Apache + SSL
163 views
Skip to first unread message
Gunnar
Mar 10, 2012, 11:45:32 AM3/10/12
to etherpad-open-...@googlegroups.com
I want to run Etherpad with an Apache server as a proxy in between. Apache is needed because we want to use Kerberos authentication so only our users may access the website.
We also want to run Etherpad over HTTPS, but it won't work yet.
I can access the site, but changes in a pad don't arrive at the server. After a few seconds I get:
Here is my Apache configuration. Any advice? I'm not so very experienced with Apache yet, so I might be missing something obious.
<VirtualHost _default_:443>
ServerName etherpad.cs.uni-paderborn.de
ServerAlias etherpad.cs.upb.de
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/etherpad.cs.uni-paderborn.de.pem
SSLCertificateKeyFile /etc/apache2/ssl/etherpad.cs.uni-paderborn.de.key
SSLCertificateChainFile /etc/apache2/ssl/certchain.pem
<IfModule mod_proxy_http.c>
ProxyRequests Off
ProxyPass / http://localhost:9000/
ProxyPassReverse / http://localhost:9000/
ProxyPreserveHost on
<Proxy http://localhost:9000/>
Options FollowSymLinks MultiViews
AllowOverride All
Order Allow,Deny
Allow from all
AuthType Kerberos
<authentication stuff>
</Proxy>
</IfModule>
</VirtualHost>
We also want to run Etherpad over HTTPS, but it won't work yet.
I can access the site, but changes in a pad don't arrive at the server. After a few seconds I get:
Disconnected.
Lost connection with the EtherPad synchronization server.Here is my Apache configuration. Any advice? I'm not so very experienced with Apache yet, so I might be missing something obious.
<VirtualHost _default_:443>
ServerName etherpad.cs.uni-paderborn.de
ServerAlias etherpad.cs.upb.de
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/etherpad.cs.uni-paderborn.de.pem
SSLCertificateKeyFile /etc/apache2/ssl/etherpad.cs.uni-paderborn.de.key
SSLCertificateChainFile /etc/apache2/ssl/certchain.pem
<IfModule mod_proxy_http.c>
ProxyRequests Off
ProxyPass / http://localhost:9000/
ProxyPassReverse / http://localhost:9000/
ProxyPreserveHost on
<Proxy http://localhost:9000/>
Options FollowSymLinks MultiViews
AllowOverride All
Order Allow,Deny
Allow from all
AuthType Kerberos
<authentication stuff>
</Proxy>
</IfModule>
</VirtualHost>
John McLear
Mar 11, 2012, 7:12:45 PM3/11/12
to etherpad-open-...@googlegroups.com
I have run etherpad behind mod_proxy a bunch of times and had no problems... Are you getting anything in apache logs? I assume everything works fine on port 9000?
Gunnar
Mar 12, 2012, 5:01:19 AM3/12/12
to etherpad-open-...@googlegroups.com
Nothing useful in the logs. Port 9000 works perfectly fine as well as Port 80 using the Apache proxy. It's just https.
It's probably a problem with the streaming engine. As far as I know, it runs under <somenumber>.comet.etherpad.etc, right? It might be, that those requests are blocked, since the certificate is only valid for etherpad.cs.upb/uni-paderborn.de
I hacked around a bit and tried to exlude the streaming engine from SSL encryption but had no success yet.
John McLear
Mar 12, 2012, 5:58:43 AM3/12/12
to etherpad-open-...@googlegroups.com
Are you using etherpad or etherpad lite?
Gunnar
Mar 12, 2012, 6:05:44 AM3/12/12
to etherpad-open-...@googlegroups.com
I think it's just Etherpad.
Should I try Etherpad Lite?
John McLear
Mar 12, 2012, 12:01:07 PM3/12/12
to etherpad-open-...@googlegroups.com
yep
Gunnar
Mar 18, 2012, 12:57:53 PM3/18/12
to etherpad-open-...@googlegroups.com
Tried Etherpad Lite now and it worked like a charm... but we need definitely need at least password protected pads, if not teamsites as in Etherpad Legacy. I see that you can achieve this with the HTTP API. Is there anything out yet, that provides an easy to use webinterface without a big CMS around?
John McLear
Mar 18, 2012, 8:32:14 PM3/18/12
to etherpad-open-...@googlegroups.com
Reply all
Reply to author
Forward
0 new messages