Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Supported by

JATOS with Apache (HTTPS with Let's Encrypt)

Hi everyone,

I wanted to enable https for JATOS, but I have run into a problem that I am not able to solve.

So far, I have installed Apache on my Ubuntu server and obtained a SSL certificate from Let's Encrypt with Certbot. Additionally, I have followed the instructions here:

to run JATOS on Apache. I had some problems with the certificate so I changed the certificate part in the .conf file to this:

# Your certificate for encryption
SSLEngine 					on
SSLCertificateFile    		/etc/letsencrypt/live/mydomain.com/cert.pem
SSLCertificateKeyFile 		/etc/letsencrypt/live/mydomain.com/privkey.pem
SSLCertificateChainFile 	/etc/letsencrypt/live/mydomain.com/fullchain.pem

While the test virtual host for my domain is working correctly (https protected), JATOS is still running without https.

When I run a syntax test on the config file, I do not get any errors. So that seems to be fine at least. I have also checked that the port 443 is listen in /etc/apache2/ports.conf. Additionally, I have tried to search the web for more possible solutions, but did not find anything helpful.

Does anyone have an idea what could be the problem? I am happy to provide further information if needed.

Thanks a lot and best regards,

Yvonne

Comments

  • Hi Yvonne,

    It's quite some time that I used Apache. But from what I remember your SSL setting looks fine.

    It would be helpful for me to see the rest of the Apache conf. And which version are you using?

    Kristian

  • Hi Kristian,

    thank you for your time and help! I am using Ubuntu 18.10, Apache 2.4.34 and JATOS 3.3.2. Here is the content of the .conf file (server name is a placeholder).

    ServerName mydomain.com
    <VirtualHost *:80>
            ServerAdmin webmaster@localhost
            ServerName mydomain.com
            ServerAlias www.mydomain.com
            DocumentRoot /var/www/mydomain.com
            ErrorLog ${APACHE_LOG_DIR}/error.log
            CustomLog ${APACHE_LOG_DIR}/access.log combined
            # Redirect all unencrypted traffic to the respective HTTPS page
            Redirect "/" "https://www.mydomain.com/"
    </VirtualHost>
    
    <VirtualHost *:443>
      ServerName www.mydomain.com
    
      # Restrict access to JATOS GUI to local network
      # <Location "/jatos">
      #  Order deny,allow
      #  Deny from all
      #  Allow from 127.0.0.1 ::1
      #  Allow from localhost
      #  Allow from 192.168
      #</Location>
    
      # Needed for JATOS to get the correct host and protocol
      ProxyPreserveHost On
      RequestHeader set X-Forwarded-Proto "https"
      RequestHeader set X-Forwarded-Ssl "on"
    
      # Your certificate for encryption
      SSLEngine On
      SSLCertificateFile /etc/letsencrypt/live/mydomain.com/cert.pem
      SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
      SSLCertificateChainFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
    
      # JATOS uses WebSockets for its batch and group channels
      RewriteEngine On
      RewriteCond %{HTTP:Upgrade} =websocket [NC]
      RewriteRule /(.*)           ws://localhost:9000/$1 [P,L]
      RewriteCond %{HTTP:Upgrade} !=websocket [NC]
      RewriteRule /(.*)           http://localhost:9000/$1 [P,L]
    
      # Proxy everything to the JATOS running on localhost on port 9000 
      ProxyPass / http://localhost:9000/
      ProxyPassReverse / http://localhost:9000/
    </VirtualHost>
    

    If you think this is a problem of Apache and not JATOS, I can also try to ask for help somewhere else to not waste your time.

    Also, if you need more information, please let me know.

    Thank you again and best regards,

    Yvonne

  • Just for info: I gave up on trying to solve this (nothing worked). I might try to use Nginx instead of Apache.

  • Sorry Yvonne, I never answered. But I actually looked at your Apache config and couldn't find anything obviously wrong.

    Apache can be a bummer. It does not work until it works and then it is unbreakable.

    Actually I prefer Nginx too these days. You probable have seen the doc http://www.jatos.org/JATOS-with-Nginx.html.

    Or if you prefer Docker: JATOS + Traefik. With Traefik comes encryption out-of-the-box. But one looses a bit of control because everything is containerized. There is a doc about JATOS + Traefik on Digital Ocean http://www.jatos.org/JATOS-on-DigitalOcean.html. With a bit of adaptation this can be applied to any Linux system.

    If you have questions I'm happy to help. And if you are completely stuck I can have a look at your server.

    Best

    Kristian

  • Hi Kristian,

    no worries, I just wanted to let people know that I was not looking for a solution for Apache + JATOS anymore.

    I switched to your recommendation (JATOS + Traefik) this morning and that worked like a charm, thank you!

    Before that, I did try Nginx, but I was not able to make it work either. Everything was running fine as long as I did not include the code chunk specific to JATOS. When I added that, I got the following warnings:

    nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/nginx.conf:66
    nginx: [warn] conflicting server name "www.mydomain.com" on 0.0.0.0:80, ignored
    nginx: [warn] conflicting server name "www.mydomain.com" on 0.0.0.0:443, ignored
    

    As far as I am aware, the line:

     ssl                  on;
    

    is causing the first warning because the command is no longer needed in newer versions of Nginx. Concerning the other warnings, I probably messed up the server names somehow. I thought it was maybe worth including this if someone runs into a similar problem in the future.

    For now, I am happy that https finally works. Thanks a lot!

    Best,

    Yvonne

  • Hi Yvonne,

    Nice you got it working with Traefik! I'm glad I was of any help.

    Maybe I should add a page to JATOS docs "JATOS + Traefik" (without the whole Digital Ocean part).

    Regarding the "ssl" in the Nginx config: you might be right. I'm using Traefik lately and haven't tried recent versions of Nginx. I'll have a look and fix the JATOS docs. Thank you for pointing it out.

    Best,

    Kristian

Sign In or Register to comment.