OMFLOW Doc
搜索文档…
啟用HTTPS

Linux

Ubuntu部分

第一步驟,建立HTTPS憑證

安裝openssl
1
apt-get install openssl
Copied!
建立ssl資料夾
1
cd /etc/apache2/
2
mkdir ssl
Copied!
建立憑證
1
openssl req -new -x509 -days 365 -nodes -out /etc/apache2/ssl/apache.pem -keyout /etc/apache2/ssl/apache.key
Copied!
建立憑證範例

第二步驟,修改django.conf

1
cd /etc/apache2/sites-available/
2
vi django.conf
Copied!
新增以下程式碼
1
SSLEngine On
2
SSLCertificateFile /etc/apache2/ssl/apache.pem
3
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
Copied!
Port : *:80更改為<IP>:443
修改 django.conf 範例

第三步驟,修改settings.py

檔案路徑: /opt/omflow/server/omflow/settings.py
1
LOCAL_PROTOCOL = "http"
2
改為
3
LOCAL_PROTOCOL = "https"
Copied!

第四步驟,啟用SSL模組,重啟服務

1
a2enmod ssl
2
systemctl restart omflow_server
Copied!

第五步驟,檢查OMFLOW網頁

請輸入 https://<SERVER IP>:443/
確認OMFLOW網頁正常

Centos部分

第一步驟,建立HTTPS憑證

安裝openssl
1
yum install openssl
Copied!
建立憑證
1
mkdir /etc/ssl/omcerts
2
openssl req -new -x509 -sha256 -days 365 -nodes -out /etc/ssl/omcerts/apache.pem -keyout /etc/ssl/omcerts/apache.key
Copied!
安裝mod_ssl
1
yum install mod_ssl
Copied!

第二步驟,修改httpd.conf

檔案路徑: /etc/httpd/conf/httpd.conf
將原本監聽的ip註記,新增https Port:
1
# Change this to Listen on specific IP addresses as shown below to
2
# prevent Apache from glomming onto all bound IP addresses.
3
#
4
#Listen 12.34.56.78:80
5
#Listen 80
6
Listen 443
7
Copied!

第三步驟,修改django.conf

1
cd /etc/httpd/conf.d/
2
vi django.conf
Copied!
新增以下程式碼,並更改<IP>:443
1
WSGIPassAuthorization On
2
WSGIDaemonProcess omflow python-path=/opt/omflow/server:/opt/omflow/python/lib/python3.6/site-packages
3
WSGIProcessGroup omflow
4
WSGIScriptAlias / /opt/omflow/server/omflow/wsgi.py
5
6
<IfModule mod_ssl.c>
7
<VirtualHost <IP>:443>
8
9
Alias /static /opt/omflow/server/staticfiles
10
<Directory /opt/omflow/server/staticfiles>
11
Require all granted
12
</Directory>
13
14
<Directory /opt/omflow/server/omflow>
15
<Files wsgi.py>
16
Require all granted
17
</Files>
18
</Directory>
19
SSLEngine on
20
SSLCertificateFile /etc/ssl/localcerts/apache.pem
21
SSLCertificateKeyFile /etc/ssl/localcerts/apache.key
22
23
</VirtualHost>
24
</IfModule>
25
Copied!
修改 django.conf 範例
conf.d資料夾底下可能會出現 ssl.conf,請記得將它改名

第四步驟,修改settings.py

檔案路徑: /opt/omflow/server/omflow/settings.py
1
LOCAL_PROTOCOL = "http"
2
改為
3
LOCAL_PROTOCOL = "https"
Copied!

第五步驟,重啟服務

1
systemctl stop omflow_server
2
systemctl start omflow_server
Copied!

第六步驟,檢查OMFLOW網頁

請輸入 https://<SERVER IP>:443/
確認OMFLOW網頁正常

Windows

第一步驟,修改httpd.conf

檔案路徑: C:\Program Files\OMFLOW Server\Apache24\conf\httpd.conf
將原本監聽的ip註記:
1
# Listen: Allows you to bind Apache to specific IP addresses and/or
2
# ports, instead of the default. See also the <VirtualHost>
3
# directive.
4
#
5
# Change this to Listen on specific IP addresses as shown below to
6
# prevent Apache from glomming onto all bound IP addresses.
7
#
8
#Listen 12.34.56.78:80
9
Listen <IP>:80
10
11
12
在上方第9行的最前方加上#
13
#Listen <IP>:80
Copied!
啟用ssl的設定檔
1
# Secure (SSL/TLS) connections
2
# Note: The following must must be present to support
3
# starting without SSL on platforms with no /dev/random equivalent
4
# but a statically compiled-in mod_ssl.
5
#
6
<IfModule ssl_module>
7
#Include conf/extra/httpd-ssl.conf
8
#Include conf/extra/httpd-ahssl.conf
9
#SSLRandomSeed startup builtin
10
#SSLRandomSeed connect builtin
11
</IfModule>
12
13
14
將上方第7行的#拿掉
15
Include conf/extra/httpd-ssl.conf
Copied!

