Find below a procedure to deploy a Nginx reverse proxy in front of 2
tiddlywiki servers (one accessible through a /wiki/.The other one through
/wiki/ paths.
This is a need that emerged to avoid opening and configuring a number of
ports on my cloud server. The below procedure give indications for
- configuring the basic reverse proxy to point to the 2 tiddlywiki
servers
- augment the configuration with Basic Auth
- augment the configuration with SSL (self signed certificate ... basic
approach)
Certainly not optimal bu may be useful to anybody facing the same problem
Other options exist like the tiddlyServer that certainly bring other added
values
Basic Nginx configuration (No Auth)config tiddlywiki
- We assume here that we have 2 tiddlywiki (nodejs based) running on
port 4013 & 4014 on 127.0.0.1
- Add on each of them a tiddler with the title: $:/config/tiddlyweb/host and
content
- $protocol$//$host$/wiki/ for the first one
- $protocol$//$host$/sub/ for the second one
-
config nginx
events {
worker_connections 768;
# multi_accept on;
}
http {
server {
listen 80;
location /wiki/ {
proxy_pass http://127.0.0.1:4014/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /sub/ {
proxy_pass http://127.0.0.1:4013/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}
- restart nginx: sudo service nginx restart
Access
- http://192.168.0.101/wiki/
- http://192.168.0.101/sub/
Nginx Basi Auth
- sudo apt-get install apache2-utils
- Create a password for the user userName:
- sudo htpasswd -c /etc/nginx/.htpasswd userName
- update the nginx.conf
events {
worker_connections 768;
# multi_accept on;
}
http {
server {
listen 80;
location /wiki/ {
proxy_pass http://127.0.0.1:4014/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
auth_basic "Private Property";
auth_basic_user_file /etc/nginx/.htpasswd;
}
location /sub/ {
proxy_pass http://127.0.0.1:4013/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
auth_basic "Private Property";
auth_basic_user_file /etc/nginx/.htpasswd;
}
}
}
- restart nginx: sudo service nginx restart
- you should be challenged on
- http://192.168.0.101/wiki/
- http://192.168.0.101/sub/
Nginx SSL
- We assume that we will create and store our certificate into the
directory /home/pi/tiddly-wiki/certif_ssl
- cd /home/pi/tiddly-wiki/certif_ssl
- create the private key: openssl genrsa -out vpl_nginx.pk 2048
- create certificate request: openssl req -new -key vpl_nginx.pk -out
vpl_nginx.csr . Take care about *Common Name*. I've used here the IP@ as
it is the way I access my server. Need to put the Common Name used for
acessing the proxy from the browser.
Country Name (2 letter code) [AU]:FR
State or Province Name (full name) [Some-State]:XXXX
Locality Name (eg, city) []:XXXX
Organization Name (eg, company) [Internet Widgits Pty Ltd]:XXXX
Organizational Unit Name (eg, section) []:XXXX
Common Name (e.g. server FQDN or YOUR name) []:82.165.251.188
Email Address []:[email protected]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:cat name
An optional company name []:XXXX
- generate signed certificate: openssl x509 -req -days 365 -in
vpl_nginx.csr -signkey vpl_nginx.pk -out vpl_nginx.crt
- update nginx.conf
events {
worker_connections 768;
# multi_accept on;
}
http {
server {
listen 443 ssl;
#server_name 192.168.0.101
ssl on;
ssl_certificate /home/pi/tiddly-wiki/certif_ssl/vpl_nginx.crt;
ssl_certificate_key /home/pi/tiddly-wiki/certif_ssl/vpl_nginx.pk;
location /wiki/ {
proxy_pass http://127.0.0.1:4014/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
auth_basic "Private Property";
auth_basic_user_file /etc/nginx/.htpasswd;
}
location /sub/ {
proxy_pass http://127.0.0.1:4013/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
auth_basic "Private Property";
auth_basic_user_file /etc/nginx/.htpasswd;
}
}
}
- restart nginx: sudo service nginx restart
Access
- https://192.168.0.101/wiki/
- https://192.168.0.101/sub/
--
You received this message because you are subscribed to the Google Groups
"TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit
https://groups.google.com/d/msgid/tiddlywiki/877984f3-5d9f-4272-b9c7-af0b1a875a3c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
