This commit is contained in:
H.T. Kruitbosch 2017-11-28 16:42:16 +01:00
parent a5535f1491
commit 54ed906131
1 changed files with 8 additions and 7 deletions

View File

@ -104,10 +104,11 @@ certificate. Run the following and **append** the output to `rugwebsite/settings
PYTHONPATH=. DJANGO_SETTINGS_MODULE=settings django-admin init-saml2-settings --country NL --city Groningen \
--organisation 'University of Groningen' --organisation-unit 'Research and Innovation Support' \
--common-name 'cosmo.service.rug.nl' --state Groningen \
--common-name 'yourwebsite.rug.nl' --state Groningen \
--support-name 'Research and Innovation Support' --support-email 'ris@list.rug.nl' \
--technical-name 'Research and Innovation Support' --technical-email 'ris@list.rug.nl' \
--base-url 'https://cosmo.service.rug.nl' --entity-id 'https://www.rug.nl/cosmo'
--base-url 'https://yourwebsite.rug.nl' \
--entity-id 'https://yourwebsite.rug.nl/sso/saml2/metadata?provider=RuG'
You can change these settings if you like. Make sure to choose these correctly for your situation:
@ -184,7 +185,7 @@ files efficiently. Make sure nginx is installed and configure the website, for e
# Forward http to https
server {
listen 80;
server_name cosmo.service.rug.nl;
server_name yourwebsite.rug.nl;
return 301 https://$host$request_uri;
}
@ -195,9 +196,9 @@ files efficiently. Make sure nginx is installed and configure the website, for e
proxy_read_timeout 300;
send_timeout 300;
listen 443 ssl;
server_name cosmo.service.rug.nl;
ssl_certificate /etc/nginx/conf.d/cosmo.service.rug.nl.pem;
ssl_certificate_key /etc/nginx/conf.d/cosmo.service.rug.nl.key;
server_name yourwebsite.rug.nl;
ssl_certificate /etc/nginx/conf.d/yourwebsite.rug.nl.pem;
ssl_certificate_key /etc/nginx/conf.d/yourwebsite.rug.nl.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;
@ -210,7 +211,7 @@ files efficiently. Make sure nginx is installed and configure the website, for e
location / {
proxy_pass http://yourwebsiteupstream/;
proxy_set_header Host cosmo.service.rug.nl;
proxy_set_header Host yourwebsite.rug.nl;
proxy_set_header X-Forwarded-For $remote_addr;
# This setting is important, it allows SAML2 to verify the provider url, whithout getting into trouble because