Closed igorsantos07 closed 9 years ago
First of all, sorry for the first version of this issue. It was created by accident via a bad Enter press. haha
When using apache as a reverse proxy, why do you want rainy to use ssl? If apache + rainy run on the same host, it does not make much sense to enable SSL in rainy.
I just went with the default settings, to have the least trouble possible... I enabled Rainy as it was working before (with a specific port), and added a VHost to Apache to forward from a subdomain to the localhost's Rainy port.
Would it be as secure as running Rainy standalone if I create a self-signed cert, add it to Apache, and run Rainy without SSL?
If Rainy and Apache run on the SAME machine, then you can configure Rainy to listen on "http://localhost:8080" without SSL enabled. It thus not reachable from the outside (there was a bug in mono that made localhost available from outside, check your mono version and upgrade if in doubt).
This is perfectly secure as long as you configure apache to use SSL for INBOUND connections. Apache will then forward the request (unencrypted) to localhost:8080 (= Rainy) and forward the data back to the client with the encryption configure in apache.
TLDR: When using an SSL enabled reverse proxy and you got a recent mono version, it is perfectly save to configure rainy to listen on http://localhost:8080/ and use this for your reverse proxy.
Will try! This could be added to the documentation somewhere? :)
EDIT: working :)
Trying to make my first sync, using Tomboy 1.15.4, I get a connection refused error. Would this be related to localhost X subdomain addresses?
[ERROR 15:53:29.957] Failed to get auth URL from https://tomboy.igorsantos.com.br.
Exception was: System.Net.WebException: Error: ConnectFailure (Connection refused) --->
System.Net.Sockets.SocketException: Connection refused
In Rainy logs, this:
15/01/23_17:56:56.713 [DEBUG] Rainy.WebService.RequestLogFilterAttribute->RequestFilter - Received request at: /api/1.0
Deserialized data (JSV):
{
}
15/01/23_17:56:56.714 [DEBUG] Rainy.WebService.RequestLogFilterAttribute->RequestFilter - Received request headers:
15/01/23_17:56:56.714 [DEBUG] Rainy.WebService.RequestLogFilterAttribute->RequestFilter - Host: localhost:8662
15/01/23_17:56:56.714 [DEBUG] Rainy.WebService.RequestLogFilterAttribute->RequestFilter - X-Forwarded-For: 186.228.60.131
15/01/23_17:56:56.714 [DEBUG] Rainy.WebService.RequestLogFilterAttribute->RequestFilter - X-Forwarded-Host: tomboy.igorsantos.com.br
15/01/23_17:56:56.715 [DEBUG] Rainy.WebService.RequestLogFilterAttribute->RequestFilter - X-Forwarded-Server: tomboy.igorsantos.com.br
15/01/23_17:56:56.715 [DEBUG] Rainy.WebService.RequestLogFilterAttribute->RequestFilter - Connection: Keep-Alive
15/01/23_17:56:56.717 [DEBUG] Rainy.WebService.ApiService->Get - ApiRequest received
15/01/23_17:56:56.730 [DEBUG] Rainy.WebService.ResponseLogFilterAttribute->ResponseFilter - Unserialized response data to send (JSV):
{
user-ref:
{
api-ref: "http://localhost:8662/api/1.0/",
href: "http://localhost:8662/"
},
oauth_request_token_url: "http://localhost:8662/oauth/request_token",
oauth_authorize_url: "http://localhost:8662/oauth/authorize/",
oauth_access_token_url: "http://localhost:8662/oauth/access_token",
api-version: 1.0
}
Not sure if you're receiving notifications for this closed issue, so I'm tagging you, @Dynalon :)
I'm trying to use Apache as a reverse proxy to easily access the Rainy server through a subdomain. However, enabling the SSL in a virtual host is not that easy, since Apache is used to different types of certificate files.
Rainy apparently generates a DER certificate, but apache expects PEM certs. I found a way to easily convert from DER to PEM, but I have no idea what to do with the PVK file. It apparently is a proprietary format that is not possible to be converted in an Unix box.
Is it possible for Rainy to generated unix-compatible files? Or is there another way to fiddle with the problem?