Thanks to a couple of members of this list I was able to get Visual Editor working on my WikiMedia install.
Now I would like to run the wiki under SSL. Of course, as soon as I do, my browser complains of mixed content from the RESTbase server and won't load VE at all.
I am running MediaWiki 1.28 on a shared host, which means no access to node.js. So in order to run Parsoid and RESTbase I have installed both on my home server. As such, I have no way of getting a trusted SSL certificate for it; the most I could do is a self-signed certificate, which I am sure will cause as many browser complaints as the current mixed-content does.
My question is, what is the likelihood of getting this configuration to work under SSL?
John
You can get a trusted cert for your home server. Look into LetsEncrypt.
On 22 Feb 2017 3:15 pm, "John P. New" wikitech@hazelden.ca wrote:
Thanks to a couple of members of this list I was able to get Visual Editor working on my WikiMedia install.
Now I would like to run the wiki under SSL. Of course, as soon as I do, my browser complains of mixed content from the RESTbase server and won't load VE at all.
I am running MediaWiki 1.28 on a shared host, which means no access to node.js. So in order to run Parsoid and RESTbase I have installed both on my home server. As such, I have no way of getting a trusted SSL certificate for it; the most I could do is a self-signed certificate, which I am sure will cause as many browser complaints as the current mixed-content does.
My question is, what is the likelihood of getting this configuration to work under SSL?
John
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
I had thought of LetsEncrypt, but I was under the (mistaken) impression that SSL certificates are bound to the IP address as well as the hostname of the server. Upon further investigation, I see that SSL certificates are not IP address dependent.
I'll give it a try, thanks.
On February 22, 2017 04:57:30 PM Alex Monk wrote:
You can get a trusted cert for your home server. Look into LetsEncrypt.
On 22 Feb 2017 3:15 pm, "John P. New" wikitech@hazelden.ca wrote:
Thanks to a couple of members of this list I was able to get Visual Editor working on my WikiMedia install.
Now I would like to run the wiki under SSL. Of course, as soon as I do, my browser complains of mixed content from the RESTbase server and won't load VE at all.
I am running MediaWiki 1.28 on a shared host, which means no access to node.js. So in order to run Parsoid and RESTbase I have installed both on my home server. As such, I have no way of getting a trusted SSL certificate for it; the most I could do is a self-signed certificate, which I am sure will cause as many browser complaints as the current mixed-content does.
My question is, what is the likelihood of getting this configuration to work under SSL?
John
On Wed, Feb 22, 2017 at 7:14 AM, John P. New wikitech@hazelden.ca wrote:
I am running MediaWiki 1.28 on a shared host, which means no access to node.js. So in order to run Parsoid and RESTbase I have installed both on my home server. As such, I have no way of getting a trusted SSL certificate for it; the most I could do is a self-signed certificate, which I am sure will cause as many browser complaints as the current mixed-content does.
VE calls are proxied through the wiki; you can serve them in SSL but make the wiki -> Parsoid server calls in plaintext. That said, you should definitely use Let's Encrypt; it's very easy to set up and you have one less script injection / cookie stealing vulnerability.
To wrap this up, I managed to get SSL to RESTbase working, but using CPanel AutoSSL instead of LetsEncrypt. AutoSSL and LetsEncrypt are similar services but I used AutoSSL because my main mediawiki install is served on CPanel.
In a nutshell, I ) Created a sub-domain, mw.mywikidomain.com. The associated SSL certificate was automatically created. ) Pointed the DNS entry for mw.mywikidomain.com to my home server IP address ) Exported the certificate and key entries into an stunnel install running on my home server and listening on port 7232. ) Changed the $wgVisualEditorRestbaseURL and $wgVisualEditorFullRestbaseURL to point to https://mw.mydomain.com:7232/mywikidomain.com/v1/page/html/ and https://mw.mydomain.com:7232/mywikidomain.com/, respectively.
Thanks for the help.
John
On February 22, 2017 10:14:54 AM John P. New wrote:
Thanks to a couple of members of this list I was able to get Visual Editor working on my WikiMedia install.
Now I would like to run the wiki under SSL. Of course, as soon as I do, my browser complains of mixed content from the RESTbase server and won't load VE at all.
I am running MediaWiki 1.28 on a shared host, which means no access to node.js. So in order to run Parsoid and RESTbase I have installed both on my home server. As such, I have no way of getting a trusted SSL certificate for it; the most I could do is a self-signed certificate, which I am sure will cause as many browser complaints as the current mixed-content does.
My question is, what is the likelihood of getting this configuration to work under SSL?
John
wikitech-l@lists.wikimedia.org