Virtual servers and subdirectories
31 views
Skip to first unread message
Brian Flowers
Oct 25, 2014, 2:20:41 PM10/25/14
to diaspora...@googlegroups.com
Hello all,
I'm trying to get up and running on my own pod, and after a week or two of work I've almost got it figured out except some routing issues. I'm setting up a number of services, configured it as a series of virtual servers. So, I have a Debian box running Diaspora, and a CentOS box running the main webserver. The problem is that I want all of these servers to have full SSL support. So, I can either pay $160/year for a wildcard cert with a separate subdomain for each virtual server, or I can pay $16/year and redirect everything from subdirectories of the main domain. Right now the main domain points to my CentOS box, and from there I have reverse proxies set up to the other systems. This works fantastically well for everything except Diaspora. I understand from googling around that the official response to this problem is essentially "That's not supported; pay up for your certs" but I'm not paying $160/year just for Diaspora, so I'm hoping someone has figured out a way to make this work.
Here's my rules so far in the CentOS apache config:
These rules let me get to the main page and let me create an account, but from there it starts to fail in strange ways. I've tried adding more RewriteRules to redirect paths like /assets/ individually as well, but that doesn't seem to do it either. The weird thing is that only some of the links seem to fail -- for example, from the main stream page, the 'stream' link in the top URL header doesn't get rewritten, but the stream link in the navigation list on the left side of the page does! They're both plain <a href> links so I can't understand why some would get proxied correctly while others wouldn't. Anyone have any ideas to fix this or any alternative solutions? I realize this is as much an Apache question as a Diaspora one, but since I've gathered that this is a pretty common setup, and the problem is specific to Diaspora, so I was hoping someone here would know *some* way to make it work properly by now. Any ideas?
Thanks,
Brian Flowers
I'm trying to get up and running on my own pod, and after a week or two of work I've almost got it figured out except some routing issues. I'm setting up a number of services, configured it as a series of virtual servers. So, I have a Debian box running Diaspora, and a CentOS box running the main webserver. The problem is that I want all of these servers to have full SSL support. So, I can either pay $160/year for a wildcard cert with a separate subdomain for each virtual server, or I can pay $16/year and redirect everything from subdirectories of the main domain. Right now the main domain points to my CentOS box, and from there I have reverse proxies set up to the other systems. This works fantastically well for everything except Diaspora. I understand from googling around that the official response to this problem is essentially "That's not supported; pay up for your certs" but I'm not paying $160/year just for Diaspora, so I'm hoping someone has figured out a way to make this work.
Here's my rules so far in the CentOS apache config:
RewriteEngine On
# Rewrite [domain]/diaspora to [domain]/diaspora/
RewriteRule ^/diaspora$ /diaspora/ [R]
ProxyPass /diaspora/ https://[diaspora-ip]/
ProxyHTMLURLMap https://[diaspora-ip]/ /diaspora
<Location /diaspora/>
ProxyPassReverse https://[diaspora-ip]/
SetOutputFilter INFLATE;proxy-html;DEFLATE
ProxyHTMLURLMap / /diaspora/
ProxyHTMLURLMap /diaspora /diaspora
</Location>
# Rewrite [domain]/diaspora to [domain]/diaspora/
RewriteRule ^/diaspora$ /diaspora/ [R]
ProxyPass /diaspora/ https://[diaspora-ip]/
ProxyHTMLURLMap https://[diaspora-ip]/ /diaspora
<Location /diaspora/>
ProxyPassReverse https://[diaspora-ip]/
SetOutputFilter INFLATE;proxy-html;DEFLATE
ProxyHTMLURLMap / /diaspora/
ProxyHTMLURLMap /diaspora /diaspora
</Location>
These rules let me get to the main page and let me create an account, but from there it starts to fail in strange ways. I've tried adding more RewriteRules to redirect paths like /assets/ individually as well, but that doesn't seem to do it either. The weird thing is that only some of the links seem to fail -- for example, from the main stream page, the 'stream' link in the top URL header doesn't get rewritten, but the stream link in the navigation list on the left side of the page does! They're both plain <a href> links so I can't understand why some would get proxied correctly while others wouldn't. Anyone have any ideas to fix this or any alternative solutions? I realize this is as much an Apache question as a Diaspora one, but since I've gathered that this is a pretty common setup, and the problem is specific to Diaspora, so I was hoping someone here would know *some* way to make it work properly by now. Any ideas?
Thanks,
Brian Flowers
Jonne Haß
Oct 25, 2014, 2:27:10 PM10/25/14
to diaspora...@googlegroups.com
It's just not supported, I'm sorry, trying to fix it up with RewriteRule's as almost as much work as patching the core code for proper support and requires the same level of understanding of the software. I would suggest you get a free certificate for just the diaspora subdomain from StartSSL.
- Jonne
> --
> You received this message because you are subscribed to the Google
> Groups "diaspora-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to diaspora-discu...@googlegroups.com
> <mailto:diaspora-discu...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.
- Jonne
> You received this message because you are subscribed to the Google
> Groups "diaspora-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to diaspora-discu...@googlegroups.com
> <mailto:diaspora-discu...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages