[SOLVED] How to set up SilverBullet on Apache server (reverse proxy)

Troubleshooting
1

Hi, firstly, I apologize if I missed some guide that answers my question here. Secondly, although I run my own server, I’m sadly not exactly an Apache and networking expert. Here’s my situation and what I’m struggling with:

I’d like to use SilverBullet on classic LAMP server (Linux, Apache, MySQL, PHP). I run Ubuntu 22.04 on the server (I plan to upgrade to 24.04 when the .01 release comes out), I own a domain (let’s say mydomain.org), and I’d like to run SB in a subdirectory under the main domain. I’m also running other services on the server, such as Pico and Piwigo. I access everything via HTTPS and I have a certificate from LetsEncrypt.org.

I connected to the server via SSH and installed SB using Deno, used the steps here: Install/Deno . (BTW, I did succeed with these steps on my local machine running Kubuntu 24.04, I accessed SB via localhost:3000, as expected, everything worked.)
I installed it into, let’s say, /.../www/mydomain/notes/SB and I’d like to access SilverBullet via https://mydomain.org/notes/SB .

After installing SB in the said directory, I run silverbullet . and it doesn’t complain about anything. But when I navigate to the directory via web browser, I see plain old directory listing. Accessing SB via local IP & port https://192.168.XXX.YYY:3000/notes/SB doesn’t work either (I did allow the port in UFW).
(I’m just listing things I tried for completness sake.)

I gathered I need to set up a reverse proxy on Apache. I don’t have any experience with reverse proxying so I searched some guides and came up with this:

	SSLProxyEngine on
	SSLProxyVerify none 
	SSLProxyCheckPeerCN off
	SSLProxyCheckPeerName off
	SSLProxyCheckPeerExpire off
	ProxyPreserveHost On
	ProxyPass /dir/SB/ https://127.0.0.1:3000/
	ProxyPassReverse /dir/SB/ https://127.0.0.1:3000/

I added these lines to my /etc/apache2/sites-available/mydomain-le-ssl.conf Apache site config.
Restarted the Apache server ($ sudo systemctl reload apache2.service)
Now the address https://mydomain.org/notes/SB says:

Proxy Error
The proxy server could not handle the request
Reason: Error during SSL Handshake with remote server

Here’s my cry for help: How do I set Apache up so that I can access SilverBullet via my domain, in a subdirectory, using secure connection (HTTPS)?

This may be relevant, I’m not sure:
My mydomain.conf config file that lives alongside the above said ydomain-le-ssl.conf contains general rules for <VirtualHost *:80>:

	RewriteEngine on
	RewriteCond %{SERVER_NAME} =www.mydomain.org [OR]
	RewriteCond %{SERVER_NAME} =mydomain.org
	RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

The mydomain-le-ssl.conf where I put all the reverse proxy options is for <VirtualHost *:443>. I did try putting it into the main config that handles port 80 (HTTP), and it somewhat works but didn’t load any resources except the main index page (I’d say that’s correct because all gets redirected to HTTPS).

Thank you very much!

2

Unfortunately, SB doesn’t support URL paths. Couple of Github issues discussing it:

Subdomain or different port are the only options.

3

Oh, this piece of info eluded me, sorry for that and thanks. However, for the sake of simplicity, I just tried to move SB to the root of my site and changed the reverse proxy directives to

        ProxyPass / https://127.0.0.1:3000/
        ProxyPassReverse / https://127.0.0.1:3000/

, but that gives me the proxy error “The proxy server could not handle the request Reason: Error during SSL Handshake with remote server” (and I’m not surprised it happens in all non-root pages, so I’m reverting it back right now.

However, I can set up a subdomain, but I’m still unsure how to set the Apache server up to reverse proxy the requests to SB and use secure connection to client. Would anyone please lend me a hand in this regard? Thanks a lot

4

The proxy URLs should be http, not https. Can you try that?

5

Thanks. Yes, I did. When I do, I’m getting internal server error (on every URL except the static root index.html (which now lives alongside the SB’s index.md).

