client denied by server configuration: proxy:http://localhost:9001/socket.io/1/ with Apache reverse-proxy

ghost commented 10 years ago

Hi,

I have a problem with a Apache reverse-proxy and Etherpad-lite on Debian Wheezy. This is my configuration.

/etc/apache2/sites-enabled/etherpad

<VirtualHost *:80>
        ServerAdmin contact@example.org
        ServerName etherpad.example.org
        ServerSignature Off
        CustomLog /var/log/apache2/etherpad_access.log combined
        ErrorLog /var/log/apache2/etherpad_error.log
    ProxyVia On
    ProxyRequests Off
    ProxyPass / http://127.0.0.1:9001/
    ProxyPassReverse / http://127.0.0.1:9001/
    ProxyPreserveHost on
    <Proxy *>
            Options FollowSymLinks MultiViews
            AllowOverride All
            Order allow,deny
            allow from all
    </Proxy>
</VirtualHost>

/var/www/etherpad-lite/settings.json (user-group : etherpad-etherpad)

{
  // Name your instance!
  "title": "Etherpad",

  // favicon default name
  // alternatively, set up a fully specified Url to your own favicon
  "favicon": "favicon.ico",

  //IP and port which etherpad should bind at
  "ip": "127.0.0.1",
  "port" : 9001,

  // Session Key, used for reconnecting user sessions
  // Set this to a secure string at least 10 characters long.  Do not share this value.
  "sessionKey" : "myKey",

   "dbType" : "mysql",
   "dbSettings" : {
                    "user"    : "mysqlpad", 
                    "host"    : "localhost", 
                    "password": "myP@ssw0rd", 
                    "database": "mypad"
                  },

  /* Users must have a session to access pads. This effectively allows only group pads to be accessed. */
  "requireSession" : false,

  /* Users may edit pads but not create new ones. Pad creation is only via the API. This applies both to group pads and regular pads. */
  "editOnly" : false,

  /* Users, who have a valid session, automatically get granted access to password protected pads */
  "sessionNoPassword" : false,

  /* if true, all css & js will be minified before sending to the client. This will improve the loading performance massivly, 
     but makes it impossible to debug the javascript/css */
  "minify" : true,

  /* How long may clients use served javascript code (in seconds)? Without versioning this
     may cause problems during deployment. Set to 0 to disable caching */
  "maxAge" : 21600, // 60 * 60 * 6 = 6 hours

  /* This is the path to the Abiword executable. Setting it to null, disables abiword.
     Abiword is needed to advanced import/export features of pads*/  
  "abiword" : "/usr/bin/abiword",

  /* This setting is used if you require authentication of all users.
     Note: /admin always requires authentication. */
  "requireAuthentication": false,

  /* Require authorization by a module, or a user with is_admin set, see below. */
  "requireAuthorization": false,

  /*when you use NginX or another proxy/ load-balancer set this to true*/
  "trustProxy": true,

  /* Privacy: disable IP logging */
  "disableIPlogging": false,  

  /* Users for basic authentication. is_admin = true gives access to /admin.
     If you do not uncomment this, /admin will not be available! */

  "users": {
    "admin": {
      "password": "adminpassword",
      "is_admin": true
     }
   },    

  // restrict socket.io transport methods
  "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],

  /* The toolbar buttons configuration.
  "toolbar": {
    "left": [
      ["bold", "italic", "underline", "strikethrough"],
      ["orderedlist", "unorderedlist", "indent", "outdent"],
      ["undo", "redo"],
      ["clearauthorship"]
    ],
    "right": [
      ["importexport", "timeslider", "savedrevision"],
      ["settings", "embed"],
      ["showusers"]
    ],
    "timeslider": [
      ["timeslider_export", "timeslider_returnToPad"]
    ]
  },
  */

  /* The log level we are using, can be: DEBUG, INFO, WARN, ERROR */
  "loglevel": "INFO",

  //Logging configuration. See log4js documentation for further information
  // https://github.com/nomiddlename/log4js-node
  // You can add as many appenders as you want here:
  "logconfig" :
    { "appenders": [
        { "type": "console"
        //, "category": "access"// only logs pad access
        }
      , { "type": "file"
      , "filename": "/var/log/etherpad-lite/etherpad.log"
      , "maxLogSize": 1024
      , "backups": 3 // how many log files there're gonna be at max
      //, "category": "test" // only log a specific category
        }
      ]
    }
}

