Skip to content

How to put Etherpad Lite behind a reverse Proxy

Jump to bottom Edit New page
Pita edited this page Jul 20, 2011 · 29 revisions

Feel free to add your own config examples. We recommend using Nginx or Lighttpd, cause they can handle multiple connections much better than Apache

Apache

With SSL enabled

<IfModule mod_ssl.c>
    <VirtualHost *:443>
        ServerAdmin [email protected]
        ServerName etherpad.example.org
        ServerSignature Off
        CustomLog /var/log/apache2/etherpad_access.log combined
        ErrorLog /var/log/apache2/etherpad_error.log
        ErrorLog syslog:local2

        <Location />
            AuthType Basic
            AuthName "Welcome to the example.org Etherpad"
            AuthUserFile /path/to/svn.passwd
            AuthGroupFile /path/to/svn.group
            Require group etherpad
        </Location>

        <IfModule mod_proxy.c>
            ProxyVia On
            ProxyRequests Off
            ProxyPass / http://etherpad.internal.example.org:9001/
            ProxyPassReverse / http://etherpad.internal.example.org:9001/
            ProxyPreserveHost on
            <Proxy *>
                Options FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
            </Proxy>
        </IfModule>
    </VirtualHost>
</IfModule>

Lighttpd

Simple Reverse Proxy

$HTTP["host"] =~ "^example.com$" {
  proxy.balance = "hash"
  proxy.server  = ( "" => ( (
                              "host" => "127.0.0.1",
                              "port" => 9001
                            ) )
                  )
}

If you use more than one server behind lighty (you can add more server - look at the lighty docs linked above) you have to use the hash balancer. So for any request the same server will be used. But remember: If you restart lighty this probably does not work anymore. (TODO: add synchronization in etherpad-lite)

Additional information: http://redmine.lighttpd.net/wiki/lighttpd/Docs:ModProxy

Nginx

There is a known problem with nginx and socket.io, this pull request fixes it -> https://github.com/LearnBoost/socket.io/pull/401

Https only

server {
        listen       443;
        server_name  pad.example.com;

        access_log  /var/log/nginx/eplite.access.log;
        error_log   /var/log/nginx/eplite.error.log;

        ssl                  on;
        ssl_certificate      /etc/nginx/ssl/eplite.crt;
        ssl_certificate_key  /etc/nginx/ssl/eplite.key;

        ssl_session_timeout  5m;

        ssl_protocols  SSLv2 SSLv3 TLSv1;
        ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
        ssl_prefer_server_ciphers   on;

        location / {
            proxy_pass             http://localhost:9001/;
            proxy_set_header       Host $host;
            proxy_buffering off;
        }
}

server {
    listen      80;
    server_name pad.example.com;
    rewrite     ^(.*)   https://$server_name$1 permanent;
}
Add a custom footer
Add a custom sidebar
Clone this wiki locally