Language:
switch to room list switch to menu My folders
Go to page: First ... 4 5 6 7 [8] 9 10 11 12 ... Last
[#] Tue Dec 15 2015 17:28:15 EST from warbaby @ Uncensored

Subject: Re: [Citadel Support] Webcit SSL access with Apache HTTP server running

[Reply] [ReplyQuoted] [Headers] [Print]

You don't need to run webcit ssl if you already have a web server with a valid cert running on 443.  That's kind of the whole point behind proxying the requests. Just run it on port 2000 (or whatever, I personally use 127.0.0.1:12 - yes, that's port 12)

So just add  the proxy config as shown on the wiki, and run webcit locally.  The SSL cert for your web server will take care of it.   If you try to use the stock script in /etc/init.d/webcit, you're going to get an error because it is going to try and grab port 443 and you already have apache/nginx on that port.  

My webcit-local.sh script is attached.  It should be get you in the ball park.  Just copy it to /etc/init.d/webcit-local (or wherever your init scripts are) and chmod u+ x as root. 

I use the low port # and only bind to localhost so webcit is not exposed publicly without ssl.   It also saves the overhead not having webcit ssl running. 

 

Sun Dec 13 2015 05:34:53 PM EST from platonov @ Uncensored Subject: Re: [Citadel Support] Webcit SSL access with Apache HTTP server running

Thanx a lot for quick followup.
Just one question:
Since I am not exactly a sysadmin type of a guy, what exactly do I need to do on Ubuntu 14.10 server to reverse proxy citadel subdomain?
It looks like some Apache configuration to me. Is it done in /etc/apache2/sites-enabled/domain_name?
If so, do I need to add a rule for port 443 to it?
And, what would I specify for the ProxyPass and ProxyPassReverse, I guess, to make sure it passes it to webcit instead?

Thanx in advance.

Sun Dec 13 2015 16:50:15 EST from "nnnn20430" <nnnn20430@mindcraft.si.eu.org> Subject: Re: [Citadel Support] Webcit SSL access with Apache HTTP server running
i my self use nginx and have a special subdomain for webcit to be
citadel.domain and then i simply reverse proxy that subdomain to local
webcit
you can run that webcit on plain http doesn't matter cause it's local, i
have it running with ssl on port 2443... but you can use any other port
and don't need ssl...

i don't use letsencrypts auto configuration option, just use the
certonly option it places all certs in standard location, the main
domain will be the first domain specified in the cli and certs will be
placed in /etc/letsencrypt/live/domain/

then just create link in your servers config to
/etc/letsencrypt/live/domain/ and use that

so just do $ letsencrypt certonly -d mydomain,citadel.mydomain
or something like that and configure your server to reverse proxy it to
webcit when $host is ^citadel.*

On 12/13/2015 10:32 PM, platonov wrote:

I just read a post about trusted cert that doesn't give a warning to
everyone that visits the page using https://letsencrypt.org/ here.

The question I have is after I configured the letsencrypt for Apache
server and I can access the site via https address, and, since I also
want to use the https to webcit, then what do I do to make sure the
https access to that domain is served by the webcit and not by Apache?

One alternative seems to be to change the webcit port for https access
to something other than 443.

How do I do that?

Another one is to disable the Apache serving the https requests, so
that when domain is accessed as secure site, it is automatically
served by the webcit, and not apache. In that case, how do I configure
the letsencrypt certificates that work for that domain to work with
webcit instead?

Thanx in advance.

 



 



webcit-local.sh (application/x-shellscript, 1217 bytes) [ View | Download ]
[#] Tue Dec 15 2015 21:43:54 EST from "John Goerzen" <jgoerzen@complete.org> to citadel_support@citadel.org

Subject: Re: [Citadel Support] How to: Let's Encrypt Free SSL Cert Citadel9.01 Debian 8.2 Jessie 64

[Reply] [ReplyQuoted] [Headers] [Print]

I have been curious for awhile what all the excitement about Let's
Encrypt is. startssl.com already hands out free SSL certs recognized by
major browsers, and they're valid for a year.

[#] Wed Dec 16 2015 06:47:17 EST from dothebart @ Uncensored

Subject: Re: Webcit proxy issue for static/ dir, name collision with other web crap

[Reply] [ReplyQuoted] [Headers] [Print]

I think ln -s'ing the files from the other static folder or vice versa is the cheapest option next to having one run on another vhost.



