diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/ADMIN.md | 21 | ||||
| -rw-r--r-- | doc/INSTALL.md | 28 |
2 files changed, 49 insertions, 0 deletions
diff --git a/doc/ADMIN.md b/doc/ADMIN.md new file mode 100644 index 000000000..059010e68 --- /dev/null +++ b/doc/ADMIN.md @@ -0,0 +1,21 @@ +Doing development work on the administration interface +====================================================== + +The Alaveteli admin interface uses Twitter's Bootstrap project to prettify it. + +If you want to work on the CSS, you'll want to use +[bootstrap-sass](https://github.com/thomas-mcdonald/bootstrap-sass). Do something like: + + + $ gem install bootstrap-sass + $ gem install compass + $ compass compile --config .compass/config.rb + +The javascript is included in a funky way +[for reasons explained in this commit](https://github.com/sebbacon/adminbootstraptheme/commit/45a73d53fc9e8f0b728933ff58764bd8d0612dab). +To change it, edit the coffeescript at +`lib/view/general/admin.coffee`, and then do something like: + + $ coffee -o /tmp/ -c lib/views/general/admin.coffee + $ mv /tmp/admin.js lib/views/general/admin_js.erb + diff --git a/doc/INSTALL.md b/doc/INSTALL.md index 3a911cbc8..816b79066 100644 --- a/doc/INSTALL.md +++ b/doc/INSTALL.md @@ -378,6 +378,34 @@ Under all but light loads, it is strongly recommended to run the server behind an http accelerator like Varnish. A sample varnish VCL is supplied in `../conf/varnish-alaveteli.vcl`. +It's strongly recommended that you run the site over SSL. (Set FORCE_SSL to true in +config/general.yml). For this you will need an SSL certificate for your domain and you will +need to configure an SSL terminator to sit in front of Varnish. If you're already using Apache +as a web server you could simply use Apache as the SSL terminator. A minimal configuration +would look something like this: + +<VirtualHost *:443> + ServerName www.yourdomain + + ProxyRequests Off + ProxyPreserveHost On + ProxyPass / http://localhost:80/ + ProxyPassReverse / http://localhost:80/ + RequestHeader set X-Forwarded-Proto 'https' + + SSLEngine on + SSLProtocol all -SSLv2 + SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM + + SSLCertificateFile /etc/apache2/ssl/ssl.crt + SSLCertificateKeyFile /etc/apache2/ssl/ssl.key + SSLCertificateChainFile /etc/apache2/ssl/sub.class2.server.ca.pem + SSLCACertificateFile /etc/apache2/ssl/ca.pem + SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown +</VirtualHost> + +Notice the line "RequestHeader" that sets the X_FORWARDED_PROTO header. This is important. This ultimately tells Rails that it's serving a page over https and so it knows to include that in any absolute urls it serves. + Some [production server best practice notes](https://github.com/mysociety/alaveteli/wiki/Production-Server-Best-Practices) are evolving on the wiki. |