirtualHost>
/etc/apache2/sites-available/default-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost``
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
</IfModule>
(I have tried to replace this SSL with my paid SSL, but still not working)
/etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
As mentioned in the previous post, ISPC with port 2083 is secured (paid SSL is working). ISPC has two important files related to virtual host: ispconfig.conf and ispconfig.vhost. I tried to replicate this for Koha by copying koha.conf in the container to be placed in the host machine in /etc/apache2/sites-available. In this file I change port 80 to 81 and port 8080 to 2080 (see koha.conf above). I also tried to create koha.vhost whose content is the same as koha.conf but with additional texts:
Listen 81
Listen 2080
NameVirtualHost *:81
NameVirtualHost *:2080
And at the bottom of the file, I place paid SSL link as mentioned in docker-compose.yml above. But nothing change after restarting apache2.
My question is where should I place a paid SSL link for non standard/default ports (81, 2080)? Inside the container or in the host machine? What should I do to make such ports working with paid SSL?
Thanks in advance.