第二步驟,修改httpd-ssl.conf

檔案路徑: C:\Program Files\OMFLOW Server\Apache24\conf\extra\httpd-ssl.conf
新增WSGI相關程式碼在檔案最上方:
1
LoadFile "C:\Program Files\OMFLOW Server\Python\python37.dll"
2
LoadModule wsgi_module "C:\Program Files\OMFLOW Server\Python\lib\site-packages\mod_wsgi\server\mod_wsgi.cp37-win32.pyd"
3
WSGIPythonHome "C:\Program Files\OMFLOW Server\Python"
4
WSGIScriptAlias / "C:/Program Files/OMFLOW Server/omflow/omflow/wsgi.py"
5
WSGIPythonPath "C:/Program Files/OMFLOW Server/omflow"
6
7
<Directory "C:/Program Files/OMFLOW Server/omflow/omflow">
8
9
<Files wsgi.py>
10
11
Require all granted
12
13
</Files>
14
15
</Directory>
16
17
Alias /static "C:/Program Files/OMFLOW Server/omflow/staticfiles"
18
<Directory "C:/Program Files/OMFLOW Server/omflow/staticfiles">
19
20
AllowOverride None
21
22
Options None
23
24
Require all granted
25
26
</Directory>
27
Copied!
新增監聽IP:
1
# When we also provide SSL we have to listen to the
2
# standard HTTP port (see above) and to the HTTPS port
3
#
4
# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
5
# Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"
6
#
7
Listen <IP>:443
8
9
Copied!
1
##
2
## SSL Virtual Host Context
3
##
4
5
<VirtualHost <IP>:443>
6
7
# General setup for the virtual host
8
DocumentRoot "${SRVROOT}/htdocs"
9
ServerName <IP>:443
10
ServerAdmin [email protected]
11
ErrorLog "${SRVROOT}/logs/error.log"
12
TransferLog "${SRVROOT}/logs/access.log"
Copied!
新增憑證路徑:
1
# Server Certificate:
2
# Point SSLCertificateFile at a PEM encoded certificate. If
3
# the certificate is encrypted, then you will be prompted for a
4
# pass phrase. Note that a kill -HUP will prompt again. Keep
5
# in mind that if you have both an RSA and a DSA certificate you
6
# can configure both in parallel (to also allow the use of DSA
7
# ciphers, etc.)
8
# Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt)
9
# require an ECC certificate which can also be configured in
10
# parallel.
11
SSLCertificateFile "C:\Program Files\OMFLOW Server\cert\cer\server.cer"
12
#SSLCertificateFile "${SRVROOT}/conf/server-dsa.crt"
13
#SSLCertificateFile "${SRVROOT}/conf/server-ecc.crt"
14
15
# Server Private Key:
16
# If the key is not combined with the certificate, use this
17
# directive to point at the key file. Keep in mind that if
18
# you've both a RSA and a DSA private key you can configure
19
# both in parallel (to also allow the use of DSA ciphers, etc.)
20
# ECC keys, when in use, can also be configured in parallel
21
SSLCertificateKeyFile "C:\Program Files\OMFLOW Server\cert\pfx\server.key"
22
#SSLCertificateKeyFile "${SRVROOT}/conf/server-dsa.key"
23
#SSLCertificateKeyFile "${SRVROOT}/conf/server-ecc.key"
24
SSLCertificateChainFile "C:\Program Files\OMFLOW Server\cert\cer\uca.cer"
Copied!
憑證路徑
server.cer 、 server.key 、 uca.cer等三個檔案
請依照實際情況填入。

第三步驟,修改settings.py

檔案路徑: C:\Program Files\OMFLOW Server\omflow\omflow\settings.py
1
LOCAL_PROTOCOL = "http"
2
改為
3
LOCAL_PROTOCOL = "https"
Copied!

第四步驟,重啟服務

打開服務清單,找到OMFLOW Server後重啟服務。
服務重啟完成確認是否更改成功。