Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links

Categories

Supported by
Bestel Een wereld vol denkers door Sebastiaan Mathôt via bol.com

JATOS with Apache (HTTPS with Let's Encrypt)

yvonneyvonne
in JATOS

Hi everyone,

I wanted to enable https for JATOS, but I have run into a problem that I am not able to solve.

So far, I have installed Apache on my Ubuntu server and obtained a SSL certificate from Let's Encrypt with Certbot. Additionally, I have followed the instructions here:

https://www.jatos.org/JATOS-with-Apache.html

to run JATOS on Apache. I had some problems with the certificate so I changed the certificate part in the .conf file to this:

# Your certificate for encryption
SSLEngine 					on
SSLCertificateFile    		/etc/letsencrypt/live/mydomain.com/cert.pem
SSLCertificateKeyFile 		/etc/letsencrypt/live/mydomain.com/privkey.pem
SSLCertificateChainFile 	/etc/letsencrypt/live/mydomain.com/fullchain.pem

While the test virtual host for my domain is working correctly (https protected), JATOS is still running without https.

When I run a syntax test on the config file, I do not get any errors. So that seems to be fine at least. I have also checked that the port 443 is listen in /etc/apache2/ports.conf. Additionally, I have tried to search the web for more possible solutions, but did not find anything helpful.

Does anyone have an idea what could be the problem? I am happy to provide further information if needed.

Thanks a lot and best regards,

Yvonne

Comments

  • krikri

    Hi Yvonne,

    It's quite some time that I used Apache. But from what I remember your SSL setting looks fine.

    It would be helpful for me to see the rest of the Apache conf. And which version are you using?

    Kristian

  • yvonneyvonne

    Hi Kristian,

    thank you for your time and help! I am using Ubuntu 18.10, Apache 2.4.34 and JATOS 3.3.2. Here is the content of the .conf file (server name is a placeholder).

    ServerName mydomain.com
<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        ServerName mydomain.com
        ServerAlias www.mydomain.com
        DocumentRoot /var/www/mydomain.com
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        # Redirect all unencrypted traffic to the respective HTTPS page
        Redirect "/" "https://www.mydomain.com/"
</VirtualHost>

<VirtualHost *:443>
  ServerName www.mydomain.com

  # Restrict access to JATOS GUI to local network
  # <Location "/jatos">
  #  Order deny,allow
  #  Deny from all
  #  Allow from 127.0.0.1 ::1
  #  Allow from localhost
  #  Allow from 192.168
  #</Location>

  # Needed for JATOS to get the correct host and protocol
  ProxyPreserveHost On
  RequestHeader set X-Forwarded-Proto "https"
  RequestHeader set X-Forwarded-Ssl "on"

  # Your certificate for encryption
  SSLEngine On
  SSLCertificateFile /etc/letsencrypt/live/mydomain.com/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
  SSLCertificateChainFile /etc/letsencrypt/live/mydomain.com/fullchain.pem

  # JATOS uses WebSockets for its batch and group channels
  RewriteEngine On
  RewriteCond %{HTTP:Upgrade} =websocket [NC]
  RewriteRule /(.*)           ws://localhost:9000/$1 [P,L]
  RewriteCond %{HTTP:Upgrade} !=websocket [NC]
  RewriteRule /(.*)           http://localhost:9000/$1 [P,L]

  # Proxy everything to the JATOS running on localhost on port 9000 
  ProxyPass / http://localhost:9000/
  ProxyPassReverse / http://localhost:9000/
</VirtualHost>

    If you think this is a problem of Apache and not JATOS, I can also try to ask for help somewhere else to not waste your time.

    Also, if you need more information, please let me know.

    Thank you again and best regards,

    Yvonne

  • yvonneyvonne

    Just for info: I gave up on trying to solve this (nothing worked). I might try to use Nginx instead of Apache.

  • krikri

    Sorry Yvonne, I never answered. But I actually looked at your Apache config and couldn't find anything obviously wrong.

    Apache can be a bummer. It does not work until it works and then it is unbreakable.

    Actually I prefer Nginx too these days. You probable have seen the doc http://www.jatos.org/JATOS-with-Nginx.html.

    Or if you prefer Docker: JATOS + Traefik. With Traefik comes encryption out-of-the-box. But one looses a bit of control because everything is containerized. There is a doc about JATOS + Traefik on Digital Ocean http://www.jatos.org/JATOS-on-DigitalOcean.html. With a bit of adaptation this can be applied to any Linux system.

    If you have questions I'm happy to help. And if you are completely stuck I can have a look at your server.

    Best

    Kristian

  • yvonneyvonne

    Hi Kristian,

    no worries, I just wanted to let people know that I was not looking for a solution for Apache + JATOS anymore.

    I switched to your recommendation (JATOS + Traefik) this morning and that worked like a charm, thank you!

    Before that, I did try Nginx, but I was not able to make it work either. Everything was running fine as long as I did not include the code chunk specific to JATOS. When I added that, I got the following warnings:

    nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/nginx.conf:66
nginx: [warn] conflicting server name "www.mydomain.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.mydomain.com" on 0.0.0.0:443, ignored

    As far as I am aware, the line:

     ssl                  on;

    is causing the first warning because the command is no longer needed in newer versions of Nginx. Concerning the other warnings, I probably messed up the server names somehow. I thought it was maybe worth including this if someone runs into a similar problem in the future.

    For now, I am happy that https finally works. Thanks a lot!

    Best,

    Yvonne

  • krikri

    Hi Yvonne,

    Nice you got it working with Traefik! I'm glad I was of any help.

    Maybe I should add a page to JATOS docs "JATOS + Traefik" (without the whole Digital Ocean part).

    Regarding the "ssl" in the Nginx config: you might be right. I'm using Traefik lately and haven't tried recent versions of Nginx. I'll have a look and fix the JATOS docs. Thank you for pointing it out.

    Best,

    Kristian

  • trigtrig

    Hi Kristian and Yvonne,

    as both of you recommend that JATOS + Traefik is the easiest thing to do on your own server, I was wondering what code needs to be changed (from the DigitalOcean + Traefik example) in order to make it work on a Ubuntu server?

  • krikri

    Hi!

    First you would need to install docker and docker-compose. And then you would basically have to follow the little shell script from http://www.jatos.org/JATOS-on-DigitalOcean.html one by one. But you probably want to use a different user than root, so e.g. not /root/ but /home/my-user/.

    #!/bin/bash

DOMAIN_NAME="my.domain.name"
EMAIL="my.email@foo.com"

curl https://raw.githubusercontent.com/JATOS/JATOS/master/deploy/docker-compose.yaml > /root/docker-compose.yaml
curl https://raw.githubusercontent.com/JATOS/JATOS/master/deploy/traefik.toml > /root/traefik.toml

sed -i "s/<DOMAIN_NAME>/${DOMAIN_NAME}/g" /root/docker-compose.yaml
sed -i "s/<DOMAIN_NAME>/${DOMAIN_NAME}/g" /root/traefik.toml
sed -i "s/<EMAIL>/${EMAIL}/g" /root/traefik.toml

touch /root/acme.json
chmod 600 /root/acme.json
docker network create proxy
docker-compose -f /root/docker-compose.yaml up -d

    Best,

    Kristian

  • trigtrig

    Thanks a lot. That helps!

Sign In or Register to comment.
Sebastiaan Mathôt » v2.0.18 » Copyright 2011 — 2019 » Vanilla flavored » License