MAyan-EDMS with LetsEncrypt

Questions, comments, discussions. Over time certain topics might be moved to their own category.
Post Reply
KevinPawsey
Posts: 50
Joined: Wed Aug 22, 2018 2:52 pm

MAyan-EDMS with LetsEncrypt

Post by KevinPawsey » Fri Nov 02, 2018 11:17 pm

Was just trying to get EDMS to work with LetsEncrypt, which is a reverse proxy system (big fan of it!!)... anyway, most of my apps have a subfolder off a main URL for them to work. I was trying to do the same with MayanEDMS but I can't find anywhere that I can change the base URL.

The URL ideally would look like https://[my-domain.co.uk]/mayanedms

Is this something that is possible and I have just missed the setting somewhere?

Thanks for your help


Kevin

User avatar
rosarior
Posts: 159
Joined: Tue Aug 21, 2018 3:28 am

Re: MAyan-EDMS with LetsEncrypt

Post by rosarior » Mon Nov 05, 2018 5:50 am

I like Let's encrypt too, make things much easier compared to the traditional way. We published some step for setting up HTTPS for Mayan with Apache: https://wiki.mayan-edms.com/index.php?t ... ith_Apache

Getting Django projects to work on sub URLs doesn't always work. I haven't check in a why but last time it only worked when using mod_python or mod_wsgi with Apache: https://code.djangoproject.com/wiki/Bac ... determined

Searching around I found this using NGINX as a reverse proxy and setting Django's SCRIPT_NAME option: http://albertoconnor.ca/hosting-django- ... tions.html

Be warned that as that last link mentions, even Django and Gunicorn barely document how to do this:
The SCRIPT_NAME variable is mentioned in the gunicorn FAQ very briefly and without context.
It will be interesting to hear from your experiments on this.

KevinPawsey
Posts: 50
Joined: Wed Aug 22, 2018 2:52 pm

Re: MAyan-EDMS with LetsEncrypt

Post by KevinPawsey » Mon Nov 05, 2018 3:14 pm

I will indeed be having a look into this, and will report back if I manage to either get it working or completely break my EDMS :lol:

Thanks for taking your time to help :)

Kevin

KevinPawsey
Posts: 50
Joined: Wed Aug 22, 2018 2:52 pm

Re: MAyan-EDMS with LetsEncrypt

Post by KevinPawsey » Sat Nov 10, 2018 10:34 am

Hi Rosarior,

I have had a brief look at trying to do this... mind=blown :lol:

I couldn’t even find the file that needs to be edited to be honest... I will continue to have a look to try and find the file(s) that need editing... hopefully I will be able to at least find and document the change so that it might help some others in the meantime.

As for getting Mayan working with HTTPS, I don’t think that should be needed, as the LetsEncrypt deals with the encryption being a reverse proxy. Basically the LetsEncrypt passes the traffic off to the non-http server in the background... so all I need to do is run Mayan from a subfolder... “all I need to do” he says :lol:

I will have another look with fresh eyes today to see what else I can find to edit :)

Thanks again for your help.

Kevin

theintelligentmouse
Posts: 5
Joined: Thu Nov 01, 2018 7:16 am

Re: MAyan-EDMS with LetsEncrypt

Post by theintelligentmouse » Sun Nov 11, 2018 10:04 pm

You could move your DNS to CloudFlare and use their free SSL Certificate / Proxy.

KevinPawsey
Posts: 50
Joined: Wed Aug 22, 2018 2:52 pm

Re: MAyan-EDMS with LetsEncrypt

Post by KevinPawsey » Mon Nov 12, 2018 11:35 am

theintelligentmouse wrote:
Sun Nov 11, 2018 10:04 pm
You could move your DNS to CloudFlare and use their free SSL Certificate / Proxy.
Yeh, I have used CloudFlare with other services (externally), and they are awesome... but this is an internal-only service, so it wont really work for me. It isn't the https that I am so worried about... it is just that I would like to use LetsEncrypt for the convvenience of having a URL that looks like:

Code: Select all

https://[domain_name]/[service]/
which is what I have all my internal services on, such as Plex, Radarr, Sonarr...
as opposed to:

Code: Select all

http://[hostname]:[port]/
... just tidier, hence the reason for wanting to do it, but not being a big issue :)

Also, it does make external access easier, as all inbound traffic from the internet gets proxied through one service... meaning only one open port to the internet, and LetsEncrypt runs Fail2Ban, so if someone starts guess username/passwords, they will be banned for a set amount of time... pretty neat :)

User avatar
rosarior
Posts: 159
Joined: Tue Aug 21, 2018 3:28 am

Re: MAyan-EDMS with LetsEncrypt

Post by rosarior » Thu Nov 15, 2018 6:08 am

It seems SCRIPT_NAME is no longer a setting but an environment variable (https://docs.djangoproject.com/en/1.11/ ... cript-name).
When Django features are in a state of flux we see that as a flag to no use them until they stabilize (same happened to the auto_now_add and now_add arguments to date time fields a while ago).

Some time ago we implemented multi tenancy (multi organization) for a client with a custom fork. The work included support for running all tenant from a same domain and the first part of the URL determined the tenant.

mayan.example.com/organization_1/documents/list/
mayan.example.com/organization_2/documents/list/

I'll see if we can be allowed to re-examine and use this code.

User avatar
rosarior
Posts: 159
Joined: Tue Aug 21, 2018 3:28 am

Re: MAyan-EDMS with LetsEncrypt

Post by rosarior » Thu Nov 15, 2018 6:10 am

In the meantime you can use Traefik (https://traefik.io/). It can map URLs to ports on the same host. Supports HTTPS via Let's Encrypt too.

KevinPawsey
Posts: 50
Joined: Wed Aug 22, 2018 2:52 pm

Re: MAyan-EDMS with LetsEncrypt

Post by KevinPawsey » Thu Nov 15, 2018 7:34 am

hmmm... may take a look into this... although I was hoping to not have too many hops in the path of the app... Mayan>Traefik>LetsEncrypt...

I may give it a go though ;)


Kevin

Post Reply