Skip to content

Instantly share code, notes, and snippets.

@jhass
Last active March 12, 2021 13:18
Show Gist options
  • Save jhass/719014 to your computer and use it in GitHub Desktop.
Save jhass/719014 to your computer and use it in GitHub Desktop.
Advanced Diaspora Apache reverse proxy
# Make sure to notice the comments at https://gist.github.com/jhass/719014#gistcomment-19774
<VirtualHost *:80>
ServerName diaspora.example.org
ServerAlias www.diaspora.example.org
RedirectPermanent / https://diaspora.example.org/
</VirtualHost>
<VirtualHost *:443>
ServerName diaspora.example.org
ServerAlias www.diaspora.example.org
DocumentRoot /home/diaspora/diaspora/public
RewriteEngine On
RewriteCond %{HTTP_HOST} !^diaspora\.example\.org [NC]
RewriteRule ^/(.*)$ https://diaspora\.example\.org/$1 [L,R,QSA]
# For Camo support
#RewriteRule ^/camo/(.*)$ balancer://camo/$1 [P,QSA,L]
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule ^/(.*)$ balancer://upstream%{REQUEST_URI} [P,QSA,L]
<Proxy balancer://upstream>
# Recommended, using a unix socket (Requires Apache >= 2.4)
BalancerMember unix:///path/to/diaspora/tmp/diaspora.sock|http://
# Alternatively let diaspora listen on a local port (Use this for Apache < 2.4)
# BalancerMember http://localhost:3000
</Proxy>
# For Camo support
#<Proxy balancer://camo>
# BalancerMember http://localhost:8081
#</Proxy>
ProxyRequests Off
ProxyVia On
ProxyPreserveHost On
RequestHeader set X_FORWARDED_PROTO https
<Proxy *>
# Apache < 2.4
#Order allow,deny
#Allow from all
# Apache >= 2.4
Require all granted
</Proxy>
<Directory /home/diaspora/diaspora/public>
Options -MultiViews
# Apache < 2.4
#Allow from all
#AllowOverride all
# Apache >= 2.4
Require all granted
</Directory>
SSLEngine On
SSLCertificateFile /path/to/cert
SSLCertificateKeyFile /path/to/private_key
# For Let's encrypt it should point to /etc/letsencrypt/live/diaspora.example.org/chain.pem
SSLCertificateChainFile /path/to/chain_file
# Based on https://wiki.mozilla.org/Security/Server_Side_TLS - consider as global configuration
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder off
SSLSessionTickets off
</VirtualHost>
@jhass
Copy link
Author

jhass commented Feb 1, 2011

requires mod_ssl, mod_rewrite, mod_headers, mod_proxy, mod_proxy_http and mod_proxy_balancer

For Apache 2.4 add mod_lbmethod_byrequests and mod_slotmem_shm to the list.

@jhass
Copy link
Author

jhass commented Feb 10, 2011

To display a custom message when your pod is unavailable, for example when you're updating your pod, put an HTML file under /path/to/diaspora/public, i. e. /path/to/diaspora/public/updating.html and add the following inside the sections:

ErrorDocument 503 /updating.html

@petarpetrovic
Copy link

In order to enable mod_rewrite and all subsequent mods on Debian and Ubuntu, you need to type a2enmod rewrite, a2enmod proxy, etc. Discard the mod_ part of the package and write it along with a2enmod.

Copy link

ghost commented Nov 17, 2013

You can also use a2enmod on Arch Linux by installing a2enmod-git from the AUR.

@sedrubal
Copy link

Hi, I made everything as explained in the installation instructions and added this config to apache/sited-available/ but apache doesn't start anymore. This is the output in the terminal:

$ sudo service apache2 restart 
 * Restarting web server apache2                                                   [fail] 
 * The apache2 instance did not start within 20 seconds. Please read the log files to discover problems

and this is written in the apache error log:

[proxy:crit] [pid xyz] AH02432: Cannot find LB Method: byrequests
[proxy_balancer:emerg] [pid xyz] (22)Invalid argument: AH01183: Cannot share balancer
[:emerg] [pid xyz] AH00020: Configuration Failed, exiting

Can anybody help me? Thanks

@jhass
Copy link
Author

jhass commented Aug 30, 2014

@sedrubal you didn't load all needed methods, see the first comment.

