MarkJames

With the new Proxypass settings I can't load the javascript files from the .js folder anymore

Yes - that's all correct. The error log reads as follows [sat Jul 02 14:57:49.343951 2016] [proxy:warn] [pid 646] [client 192.168.0.1:53965] AH01144: No protocol handler was valid for the URL /rest/elk/get/status. If you are using a DSO version of mod_proxy, make $ [sat Jul 02 14:57:49.351229 2016] [proxy:warn] [pid 640] [client 192.168.0.1:53970] AH01144: No protocol handler was valid for the URL /rest/elk/get/status. If you are using a DSO version of mod_proxy, make $ [sat Jul 02 14:57:52.322729 2016] [proxy:warn] [pid 645] [client 192.168.0.1:53971] AH01144: No protocol handler was valid for the URL /rest/elk/get/status. If you are using a DSO version of mod_proxy, make $ [sat Jul 02 14:57:52.331430 2016] [proxy:warn] [pid 642] [client 192.168.0.1:53972] AH01144: No protocol handler was valid for the URL /rest/elk/get/status. If you are using a DSO version of mod_proxy, make $ [sat Jul 02 14:57:52.566785 2016] [proxy:warn] [pid 646] [client 192.168.0.1:57505] AH01144: No protocol handler was valid for the URL /rest/status/7 2F 2F 1. If you are using a DSO version of mod_proxy, and so on...

I tried putting the rewrite rule back into .htaccess but that didn't help either.

<VirtualHost *:80> ServerAdmin webmaster@homeonthewater.com DocumentRoot /var/www/html ProxyRequests Off ProxyPreserveHost On KeepAlive On KeepAliveTimeout 5000 ProxyVia Off <Proxy *> AuthName "Authentication Required" AuthType Basic AuthUserFile /etc/htpasswd-isy AuthGroupFile /dev/null require valid-user Order deny,allow Allow from all </Proxy> RequestHeader set Authorization "Basic xxxxxxxxxxxx" ProxyPass "/rest/subscribe" "ws://192.168.0.171/rest/subscribe" retry=4 ProxyPassReverse "/rest/subscribe" "ws://192.168.0.171/rest/subscribe" retry=4 ProxyPass "/rest" "http://192.168.0.171/rest" ProxyPass "/services" "http://192.168.0.171/services" ProxyPass "/WEB" "http://192.168.0.171/WEB" ProxyPass "/USER" "http://192.168.0.171/USER" CustomLog ${APACHE_LOG_DIR}/access.log combined ErrorLog ${APACHE_LOG_DIR}/error.log </VirtualHost> Still not working though - still internal server error 500 Jul 2 14:11:07 raspberrypi systemd[1]: Starting LSB: Apache2 web server... Jul 2 14:11:07 raspberrypi apache2[3311]: Starting web server: apache2AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directiv$ Jul 2 14:11:08 raspberrypi apache2[3311]: . I don't think that matters, though. Apache starts fine - the only message in syslog is about the fqdn asking me to put ServerName directive in - but I don't think that matters. I

<VirtualHost *:80> ServerAdmin webmaster@homeonthewater.com DocumentRoot /var/www/html ProxyRequests Off ProxyPreserveHost On KeepAlive On KeepAliveTimeout 5000 ProxyVia Off <Proxy *> AuthName "Authentication Required" AuthType Basic AuthUserFile /etc/htpasswd-isy AuthGroupFile /dev/null require valid-user Order deny,allow Allow from all </Proxy> RequestHeader set Authorization "Basic xxxxxxxxxxxxxxxxx" ProxyPass "/rest/subscribe" "ws://192.168.0.171/rest/subscribe" retry=4 ProxyPassReverse "/rest/subscribe" "ws://192.168.0.171/rest/subscribe" retry=4 ProxyPass /rest http://192.168.0.171/rest ProxyPass /services http://192.168.0.171/services ProxyPass /WEB http://192.168.0.171/WEB ProxyPass /USER http://192.168.0.171/USER CustomLog ${APACHE_LOG_DIR}/access.log combined ErrorLog ${APACHE_LOG_DIR}/error.log </VirtualHost>

that link does not work - lol - I just realized that you can see that too. The user/pass is currently mark:mark mark http://homeonthewater.com/socket.htm - is, indeed, working!

