Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Advanced Diaspora Apache reverse proxy
# Make sure to notice the comments at https://gist.github.com/jhass/719014#gistcomment-19774
<VirtualHost *:80>
ServerName diaspora.example.org
ServerAlias www.diaspora.example.org
RedirectPermanent / https://diaspora.example.org/
</VirtualHost>
<VirtualHost *:443>
ServerName diaspora.example.org
ServerAlias www.diaspora.example.org
DocumentRoot /home/diaspora/diaspora/public
RewriteEngine On
RewriteCond %{HTTP_HOST} !^diaspora\.example\.org [NC]
RewriteRule ^/(.*)$ https://diaspora\.example\.org/$1 [L,R,QSA]
# For Camo support
#RewriteRule ^/camo/(.*)$ balancer://camo/$1 [P,QSA,L]
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule ^/(.*)$ balancer://upstream%{REQUEST_URI} [P,QSA,L]
<Proxy balancer://upstream>
# Recommended, using a unix socket (Requires Apache >= 2.4)
BalancerMember unix:///path/to/diaspora/tmp/diaspora.sock|http://
# Alternatively let diaspora listen on a local port (Use this for Apache < 2.4)
# BalancerMember http://localhost:3000
</Proxy>
# For Camo support
#<Proxy balancer://camo>
# BalancerMember http://localhost:8081
#</Proxy>
ProxyRequests Off
ProxyVia On
ProxyPreserveHost On
RequestHeader set X_FORWARDED_PROTO https
<Proxy *>
# Apache < 2.4
#Order allow,deny
#Allow from all
# Apache >= 2.4
Require all granted
</Proxy>
<Directory /home/diaspora/diaspora/public>
Options -MultiViews
# Apache < 2.4
#Allow from all
#AllowOverride all
# Apache >= 2.4
Require all granted
</Directory>
SSLEngine On
SSLCertificateFile /path/to/cert
SSLCertificateKeyFile /path/to/private_key
# Might not needed, needs for example for StartSSL to point to a local
# copy of https://www.startssl.com/certs/class1/sha2/pem/sub.class1.server.sha2.ca.pem
# For Let's encrypt it should point to /etc/letsencrypt/live/diaspora.example.org/chain.pem
SSLCertificateChainFile /path/to/chain_file
# Based on https://wiki.mozilla.org/Security/Server_Side_TLS - consider as global configuration
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:AES:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK
SSLHonorCipherOrder on
SSLCompression off
</VirtualHost>
@jhass

This comment has been minimized.

Copy link
Owner Author

jhass commented Feb 1, 2011

requires mod_ssl, mod_rewrite, mod_headers, mod_proxy, mod_proxy_http and mod_proxy_balancer

For Apache 2.4 add mod_lbmethod_byrequests and mod_slotmem_shm to the list.

@jhass

This comment has been minimized.

Copy link
Owner Author

jhass commented Feb 10, 2011

To display a custom message when your pod is unavailable, for example when you're updating your pod, put an HTML file under /path/to/diaspora/public, i. e. /path/to/diaspora/public/updating.html and add the following inside the sections:

ErrorDocument 503 /updating.html
@petarpetrovic

This comment has been minimized.

Copy link

petarpetrovic commented Dec 7, 2011

In order to enable mod_rewrite and all subsequent mods on Debian and Ubuntu, you need to type a2enmod rewrite, a2enmod proxy, etc. Discard the mod_ part of the package and write it along with a2enmod.

@ghost

This comment has been minimized.

Copy link

ghost commented Nov 17, 2013

You can also use a2enmod on Arch Linux by installing a2enmod-git from the AUR.

@sedrubal

This comment has been minimized.

Copy link

sedrubal commented Aug 15, 2014

Hi, I made everything as explained in the installation instructions and added this config to apache/sited-available/ but apache doesn't start anymore. This is the output in the terminal:

$ sudo service apache2 restart 
 * Restarting web server apache2                                                   [fail] 
 * The apache2 instance did not start within 20 seconds. Please read the log files to discover problems

and this is written in the apache error log:

[proxy:crit] [pid xyz] AH02432: Cannot find LB Method: byrequests
[proxy_balancer:emerg] [pid xyz] (22)Invalid argument: AH01183: Cannot share balancer
[:emerg] [pid xyz] AH00020: Configuration Failed, exiting

Can anybody help me? Thanks

@jhass

This comment has been minimized.

Copy link
Owner Author

jhass commented Aug 30, 2014

@sedrubal you didn't load all needed methods, see the first comment.

@sedrubal

This comment has been minimized.

Copy link

sedrubal commented Sep 16, 2014

Oh thank you :D I forgot mod_lbmethod_byrequests

@MrPetovan

This comment has been minimized.

Copy link

MrPetovan commented Aug 27, 2016

Thanks for this working example.

Since Diaspora 0.6.0.0, the default listen configuration is unix:tmp/diaspora.sock, can I substitute

<Proxy balancer://upstream>
  BalancerMember http://127.0.0.1:3000
</Proxy>

with

<Proxy balancer://upstream>
  BalancerMember unix:tmp/diaspora.sock
</Proxy>

?

@gabsoftware

This comment has been minimized.

Copy link

gabsoftware commented Aug 29, 2016

I had to use the following line in my Apache config to make it work:
BalancerMember unix:///home/diaspora/diaspora/tmp/diaspora.sock|http://
(notice the 3 slashes and the |http:// in the end)

@jh537

This comment has been minimized.

Copy link

jh537 commented Sep 1, 2016

No protocol handler was valid for the URL /. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
https://blog.isatis-online.de/apache-als-proxy-mit-sockets/
I've got it with a current Apache (2.4.23) and a reboot.
https://launchpad.net/~ondrej/+archive/ubuntu/apache2?field.series_filter=trusty

@Hostile

This comment has been minimized.

Copy link

Hostile commented Nov 7, 2016

Hi followed instructions, but it not start, Im on new ubuntu 16.04 updated server.

Heres Diaspora console log : https://gyazo.com/388dc1649a05cca515b6475ac0f2c190

Apache2 log https://gyazo.com/0e51a49c748c91d2eb12c4316ed91134

Heres apache config http://vodeoo.com/vodeoo.conf (should displays in chrome)

I looked at https://gist.github.com/jhass/719014

I got all apache mods enabled

@juliangilbey

This comment has been minimized.

Copy link

juliangilbey commented Jan 12, 2017

Hi Hostile, it looks as though Diaspora did not start up correctly, nothing to do with Apache. It keeps saying it's crashed for some reason.

@xenotropic

This comment has been minimized.

Copy link

xenotropic commented Apr 14, 2018

unix socket version failed repeatedly for me with the 'No protocol handler was valid for the URL /' message. Switched diaspora over to http rather that unix socket -- edit /home/diaspora/diaspora/config/diaspora.yml and search for '3000' -- and it works. That workaround is fine for me for now, but if anyone has ideas on why the socket fails would be curious. Apache 2.4.7, Ubuntu 14.04, Diaspora 0.7.4.1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.