Home Download FAQ / Knowledge Base Screenshots Documentation Support Roadmap

How can I install WebCit so it runs alongside Apache/Nginx/LightHTTPD on port 80 / 443?

WebCit contains its own standalone HTTP server, so if you're already running Apache on port 80, obviously you can't run WebCit there. The usual solution is to simply run WebCit on another port (which will be port 2000 in this example, but it doesn't really matter).

If your host system has multiple IP addresses available, then you could run Apache on one and WebCit on another, and each could have port 80 all to itself.

There is a way, however, to combine two features of Apache (NameVirtualHost and Proxy) to "attach" WebCit to your Apache installation.

First, define a new hostname in DNS as an alias of your existing name. For example, if "www.example.com" points to 123.45.67.89, you could make "ctdl.example.com" point to 123.45.67.89 as well. Please refer to the documentation of your DNS server for information on how to do this.

Apache

Define a NameVirtualHost in your Apache httpd.conf (if you're already hosting multiple web sites on the same IP address, you already have part of this configured). For example:

NameVirtualHost *:80
#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for requests without a known
# server name.
#
<VirtualHost *:80>
        DocumentRoot /usr/local/apache/htdocs
        DocumentRoot /usr/local/apache/htdocs
        ServerName www.example.com
        ServerName www.example.com
</VirtualHost>
<br><br>
<VirtualHost *:80>
    ServerName ctdl.example.com
    ServerName ctdl.example.com
    ProxyPass / http://127.0.0.1:2000/
    ProxyPass / http://127.0.0.1:2000/
    ProxyPassReverse / http://127.0.0.1:2000/
    ProxyPassReverse / http://127.0.0.1:2000/
</VirtualHost>

In this example, users who request "http://www.example.com" will see your web site whose pages are located in /usr/local/apache/htdocs, but users who request "http://ctdl.example.com" will be proxied through to your WebCit service running on port 2000. You can even put WebCit on a different host on your internal network if you want to.

There is also another way to configure a single instance of WebCit to live at the directory "/webcit" of your Apache installation. (You will also need to reserve the directories "/listsub" and "/groupdav" for this purpose.) It goes like this:

ProxyPass /webcit/ http://127.0.0.1:2000/webcit/
ProxyPassReverse /webcit/ http://127.0.0.1:2000/webcit/
ProxyPass /listsub/ http://127.0.0.1:2000/listsub/
ProxyPassReverse /listsub/ http://127.0.0.1:2000/listsub/
ProxyPass /groupdav/ http://127.0.0.1:2000/groupdav/
ProxyPassReverse /groupdav/ http://127.0.0.1:2000/groupdav/
ProxyPass /freebusy/ http://127.0.0.1:2000/freebusy/
ProxyPassReverse /freebusy/ http://127.0.0.1:2000/freebusy/

Please note that when you use either of these methods, you should run WebCit with the "-f" option to allow it to honor the "X-Forwarded-For:" headers added by Apache and mod_proxy, otherwise when you perform a "Who is online?" function, all connections will appear to be originating from localhost.

Nginx

server {
        ssl  on;
        ssl_certificate  /etc/ssl/certs/example.com.pem;
        ssl_certificate_key  /etc/ssl/private/ssl-cert-example.com.key;
        ssl_session_timeout  5m;
        ssl_protocols  SSLv2 SSLv3 TLSv1;
        ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
        ssl_prefer_server_ciphers   on;
        server_name  www.example.com;
        listen 443;