I think I needed headers and authz_groupfile enabled - which I did now. restarting apache now succeeds! Getting closer... Socket now CONNECTS! woo hoo! I owe you a bottle of single malt! REST interface calls do not work - http://homeonthewater.com/rest/vars/get/1/45 Failed to load resource: the server responded with a status of 500 (Internal Server Error) mark

whoa - ok - it loads now...

pi@raspberrypi:/var/log $ sudo a2enmod headers Enabling module headers. To activate the new configuration, you need to run: service apache2 restart pi@raspberrypi:/var/log $ systemctl status apache2.service ● apache2.service - LSB: Apache2 web server Loaded: loaded (/etc/init.d/apache2) Active: failed (Result: exit-code) since Sat 2016-07-02 13:35:50 PDT; 3min 23s ago Process: 1913 ExecStop=/etc/init.d/apache2 stop (code=exited, status=0/SUCCESS) Process: 2152 ExecStart=/etc/init.d/apache2 start (code=exited, status=1/FAILURE) pi@raspberrypi:/var/log $

#sudo a2enmod authz_groupfile Considering dependency authz_core for authz_groupfile: Module authz_core already enabled Enabling module authz_groupfile. To activate the new configuration, you need to run: service apache2 restart pi@raspberrypi:/var/log $ sudo service apache2 restart Job for apache2.service failed. See 'systemctl status apache2.service' and 'journalctl -xn' for details. pi@raspberrypi:/var/log $ #systemctl status apache2.service ● apache2.service - LSB: Apache2 web server Loaded: loaded (/etc/init.d/apache2) Active: failed (Result: exit-code) since Sat 2016-07-02 13:35:50 PDT; 8s ago Process: 1913 ExecStop=/etc/init.d/apache2 stop (code=exited, status=0/SUCCESS) Process: 2152 ExecStart=/etc/init.d/apache2 start (code=exited, status=1/FAILURE)

#apachectl configtest AH00526: Syntax error on line 14 of /etc/apache2/sites-enabled/000-default.conf: Invalid command 'AuthGroupFile', perhaps misspelled or defined by a module not included in the server configuration Action 'configtest' failed. The Apache error log may have more information. syslog shows the same error information

FYI - If I put the backup of 000-default.conf back the .htaccess works properly and my site loads.

This was my original <VirtualHost *:80> # The ServerName directive sets the request scheme, hostname and port that # the server uses to identify itself. This is used when creating # redirection URLs. In the context of virtual hosts, the ServerName # specifies what hostname must appear in the request's Host: header to # match this virtual host. For the default virtual host (this file) this # value is not decisive as it is used as a last resort host regardless. # However, you must set it for any further virtual host explicitly. #ServerName www.example.com ServerAdmin webmaster@localhost DocumentRoot /var/www/html # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, # error, crit, alert, emerg. # It is also possible to configure the loglevel for particular # modules, e.g. #LogLevel info ssl:warn ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined # For most configuration files from conf-available/, which are # enabled or disabled at a global level, it is possible to # include a line for only one particular virtual host. For example the # following line enables the CGI configuration for this host only # after it has been globally disabled with "a2disconf". #Include conf-available/serve-cgi-bin.conf </VirtualHost> # vim: syntax=apache ts=4 sw=4 sts=4 sr noet I edited my previous post but I'll repost it here #sudo service apache2 restart gives me an error Job for apache2.service failed. See systemctl status apache2.service' and 'journalctl -xn' for details #systemctl status apache2.service gives me apache2.service - LSB: Apache2 web server Loaded: loaded (/etc/init.d/apache2) Active: failed (Result: exit-code) since Sat 2016-07-02 13:13:01 PDT; 1min 28s ago Process: 1390 ExecStart=/etc/init.d/apache2 start (code=exited, status=1/FAILURE)

