Home Download News FAQ / Knowledge Base Screenshots Documentation Support Site map
philosophical imaginary
Table of Contents

How can I install WebCit so it runs alongside Apache/Nginx/LightHTTPD on port 80 / 443?

If you're using the .debs you can use their mechanics to achieve this. Reconfiguring the webcit package will give you the chance to change your current setup:

dpkg-reconfigure citadel-webcit

Please note that its vital to keep the trailing slashes '/' on all paths (regardles of the webserver you use). You may experience odd behaviour if its not proprely balanced.

Apache

WebCit contains its own standalone HTTP server, so if you're already running Apache on port 80, obviously you can't run WebCit there. The usual solution is to simply run WebCit on another port (port 2000 is the default, but it doesn't really matter).

If your host system has multiple IP addresses available, then you could run Apache on one and WebCit on another, and each could have port 80 all to itself.

There is a way, however, to combine two features of Apache (NameVirtualHost and Proxy) to “attach” WebCit to your Apache installation.

First, define a new hostname in DNS as an alias of your existing name. For example, if “www.example.com” points to 123.45.67.89, you could make “ctdl.example.com” point to 123.45.67.89 as well. Please refer to the documentation of your DNS server for information on how to do this.

Then you can define a NameVirtualHost in your Apache httpd.conf (if you're already hosting multiple web sites on the same IP address, you already have part of this configured). For example:

NameVirtualHost *:80
#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for requests without a known
# server name.
#
<VirtualHost *:80>
        DocumentRoot /usr/local/apache/htdocs
        ServerName www.example.com
</VirtualHost>

<VirtualHost *:80>
    ServerName ctdl.example.com
    ProxyPass / http://127.0.0.1:2000/
    ProxyPassReverse / http://127.0.0.1:2000/
</VirtualHost>

In this example, users who request “http://www.example.com” will see your web site whose pages are located in /usr/local/apache/htdocs, but users who request “http://ctdl.example.com” will be proxied through to your WebCit service running on port 2000. You can even put WebCit on a different host on your internal network if you want to.

There is also another way to configure a single instance of WebCit to live at the directory ”/webcit” of your Apache installation. (You will also need to reserve the directories ”/listsub” and ”/groupdav” for this purpose.) It goes like this:

ProxyPass /webcit/ http://127.0.0.1:2000/webcit/
ProxyPassReverse /webcit/ http://127.0.0.1:2000/webcit/
ProxyPass /listsub/ http://127.0.0.1:2000/listsub/
ProxyPassReverse /listsub/ http://127.0.0.1:2000/listsub/
ProxyPass /groupdav/ http://127.0.0.1:2000/groupdav/
ProxyPassReverse /groupdav/ http://127.0.0.1:2000/groupdav/
ProxyPass /freebusy/ http://127.0.0.1:2000/freebusy/
ProxyPassReverse /freebusy/ http://127.0.0.1:2000/freebusy/

Please note that when you use either of these methods, you should run WebCit with the "-f" option to allow it to honor the “X-Forwarded-For:” headers added by Apache and mod_proxy, otherwise when you perform a “Who is online?” function, all connections will appear to be originating from localhost.

Nginx

The concepts behind the Indian are growing old; next to it Nginx or lighty show similar features with less memory usage. Heres how to integrate WebCit with Nginx

server {
        ssl  on;
        ssl_certificate  /etc/ssl/certs/example.com.pem;
        ssl_certificate_key  /etc/ssl/private/ssl-cert-example.com.key;
        
        ssl_session_timeout  5m;
        
        ssl_protocols  SSLv2 SSLv3 TLSv1;
        ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
        ssl_prefer_server_ciphers   on;
        server_name  www.example.com;


       listen 443;
# optional: 
#      listen 192.168.1.1:443
# instead depending on your setup...
        # Main location
        location /webcit/ {
            proxy_pass         http://127.0.0.1:2000/;
            proxy_redirect     off;

            proxy_set_header   Host             $host;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;

            client_max_body_size       10m;
            client_body_buffer_size    128k;

