• GitHub
  • Documentation
  • Discord
  • Donate
search
  • chevron_right Threads
  • label Support
  • label Docker

Deactivate SSL/HTTPS? Use extern reverse proxy!

Justman10000
May 20, 2023
chat_bubble_outline 33
  • lock
chevron_right last_page
chevron_right last_page
  • link
    Justman10000
    Members 44 posts
    May 20, 2023, 11:16 p.m. May 20, 2023, 11:16 p.m.
    link

    Can one deactivate Let's Encrypt and let misago run only via http? So that one can then use a reverse proxy externally

  • link
    rafalp
    Project Lead 1731 posts
    May 20, 2023, 11:27 p.m. May 20, 2023, 11:27 p.m.
    link

    AFAIR simplest way to achieve that is to create fork of misago-docker that deletes nginx-lets-encrypt from docker-compose.yml file.

  • link
    Justman10000
    Members 44 posts
    May 21, 2023, 1:36 a.m. May 21, 2023, 1:36 a.m.
    link
    @rafalp has written:

    AFAIR simplest way to achieve that is to create fork of misago-docker that deletes nginx-lets-encrypt from docker-compose.yml file.

    grafik.png

    grafik.png

    PNG, 9.8 KB, uploaded by Justman10000 on May 21, 2023.

  • link
    rafalp
    Project Lead 1731 posts
    May 21, 2023, 1:50 a.m. May 21, 2023, 1:50 a.m.
    link

    Actually, you can delete both nginx-lets-encrypt and nginx-proxy and add this entry to misago service:

    ports:
      - "3031:3031"
    

    Now you need to setup your proxy to:

    • Serve media directory under /media/ path
    • Serve static directory under /static/ path
    • Proxy rest of requests to localhost:3031
  • link
    Justman10000
    Members 44 posts
    May 21, 2023, 2:20 a.m. May 21, 2023, 2:20 a.m.
    link
    @rafalp has written:
    • Serve media directory under /media/ path

    • Serve static directory under /static/ path

    • Proxy rest of requests to localhost:3031

    How? I have this:

    <VirtualHost *:80>
        ServerName ADRESS
    
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
    
        RewriteEngine on
        RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
    </VirtualHost>
    
    <VirtualHost *:443>
        ServerName ADRESS
    
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
    
        SSLEngine On
        SSLCertificateFile    /etc/letsencrypt/live/ADRESS/cert.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/ADRESS/privkey.pem
        SSLCertificateChainFile /etc/letsencrypt/live/ADRESS/fullchain.pem
    
        ProxyPass / http://127.0.0.1:3031/
        ProxyPassReverse / http://127.0.0.1:3031/
    </VirtualHost>
    
  • link
    rafalp
    Project Lead 1731 posts
    May 21, 2023, 3:14 a.m. May 21, 2023, 3:14 a.m.
    link

    Please stop tagging me.

    I don’t know what you are supposed to do next with that config, I am not fimiliar with Apache.

    If you are trying to do custom setup, you should have knowledge of technologies you are going to use. Maybe other user on this forum will have a knowledge of Apache and will be able to help?

  • link
    Justman10000
    Members 44 posts
    May 21, 2023, 11:39 a.m. May 21, 2023, 11:39 a.m.
    link
    @rafalp has written:

    Please stop tagging me.

    I don’t know what you are supposed to do next with that config, I am not fimiliar with Apache.

    If you are trying to do custom setup, you should have knowledge of technologies you are going to use. Maybe other user on this forum will have a knowledge of Apache and will be able to help?

    Well, Misago itself can't be reached on port 3031 either

  • link
    Justman10000
    Members 44 posts
    May 21, 2023, 11:41 a.m. May 21, 2023, 11:41 a.m.
    link

    Or rather... The connection is always interrupted

  • link
    Justman10000
    Members 44 posts
    May 21, 2023, 2:33 p.m. May 21, 2023, 2:33 p.m.
    link

    @rafalp

    I'd like to refrain from pinging you, but... Where are you? It always says you're online

  • link
    rafalp
    Project Lead 1731 posts
    May 21, 2023, 2:36 p.m. May 21, 2023, 2:36 p.m.
    link

    @Justman10000 this is final warning. You either understand that this is an open source software and I am only helping people out of good will and I am unable to spend time helping people researching their custom setups, or we can part ways.

  • link
    Justman10000
    Members 44 posts
    May 21, 2023, 6:33 p.m. May 21, 2023, 6:33 p.m.
    link
    @rafalp has written:

    Actually, you can delete both nginx-lets-encrypt and nginx-proxy and add this entry to misago service:

    ports:
      - "3031:3031"
    

    Now you need to setup your proxy to:

    • Serve media directory under /media/ path
    • Serve static directory under /static/ path
    • Proxy rest of requests to localhost:3031

    You told me that, so surely you know why Misago doesn't work?

  • link
    rafalp
    Project Lead 1731 posts
    May 21, 2023, 6:36 p.m. May 21, 2023, 6:36 p.m.
    link

    If its Misago thats not working, can you show an error from it?

  • link
    Justman10000
    Members 44 posts
    May 21, 2023, 6:37 p.m. May 21, 2023, 6:37 p.m.
    link
    @rafalp has written:

    If its Misago thats not working, can you show an error from it?

    That's the strange thing, no errors are logged

  • link
    rafalp
    Project Lead 1731 posts
    May 21, 2023, 6:40 p.m. May 21, 2023, 6:40 p.m.
    link

    What is not working then? Is misago docker not starting?

  • link
    Justman10000
    Members 44 posts
    May 21, 2023, 7:23 p.m. May 21, 2023, 7:23 p.m.
    link

    The Docker container is active, but when I call the URL, this comes up:

    grafik.png

    grafik.png

    PNG, 26.1 KB, uploaded by Justman10000 on May 21, 2023.

  • link
    rafalp
    Project Lead 1731 posts
    May 21, 2023, 9:54 p.m. May 21, 2023, 9:54 p.m.
    link

    Have you verified that your configuration is correct and the problem is with Misago docker, eg. by running different app using your apache config?

  • link
    tetricky
    Members 125 posts
    May 22, 2023, 1:49 a.m. May 22, 2023, 1:49 a.m.
    link
    @Justman10000 has written:

    Can one deactivate Let's Encrypt and let misago run only via http? So that one can then use a reverse proxy externally

    You might want to look at Install misago in a podman pod under linux which uses the misago container image.

    While the instructions are for podman, it is an approach that is equally applicable in docker, or k8s.

    This is not an officially supported method, and is provided on a best effort basis.

    As is the misago official docker deployment.

    Support might be politely asked for, but should not be demanded, nor expected.

    rafalp likes this.

    favorite 1

  • link
    Justman10000
    Members 44 posts
    May 22, 2023, 7 p.m. May 22, 2023, 7 p.m.
    link
    @rafalp has written:

    Have you verified that your configuration is correct and the problem is with Misago docker, eg. by running different app using your apache config?

    I ventured deeper into the system! The only log entry that repeats when I try to call Misato is this one:

    invalid request block size: 21573 (max 4096)...skip

chevron_right last_page
arrow_upward Go to top
  • This site uses cookies to gather statistical data for use in traffic analysis. Header photo by Joanna Malinowska.
  • GitHub
  • Documentation
  • Discord
  • Donate
  • Terms of service
  • Privacy policy
powered by misago