Advanced Diaspora Apache reverse proxy

diaspora.conf

# Make sure to notice the comments at https://gist.github.com/jhass/719014#gistcomment-19774

<VirtualHost *:80>
  ServerName diaspora.example.org
  ServerAlias www.diaspora.example.org
  
  RedirectPermanent / https://diaspora.example.org/
</VirtualHost>
<VirtualHost *:443>
 ServerName diaspora.example.org
 ServerAlias www.diaspora.example.org
 
 DocumentRoot /home/diaspora/diaspora/public

 RewriteEngine On

 RewriteCond %{HTTP_HOST} !^diaspora\.example\.org [NC]
 RewriteRule ^/(.*)$ https://diaspora\.example\.org/$1 [L,R,QSA]

 # For Camo support
 #RewriteRule ^/camo/(.*)$ balancer://camo/$1 [P,QSA,L]
 
 RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
 RewriteRule ^/(.*)$ balancer://upstream%{REQUEST_URI} [P,QSA,L]

 <Proxy balancer://upstream>
  # Recommended, using a unix socket (Requires Apache >= 2.4)
  BalancerMember unix:///path/to/diaspora/tmp/diaspora.sock|http://
  # Alternatively let diaspora listen on a local port (Use this for Apache < 2.4)
  # BalancerMember http://localhost:3000
 </Proxy>

 # For Camo support
 #<Proxy balancer://camo>
 #  BalancerMember http://localhost:8081
 #</Proxy>

 ProxyRequests Off
 ProxyVia On  
 ProxyPreserveHost On
 RequestHeader set X_FORWARDED_PROTO https

 <Proxy *>
  # Apache < 2.4
  #Order allow,deny
  #Allow from all
  # Apache >= 2.4
  Require all granted
 </Proxy>

 <Directory /home/diaspora/diaspora/public>
  Options -MultiViews
  # Apache < 2.4
  #Allow from all
  #AllowOverride all
  # Apache >= 2.4
  Require all granted
 </Directory>

 SSLEngine On
 SSLCertificateFile /path/to/cert
 SSLCertificateKeyFile /path/to/private_key
 
 # Might not needed, needs for example for StartSSL to point to a local
 # copy of https://www.startssl.com/certs/class1/sha2/pem/sub.class1.server.sha2.ca.pem
 # For Let's encrypt it should point to /etc/letsencrypt/live/diaspora.example.org/chain.pem
 SSLCertificateChainFile /path/to/chain_file


 # Based on https://wiki.mozilla.org/Security/Server_Side_TLS - consider as global configuration
 SSLProtocol             all -SSLv2 -SSLv3
 SSLCipherSuite          ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:AES:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK
 SSLHonorCipherOrder on
 SSLCompression off
</VirtualHost>

requires mod_ssl, mod_rewrite, mod_headers, mod_proxy, mod_proxy_http and mod_proxy_balancer

For Apache 2.4 add mod_lbmethod_byrequests and mod_slotmem_shm to the list.

To display a custom message when your pod is unavailable, for example when you're updating your pod, put an HTML file under /path/to/diaspora/public, i. e. /path/to/diaspora/public/updating.html and add the following inside the sections:

ErrorDocument 503 /updating.html

In order to enable mod_rewrite and all subsequent mods on Debian and Ubuntu, you need to type a2enmod rewrite, a2enmod proxy, etc. Discard the mod_ part of the package and write it along with a2enmod.

You can also use a2enmod on Arch Linux by installing a2enmod-git from the AUR.

Hi, I made everything as explained in the and added this config to apache/sited-available/ but apache doesn't start anymore. This is the output in the terminal:

$ sudo service apache2 restart 
 * Restarting web server apache2                                                   [fail] 
 * The apache2 instance did not start within 20 seconds. Please read the log files to discover problems

and this is written in the apache error log:

[proxy:crit] [pid xyz] AH02432: Cannot find LB Method: byrequests
[proxy_balancer:emerg] [pid xyz] (22)Invalid argument: AH01183: Cannot share balancer
[:emerg] [pid xyz] AH00020: Configuration Failed, exiting

Can anybody help me? Thanks

@sedrubal you didn't load all needed methods, see the first comment.

Oh thank you :D I forgot mod_lbmethod_byrequests

Thanks for this working example.

Since Diaspora 0.6.0.0, the default listen configuration is unix:tmp/diaspora.sock, can I substitute

<Proxy balancer://upstream>
  BalancerMember http://127.0.0.1:3000
</Proxy>

with

<Proxy balancer://upstream>
  BalancerMember unix:tmp/diaspora.sock
</Proxy>

?

I had to use the following line in my Apache config to make it work:
BalancerMember unix:///home/diaspora/diaspora/tmp/diaspora.sock|http://
(notice the 3 slashes and the |http:// in the end)

No protocol handler was valid for the URL /. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
https://blog.isatis-online.de/apache-als-proxy-mit-sockets/
I've got it with a current Apache (2.4.23) and a reboot.
https://launchpad.net/~ondrej/+archive/ubuntu/apache2?field.series_filter=trusty

Hi followed instructions, but it not start, Im on new ubuntu 16.04 updated server.

Heres Diaspora console log : https://gyazo.com/388dc1649a05cca515b6475ac0f2c190

Apache2 log https://gyazo.com/0e51a49c748c91d2eb12c4316ed91134

Heres apache config http://vodeoo.com/vodeoo.conf (should displays in chrome)

I looked at https://gist.github.com/jhass/719014

I got all apache mods enabled

Hi Hostile, it looks as though Diaspora did not start up correctly, nothing to do with Apache. It keeps saying it's crashed for some reason.

unix socket version failed repeatedly for me with the 'No protocol handler was valid for the URL /' message. Switched diaspora over to http rather that unix socket -- edit /home/diaspora/diaspora/config/diaspora.yml and search for '3000' -- and it works. That workaround is fine for me for now, but if anyone has ideas on why the socket fails would be curious. Apache 2.4.7, Ubuntu 14.04, Diaspora 0.7.4.1