WebCit contains its own standalone HTTP server, so if you're already running Apache on port 80, obviously you can't run WebCit there. The usual solution is to simply run WebCit on another port (which will be port 2000 in this example, but it doesn't really matter).
If your host system has multiple IP addresses available, then you could run Apache on one and WebCit on another, and each could have port 80 all to itself.
There is a way, however, to combine two features of Apache (NameVirtualHost and Proxy) to "attach" WebCit to your Apache installation.
First, define a new hostname in DNS as an alias of your existing name. For example, if "www.example.com" points to 123.45.67.89, you could make "ctdl.example.com" point to 123.45.67.89 as well. Please refer to the documentation of your DNS server for information on how to do this.
Define a NameVirtualHost in your Apache httpd.conf (if you're already hosting multiple web sites on the same IP address, you already have part of this configured). For example:
NameVirtualHost *:80
#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for requests without a known
# server name.
#
<VirtualHost *:80>
DocumentRoot /usr/local/apache/htdocs
DocumentRoot /usr/local/apache/htdocs
ServerName www.example.com
ServerName www.example.com
</VirtualHost>
<br><br>
<VirtualHost *:80>
ServerName ctdl.example.com
ServerName ctdl.example.com
ProxyPass / http://127.0.0.1:2000/
ProxyPass / http://127.0.0.1:2000/
ProxyPassReverse / http://127.0.0.1:2000/
ProxyPassReverse / http://127.0.0.1:2000/
</VirtualHost>
In this example, users who request "http://www.example.com" will see your web site whose pages are located in /usr/local/apache/htdocs, but users who request "http://ctdl.example.com" will be proxied through to your WebCit service running on port 2000. You can even put WebCit on a different host on your internal network if you want to.
There is also another way to configure a single instance of WebCit to live at the directory "/webcit" of your Apache installation. (You will also need to reserve the directories "/listsub" and "/groupdav" for this purpose.) It goes like this:
ProxyPass /webcit/ http://127.0.0.1:2000/webcit/ ProxyPassReverse /webcit/ http://127.0.0.1:2000/webcit/ ProxyPass /listsub/ http://127.0.0.1:2000/listsub/ ProxyPassReverse /listsub/ http://127.0.0.1:2000/listsub/ ProxyPass /groupdav/ http://127.0.0.1:2000/groupdav/ ProxyPassReverse /groupdav/ http://127.0.0.1:2000/groupdav/ ProxyPass /freebusy/ http://127.0.0.1:2000/freebusy/ ProxyPassReverse /freebusy/ http://127.0.0.1:2000/freebusy/
Please note that when you use either of these methods, you should run WebCit with the "-f" option to allow it to honor the "X-Forwarded-For:" headers added by Apache and mod_proxy, otherwise when you perform a "Who is online?" function, all connections will appear to be originating from localhost.
server {
ssl on;
ssl_certificate /etc/ssl/certs/example.com.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-example.com.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
server_name www.example.com;
listen 443;
# optional:
# listen 192.168.1.1:443
# instead depending on your setup...
# Main location
location /webcit/ {
proxy_pass http://127.0.0.1:2000/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
location /listsub/ {
proxy_pass http://127.0.0.1:2000;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
location /groupdav/ {
proxy_pass http://127.0.0.1:2000/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
location /freebusy/ {
proxy_pass http://127.0.0.1:2000/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
}
LightHTTPD
Make sure to enable mod_proxy before this part in your config
Host-based webcit forwarding.
$HTTP["host"] =~ "(^|\.)subdomain\.domain\.tld$" { # domain name regex for vhost
# Use $HTTP["host"] == "subdomain.domain.tld" { if you don't want to use a regex.
# Use $HTTP["host"] == "subdomain.domain.tld" { if you don't want to use a regex.
proxy.server = ( "" => ( ( # the "" means to forward all file extensions, it's kind of weird.
proxy.server = ( "" => ( ( # the "" means to forward all file extensions, it's kind of weird.
# If you for some reason have multiple webcit hosts or local webcit processes, you can make more ( "host" => "", "port" => "" ) entries in here.
# If you for some reason have multiple webcit hosts or local webcit processes, you can make more ( "host" => "", "port" => "" ) entries in here.
"host" => "127.0.0.1", # citadel is likely running locally, note that mod_proxy forces an IP here and you cannot use a hostname.
"host" => "127.0.0.1", # citadel is likely running locally, note that mod_proxy forces an IP here and you cannot use a hostname.
"port" => "8081" # port webcit is running on
"port" => "8081" # port webcit is running on
# Note that you must put the plain HTTP version of webcit here, mod_proxy cannot connect to ssl ports.
# Note that you must put the plain HTTP version of webcit here, mod_proxy cannot connect to ssl ports.
# If your server has SSL engine enabled, you'll be able to connect over ssl, but the proxy will not be connecting over ssl.
# If your server has SSL engine enabled, you'll be able to connect over ssl, but the proxy will not be connecting over ssl.
# If webcit is running on another server (and not on the same LAN),
# If webcit is running on another server (and not on the same LAN),
# this defeats the purpose of connecting over ssl as it wouldn't be encrypted past lighttpd.
# this defeats the purpose of connecting over ssl as it wouldn't be encrypted past lighttpd.
) ) )
) ) )
}
There isn't much of a reason to want to do this aside from mixing it with a directory-based redirect or something similar, as you can just bind webcit to a particular IP address or interface instead, but here is a way how to do an IP:port-based redirect.
$SERVER["socket"] == "8.8.8.8:80" {
proxy.server = ( "" => ( (
proxy.server = ( "" => ( (
"host" => "127.0.0.1",
"host" => "127.0.0.1",
"port" => "8081"
"port" => "8081"
) ) )
) ) )
}