[#] Wed Dec 16 2015 13:46:33 EST from warbaby @ Uncensored

Subject: Re: Webcit proxy issue for static/ dir, name collision with other web crap

[Reply] [ReplyQuoted] [Headers] [Print]

Nevermind, I just made links. :)



[#] Wed Dec 16 2015 13:47:45 EST from warbaby @ Uncensored

Subject: Re: [Citadel Support] How to: Let's Encrypt Free SSL Cert Citadel9.01 Debian 8.2 Jessie 64

[Reply] [ReplyQuoted] [Headers] [Print]

The certs are only valid for 90 days, but still very worth-while. 

Tue Dec 15 2015 09:43:54 PM EST from "John Goerzen" <jgoerzen@complete.org> Subject: Re: [Citadel Support] How to: Let's Encrypt Free SSL Cert Citadel9.01 Debian 8.2 Jessie 64
I have been curious for awhile what all the excitement about Let's
Encrypt is. startssl.com already hands out free SSL certs recognized by
major browsers, and they're valid for a year.

 



[#] Thu Dec 17 2015 12:43:22 EST from IGnatius T Foobar @ Uncensored

Subject: Re: How to: Let's Encrypt Free SSL Cert Citadel 9.01 Debian 8.2 Jessie 64

[Reply] [ReplyQuoted] [Headers] [Print]


I am excited about the Let's Encrypt project, not only because the certificates are free/open, but also because they've automated the enrollment procedure in a way that's programmable. I could easily see Citadel speaking their enrollment protocol in the future, and being able to get a signed certificate without ever having to visit the CA directly.

[#] Sat Dec 19 2015 23:35:27 EST from toysareforboys @ Uncensored

Subject: Maximum attachment size?

[Reply] [ReplyQuoted] [Headers] [Print]

What is the maximum attachment size for Citadel? How do I increase it?

 

-Jamie M.



[#] Mon Dec 21 2015 04:58:23 EST from urasoul @ Uncensored

Subject: webcit cannot start - says port 2000 is already bound.. but it isn't

[Reply] [ReplyQuoted] [Headers] [Print]

i have been using citadel on fedora 20 for over a year - mostly without problem. yesterday i realised i needed to delete a large amount of emails from the aide room that had been outputted from crond.

thunderbird had a lot of trouble doing this and it crashed numerous times.

today i found that citadel had crashed and the hard drive on my server was full. i cleared some space on the server and also found that half the hard drive space is used by the folder /var/lib/citadel/data/

though when i view the properties of that folder i am only seeing about 25% of the storage space being used that the disk analyser app 'baobab' is listing as being used there.

after restarting webcit and citadel i found that webcit would fail and complain that it can't bind to port 2000 - even though there is no other service using that port.

after rebooting the server, the situation remains the same.. every time i restart webcit or stop/start it - it complains about port 2000 again.

the various commands i have run to view the activity of port 2000 always show that nothing is using the port..

anyone got any ideas of what to do here?

thanks



[#] Mon Dec 21 2015 05:09:08 EST from urasoul @ Uncensored

Subject: Re: webcit cannot start - says port 2000 is already bound.. but it isn't

[Reply] [ReplyQuoted] [Headers] [Print]

n.b. i am also seeing this in the terminal when i view the status of the citadel service:

DB: BDB3018 cdb.04: unwritable page 1047 remaining in the cache after error 122



[#] Mon Dec 21 2015 07:15:21 EST from "Panagiotis Palias" <panagos81@gmail.com> to citadel_support@citadel.org

Subject: Re: [Citadel Support] Re: webcit cannot start - says port 2000 isalready bound.. but it isn't

[Reply] [ReplyQuoted] [Headers] [Print]

Are you certain that you have rights to bind port 2000? Maybe you need sudo before the command. Also make sure there is nothing running on 2000, by issuing the command "sudo netstat -anp | grep 2000".

Στις 21 Δεκ 2015 11:09 π.μ., ο χρήστης "urasoul" <urasoul@uncensored.citadel.org> έγραψε:

n.b. i am also seeing this in the terminal when i view the status of the citadel service:

DB: BDB3018 cdb.04: unwritable page 1047 remaining in the cache after error 122



[#] Mon Dec 21 2015 07:37:57 EST from urasoul @ Uncensored

Subject: Re: [Citadel Support] Re: webcit cannot start - says port 2000 isalready bound.. but it isn't

[Reply] [ReplyQuoted] [Headers] [Print]

yes, i have permission. the server has been working correctly for over a year previous to this issue.

after running your netstat command, i see that webcit IS running.. however.. if i kill it and then start it again, i still see the same status that shows webcit failed and i still can't use it.

so basically, i issue: service webcit start

and the result is that webcit runs AND shows 'failed' in it's status output.



