From 54ed9061317a5b6678072bbd3500fd9971be2010 Mon Sep 17 00:00:00 2001 From: Herbert Kruitbosch Date: Tue, 28 Nov 2017 16:42:16 +0100 Subject: [PATCH] readme --- README.md | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 55ff8b8..3d6698a 100755 --- a/README.md +++ b/README.md @@ -104,10 +104,11 @@ certificate. Run the following and **append** the output to `rugwebsite/settings PYTHONPATH=. DJANGO_SETTINGS_MODULE=settings django-admin init-saml2-settings --country NL --city Groningen \ --organisation 'University of Groningen' --organisation-unit 'Research and Innovation Support' \ - --common-name 'cosmo.service.rug.nl' --state Groningen \ + --common-name 'yourwebsite.rug.nl' --state Groningen \ --support-name 'Research and Innovation Support' --support-email 'ris@list.rug.nl' \ --technical-name 'Research and Innovation Support' --technical-email 'ris@list.rug.nl' \ - --base-url 'https://cosmo.service.rug.nl' --entity-id 'https://www.rug.nl/cosmo' + --base-url 'https://yourwebsite.rug.nl' \ + --entity-id 'https://yourwebsite.rug.nl/sso/saml2/metadata?provider=RuG' You can change these settings if you like. Make sure to choose these correctly for your situation: @@ -184,7 +185,7 @@ files efficiently. Make sure nginx is installed and configure the website, for e # Forward http to https server { listen 80; - server_name cosmo.service.rug.nl; + server_name yourwebsite.rug.nl; return 301 https://$host$request_uri; } @@ -195,9 +196,9 @@ files efficiently. Make sure nginx is installed and configure the website, for e proxy_read_timeout 300; send_timeout 300; listen 443 ssl; - server_name cosmo.service.rug.nl; - ssl_certificate /etc/nginx/conf.d/cosmo.service.rug.nl.pem; - ssl_certificate_key /etc/nginx/conf.d/cosmo.service.rug.nl.key; + server_name yourwebsite.rug.nl; + ssl_certificate /etc/nginx/conf.d/yourwebsite.rug.nl.pem; + ssl_certificate_key /etc/nginx/conf.d/yourwebsite.rug.nl.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ssl_prefer_server_ciphers on; @@ -210,7 +211,7 @@ files efficiently. Make sure nginx is installed and configure the website, for e location / { proxy_pass http://yourwebsiteupstream/; - proxy_set_header Host cosmo.service.rug.nl; + proxy_set_header Host yourwebsite.rug.nl; proxy_set_header X-Forwarded-For $remote_addr; # This setting is important, it allows SAML2 to verify the provider url, whithout getting into trouble because