When i run etherpad-lite with su -c "/var/www/etherpad-lite/bin/run.sh" -s /bin/bash etherpad :

Ensure that all dependencies are up to date...  If this is the first time you have run Etherpad please be patient.
npm WARN package.json async-stacktrace@0.0.2 No repository field.
npm WARN package.json channels@0.0.4 No repository field.
npm WARN package.json ejs@0.6.1 No repository field.
npm WARN package.json formidable@1.0.9 No repository field.
npm WARN package.json jsdom-nocontextifiy@0.2.10 'repositories' (plural) Not supported. Please pick one as the 'repository' field
npm WARN package.json tinycon@0.0.1 No repository field.
Ensure jQuery is downloaded and up to date...
Clear minfified cache...
ensure custom css/js files are created...
start...
[2014-06-19 16:34:31.295] [WARN] pluginfw - /var/www/etherpad-lite/node_modules/ep_etherpad-lite/node_modules/npm/node_modules/glob requires minimatch@'^0.3.0' but will load
/var/www/etherpad-lite/node_modules/ep_etherpad-lite/node_modules/npm/node_modules/minimatch,
which is version 0.3.0 'unmet dependency'
[2014-06-19 16:34:31.297] [WARN] pluginfw - /var/www/etherpad-lite/node_modules/ep_etherpad-lite/node_modules/npm/node_modules/glob requires once@'^1.3.0' but will load
/var/www/etherpad-lite/node_modules/ep_etherpad-lite/node_modules/npm/node_modules/once,
which is version 1.3.0 'unmet dependency'
[2014-06-19 16:34:31.297] [WARN] pluginfw - /var/www/etherpad-lite/node_modules/ep_etherpad-lite/node_modules/npm/node_modules/inflight requires once@'^1.3.0' but will load
/var/www/etherpad-lite/node_modules/ep_etherpad-lite/node_modules/npm/node_modules/once,
which is version 1.3.0 'unmet dependency'
[2014-06-19 16:34:31.298] [WARN] pluginfw - /var/www/etherpad-lite/node_modules/ep_etherpad-lite/node_modules/npm/node_modules/init-package-json requires glob@'^4.0.2' but will load
/var/www/etherpad-lite/node_modules/ep_etherpad-lite/node_modules/npm/node_modules/glob,
which is version 4.0.2 'unmet dependency'
[2014-06-19 16:34:31.299] [WARN] pluginfw - /var/www/etherpad-lite/node_modules/ep_etherpad-lite/node_modules/npm/node_modules/npm-install-checks requires semver@'^2.3.0' but will load
/var/www/etherpad-lite/node_modules/ep_etherpad-lite/node_modules/npm/node_modules/semver,
which is version 2.3.0 'unmet dependency'
[2014-06-19 16:34:31.299] [WARN] pluginfw - /var/www/etherpad-lite/node_modules/ep_etherpad-lite/node_modules/npm/node_modules/npm-registry-client requires graceful-fs@'^3.0.0' but will load
/var/www/etherpad-lite/node_modules/ep_etherpad-lite/node_modules/npm/node_modules/graceful-fs,
which is version 3.0.2 'unmet dependency'
[2014-06-19 16:34:31.299] [WARN] pluginfw - /var/www/etherpad-lite/node_modules/ep_etherpad-lite/node_modules/npm/node_modules/npm-registry-client requires npm-cache-filename@'^1.0.0' but will load
/var/www/etherpad-lite/node_modules/ep_etherpad-lite/node_modules/npm/node_modules/npm-cache-filename,
which is version 1.0.1 'unmet dependency'
[2014-06-19 16:34:31.299] [WARN] pluginfw - /var/www/etherpad-lite/node_modules/ep_etherpad-lite/node_modules/npm/node_modules/npmconf requires ini@'^1.2.0' but will load
/var/www/etherpad-lite/node_modules/ep_etherpad-lite/node_modules/npm/node_modules/ini,
which is version 1.2.1 'unmet dependency'
[2014-06-19 16:34:31.299] [WARN] pluginfw - /var/www/etherpad-lite/node_modules/ep_etherpad-lite/node_modules/npm/node_modules/npmconf requires osenv@'^0.1.0' but will load
/var/www/etherpad-lite/node_modules/ep_etherpad-lite/node_modules/npm/node_modules/osenv,
which is version 0.1.0 'unmet dependency'
[2014-06-19 16:34:31.300] [WARN] pluginfw - /var/www/etherpad-lite/node_modules/ep_etherpad-lite/node_modules/npm/node_modules/read-package-json requires glob@'^4.0.2' but will load
/var/www/etherpad-lite/node_modules/ep_etherpad-lite/node_modules/npm/node_modules/glob,
which is version 4.0.2 'unmet dependency'
[2014-06-19 16:34:31.301] [WARN] pluginfw - /var/www/etherpad-lite/node_modules/ep_etherpad-lite/node_modules/npm/node_modules/fstream-npm/node_modules/fstream-ignore requires minimatch@'^0.3.0' but will load
/var/www/etherpad-lite/node_modules/ep_etherpad-lite/node_modules/npm/node_modules/minimatch,
which is version 0.3.0 'unmet dependency'
[2014-06-19 16:34:31.301] [WARN] pluginfw - /var/www/etherpad-lite/node_modules/ep_etherpad-lite/node_modules/npm/node_modules/read-package-json/node_modules/normalize-package-data requires github-url-from-username-repo@'^0.2.0' but will load
/var/www/etherpad-lite/node_modules/ep_etherpad-lite/node_modules/npm/node_modules/github-url-from-username-repo,
which is version 0.2.0 'unmet dependency'
[2014-06-19 16:34:31.558] [INFO] console - Installed plugins: ep_adminpads, ep_align, ep_copy_paste_images, ep_etherpad-lite, ep_font_family, ep_font_size
[2014-06-19 16:34:31.589] [INFO] console - Your Etherpad git version is b1b972a
[2014-06-19 16:34:31.589] [INFO] console - Report bugs at https://github.com/ether/etherpad-lite/issues
[2014-06-19 16:34:31.618] [INFO] console -    info  - 'socket.io started'
[2014-06-19 16:34:31.661] [INFO] console - You can access your Etherpad instance at http://127.0.0.1:9001/
[2014-06-19 16:34:31.661] [INFO] console - The plugin admin page is at http://127.0.0.1:9001/admin/plugins

