SSL encryption
(HTTPS) is enabled by default in TeamForge 17.1 and later.
-
Back up your existing
/etc/httpd/conf/httpd.conf
file.
-
Open the site-options.conf file, the master configuration
file that controls your TeamForge site.
- vi /opt/collabnet/teamforge/etc/site-options.conf
Note: vi is an example. Any *nix text editor will work.
-
Set the options to enable SSL for the site.
-
Set the SSL_CERT_FILE variable to the location of
the file that contains your site's SSL certificates.
-
SSL_CERT_FILE=www.example.com.crt
-
Set the SSL_KEY_FILE variable to the location of the
file that contains your site's RSA private keys.
-
SSL_KEY_FILE=www.example.com.key
Important: Select a location for your cert file and your key
file that is permanent across restarts. Don't use a temp directory
that can be wiped out.
-
In the site-options.conf file, make sure the value of the
<hostname>:PUBLIC_FQDN
token
matches
that of your SSL certificate.
-
Rename the ssl.conf file
(RHEL/CentOS:
/etc/httpd/conf.d/ssl.conf) as ssl.conf.old,
if it exists.
-
If you are converting an existing site to use SSL (that is, if your site
already has had users accessing it via HTTP and not HTTPS), you must update your
site's publishing repository to use the new SSL settings.
To do this, ask your CollabNet support representative for
the fix-publishing-repos-to-ssl.py script.
-
Stop TeamForge.
- /opt/collabnet/teamforge/bin/teamforge
stop
-
Deploy services.
- /opt/collabnet/teamforge/bin/teamforge
provision
Note:
The "provision" command prompts for response before it bootstraps or
migrates data during TeamForge installation and upgrade respectively.
Enter "y" or "N" to proceed. For more information, see the TeamForge script.
TeamForge 17.4 (and later) installer expects the system locale to be
LANG=en_US.UTF-8. TeamForge "provision" command fails otherwise.
A new Apache configuration file is created with the information you provided in the
site-options.conf file. The new file is named
httpd.conf.cn_new. It contains
VirtualHost
sections for port 80 and port 443. All port 80 requests are redirected to port
443.
When you point your browser at CollabNet
TeamForge, it should now automatically
redirect to HTTPS.
As your site is configured to run in the SSL mode (http to https), there is a change in
the URI scheme. Run the following post installation script to make your
TeamForge integration components function
seamlessly.
Run the
TeamForge
post-install.py script.
- /opt/collabnet/teamforge/runtime/scripts/post-install.py