Setting up Bob behind an HTTPS Apache proxy

108 views
Skip to first unread message

Enrico Guiraud

unread,
Dec 23, 2019, 8:54:26 AM12/23/19
to TiddlyWiki
Hi,
I am trying to setup a Bob server on my VPS. I have googled for resources but what I could dig up (mainly this example apache configuration) does not seem to be working, and I'm having a hard time figuring out what's wrong.
Any suggestion is highly appreciated. I'm so stuck that I'm considering writing my own multi-wiki tiddlywiki server :)

Cheers,
Enrico

What I'm trying to do
I would like to access a Bob-powered tiddlywiki as `multiwiki.my.domain`.
Next step: access Bob-managed sub-wikis as `multiwiki.my.domain/subwiki`, to get around node's insane RAM usage.

Problems
When I try to access `multiwiki.my.domain`, I get Bob's starting page but at the bottom there is a red banner stating "WARNING: The connection to server hasn't been established yet."
Checking Firefox's console log, the only message present says "Firefox can’t establish a connection to the server at wss://multiwiki.my.domain/."

My setup

$ git clone --depth=1 https://github.com/OokTech/TW5-Bob.git /usr/lib/node_modules/tiddlywiki/plugins/OokTech/Bob
$ cp -r /usr/lib/node_modules/tiddlywiki/plugins/OokTech/Bob/MultiUserWiki MultiWiki

# MultiWiki/settings/settings.json
{
  "serverName": "multiwiki.my.domain",
  "scripts": {
    "NewWiki": "tiddlywiki #wikiName --init #editionName"
  },
  "wikis": {

  },
  "ws-server": {
    "port": 8086,
    "host": "127.0.0.1",
    "autoIncrementPort": false
  },
  "heartbeat": {
    "interval": 1000
  },
  "wikisPath": "./Wikis",
  "pluginsPath": "./Plugins",
  "themesPath": "./Themes",
  "servingFiles": {}
}

# apache_confs/multiwiki-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerName multiwiki.my.domain

        ProxyRequests Off
        ProxyPreserveHost on

        ###### Adding WebSockets ######
        RewriteEngine On
        RewriteCond %{HTTP:Connection} Upgrade [NC]
        RewriteCond %{HTTP:Upgrade} websocket [NC]
        RewriteRule /(.*) ws://127.0.0.1:8086/$1 [P,L]
        ###### Finished WebSockets #######

        Include /etc/letsencrypt/options-ssl-apache.conf
        SSLCertificateFile ...
        SSLCertificateKeyFile ...

        ProxyPass "/"  "http://127.0.0.1:8086/"
        ProxyPassReverse "/"  "http://127.0.0.1:8086/"

        AllowEncodedSlashes On
        SSLEngine On
        SSLProxyEngine On
</VirtualHost>
</IfModule>

Tejasvi S Tomar

unread,
Sep 5, 2020, 12:31:38 PM9/5/20
to TiddlyWiki
Hi Enrico,
Did you manage to figure it out? I am facing the exact same issue while trying to setup Bob on VPS. There seems to be issue with the reverse connection whie saving the changes. There are three things to configure in settings.json: ws-server, saver, and serverInfo, and then the Apache needs to be configured corresponding to the specified ports/hostname/ip in settings.json. I have tried a few permutation and combinations with no luck. Hopefully if someone has managed to make Bob + VPS work would chime in.

Tejasvi S Tomar

unread,
Sep 5, 2020, 3:30:04 PM9/5/20
to TiddlyWiki
After a sleepless night, I finally got it working with nginx (works flawlessly with websockets). Turns out only ws-server port and hostname is relevant for the setup. Below nginx config works with the default Bob settings and adds LetsEncrypt certs obtained from certbot. I have also added basic authentication support which are secure only over SSL. Partial demo at notes.mefyi.com.

server {
        listen 80 default_server;
        listen [::]:80 default_server;

        root /var/www/html;
        index index.html index.htm index.nginx-debian.html;
        server_name _;
        location / {
                auth_basic "Private Area";
                auth_basic_user_file /etc/apache2/.htpasswd;
                proxy_pass http://0.0.0.0:8080;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection 'upgrade';
                proxy_set_header Host $host;
                proxy_cache_bypass $http_upgrade;
                try_files $uri $uri/ =404;
        }

}

server {

        root /var/www/html;
        index index.html index.htm index.nginx-debian.html;
    server_name notes.mefyi.com; # managed by Certbot

        location / {
                auth_basic "Private Area";
                auth_basic_user_file /etc/apache2/.htpasswd;
                proxy_pass http://localhost:8080;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection 'upgrade';
                proxy_set_header Host $host;
                proxy_cache_bypass $http_upgrade;
                try_files $uri $uri/ =404;
        }


    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/notes.mefyi.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/notes.mefyi.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
    if ($host = notes.mefyi.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

        listen 80 ;
        listen [::]:80 ;
    server_name notes.mefyi.com;
    return 404; # managed by Certbot

}

Reply all
Reply to author
Forward
0 new messages