Closed maestroi closed 6 years ago
NGPixel
commented
6 years ago You must set the host parameter correctly in your config.yml. Either you use https for everyone or you don't.
It'll be possible to mix both protocols in 2.0 but that's not recommended. If you use https, you should use it everywhere.
maestroi
commented
6 years ago You are right fixed, Thanks!
Changed host to Https:// on the config.yml.
pmoris
commented
6 years ago I'm trying to achieve the same thing, but I can't seem to get it working right. I've read through various blogs/tutorials/forum posts, but I must still be missing something obvious.
System and configuration: wiki.js 1.0.0; OS: CentOS 7; Server version: Apache/2.4.29 (cPanel)
The initial configuration (via subdomain.domain.com:3000) went fine, although the connection was not using HTTPS. I can't access the wiki at all through HTTPS afterwards. Here's what I've tried so far:
config.yml to http://subdomain.domain.com:3001 allows me to see the login page by browsing to that explicit port, but the connection is not secure..htaccess file (as described here) allows me to reach the wiki without explicitly typing the port, but the connection is still unsecured. The styling changes depending on how I've defined the host url.config.yml file.
wiki-js.conf file in /etc/apache2/conf.d, none of the variations I've tried seem to work (httpd fails to restart).(https://)subdomain.domain.com still serves the FTP directory (Index of /) rather than wiki.js.conf/httpd.conf file, which contained the following entry SSLCertificateFile /var/cpanel/ssl/apache_tls/subdomain.doamain.com/combined, but I suspect this might be the culprit.Some additional questions about the virtual host approach:
.conf file something defined by node or should I replace it with something else for my setup? Should this IP be prefixed by http or https?Listen 443 and NameVirtualHost *:443 commands? The resources I linked to disagree on this matter (the NGINX tutorial does have a similar entry).ServerName subdomain.domain.com line since I'm only trying to redirect a subdomain?.conf file? Or should using a bare bones file such as the following work, provided I define the host with https in config.yml? Because when I try the latter, I'm served the FTP index of my domain unless I explicitly type out the port (and the styling is missing again, even on the http version of the page). <VirtualHost *:80>
ProxyPreserveHost On # or Off
ProxyPass / http://127.0.0.1:3001/ # or localhost
ProxyPassReverse / http://127.0.0.1:3001/
</VirtualHost>@maestroi: could you perhaps share your full configuration? Did you use both a virtual host and a .htaccess rewriting rule?
Any suggestions would be much appreciated! Apologies for the wall of text: I'm new to all of this and I'm feeling completely overwhelmed by all the terminology and differences between Apache configurations on various systems (directory structures, sites-available vs /userdata/ssl/2_4/user/domain/, realising that a2enmod only exists on Debian, etc.). At this point I'd even be satisfied with a setup that allows me to access the wiki by typing out the port as part of the URL, provided the connection uses SSL.
NGPixel
commented
6 years ago The host parameter in config.yml should reflect what the end user will use. It doesn't matter if you use HTTPS or not internally.
If you're supposed to access your wiki with HTTPS, then set https in config.yml. This parameter has absolutely no effect on the protocol the server listens to.
pmoris
commented
6 years ago Thanks for the quick reply. I believe I've got it working now.
For anyone else experiencing similar problems with cPanel's version of apache, read on:
As explained in cPanel's documentation, you can modify virtual hosts by creating *.conf files in /etc/apache2/conf.d/userdata/ssl/2_4/user/domain/includename.conf directories. Your best bet is to grep your subdomain in the /etc/apache2/conf/httpd.conf file, because it specifies this location in one of the nearby comment lines. I had initially used username/domainname, rather than username/subdomain.domainname.com.
These include files inject all your changes into the main httpd.conf file. This means you cannot follow any of the guides I linked to in my previous post, because there's already a default <VirtualHost> block in this file for each domain and apache will complain if you try to add another <VirtualHost> block inside an existing one. So you can only add the entries that belong within this block. Moreover, it seems that things like the SSLCertificateFile are included automatically as well. So you can get away by only adding the following:
ProxyPreserveHost Off
ProxyPass / http://127.0.0.1:3001/
ProxyPassReverse / http://127.0.0.1:3001/Then run /usr/local/cpanel/scripts/rebuildhttpdconf followed by /usr/local/cpanel/scripts/restartsrv_httpd. I believe these are equivalent to the systemctl enable httpd && systemctl start httpd / sudo services apache2 restart / sudo systemctl restart httpd / a2ensite metak # /etc/init.d/apache2 reload / service apache2 restart commands you might encounter in other tutorials.
You don't need to create a .htaccess file in the public_html/subdomain directory.
@NGPixel: The final thing I had to do was remove the port from the host entry in Wiki.js's config.yml. It currently looks like this:
host: 'https://www.subdomain.domain.com'
port: 3001And I'm able to visit the wiki by browsing to that exact URL. The HTTP site is still showing my apache server (ftp index).
Up until now I was using host: 'https://www.subdomain.domain.com:3001'. I believed this was the correct configuration after reading this, this, this and this issue, and also the troubleshooting docs.
Solution C: Use a web server in front of Wiki.js. For example, use nginx to listen to port 80 / 443 and proxy all requests to Wiki.js running on a higher port (e.g. 3000). ... Solution: This value should correspond to the host/domain users are using to access your wiki, including the port if different than 80 / 443.
My train of thought gathered from these sources was as follows: the wiki loads fine through HTTP by typing out the non-standard port, but not in HTTPS => reverse proxy is required. But apparently the final step should be: using reverse proxy? => remove the non-standard port from the host entry. In other words, you need to add the port to the host entry if you intend to visit the wiki by visiting domain.com:port, but not when you are reverse proxying your apache/nginx server to the non-standard wiki.js port. If you don't do this, the CSS will fail to load:
GET
https://www.subdomain.domain.com:3001/js/vendor.js
GET
https://www.subdomain.domain.com:3001/js/app.js
Loading failed for the <script> with source “https://www.www.subdomain.domain.com:3001/js/vendor.js”.
login:1
Loading failed for the <script> with source “https://www.subdomain.domain.com:3001/js/app.js”.Perhaps this could be clarified in the documentation somehow?
afascina
commented
6 years ago This solution work fine.
Apache.
<VirtualHost ${WAF_IP}:443> ServerName wiki.mydomain.org
ProxyPreserveHost On ProxyRequests Off ProxyVia On
ProxyPass http://wiki.mydomain.org/ ProxyPassReverse http://wiki.mydomain.org/
ErrorLog ${APACHE_LOG_DIR}/wiki.mydomain.org_error.log CustomLog ${APACHE_LOG_DIR}/wiki.mydomain.org.log combined
/opt/Wikijs/config.yml host: 'https://wiki.mydomain.org' port: 80
Actual behavior
i have an apache reverse proxy to make wiki.js work with ssl. unfortunately after everything setting up, it works but cannot acces some resource because of mixed content as displayed below
without https inside the network it works perfectly. Any browser does not like mixed content.
any idea's?
Expected behavior
to be able to load vendor.js and app.js.
Steps to reproduce the behavior