These are chat archives for ushahidi/Community

28th
Sep 2017
Arturo
@ArturoQuintana
Sep 28 2017 13:16
Hello there @WillDoran @davidlosada @ushbot
I have some problems to enable the https protocol in our Ushahidi instance
Can someone give us a clue and help us with this problem?
Ushbot
@ushbot
Sep 28 2017 13:22
[David Losada, Ushahidi] Hi Arturo, are you still using weblib02.fiu.edu for the API?
Arturo
@ArturoQuintana
Sep 28 2017 13:22
Hi David, thanks for your time!
yes we do
Ushbot
@ushbot
Sep 28 2017 13:24
[David Losada, Ushahidi] when I try to request https://weblib02.fiu.edu/api/v3/config , the SSL certificate is invalid
[David Losada, Ushahidi] are you trying to set up SSL in there?
Arturo
@ArturoQuintana
Sep 28 2017 13:25
yes
Ushbot
@ushbot
Sep 28 2017 13:26
[David Losada, Ushahidi] ok, what seems to be the problem with that?
Arturo
@ArturoQuintana
Sep 28 2017 13:26
this is what we have done
<VirtualHost *:443>
DocumentRoot /var/www/html/platform-client/server/www
ServerName map.informus.us
ErrorLog logs/mapinformus-error_log
CustomLog logs/mapinformus-access_log common
<Directory /var/www/html/platform-client/server/www>
AllowOverride All
</Directory>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/map.informus.us.crt
SSLCertificateKeyFile /etc/pki/tls/private/map.informus.us.key
SSLCertificateChainFile /etc/pki/tls/certs/map.informus.us.intermediate.crt
</VirtualHost>
however, if you visit https://map.informus.us/views/map, you will see an error
Ushbot
@ushbot
Sep 28 2017 13:28
[David Losada, Ushahidi] but.. this is for a different server, right?
Arturo
@ArturoQuintana
Sep 28 2017 13:28
somehow https does not work despite our configuration
Ushbot
@ushbot
Sep 28 2017 13:29
[David Losada, Ushahidi] yea, it cannot work without https being properly set in the weblib02.fiu.edu server
[David Losada, Ushahidi] it’s a security policy most browsers implements, against mixed content
[David Losada, Ushahidi] > Mixed Content: The page at ‘https://map.informus.us/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint ‘http://weblib02.fiu.edu/api/v3/config’. This request has been blocked; the content must be served over HTTPS.
Arturo
@ArturoQuintana
Sep 28 2017 13:31
we are hosting the site in a FIU server, but the domain (informus.us) belongs to an external ISP
Ushbot
@ushbot
Sep 28 2017 13:32
[David Losada, Ushahidi] it’s ok that the domains are different
Arturo
@ArturoQuintana
Sep 28 2017 13:32
but, we also have this
<VirtualHost *:443>
DocumentRoot /var/www/html/platform/httpdocs
ServerName weblib02.fiu.edu
ErrorLog logs/weblib02.fiu.edu-error_log
CustomLog logs/weblib02.fiu.edu-access_log common
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/weblib02.fiu.edu.crt
SSLCertificateKeyFile /etc/pki/tls/private/weblib02.fiu.edu.key
</VirtualHost>
Ushbot
@ushbot
Sep 28 2017 13:33
[David Losada, Ushahidi] it seems to be using a self-signed certificate? browsers will not trust a SSL certificate unless it’s endorsed by a known authority
[David Losada, Ushahidi] an endorsed SSL certificate can be bought and configured just the same way as this one , it’s the contents of the certificate that matter
Arturo
@ArturoQuintana
Sep 28 2017 13:35
Yes, we are in the process of ordering it. But at this point, we are testing whether or not it works.
Ushbot
@ushbot
Sep 28 2017 13:35
[David Losada, Ushahidi] mm ok
[David Losada, Ushahidi] you could visit https://weblib02.fiu.edu with your browser, and instruct it to trust this certificate
[David Losada, Ushahidi] but..
[David Losada, Ushahidi] in order to test it, you would have to change the configuration of the client (map.informus.us)
[David Losada, Ushahidi] which will break the site for everyone
[David Losada, Ushahidi] well, for everyone else, that is.. it will work for you :)
Arturo
@ArturoQuintana
Sep 28 2017 13:38
so, is it better to wait until we have the certificate for weblib02.fiu.edu?
Ushbot
@ushbot
Sep 28 2017 13:39
[David Losada, Ushahidi] yes .. or create another server / virtual host for the client (i.e. test.informus.us ) and make the BACKEND_URL configuration change only there
Arturo
@ArturoQuintana
Sep 28 2017 13:40
hmmm, I better wait
Ushbot
@ushbot
Sep 28 2017 13:41
[David Losada, Ushahidi] it should work, really
Arturo
@ArturoQuintana
Sep 28 2017 13:41
thanks
I will see
Ushbot
@ushbot
Sep 28 2017 13:41
[David Losada, Ushahidi] you are welcome
Arturo
@ArturoQuintana
Sep 28 2017 13:41
once I install the certificate
Should I change tha back_end values and run "gulp build" in the platform-client folder?
Ushbot
@ushbot
Sep 28 2017 13:44
[David Losada, Ushahidi] yes
[David Losada, Ushahidi] before doing that , you can also open https://weblib02.fiu.edu in your browser and check that it loads fine
Arturo
@ArturoQuintana
Sep 28 2017 13:50
@davidlosada thanks for your help!
Ushbot
@ushbot
Sep 28 2017 13:50
[David Losada, Ushahidi] you are most welcome, Arturo
Arturo
@ArturoQuintana
Sep 28 2017 13:51
I'll let you know once we do it all
By the way, the email content is working as we want. Thank you!
Ushbot
@ushbot
Sep 28 2017 13:53
[David Losada, Ushahidi] awesome :)
[David Losada, Ushahidi] let your friends know about us ;)
Arturo
@ArturoQuintana
Sep 28 2017 13:53
they already knows :-)
Ushbot
@ushbot
Sep 28 2017 13:53
[David Losada, Ushahidi] =D great, thanks for that
Arturo
@ArturoQuintana
Sep 28 2017 13:54
I cannot do much if I do not talk to you first ;-)