Hi all, I've been beating my head against the wall for hours over this now. I'd like to run Sage Notebook server from my home server, which also has a few other web based apps running through Apache. Obviously, I want to enable ssl -- and I already have a certificate for my own domain that I'm using to run those other apps.
This is going to be a long post, so I'll get straight to the questions first in case someone already knows the answer. My goal is to be able to go to https://www.mydomain.com/sage in order to use the sage notebook server. 1. Is there a way to set the context path for the Sage notebook server? What I mean is, normally you have browse to http://127.0.0.1:8000 to get to the notebook server, but is there a setting that will allow you to go to http://127.0.0.1:8000/sage to see it? 2. If that's not possible, what are the exact apache config settings I need to use to get reverse proxy running correctly. Other sources ( http://wiki.sagemath.org/SageServer) don't consider an environment with other web services. What if I'm already using reverse proxy for another service? 3. If that's not possible (or nobody knows) -- I have my own ssl certificate that I got from startssl.com. How can I get Sage to use my verified certificate rather than the one it generates? First off, my setup uses two VBox virtual machines -- one Ubuntu 10.04 (64-bit), and one Windows 2008 R2 (64-bit). The physical server is Ubuntu 8.04 (AMD64, 64-bit). The Ubuntu VM is running Apache2 and subversion, and the Windows VM is running a bunch of media services. What I'm trying to do is run Sage on the physical server, and use Apache2 on the Ubuntu VM as the gateway for it. The reason why is that I'm already using Apache2 as a gateway to other services on my Windows VM, so port 443 is already forwarded to the Ubuntu VM. (Why am I running Apache in a VM? Uhm...long story. It doesn't really matter for this.) This page (http://wiki.sagemath.org/SageServer) makes a recommendation that doesn't work for my setup. Here's the relevant Apache config section: <VirtualHost *:80> ServerName YOUR_SERVER_NAMEProxyRequests OffProxyPreserveHost On<Proxy *>Order deny,allowAllow from all</Proxy>ProxyPass / http://localhost:8000/ProxyPassReverse / http://localhost:8000/ DocumentRoot / <Location /> DefaultType text/html </Location> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined ServerAdmin YOUR_SERVER_ADMIN_EMAIL_ADDRESS </VirtualHost> The problem with this is that ProxyPass and ProxyPassReverse both send * everything* to the sage notebook server. This is for a setup with a dedicated domain; i.e., http://www.mydomain.com will be the url for sage. I want to use https://www.mydomain.com/sage. In order to do that I first tried these directives in the "default-ssl" config file: ProxyPass /sage http://192.168.2.140:8000/ProxyPassReverse /sage http://192.168.2.140:8000/ The problem with this is that all of the links in the html work improperly, meaning images, css, and javascript don't load. The reason is that the html uses paths like "/path/to/image.png", which gets resolved on the client side to https://www.mydomain.com/path/to/image.png instead of https://www.mydomain.com/sage/path/to/image.png. This also means that the submit button for the login directs to https://www.mydomain.com/home instead of https://www.mydomain.com/sage/home. I think the easiest fix for this is if there was some setting in Sage that allows you (on the local network) to browse to http://192.168.2.140/sage. This is what my music server does -- it allows me to change the context path. The directives I use for that (which work perfectly) are: ProxyPass /music http://192.168.2.140:8181/musicProxyPassReverse /music http://192.168.2.140:8181/music Okay, so I tried working around this problem. I discovered that I should be able to use mod_proxy_html to resolve URIs properly. I used information from these two sites (http://wlug.org.nz/ApacheReverseProxy and http://www.apachetutor.org/admin/reverseproxies) to come up with a configuration that works sort of half way. (Following the config directives of either site by itself either resulted in the same issues or the notebook server being totally inaccessible.) Here's the config I used: ProxyPass /sage/ http://192.168.2.140:8000/ ProxyHTMLURLMap http://192.168.2.140:8000 /sage <Location /sage/> Order deny,allow Allow from all ProxyPassReverse / SetOutputFilter proxy-html ProxyHTMLURLMap / /sage/ </Location> At first, when I browse to https://www.mydomain.com/sage/ I found success! The css, images, and everything loaded properly! But when I try to log in, for some reason I get redirected to http://192.168.2.140:8000/. I just don't understand why this happens, and I've tried playing around with the directives, but I don't have any more success than getting the first login page to show up correctly. After that it sends my browser to the local network location. Has anyone gotten a setup like what I'm trying to do to run successfully? Right now, I have my router forwarding port 8000 to the sage notebook server and "secure=True" option set. I also have a redirect rule in Apache so that I can browse to http://www.mydomain.com/sage and it will redirect me to https://www.mydomain.com:8000. But this is less than ideal; first it just bugs me having the port in the URL -- it seems unclean to me and might confuse other people who try this out on my server. Second, and much more importantly, this requires sage to use its own ssl certificate, which isn't trusted and causes the browser to freak out and throw that scary warning that will intimidate regular users. At the very least, I'd like to be able to install my own verified ssl certificate so that those warnings don't happen. I haven't been able to find a .crt or .key file, but I found about a dozen .pem files all over sage's python directory structure. Is there anything I can do to replace the ssl certificate with my own? Thanks for any help! Jonathan -- To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/sage-support URL: http://www.sagemath.org
