christianlight/tutor
6
0
Fork 0
mirror of https://github.com/ChristianLight/tutor.git synced 2024-09-27 19:59:02 +00:00
Code Issues Releases Activity

docs: clarify how to use custom ssl certificates

Browse Source 
I realized that the docs were very unclear, contradictory and misleading on
the topic of SSL/TLS termination and web proxies.

See: https://discuss.overhang.io/t/why-caddy-nginx/1952/10
This commit is contained in:
Régis Behmo 2021-09-27 06:21:17 +02:00 committed by Régis Behmo
parent e7b455485d
commit c1e63c873a
2 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/configuration.rst
View File

@ -183,7 +183,7 @@ SSL/TLS certificates for HTTPS access
- ``ENABLE_HTTPS`` (default: ``false``)
By activating this feature, a free SSL/TLS certificate from the `Let's Encrypt <https://letsencrypt.org/>`_ certificate authority will be created for your platform. With this feature, **your platform will no longer be accessible in HTTP**. Calls to http urls will be redirected to https url.
When ``ENABLE_HTTPS`` is ``true``, the whole Open edX platform will be reconfigured to work with "https" URIs. Calls to "http" URIs will be redirected to "https". By default, SSL/TLS certificates will automatically be generated by Tutor (thanks to `Caddy <https://caddyserver.com/>`__) from the `Let's Encrypt <https://letsencrypt.org/>`_ certificate authority.
The following DNS records must exist and point to your server::
@ -193,7 +193,7 @@ The following DNS records must exist and point to your server::
Thus, **this feature will (probably) not work in development** because the DNS records will (probably) not point to your development machine.
The SSL/TLS certificates will automatically be generated and updated by the Caddy proxy server container at runtime. Thus, as of v11.0.0 you no longer have to generate the certificates manually.
If you would like to perform SSL/TLS termination with your own custom certificates, you will have to keep ``ENABLE_HTTPS=true`` and turn off the Caddy server with ``RUN_CADDY=false``. See the corresponding :ref:`tutorial <web_proxy>` for more information.
.. _customise:

4
docs/local.rst
View File

@ -180,7 +180,7 @@ Guides
Running Open edX behind a web proxy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The containerized web server ([Caddy](caddyserver.com/)) needs to listen to ports 80 and 443 on the host. If there is already a webserver running on the host, such as Apache or Nginx, the caddy container will not be able to start. Tutor supports running behind a web proxy. To do so, add the following configuration::
The containerized web server (`Caddy <https://caddyserver.com/>`__) needs to listen to ports 80 and 443 on the host in order to serve requests. If there is already a webserver running on the host, such as Apache or Nginx, the caddy container will not be able to start. Tutor supports running behind a web proxy. To do so, add the following configuration::
tutor config save --set RUN_CADDY=false --set NGINX_HTTP_PORT=81
@ -191,6 +191,8 @@ In this example, the nginx container port would be mapped to 81 instead of 80. Y
tutor config save --set NGINX_HTTP_PORT=127.0.0.1:81
The same solution applies if you would like to enable https in Tutor, but with your own custom certificates instead of Let's Encrypt's. In that case, you should keep ``ENABLE_HTTPS=true``, disable Caddy (``RUN_CADDY=false``) and configure your own web proxy on the host (or elsewhere) to serve requests using your own certificates.
Running multiple Open edX platforms on a single server
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~