Jonathan - Any luck solving this problem? I'm banging my head against the same wall. Reverse proxying through Apache seems to work fine with my Subsonic music server but my Sage session is unhappy with it. same symptoms.
Leif On Saturday, September 10, 2011 2:13:33 PM UTC-4, Jonathan Frankel wrote: > > Hi all, > > I've been beating my head against the wall for hours over this now. I'd > like to run Sage Notebook server from my home server, which also has a few > other web based apps running through Apache. Obviously, I want to enable > ssl -- and I already have a certificate for my own domain that I'm using to > run those other apps. > > This is going to be a long post, so I'll get straight to the questions > first in case someone already knows the answer. My goal is to be able to go > to https://www.mydomain.com/sage in order to use the sage notebook > server. > > > 1. Is there a way to set the context path for the Sage notebook > server? What I mean is, normally you have browse to > http://127.0.0.1:8000 to get to the notebook server, but is there a > setting that will allow you to go to http://127.0.0.1:8000/sage to see > it? > 2. If that's not possible, what are the exact apache config settings I > need to use to get reverse proxy running correctly. Other sources ( > http://wiki.sagemath.org/SageServer) don't consider an environment > with other web services. What if I'm already using reverse proxy for > another service? > 3. If that's not possible (or nobody knows) -- I have my own ssl > certificate that I got from startssl.com. How can I get Sage to use my > verified certificate rather than the one it generates? > > > First off, my setup uses two VBox virtual machines -- one Ubuntu 10.04 > (64-bit), and one Windows 2008 R2 (64-bit). The physical server is Ubuntu > 8.04 (AMD64, 64-bit). The Ubuntu VM is running Apache2 and subversion, and > the Windows VM is running a bunch of media services. What I'm trying to do > is run Sage on the physical server, and use Apache2 on the Ubuntu VM as the > gateway for it. The reason why is that I'm already using Apache2 as a > gateway to other services on my Windows VM, so port 443 is already > forwarded to the Ubuntu VM. (Why am I running Apache in a VM? Uhm...long > story. It doesn't really matter for this.) > > This page (http://wiki.sagemath.org/SageServer) makes a recommendation > that doesn't work for my setup. Here's the relevant Apache config section: > > <VirtualHost *:80> ServerName YOUR_SERVER_NAMEProxyRequests > OffProxyPreserveHost On<Proxy *>Order deny,allowAllow from > all</Proxy>ProxyPass / http://localhost:8000/ProxyPassReverse / > http://localhost:8000/ DocumentRoot / <Location /> DefaultType text/html > </Location> ErrorLog /var/log/apache2/error.log # Possible values > include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel > warn CustomLog /var/log/apache2/access.log combined ServerAdmin > YOUR_SERVER_ADMIN_EMAIL_ADDRESS </VirtualHost> > > > The problem with this is that ProxyPass and ProxyPassReverse both send * > everything* to the sage notebook server. This is for a setup with a > dedicated domain; i.e., http://www.mydomain.com will be the url for sage. > I want to use https://www.mydomain.com/sage. > > In order to do that I first tried these directives in the "default-ssl" > config file: > > ProxyPass /sage http://192.168.2.140:8000/ProxyPassReverse /sage > http://192.168.2.140:8000/ > > > The problem with this is that all of the links in the html work > improperly, meaning images, css, and javascript don't load. The reason is > that the html uses paths like "/path/to/image.png", which gets resolved on > the client side to https://www.mydomain.com/path/to/image.png instead of > https://www.mydomain.com/sage/path/to/image.png. This also means that the > submit button for the login directs to https://www.mydomain.com/homeinstead > of > https://www.mydomain.com/sage/home. > > I think the easiest fix for this is if there was some setting in Sage that > allows you (on the local network) to browse to http://192.168.2.140/sage. > This is what my music server does -- it allows me to change the context > path. The directives I use for that (which work perfectly) are: > > ProxyPass /music http://192.168.2.140:8181/musicProxyPassReverse /music > http://192.168.2.140:8181/music > > > Okay, so I tried working around this problem. I discovered that I should > be able to use mod_proxy_html to resolve URIs properly. I used > information from these two sites (http://wlug.org.nz/ApacheReverseProxy > and http://www.apachetutor.org/admin/reverseproxies) to come up with a > configuration that works sort of half way. (Following the config directives > of either site by itself either resulted in the same issues or the notebook > server being totally inaccessible.) Here's the config I used: > > ProxyPass /sage/ http://192.168.2.140:8000/ > ProxyHTMLURLMap http://192.168.2.140:8000 /sage > <Location /sage/> > Order deny,allow > Allow from all > ProxyPassReverse / > SetOutputFilter proxy-html > ProxyHTMLURLMap / /sage/ > </Location> > > > At first, when I browse to https://www.mydomain.com/sage/ I found > success! The css, images, and everything loaded properly! But when I try to > log in, for some reason I get redirected to http://192.168.2.140:8000/. I > just don't understand why this happens, and I've tried playing around with > the directives, but I don't have any more success than getting the first > login page to show up correctly. After that it sends my browser to the > local network location. > > Has anyone gotten a setup like what I'm trying to do to run successfully? > > Right now, I have my router forwarding port 8000 to the sage notebook > server and "secure=True" option set. I also have a redirect rule in Apache > so that I can browse to http://www.mydomain.com/sage and it will redirect > me to https://www.mydomain.com:8000. But this is less than ideal; first > it just bugs me having the port in the URL -- it seems unclean to me and > might confuse other people who try this out on my server. > > Second, and much more importantly, this requires sage to use its own ssl > certificate, which isn't trusted and causes the browser to freak out and > throw that scary warning that will intimidate regular users. > > At the very least, I'd like to be able to install my own verified ssl > certificate so that those warnings don't happen. I haven't been able to > find a .crt or .key file, but I found about a dozen .pem files all over > sage's python directory structure. Is there anything I can do to replace > the ssl certificate with my own? > > Thanks for any help! > > Jonathan > -- To post to this group, send email to sage-support@googlegroups.com To unsubscribe from this group, send email to sage-support+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/sage-support URL: http://www.sagemath.org
