Topic on Talk:Parsoid

how to run parsoid over https

8 comments 17:04, 29 January 2018 6 years ago
8
Summary by Arlolra

stunnel seems misconfigured.

59.163.27.11 (talkcontribs)

it is working fine for http but when i am running the same its throws the below error:

curl error:35 parsoid

10:16, 20 October 2016 7 years ago
Arlolra (talkcontribs)

What are you using to terminate the TLS connection, and forward to Parsoid?

17:03, 20 October 2016 7 years ago
59.163.27.11 (talkcontribs)
06:51, 21 October 2016 7 years ago
Arlolra (talkcontribs)

That error code refers to an SSL_CONNECT_ERROR. Something is wrong w/ your stunnel setup. I suggest you consult the stunnel documentation and try to confirm that you can get it working in a minimal setup, without Parsoid. Once that's confirmed to be working, re-attempt to point it at Parsoid.

17:26, 21 October 2016 7 years ago
Kghbln (talkcontribs)

What is meant with "What are you using to terminate the TLS connection, and forward to Parsoid?"

What I did is follow the suggestion on Parsoid over HTTPS and I get the same curl error. If I access port 8142 like e.g. https://wiki.example.com:8142 I get "SSL_ERROR_RX_RECORD_TOO_LONG" so I guess it is no wonder it is not working.

My stunnel4 config is like this:

cert = /etc/letsencrypt/live/wiki.example.com/fullchain.pem
key = /etc/letsencrypt/live/wiki.example.com/privkey.pem

[wiki]
accept  = 8143
connect = 8142

"service stunnel4 status" is running:

● stunnel4.service - LSB: Start or stop stunnel 4.x (SSL tunnel for network daemons)
   Loaded: loaded (/etc/init.d/stunnel4)
   Active: active (running) since ...

So according to the current documentation it should work. Reality however tells me otherwise.

Edited 15:53, 20 January 2018 6 years ago
Kghbln (talkcontribs)
Edited 16:06, 20 January 2018 6 years ago
Kghbln (talkcontribs)

I spent another two hours figuring out a way but failed. The solution presented on the linked thread did not help either. If I added 8000 for the same domain I would like to use VE I get a proxy error form the server (500). If I configure an alternative domain for parsoid I get a curl 51 since the certs do not match.

Any help on how to set up parsoid via https will be appreciated.

19:19, 20 January 2018 6 years ago
Kghbln (talkcontribs)

Hmm, perhaps the setup is working as expected. The wiki is https only and the VisualEditor is working. What is not happening is setting the url parameter of $wgVirtualRestConfig to https. But that's probably why we have stunnel to enforce this is the background.

22:49, 20 January 2018 6 years ago
Retrieved from "https://www.mediawiki.org/wiki/Topic:Tdrvuhopfwqaeb5n"