Procedure: Nginx as a reverse proxy to mutiple tiddlywiki servers running on nodejs

[vpl]

Find below a procedure to deploy a Nginx reverse proxy in front of 2 tiddlywiki servers (one accessible through a /wiki/.The other one through  /wiki/  paths. 

This is a need that emerged to avoid opening and configuring a number of ports on my cloud server. The below procedure give indications for

• configuring the basic reverse proxy to point to the 2 tiddlywiki servers
• augment the configuration with Basic Auth
• augment the configuration with SSL (self signed certificate ... basic approach)

Certainly not optimal bu may be useful to anybody facing the same problem

Other options exist like the tiddlyServer that certainly bring other added values

Basic Nginx configuration (No Auth)

config tiddlywiki

• We assume here that we have 2 tiddlywiki (nodejs based) running on port 4013 & 4014 on 127.0.0.1
• Add on each of them a tiddler with the title: $:/config/tiddlyweb/host and content 
• $protocol$//$host$/wiki/ for the first one
• $protocol$//$host$/sub/ for the second one

config nginx

events {
        worker_connections 768;
        # multi_accept on;
}

http {
server {
  listen    80;

  location /wiki/ {
    proxy_pass http://127.0.0.1:4014/;
    proxy_set_header        Host             $host;
    proxy_set_header        X-Real-IP        $remote_addr;
    proxy_set_header        X-Forwarded-For  $proxy_add_x_forwarded_for;
  }

  location /sub/ {
    proxy_pass http://127.0.0.1:4013/;
    proxy_set_header        Host             $host;
    proxy_set_header        X-Real-IP        $remote_addr;
    proxy_set_header        X-Forwarded-For  $proxy_add_x_forwarded_for;
  }
}
}

• restart nginx: sudo service nginx restart

Access

• http://192.168.0.101/wiki/
• http://192.168.0.101/sub/

Nginx Basi Auth

• sudo apt-get install apache2-utils
• Create a password for the user userName:
  • sudo htpasswd -c /etc/nginx/.htpasswd userName
• update the nginx.conf

events {
        worker_connections 768;
        # multi_accept on;
}

http {
server {
  listen    80;

  location /wiki/ {
    proxy_pass http://127.0.0.1:4014/;
    proxy_set_header        Host             $host;
    proxy_set_header        X-Real-IP        $remote_addr;
    proxy_set_header        X-Forwarded-For  $proxy_add_x_forwarded_for;
    auth_basic "Private Property";
    auth_basic_user_file /etc/nginx/.htpasswd;
  }

  location /sub/ {
    proxy_pass http://127.0.0.1:4013/;
    proxy_set_header        Host             $host;
    proxy_set_header        X-Real-IP        $remote_addr;
    proxy_set_header        X-Forwarded-For  $proxy_add_x_forwarded_for;
    auth_basic "Private Property";
    auth_basic_user_file /etc/nginx/.htpasswd;
  }
}
}

• restart nginx: sudo service nginx restart
• you should be challenged on
  • http://192.168.0.101/wiki/
  • http://192.168.0.101/sub/

Nginx SSL

• We assume that we will create and store our certificate into the directory /home/pi/tiddly-wiki/certif_ssl
• cd /home/pi/tiddly-wiki/certif_ssl
• create the private key: openssl genrsa -out vpl_nginx.pk 2048
• create certificate request: openssl req -new -key vpl_nginx.pk -out vpl_nginx.csr . Take care about Common Name. I've used here the IP@ as it is the way I access my server. Need to put the Common Name used for acessing the proxy from the browser.

Country Name (2 letter code) [AU]:FR
State or Province Name (full name) [Some-State]:XXXX
Locality Name (eg, city) []:XXXX
Organization Name (eg, company) [Internet Widgits Pty Ltd]:XXXX
Organizational Unit Name (eg, section) []:XXXX
Common Name (e.g. server FQDN or YOUR name) []:82.165.251.188
Email Address []:XX...@yyyy.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:cat name
An optional company name []:XXXX

• generate signed certificate: openssl x509 -req -days 365 -in vpl_nginx.csr -signkey vpl_nginx.pk -out vpl_nginx.crt
• update nginx.conf

events {
        worker_connections 768;
        # multi_accept on;
}

http {
server {
  listen    443 ssl;
  #server_name 192.168.0.101

    ssl                  on;
    ssl_certificate      /home/pi/tiddly-wiki/certif_ssl/vpl_nginx.crt;
    ssl_certificate_key  /home/pi/tiddly-wiki/certif_ssl/vpl_nginx.pk;

  location /wiki/ {
    proxy_pass http://127.0.0.1:4014/;
    proxy_set_header        Host             $host;
    proxy_set_header        X-Real-IP        $remote_addr;
    proxy_set_header        X-Forwarded-For  $proxy_add_x_forwarded_for;
    auth_basic "Private Property";
    auth_basic_user_file /etc/nginx/.htpasswd;
  }

  location /sub/ {
    proxy_pass http://127.0.0.1:4013/;
    proxy_set_header        Host             $host;
    proxy_set_header        X-Real-IP        $remote_addr;
    proxy_set_header        X-Forwarded-For  $proxy_add_x_forwarded_for;
    auth_basic "Private Property";
    auth_basic_user_file /etc/nginx/.htpasswd;
  }
}
}

• restart nginx: sudo service nginx restart

Access

• https://192.168.0.101/wiki/
• https://192.168.0.101/sub/

[Mark S.]

Looks useful.

Noted in tiddlywiki toolmap under "node.js".