# optional: 
#      listen 192.168.1.1:443
# instead depending on your setup...
        # Main location
        location /webcit/ {
            proxy_pass         http://127.0.0.1:2000/;
            proxy_redirect     off;
            proxy_set_header   Host             $host;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
            client_max_body_size       10m;
            client_body_buffer_size    128k;
            proxy_connect_timeout      90;
            proxy_send_timeout         90;
            proxy_read_timeout         90;
            proxy_buffer_size          4k;
            proxy_buffers              4 32k;
            proxy_busy_buffers_size    64k;
            proxy_temp_file_write_size 64k;
        }
        location /listsub/ {
            proxy_pass         http://127.0.0.1:2000;
            proxy_redirect     off;
            proxy_set_header   Host             $host;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
            client_max_body_size       10m;
            client_body_buffer_size    128k;
            proxy_connect_timeout      90;
            proxy_send_timeout         90;
            proxy_read_timeout         90;
            proxy_buffer_size          4k;
            proxy_buffers              4 32k;
            proxy_busy_buffers_size    64k;
            proxy_temp_file_write_size 64k;
        }
        location /groupdav/ {
            proxy_pass         http://127.0.0.1:2000/;
            proxy_redirect     off;
            proxy_set_header   Host             $host;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
            client_max_body_size       10m;
            client_body_buffer_size    128k;
            proxy_connect_timeout      90;
            proxy_send_timeout         90;
            proxy_read_timeout         90;
            proxy_buffer_size          4k;
            proxy_buffers              4 32k;
            proxy_busy_buffers_size    64k;
            proxy_temp_file_write_size 64k;
        }
        location /freebusy/ {
            proxy_pass         http://127.0.0.1:2000/;
            proxy_redirect     off;
            proxy_set_header   Host             $host;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
            client_max_body_size       10m;
            client_body_buffer_size    128k;
            proxy_connect_timeout      90;
            proxy_send_timeout         90;
            proxy_read_timeout         90;
            proxy_buffer_size          4k;
            proxy_buffers              4 32k;
            proxy_busy_buffers_size    64k;
            proxy_temp_file_write_size 64k;
        }
}

LightHTTPD

Make sure to enable mod_proxy before this part in your config

Host-based webcit forwarding.

$HTTP["host"] =~ "(^|\.)subdomain\.domain\.tld$" { # domain name regex for vhost # Use $HTTP["host"] == "subdomain.domain.tld" { if you don't want to use a regex.
  # Use $HTTP["host"] == "subdomain.domain.tld" { if you don't want to use a regex.
  proxy.server = ( "" => ( ( # the "" means to forward all file extensions, it's kind of weird.
  proxy.server = ( "" => ( ( # the "" means to forward all file extensions, it's kind of weird.
    # If you for some reason have multiple webcit hosts or local webcit processes, you can make more ( "host" => "", "port" => "" ) entries in here.
    # If you for some reason have multiple webcit hosts or local webcit processes, you can make more ( "host" => "", "port" => "" ) entries in here.
    "host" => "127.0.0.1", # citadel is likely running locally, note that mod_proxy forces an IP here and you cannot use a hostname.
    "host" => "127.0.0.1", # citadel is likely running locally, note that mod_proxy forces an IP here and you cannot use a hostname.
    "port" => "8081" # port webcit is running on
    "port" => "8081" # port webcit is running on
    # Note that you must put the plain HTTP version of webcit here, mod_proxy cannot connect to ssl ports.
    # Note that you must put the plain HTTP version of webcit here, mod_proxy cannot connect to ssl ports.
    # If your server has SSL engine enabled, you'll be able to connect over ssl, but the proxy will not be connecting over ssl.
    # If your server has SSL engine enabled, you'll be able to connect over ssl, but the proxy will not be connecting over ssl.
    # If webcit is running on another server (and not on the same LAN), 
    # If webcit is running on another server (and not on the same LAN), 
    # this defeats the purpose of connecting over ssl as it wouldn't be encrypted past lighttpd.
    # this defeats the purpose of connecting over ssl as it wouldn't be encrypted past lighttpd.
  ) ) )
  ) ) )
}
There isn't much of a reason to want to do this aside from mixing it with a directory-based redirect or something similar, as you can just bind webcit to a particular IP address or interface instead, but here is a way how to do an IP:port-based redirect. $SERVER["socket"] == "8.8.8.8:80" { proxy.server = ( "" => ( (
  proxy.server = ( "" => ( (
    "host" => "127.0.0.1",
    "host" => "127.0.0.1",
    "port" => "8081"
    "port" => "8081"
  ) ) ) 
  ) ) ) 
}


There are no social media links here. Enjoy a friendly Citadel community instead. Or go outside.