We are switching to Let’s Encrypt as it exits public beta


Back in February this year, we had announced that we were switching on Let’s Encrypt SSL certificates on our servers and VMs on a trial basis. We are happy to share the news that with Let’s Encrypt finally getting out of beta stage, we are shifting to LE certs  for all our SSL support.

Why Let’s Encrypt?

From the LE website, some numbers:


Since our beta began in September 2015 we’ve issued more than 1.7 million certificates for more than 3.8 million websites. [..] We set out to encrypt 100% of the Web. We’re excited to be off to a strong start, and with so much support across the industry.

Why SSL is important to you?

By default, Koha’s OPAC and intranet sites use HTTP and *not* HTTPS. This means all data exchanged between your server and your visitor / patron / library staff accessing either of the sites over the Internet, goes over as plain clear text.

To give a real world analogy, this is like writing down your credit / debit card number, CVV / CVV2, expiry date on a postcard and posting it. Anyone that comes across the postcard while it goes from the sender to the recipient can read it. You are essentially broadcasting your user credentials to everyone on the Internet.

On the contrary, HTTPS encrypts all the data exchanged between the parties communicating. Only parties who can read the information thus encrypted is you and your user / visitor and no one else.

How does shifting to LE certs help our users?

Earlier we had to charge our users extra (INR 1200 to 2500 per year) for SSL support for their hosted OPAC and Koha ILS staff client. We were using SSL services of providers like PositiveSSL etc. However, LE’s objective is to bring affordable encryption to 100% of the world wide web – their certificate is FREE! So as our client-partner YOU get to enjoy (a) better value proposition (b) a well-supported quality SSL certificate with global recognition.

You may wonder why and how LE does this. This is what LE has to say about itself on it web site:

Let’s Encrypt is a free, automated, and open certificate authority brought to you by the Internet Security Research Group (ISRG). [..] ISRG’s mission is to reduce financial, technological, and education barriers to secure communication over the Internet.

The sponsors who have committed their support to make LE a success read like a who’s who of the modern Internet as we know it. It is also supported by American Library Association (ALA). So if you are a librarian, this endorsement will mean just how seriously LE is being taken! 😀

Even if you not a client-partner, but happen to follow this blog, we suggest that you seriously consider giving Let’s Encrypt a shot, if for nothing else for peace of mind.

Happy SSLing! 

Adding chat support to Koha

Yesterday being a lazy Sunday, I decided to tick off one of my pending TODO items i.e. watch the “Wishlist” discussion from National Koha Conclave organised by Informatics last February.

Around 34:30min into recording, Chris Cormack takes up the wishlist from ISI Kolkata. Around 35:19, Chris picks up the topic of chat facility that was on ISI Kolkata’s “wishlist”. He says that while it is unlikely that Koha itself would get one, it was really easy to integrate something like “MIBEW” and that all that is needed is someone to write up a HOWTO for that.

So, without further adieu, I decided setup a chat server on a dedicated sub-domain of l2c2.co.in. The idea being we should be able to use the chat facility across any servers and user accounts we managed on our servers spread out across the globe.

Installation proved to be a cakewalk on our Debian 8.x test server. We already had LAMP and mibew specific PHP extensions in place. Next up we installed nodejs, npm and gulp and finally we cloned the mibew git repo on Github. The deployment tarball was built following the instructions on the Github page.

Once ready, we unzipped the newly created mibew-2.1.0.tar.gz tarball into the DocumentRoot of the sub-domain we had created earlier. The instructions given in the README.txt proved to be adequate. First, we created the MySQL database, with required user and permissions. Setting the ‘cache‘ folder to writable by the webserver process was important. Next up, the database connection configuration went up into configs/config.yml which was templated off configs/default_config.yml.

Final setup was done by accessing http://<our-sub-domain_FQDN>/install.php and following the on-screen wizard. The admin user and password were setup and we were basically done. For the sake of security, the install.php was removed from the tree.

Logging in as the admin user, we setup a new group and added a new user to that group to work as an operator representing our client. The chat button code was copied over and pasted into the OpacNavRight system preference in Koha and saved all the changes made.

On the Mibew server side, things were just as simple. We logged in as user “brclibrarian” that we had created for Bhaktivedanta Research Centre. To make the user “brclibrarian” available for chat, we clicked on “Connect”.

Upon going “online” as brclibrarian user, the dashboard changed into an “inbox” page, where we now waited for our first support request.

Soon enough, a visitor on BRC OPAC had clicked on the chat button and we had our first support chat coming live at the “operator” side of things.

On the visitor’s side, the following screenshot shows the support chat in progress.

P.S. We wanted our chat button to say “Ask a Librarian“. So instead of using the default buttons that come with MIBEW, we used GIMP to quickly make a couple of images and saved them as aal_on.gif and aal_off.gif. The  “_on” and “_off” in the filenames is important. MIBEW reads the image name as “aal” with on and off markers treated as toggle.

To display when librarian / operator is absent.

To display when librarian / operator is online.