I get connection reset even on local access. The Raspi is 192.168.0.233 - If I browse to that I get connection reset - diagnostics show connection refused. The difference between homeonthewater.com and www.homeonthewater.com was a leftover dns url forward from when I moved the site from my ReadyNAS to the Raspi. I've deleted it now but it will take a while for the global DNS cache to update None of the logs in /var/log/apache2 have a timestamp later than 6:25 am today #sudo service apache2 restart gives me an error Job for apache2.service failed. See systemctl status apache2.service' and 'jornalctl -xn' for details #systemctl status apache2.service gives me apache2.service - LSB: Apache2 web server Loaded: loaded (/etc/init.d/apache2) Active: failed (Result: exit-code) since Sat 2016-07-02 13:13:01 PDT; 1min 28s ago Process: 1390 ExecStart=/etc/init.d/apache2 start (code=exited, status=1/FAILURE)

Still plugging away - sorry for the hassle but still no love. Here's /etc/apache2/sites-available/000-default.conf For the sake of debugging I made the user admin and the password isypass. I'll change it back after I get this working. I encoded it here https://webnet77.net/cgi-bin/helpers/base-64.pl <VirtualHost *:80> ServerAdmin webmaster@homeonthewater.com DocumentRoot /var/www/html ProxyRequests Off ProxyPreserveHost On KeepAlive On KeepAliveTimeout 5000 ProxyVia Off <Proxy *> AuthName "Authentication Required" AuthType Basic AuthUserFile /etc/htpasswd-isy AuthGroupFile /dev/null require valid-user Order deny,allow Allow from all </Proxy> RequestHeader set Authorization "Basic YWRtaW46aXN5cGFzcw==" ProxyPass "/rest/subscribe" "ws://192.168.0.171/rest/subscribe" retry=4 ProxyPassReverse "/rest/subscribe" "ws://192.168.0.171/rest/subscribe" retry=4 ProxyPass /rest http://192.168.0.171/rest ProxyPass /services http://192.168.0.171/services ProxyPass /WEB http://192.168.0.171/WEB ProxyPass /USER http://192.168.0.171/USER CustomLog ${APACHE_LOG_DIR}/access.log combined ErrorLog ${APACHE_LOG_DIR}/error.log </VirtualHost> Still just connection reset..... mark

Could it be that I don't have the necessary apache modules loaded? I ran #sudo a2enmod proxy #sudo a2enmod proxy_wstunnel and those services seemed to start - I rebooted and tried it again ad got #sudo a2enmod proxy Module proxy already enabled #sudo a2enmod proxy_wstunnel Considering dependency proxy for proxy_wstunnel Module proxy already enabled Module proxy_wstunnel already enabled

In the RequestHeader - where you have 'Basic <password>' is 'Basic' in your case the user name? If not then where does the ISY Username fit into this? mark

Ok - /etc/apache2/sites-available/000-default.conf now reads like this <VirtualHost *:80> ServerName www.homeonthewater.com ServerAdmin webmaster@homeonthewater.com DocumentRoot /var/www/html ProxyRequests Off ProxyPreserveHost On KeepAlive On KeepAliveTimeout 5000 ProxyVia Off <Proxy *> AuthName "Authentication Required" AuthType Basic AuthUserFile /etc/htpasswd-isy AuthGroupFile /dev/null require valid-user Order deny,allow Allow from all </Proxy> RequestHeader set Authorization "Basic xxxxxxxx" ProxyPass "/rest/subscribe" "ws://192.168.0.171/rest/subscribe" retry=4 ProxyPassReverse "/rest/subscribe" "ws://192.168.0.171/rest/subscribe" retry=4 ProxyPass /rest http://192.168.0.171/rest ProxyPass /services http://192.168.0.171/services ProxyPass /WEB http://192.168.0.171/WEB ProxyPass /USER http://192.168.0.171/USER CustomLog ${APACHE_LOG_DIR}/access.log combined ErrorLog ${APACHE_LOG_DIR}/error.log </VirtualHost> The actual file contains my password where the xxxxxxxx is I also tried it without the servername directive - no difference I rebooted the Raspi after each set of changes. .htaccess looks like AuthType Basic AuthName "Password Protected Area" AuthUserFile "/etc/htpasswd-isy" Require valid-user I had already created a user - contents of /etc/htpasswd-isy mark:$apr1$Hj3JPcuN$0jOuugXPPG7mrb3ND2CfF/ I don't even get as far as the authentication, though. All I get is connection reset mark