And my log for my reverse-proxy :

[Thu Jun 19 16:13:33 2014] [error] [client 89.0.0.1] client denied by server configuration: proxy:http://localhost:9001/socket.io/1/xhr-polling/aCgD68YgHUrG8fTROHOa, referer: http://etherpad.example.com/p/TEST
[Thu Jun 19 16:13:33 2014] [error] [client 89.0.0.1] client denied by server configuration: proxy:http://localhost:9001/socket.io/1/, referer: http://etherpad.example.com/p/TEST
[Thu Jun 19 16:22:47 2014] [error] [client 89.0.0.1] client denied by server configuration: proxy:http://127.0.0.1:9001/socket.io/1/xhr-polling/gVvUYy2HmmsRzWWlOHOb, referer: http://etherpad.example.com/p/TEST
[Thu Jun 19 16:27:31 2014] [error] [client 89.0.0.1] client denied by server configuration: proxy:http://127.0.0.1:9001/socket.io/1/xhr-polling/ImF6togmkKwitxPDOHOc, referer: http://etherpad.example.com/p/TEST

I'm connecting on the PAD from http://etherpad.example.com but i have lot of disconnection and it's more instable. I check Apache and Etherpad configurations but i don't understand.

Any Ideas ?

marcelklehr commented 10 years ago

Apache as reverse proxy is known to cause problems with etherpad lite. Others have solved this by using nginx.

ghost commented 10 years ago

Ok, Thanks.

I will try to use nginx but actually all my web service run with Apache 2.

quenenni commented 10 years ago

I have the combo Etherpad-lite with proxy / Apache / Debian Wheezy working perfectly.

The difference I see between your conf and mine is that I have ""trustProxy": false," in my settings file.

It's worth a try to see if it resolves your problem.

Lucas-C commented 10 years ago

As an example of working Apache config to ProxyPass Etherpad, here is a short blog post I wrote: https://chezsoi.org/lucas/blog/2014/10/10/en-setting-up-etherpad-in-a-server-subdirectory-aka-apache-config-hell/ I had to use mod_proxy_html to re-write URLs in the pages served.

ether / etherpad-lite

client denied by server configuration: proxy:http://localhost:9001/socket.io/1/ with Apache reverse-proxy #2183