            proxy_connect_timeout      90;
            proxy_send_timeout         90;
            proxy_read_timeout         90;

            proxy_buffer_size          4k;
            proxy_buffers              4 32k;
            proxy_busy_buffers_size    64k;
            proxy_temp_file_write_size 64k;
        }
        location /listsub/ {
            proxy_pass         http://127.0.0.1:2000;
            proxy_redirect     off;

            proxy_set_header   Host             $host;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;

            client_max_body_size       10m;
            client_body_buffer_size    128k;

            proxy_connect_timeout      90;
            proxy_send_timeout         90;
            proxy_read_timeout         90;

            proxy_buffer_size          4k;
            proxy_buffers              4 32k;
            proxy_busy_buffers_size    64k;
            proxy_temp_file_write_size 64k;
        }
        location /groupdav/ {
            proxy_pass         http://127.0.0.1:2000/;
            proxy_redirect     off;

            proxy_set_header   Host             $host;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;

            client_max_body_size       10m;
            client_body_buffer_size    128k;

            proxy_connect_timeout      90;
            proxy_send_timeout         90;
            proxy_read_timeout         90;

            proxy_buffer_size          4k;
            proxy_buffers              4 32k;
            proxy_busy_buffers_size    64k;
            proxy_temp_file_write_size 64k;
        }
        location /freebusy/ {
            proxy_pass         http://127.0.0.1:2000/;
            proxy_redirect     off;

            proxy_set_header   Host             $host;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;

            client_max_body_size       10m;
            client_body_buffer_size    128k;

            proxy_connect_timeout      90;
            proxy_send_timeout         90;
            proxy_read_timeout         90;

            proxy_buffer_size          4k;
            proxy_buffers              4 32k;
            proxy_busy_buffers_size    64k;
            proxy_temp_file_write_size 64k;
        }
}

LightHTTPD

Here the one Virtual host for WebCIT setup: Make sure to enable mod_proxy before this part in your config

Host-based webcit forwarding.

$HTTP["host"] =~ "(^|\.)subdomain\.domain\.tld$" { # domain name regex for vhost
  # Use $HTTP["host"] == "subdomain.domain.tld" { if you don't want to use a regex.
  proxy.server = ( "" => ( ( # the "" means to forward all file extensions, it's kind of weird.
    # If you for some reason have multiple webcit hosts or local webcit processes, you can make more ( "host" => "", "port" => "" ) entries in here.
    "host" => "127.0.0.1", # citadel is likely running locally, note that mod_proxy forces an IP here and you cannot use a hostname.
    "port" => "8081" # port webcit is running on
    # Note that you must put the plain HTTP version of webcit here, mod_proxy cannot connect to ssl ports.
    # If your server has SSL engine enabled, you'll be able to connect over ssl, but the proxy will not be connecting over ssl.
    # If webcit is running on another server (and not on the same LAN), 
    # this defeats the purpose of connecting over ssl as it wouldn't be encrypted past lighttpd.
  ) ) )
}

You may also use directory-based redirects.

$HTTP["url"] =~ "^/webcit/?(.*)$" {
  # Note the regex is also optional here. 
  proxy.server = ( "" => ( (
    "host" => "127.0.0.1",
    "port" => "8081"
  ) ) )
}

It is possible to nest host- and url-based redirects.

$HTTP["host"] =~ "(^|\.)subdomain\.domain\.tld$" {
  $HTTP["url"] =~ "^/webcit/?(.*)$" {
    # Note the regex is also optional here. 
    proxy.server = ( "" => ( (
      "host" => "127.0.0.1",
      "port" => "8081"
    ) ) )
  }
}

There isn't much of a reason to want to do this aside from mixing it with a directory-based redirect or something similar, as you can just bind webcit to a particular IP address or interface instead, but here is a way how to do an IP:port-based redirect.

$SERVER["socket"] == "8.8.8.8:80" {
  proxy.server = ( "" => ( (
    "host" => "127.0.0.1",
    "port" => "8081"
  ) ) ) 
}
Copyright © 1987-2014 Uncensored Communications Group. All rights reserved.     Login (site admin)