Ok - so I copied your virtualhost setup to my /etc/apache2/sites-available/000-default.conf file. I changed the ServerName and the IP's - hopefully those don't matter. Mine looks like this: <VirtualHost *:80> ServerName www.homeonthewater.com ServerAdmin webmaster@homeonthewater.com DocumentRoot /var/www/html ProxyRequests Off ProxyPreserveHost On KeepAlive On KeepAliveTimeout 5000 ProxyVia Off <Proxy *> AuthName "Authentication Required" AuthType Basic AuthUserFile /etc/htpasswd-isy AuthGroupFile /dev/null require valid-user Order deny,allow Allow from all </Proxy> RequestHeader set Authorization "Basic xxxxxxxxxxxxxxxxxxxx" ProxyPass /custom ! ProxyPass "/rest/subscribe" "ws://192.168.0.171/rest/subscribe" retry=4 ProxyPassReverse "/rest/subscribe" "ws://192.168.0.171/rest/subscribe" retry=4 ProxyPass / http://192.168.0.171/ CustomLog ${APACHE_LOG_DIR}/access.log combined ErrorLog ${APACHE_LOG_DIR}/error.log SSLEngine on SSLCertificateFile /etc/ssl/certs/wc.domain.com.pem SSLCertificateKeyFile /etc/ssl/private/wc.domain.com.key SSLCertificateChainFile /etc/ssl/AlphaSSLchain.crt </VirtualHost> # vim: syntax=apache ts=4 sw=4 sts=4 sr noet I then made the changes to the .htaccess file, removing the rewrite rule so isyProxy.php isn't used. It looks like this AuthType Basic AuthName "Password Protected Area" AuthUserFile "/etc/htpasswd-isy" Require valid-user After making the changes I reboot the RasPI. My website will load from within my LAN but REST calls fail with ERR_CONNECTION_RESET [edit] actually my website will NOT load from within my LAN - CONNECTION_RESET From outside my LAN (my cell phone) I get ERR_CONNECTION_REFUSED I've saved your socket test code from http://forum.universal-devices.com/topic/15248-problems-creating-a-websocket-connection/?p=150499 as socket.htm in both my root folder (/var/www/html) and also in a subfolder (/var/www/html/myapp). I cannot load either of these files from www.homeonthewater.com/socket.htm nor www.homeonthewater.com/myapp/socket.htm. Both return ERR_CONNECTION_RESET Mark

I just noticed that I had a choice between a wildcard certificate and a standard one. The price difference was significant so I took a standard one. Was that a mistake? I note your example uses lights.domain.com so I suspect that a standard certificate would not work for just domain.com. makr

I found instructions for installing the certificate - Copy the Certificate files to your server. Download your Intermediate (DigiCertCA.crt) and Primary Certificate (your_domain_name.crt) files from your Customer Area, then copy them to the directory on your server where you will keep your certificate and key files. Make them readable by root only. Find the Apache config file to edit. The location and name of the config file can vary from server to server - especially if you use a special interface to manage your server configuration. Apache's main configuration file is typically named httpd.conf or apache2.conf. Possible locations for this file include /etc/httpd/ or /etc/apache2/. For a comprehensive listing of default installation layouts for Apache HTTPD on various operating systems and distributions, see Httpd Wiki - DistrosDefaultLayout. Often, the SSL Certificate configuration is located in a <VirtualHost> block in a different configuration file. The configuration files may be under a directory like /etc/httpd/vhosts.d/, /etc/httpd/sites/, or in a file called httpd-ssl.conf. One way to locate the SSL Configuration on Linux distributions is to search using grep, as shown in the example below. Type the following command: grep -i -r "SSLCertificateFile" /etc/httpd/ Where "/etc/httpd/" is the base directory for your Apache installation. Identify the SSL <VirtualHost> block to configure. If you need your site to be accessible through both secure (https) and non-secure (http) connections, you will need a virtual host for each type of connection. Make a copy of the existing non-secure virtual host and configure it for SSL as described in step 4. If you only need your site to be accessed securely, configure the existing virtual host for SSL as described in step 4. Configure the <VirtualHost> block for the SSL-enabled site. Below is a very simple example of a virtual host configured for SSL. The parts listed in bold are the parts that must be added for SSL configuration: <VirtualHost 192.168.0.1:443> DocumentRoot /var/www/html2 ServerName www.yourdomain.com SSLEngine on SSLCertificateFile /path/to/your_domain_name.crt SSLCertificateKeyFile /path/to/your_private.key SSLCertificateChainFile /path/to/DigiCertCA.crt </VirtualHost> Adjust the file names to match your certificate files: SSLCertificateFile should be your DigiCert certificate file (eg. your_domain_name.crt). SSLCertificateKeyFile should be the key file generated when you created the CSR. SSLCertificateChainFile should be the DigiCert intermediate certificate file (DigiCertCA.crt) If the SSLCertificateChainFile directive does not work, try using the SSLCACertificateFile directive instead. Test your Apache config before restarting. It is always best to check your Apache config files for any errors before restarting, because Apache will not start again if your config files have syntax errors. Run the following command: (it is apache2ctl on some systems) apachectl configtest Restart Apache. You can use apachectl commands to stop and start Apache with SSL support: apachectl stop apachectl start Note: If Apache does not start with SSL support, try using "apachectl startssl" instead of "apachectl start". If SSL support only loads with "apachectl startssl" we recommend you adjust the apache startup configuration to include SSL support in the regular "apachectl start" command. Otherwise your server may require that you manually restart Apache using "apachectl startssl" in the event of a server reboot. This usually involves removing the <IfDefine SSL> and </IfDefine> tags that enclose your SSL configuration.