The Apache’s error log isn’t really helpful (the first line is when I did sudo systemctl reload apache2.service):

[Sun Jul 07 13:30:18.808505 2024] [mpm_prefork:notice] [pid 1158] AH00171: Graceful restart requested, doing restart
[Sun Jul 07 13:30:18.842863 2024] [mpm_prefork:notice] [pid 1158] AH00163: Apache/2.4.52 (Ubuntu) OpenSSL/3.0.2 configured -- resuming normal operations
[Sun Jul 07 13:30:18.842875 2024] [core:notice] [pid 1158] AH00094: Command line: '/usr/sbin/apache2'

The last two lines of the reverse proxy config are now:

        ProxyPass / http://127.0.0.1:3000/
        ProxyPassReverse / http://127.0.0.1:3000/

Most likely totally irrelevant side note: Both the PHP apps I use (Pico and Piwigo) live in separate subdirectories under root. The aforementioned static index.html is a signpost linking them.

6

It’s probably been 20 years since I configured Apache, but are you sure it makes sense to configure both ProxyPass and ProxyPassReverse? That doesn’t seem sensible, I’m sure the googles (or ChatGPT if you’re fancy) can help here.

7

As I said, when I configure Apache, I mostly follow guides because I’m not an expert so I don’t know why both should be there, I put them there because almost all the guides tell me to declare both.

I tried to leave only one according to your suggestion - ProxyPassReverse / http://127.0.0.1:3000/ does nothing on its own, it seems, ProxyPass / http://127.0.0.1:3000/ does exactly the same as when both are present - I get the proxy server error (same as in How to set up SilverBullet on Apache server (reverse proxy) - #3 by edison23)

8

I am no expert either but this is what I use

<VirtualHost *:80>
    ServerName silverbullet.domain.com
    AllowEncodedSlashes On
    ProxyPreserveHost On
    ProxyPass "/"  "http://localhost:8300/"
</VirtualHost>

Have you enabled all the apache proxy modules?
a2enmod rewrite
a2enmod proxy
a2enmod proxy_http

1 Like
9

SOLVED
Thank you very much, @TheNomad11 and all others, who kindly participated here! I’ve got the SB instance running on a subdomain, HTTPS using a valid SSL certificate included.

My solution

For anyone strungling similarly, I’m adding a guide how I got SilverBullet running on a subdomain.

  1. Create a directory for the subdomain, e.g. /var/www/silverbul.mydomainOrg (the name doesn’t need to directly match the domain).
  2. Install and run SilverBullet there in a standard way. (after installation, it’s silverbullet .) I suggest using screen so that you can leave it running in background.
  3. Create an Apache site config in /etc/apache2/sites-available//var/www/silverbul.mydomainOrg.conf with this content (adjust the paths, names):
<VirtualHost *:80>
    ServerAdmin [email protected]
    DocumentRoot /var/www/silverbul.mydomainOrg
    ServerName silverbul.mydomain.org
    AllowEncodedSlashes On
    ProxyPreserveHost On
    ProxyPass "/"  "http://localhost:3000/"
    ErrorLog ${APACHE_LOG_DIR}/error_silverbul.mydomainOrg.log
    CustomLog ${APACHE_LOG_DIR}/access_silverbul.mydomainOrg.log combined
</VirtualHost>
  1. Reload the Apache service: $ sudo systemctl reload apache2.service (depends on your OS, I’m on on Ubuntu Linux).
  2. Test insecure access to SB via http://silverbul.mydomain.org. If it works, continue. If not, search for errors, ask the Internets, …
  3. Create a valid SSL certificate for the subdomain using certbot (https://certbot.eff.org): $ sudo certbot -d silverbul.mydomain.org.
  4. Certbot is a very comfy tool and if your subdomain site is accessible via HTTP, it should reconfigure the Apache site settings for the subdomain automatically (it did for me).

That’s it.

P.S.: If SilverBullet admins/creators (kudos to you for creating SB! <3 ) get to read this, I have one suggestion – add a tutorial for this scenario somewhere near the installation instructions. It could save other people some time (I’m inclined to believe I’m not the only inexperienced LAMP self hoster in the world xD)

1 Like
10

Happy you figured it out! I think your writeup can easily be tweaked to be a post in the Guides category, would you be up to do that? That way it will probably be easier to find for people, as you suggest.

11

@zef Thanks, that’s a great idea! Sure, I’ll write a post in the Guides category - I’ll get to it tomorrow or on Wednesday, I hope.

1 Like
12

The guide is created: Set up SilverBullet on Apache server with reverse proxy

13

Awesome. Thanks a lot!