-
-
Notifications
You must be signed in to change notification settings - Fork 3k
How to put Etherpad Lite behind a reverse Proxy
Feel free to add your own config examples. We recommend using Nginx or Lighttpd, cause they can handle multiple connections much better than Apache
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin support@example.org
ServerName etherpad.example.org
ServerSignature Off
CustomLog /var/log/apache2/etherpad_access.log combined
ErrorLog /var/log/apache2/etherpad_error.log
ErrorLog syslog:local2
<Location />
AuthType Basic
AuthName "Welcome to the example.org Etherpad"
AuthUserFile /path/to/svn.passwd
AuthGroupFile /path/to/svn.group
Require group etherpad
</Location>
<IfModule mod_proxy.c>
ProxyVia On
ProxyRequests Off
ProxyPass / http://etherpad.internal.example.org:9001/
ProxyPassReverse / http://etherpad.internal.example.org:9001/
ProxyPreserveHost on
<Proxy *>
Options FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Proxy>
</IfModule>
</VirtualHost>
</IfModule>$HTTP["host"] =~ "^example.com$" {
proxy.balance = "hash"
proxy.server = ( "" => ( (
"host" => "127.0.0.1",
"port" => 9001
) )
)
}
If you use more than one server behind lighty (you can add more server - look at the lighty docs linked above) you have to use the hash balancer. So for any request the same server will be used. But remember: If you restart lighty this probably does not work anymore. (TODO: add synchronization in etherpad-lite)
Additional information: http://redmine.lighttpd.net/wiki/lighttpd/Docs:ModProxy
There is a known problem with nginx and socket.io, this pull request fixes it -> https://github.com/LearnBoost/socket.io/pull/401
server {
listen 443;
server_name pad.example.com;
access_log /var/log/nginx/eplite.access.log;
error_log /var/log/nginx/eplite.error.log;
ssl on;
ssl_certificate /etc/nginx/ssl/eplite.crt;
ssl_certificate_key /etc/nginx/ssl/eplite.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://localhost:9001/;
proxy_set_header Host $host;
proxy_buffering off;
}
}
server {
listen 80;
server_name pad.example.com;
rewrite ^(.*) https://$server_name$1 permanent;
} location /pad {
rewrite /pad/(.*) /$1 break;
proxy_pass http://localhost:9001/;
proxy_set_header Host $host;
proxy_buffering off;
}You need to install the Application Request Routing module to IIS first, using the Web platform installer. This is fairly straightforward to do: Open the Webplattform-Installer, e.g. by clicking your server in the server management console under Roles / Webserver (IIS) / Internet Information Services (I got this in German, so don't get confused when the terms are a little different on your installation - I'm trying to translate this back to English; if you follow these instructions on an English installation it would be nice if you could correct any wrong terms). It's in the Management section (probably the lowest entry in the list).
Here you will find "Application Request Routing" (currently 2.5). Click "Add" and then "Install". Wait.
Once the installation is complete, you'll find "Serverfarms" below "Sites" in your server. Add one with the name of your EtherPad Lite installation. Make sure to enter the correct ports under "Extended Settings" (I'm using 9001 for both httpPort and httpsPort).
Now be careful to not have the console create any default routing settings (that might route any request to any of the sites hosted on your machine to EtherPad Lite). Double click your newly created server farm, then double click "Routing Rules". Under "Advanced Routing", click "URL Rewrite..."
Make sure there are no rules (if any were created, delete them). Create a new empty rule.
You can almost follow the instructions from here:
BUT: If you have multiple sites hosted on that IIS, make sure to add conditions to check against the hostname. Use {HTTP_HOST} as "entry", "matches pattern" and your full domain for EtherPad Lite as pattern.
Finally, in action, I used "forward to server farm" with schema "http://", Serverfarm "the one I created before" and Path "/{R:0}". That's it.
For me, this worked both with http and https.
- Docs
- Translating
- HTTP API
- Plugin framework (API hooks)
- Plugins (available)
- Plugins (list)
- Plugins (wishlist)
- Etherpad URIs / URLs to specific resources IE export
- Etherpad Full data export
- Introduction to the source
- Release Procedure
- Etherpad Developer guidelines
- Project to-do list
- Changeset Library documentation
- Alternative Etherpad-Clients
- Contribution guidelines
- Installing Etherpad
- Deploying Etherpad as a service
- Deploying Etherpad on CloudFoundry
- Deploying Etherpad on Heroku
- Running Etherpad on Phusion Passenger
- Putting Etherpad behind a reverse Proxy (HTTPS/SSL)
- How to setup Etherpad on Ubuntu 12.04 using Ansible
- Migrating from old Etherpad to Etherpad
- Using Etherpad with MySQL
- Customizing the Etherpad web interface
- Enable import/export functionality with AbiWord
- Getting a list of all pads
- Providing encrypted web access to Etherpad using SSL certificates
- Optimizing Etherpad performance including faster page loads
- Getting to know the tools and scripts in the Etherpad /bin/ folder
- Embedding a pad using the jQuery plugin
- Using Embed Parameters
- Integrating Etherpad in a third party app (Drupal, MediaWiki, WordPress, Atlassian, PmWiki)
- HTTP API client libraries