eek - ok - stymied before I even got past getting the certificate... I went to get my certificate and got to this. I have no idea what to do with this and it says that if I get it wrong it can't be changed.... sorry for all the handholding needed Server Information You must have a valid "CSR" (Certificate Signing Request) to configure your SSL Certificate. The CSR is an encrypted piece of text that is generated by the web server where the SSL Certificate will be installed. If you do not already have a CSR, you must generate one or ask your web hosting provider to generate one for you. Also please ensure you enter the correct information as it cannot be changed after the SSL Certificate has been issued. Web Server Type Please choose one... AOL Apache +ModSSL Apache-SSL (Ben-SSL, not Stronghold) C2Net Stronghold and all these that are likely not relevant.... Cobalt Raq Covalent Server Software cPanel / WHM Ensim H-Sphere IBM HTTP Server IBM Internet Connection Server iPlanet Java Web Server (Javasoft / Sun) Lotus Domino Lotus Domino Go! Microsoft IIS 1.x to 4.x Microsoft IIS 5.x and later Netscape Enterprise Server Netscape FastTrack Novell Web Server Oracle Plesk Quid Pro Quo R3 SSL Server Raven SSL RedHat Linux SAP Web Application Server Tomcat Website Professional WebStar 4.x and later WebTen (from Tenon) Zeus Web Server Other (not listed) CSR here it asks for a csr. I imagine I have to generate that on my server but have no idea how.

Just working on this now.... Looks like the Raspi3 installed 2.4.10 by default. Looking in apache2.conf I see I'm limping along here but I'm hoping that this means that mod_proxy_wstunnel and mod_proxy are both installed and enabled already? I just purchased a certificate and am waiting for it but in the meantime I'm trying to sort out the next step in your instructions about I'll do some googling to figure this out - I'm also not sure how to install the certificate that I get but that should be easily found on the web too. baby steps....

Thanks Michael. Company just left and I'm looking this over. FYI - the wiki is empty - you may want to check that. Is this the contents of virtualhost.conf or .htaccess? The authtype and require-valid-user fields make me think .htaccess but the servername and serveradmin looks like virtualhost.conf. I'm gonna play with this first thing in the morning. I have a couple of questions though. In the first example you say This is the example I put on the wiki (it proxies everything to ISY including the websocket subscription - except for the /custom path which is sent to the path /var/www/lights/custom for serving) What is the purpose of the custom path? My entire site lives in /var/www/html. Do I need to break out the rest or socket portions into a different folder? In the second example you say This example will serve everything from /var/www/lights - EXCEPT for /rest (which will be proxied to the ISY and handle the websocket subscription): This sounds like the more appropriate option for me - but does it mean that I need to keep the rewrite rule and isyproxy? Thanks so much for doing this - I'm sure many will benefit from this down the road. mark

I'm very much interested. Today is Canada day up here in the great white North and I've had far too many beer to be doing any coding but I'll look into that tomorrow and see if I can make it work. Many thanks, Mark