Re: [Wikitech-l] Integrating Parsoid & RESTbase into a secure MediaWiki Install
To wrap this up, I managed to get SSL to RESTbase working, but using CPanel AutoSSL instead of LetsEncrypt. AutoSSL and LetsEncrypt are similar services but I used AutoSSL because my main mediawiki install is served on CPanel. In a nutshell, I ) Created a sub-domain, mw.mywikidomain.com. The associated SSL certificate was automatically created. ) Pointed the DNS entry for mw.mywikidomain.com to my home server IP address ) Exported the certificate and key entries into an stunnel install running on my home server and listening on port 7232. ) Changed the $wgVisualEditorRestbaseURL and $wgVisualEditorFullRestbaseURL to point to https://mw.mydomain.com:7232/mywikidomain.com/v1/page/html/ and https://mw.mydomain.com:7232/mywikidomain.com/, respectively. Thanks for the help. John On February 22, 2017 10:14:54 AM John P. New wrote: > Thanks to a couple of members of this list I was able to get Visual Editor > working on my WikiMedia install. > > Now I would like to run the wiki under SSL. Of course, as soon as I do, my > browser complains of mixed content from the RESTbase server and won't load VE > at all. > > I am running MediaWiki 1.28 on a shared host, which means no access to > node.js. So in order to run Parsoid and RESTbase I have installed both on my > home server. As such, I have no way of getting a trusted SSL certificate for > it; the most I could do is a self-signed certificate, which I am sure will > cause as many browser complaints as the current mixed-content does. > > My question is, what is the likelihood of getting this configuration to work > under SSL? > > John ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Integrating Parsoid & RESTbase into a secure MediaWiki Install
On Wed, Feb 22, 2017 at 7:14 AM, John P. Newwrote: > I am running MediaWiki 1.28 on a shared host, which means no access to > node.js. So in order to run Parsoid and RESTbase I have installed both on > my home server. As such, I have no way of getting a trusted SSL certificate > for it; the most I could do is a self-signed certificate, which I am sure > will cause as many browser complaints as the current mixed-content does. > VE calls are proxied through the wiki; you can serve them in SSL but make the wiki -> Parsoid server calls in plaintext. That said, you should definitely use Let's Encrypt; it's very easy to set up and you have one less script injection / cookie stealing vulnerability. ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Integrating Parsoid & RESTbase into a secure MediaWiki Install
I had thought of LetsEncrypt, but I was under the (mistaken) impression that SSL certificates are bound to the IP address as well as the hostname of the server. Upon further investigation, I see that SSL certificates are not IP address dependent. I'll give it a try, thanks. On February 22, 2017 04:57:30 PM Alex Monk wrote: > You can get a trusted cert for your home server. Look into LetsEncrypt. > > On 22 Feb 2017 3:15 pm, "John P. New"wrote: > > > Thanks to a couple of members of this list I was able to get Visual Editor > > working on my WikiMedia install. > > > > Now I would like to run the wiki under SSL. Of course, as soon as I do, my > > browser complains of mixed content from the RESTbase server and won't load > > VE at all. > > > > I am running MediaWiki 1.28 on a shared host, which means no access to > > node.js. So in order to run Parsoid and RESTbase I have installed both on > > my home server. As such, I have no way of getting a trusted SSL certificate > > for it; the most I could do is a self-signed certificate, which I am sure > > will cause as many browser complaints as the current mixed-content does. > > > > My question is, what is the likelihood of getting this configuration to > > work under SSL? > > > > John ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Integrating Parsoid & RESTbase into a secure MediaWiki Install
You can get a trusted cert for your home server. Look into LetsEncrypt. On 22 Feb 2017 3:15 pm, "John P. New"wrote: > Thanks to a couple of members of this list I was able to get Visual Editor > working on my WikiMedia install. > > Now I would like to run the wiki under SSL. Of course, as soon as I do, my > browser complains of mixed content from the RESTbase server and won't load > VE at all. > > I am running MediaWiki 1.28 on a shared host, which means no access to > node.js. So in order to run Parsoid and RESTbase I have installed both on > my home server. As such, I have no way of getting a trusted SSL certificate > for it; the most I could do is a self-signed certificate, which I am sure > will cause as many browser complaints as the current mixed-content does. > > My question is, what is the likelihood of getting this configuration to > work under SSL? > > John > > ___ > Wikitech-l mailing list > Wikitech-l@lists.wikimedia.org > https://lists.wikimedia.org/mailman/listinfo/wikitech-l ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
[Wikitech-l] Integrating Parsoid & RESTbase into a secure MediaWiki Install
Thanks to a couple of members of this list I was able to get Visual Editor working on my WikiMedia install. Now I would like to run the wiki under SSL. Of course, as soon as I do, my browser complains of mixed content from the RESTbase server and won't load VE at all. I am running MediaWiki 1.28 on a shared host, which means no access to node.js. So in order to run Parsoid and RESTbase I have installed both on my home server. As such, I have no way of getting a trusted SSL certificate for it; the most I could do is a self-signed certificate, which I am sure will cause as many browser complaints as the current mixed-content does. My question is, what is the likelihood of getting this configuration to work under SSL? John ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l