@sedrubal
Copy link

Oh thank you :D I forgot mod_lbmethod_byrequests

@MrPetovan
Copy link

Thanks for this working example.

Since Diaspora 0.6.0.0, the default listen configuration is unix:tmp/diaspora.sock, can I substitute

<Proxy balancer://upstream>
  BalancerMember http://127.0.0.1:3000
</Proxy>

with

<Proxy balancer://upstream>
  BalancerMember unix:tmp/diaspora.sock
</Proxy>

?

@gabsoftware
Copy link

gabsoftware commented Aug 29, 2016

I had to use the following line in my Apache config to make it work:
BalancerMember unix:///home/diaspora/diaspora/tmp/diaspora.sock|http://
(notice the 3 slashes and the |http:// in the end)

@jh537
Copy link

jh537 commented Sep 1, 2016

No protocol handler was valid for the URL /. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
https://blog.isatis-online.de/apache-als-proxy-mit-sockets/
I've got it with a current Apache (2.4.23) and a reboot.
https://launchpad.net/~ondrej/+archive/ubuntu/apache2?field.series_filter=trusty

@hostile123
Copy link

Hi followed instructions, but it not start, Im on new ubuntu 16.04 updated server.

Heres Diaspora console log : https://gyazo.com/388dc1649a05cca515b6475ac0f2c190

Apache2 log https://gyazo.com/0e51a49c748c91d2eb12c4316ed91134

Heres apache config http://vodeoo.com/vodeoo.conf (should displays in chrome)

I looked at https://gist.github.com/jhass/719014

I got all apache mods enabled

@juliangilbey
Copy link

Hi Hostile, it looks as though Diaspora did not start up correctly, nothing to do with Apache. It keeps saying it's crashed for some reason.

@xenotropic
Copy link

unix socket version failed repeatedly for me with the 'No protocol handler was valid for the URL /' message. Switched diaspora over to http rather that unix socket -- edit /home/diaspora/diaspora/config/diaspora.yml and search for '3000' -- and it works. That workaround is fine for me for now, but if anyone has ideas on why the socket fails would be curious. Apache 2.4.7, Ubuntu 14.04, Diaspora 0.7.4.1

@ApatheticCosmos
Copy link

In order to get it working with the socket file on ubuntu 18.04, run this to enable all the required Apache modules:
# a2enmod ssl rewrite headers proxy proxy_http proxy_balancer lbmethod_byrequests slotmem_shm

@vpsinghbaghel
Copy link

vpsinghbaghel commented Jan 15, 2021

Please suggest below installation for CentOS 7. I am getting apache default test page only.

requires mod_ssl, mod_rewrite, mod_headers, mod_proxy, mod_proxy_http and mod_proxy_balancer

For Apache 2.4 add mod_lbmethod_byrequests and mod_slotmem_shm to the list.

@lgcivttu
Copy link

Please suggest below installation for CentOS 7. I am getting apache default test page only.

I am having the same exact problem. CentOS7/Apache.

@vpsinghbaghel
Copy link

I have removed apache, Installed Nginx and followed the nginx proxy guide they provided and it worked for me.

@heatherita
Copy link

Hi, I am in the process of installing diaspora and setting apache up. Is there any way of nstalling diaspora purely on localhost without any networking or hosting? I want to get a basic idea how it is to work with ROR before I go any further. Thanks.

@jhass
Copy link
Author

jhass commented Jan 22, 2021

@heatherita A development setup of diaspora does not need a reverse proxy setup, you just access http://localhost:3000 directly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment