A list to help install Learning Locker:
- Apache on the host supports TLS and SNI:
<VirtualHost *:80> ServerAdmin firstname.lastname@example.org ServerName lrs.somedomain.com ErrorLog /path/to/my/error_log CustomLog /path/to/access_log common Redirect / https://lrs.somedomain.com/ </VirtualHost> <VirtualHost *:443> Protocols h2 http/1.1 ServerAdmin email@example.com ServerName lrs.somedomain.com ErrorLog /path/to/error_log CustomLog /path/to/access_log common AddType application/x-httpd-php .php ProxyRequests On <Location "/"> ProxyPass http://localhost:8001/ ProxyPassReverse http://localhost:8001/ # AllowMethods GET POST OPTIONS AllowOverride All Require all granted </Location> SSLEngine on #SSLProtocol -ALL +TLSv1.1 +TLSv1.2 SSLProtocol -ALL +TLSv1.2 SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:!RC4:!DES:!3DES:+HIGH:+MEDIUM SSLCertificateKeyFile /etc/letsencrypt/live/c3iq.co.uk/privkey.pem SSLCertificateFile /etc/letsencrypt/live/c3iq.co.uk/fullchain.pem <Files ~ "\.(cgi|shtml|phtml|php?)$"> SSLOptions +StdEnvVars </Files> </VirtualHost>
Let’s Encrypt is a beautiful thing.
- I use a user called docker to corral configs for my docker containers:
- git clone https://github.com/michzimny/learninglocker2-docker
- mv learninglocker2-docker LRS
- In LRS,
- edit .env
- edit app/Dockerfile to use the latest version of Learning Locker
- edit nginx.conf.template to reflect that Apache on the host does the redirect from 80 to 443
./build-dev.sh and docker-compose up -d.
While a default of HTTPS is a good thing it took me a while to find the redirect in NGINX. That’s my job. 🙂 I assumed there was an issue with versions when the server reported Service Not Available. It took several iterations and some debugging to get right.