[#] Mon Dec 21 2015 07:46:29 EST from "Panagiotis Palias" <panagos81@gmail.com> to citadel_support@citadel.org

Subject: Re: [Citadel Support] Re: webcit cannot start - says port 2000isalready bound.. but it isn't

[Reply] [ReplyQuoted] [Headers] [Print]

Better don't kill the process, rather issue the "service webcit restart" to make sure that no leftovers are left and a clean stop is performed.

Στις 21 Δεκ 2015 13:38, ο χρήστης "urasoul" <urasoul@uncensored.citadel.org> έγραψε:

yes, i have permission. the server has been working correctly for over a year previous to this issue.

after running your netstat command, i see that webcit IS running.. however.. if i kill it and then start it again, i still see the same status that shows webcit failed and i still can't use it.

so basically, i issue: service webcit start

and the result is that webcit runs AND shows 'failed' in it's status output.



[#] Mon Dec 21 2015 08:17:51 EST from urasoul @ Uncensored

Subject: Re: [Citadel Support] Re: webcit cannot start - says port 2000isalready bound.. but it isn't

[Reply] [ReplyQuoted] [Headers] [Print]

i killed the process because it appeared to be a zombie.. or at least it is unresponsive and not behaving as intended. in any case, restarting, killing, stopping and starting are making no difference at all here.



[#] Mon Dec 21 2015 08:18:29 EST from dothebart @ Uncensored

Subject: Re: webcit cannot start - says port 2000 is already bound.. but it isn't

[Reply] [ReplyQuoted] [Headers] [Print]

hm, sounds like you should run database_cleanup.sh ;

Webcit is stateless, but without citserver it can only show you the message that citserver is away.

You need to fix the database issue; most probably database_cleanup.sh can do that for you.

ps: keep a backup - have a look at: http://citadel.org/doku.php/documentation:file_layout#files.and.where.easy.install.and.lhfs.rpm.deb.installs.put.them



[#] Mon Dec 21 2015 08:34:36 EST from steveE @ Uncensored

Subject: citadel suite on Android....

[Reply] [ReplyQuoted] [Headers] [Print]

I'm trying to compile citadel suite on Android and, admittedly, I'm a dummy.

Can anyone walk me through the process ??



[#] Mon Dec 21 2015 08:40:49 EST from urasoul @ Uncensored

Subject: Re: webcit cannot start - says port 2000 is already bound.. but it isn't

[Reply] [ReplyQuoted] [Headers] [Print]

ok, well - the /var/lib/citadel/data/ folder is 55GB and i only have 100GB on the server!

the 55GB mostly appeared overnight, since yesterday - so obviously i don't need most of it. is there a way to clean that folder out before backing up?



[#] Mon Dec 21 2015 08:44:38 EST from dothebart @ Uncensored

Subject: Re: webcit cannot start - says port 2000 is already bound.. but it isn't

[Reply] [ReplyQuoted] [Headers] [Print]

most probably you have lots of logfiles because of unsuccessfull attempts to open the database?

you will need at least the space for the cdb* files extra, since thats where the dump from database_cleanup is going.

regarding a backup you will probably be able to compress stuff pretty well since it should be mostly ascii - so at least 1/8th should be possible.



[#] Mon Dec 21 2015 08:45:16 EST from dothebart @ Uncensored

Subject: Re: webcit cannot start - says port 2000 is already bound.. but it isn't

[Reply] [ReplyQuoted] [Headers] [Print]

oh, and if its systemd, tell it to stop citserver, so it doesn't reattempt to start it over and over again.



[#] Mon Dec 21 2015 08:47:58 EST from urasoul @ Uncensored

Subject: Re: webcit cannot start - says port 2000 is already bound.. but it isn't

[Reply] [ReplyQuoted] [Headers] [Print]

there are lots of 10MB log files in there, yes. is there any problem with just deleting them all?



[#] Mon Dec 21 2015 08:48:44 EST from dothebart @ Uncensored

Subject: Re: webcit cannot start - says port 2000 is already bound.. but it isn't

[Reply] [ReplyQuoted] [Headers] [Print]

you may also try to run

db5.3_recover (or without 5.3 in its name depending on your distro)

https://docs.oracle.com/cd/E17275_01/html/programmer_reference/transapp_archival.html

may help getting rid of unneccesary logfiles.



Go to page: First ... 4 5 6 7 [8] 9 10 11 12 ... Last