Troubleshooting Workarounds
server {
listen 8200;
listen [::]:8200;
server_name MATRIX.YOUR.DOMAIN;
location /.well-known/matrix/server {
add_header Access-Control-Allow-Origin '*';
return 200 '{ "m.server": "MATRIX.YOUR.DOMAIN:443" }';
}
location /.well-known/matrix/client {
# If your sever_name here doesn't match your matrix homeserver URL
# (e.g. hostname.com as server_name and matrix.hostname.com as homeserver URL)
add_header Access-Control-Allow-Origin '*';
return 200 '{ "m.homeserver": { "base_url": "https://MATRIX.YOUR.DOMAIN" } }';
}
location /_matrix {
proxy_pass http://172.40.0.50:8008;
}
}
Apache needs to be informed, that HTTPS is already server by another proxy, Zoraxy in our case.
Now your site can look like this:
Adminpanel
We need to edit the wp-config.php file as root user. Switch to root user:
sudo su
The file is located at the Wordpress-webroot (/var/www/html/wordpress).
cd /var/www/html/wordpress
Sidenote:
If you use Wordpress in Docker and you used the standard docker-compose example the file should located at /var/lib/docker/volumes/wordpress_wordpress/_data/wp-config.php
Open the wp-config.php with editor as root
nano wp-config.php
Put in these lines after the "<?php" part of the file
if ( (!empty( $_SERVER['HTTP_X_FORWARDED_HOST'])) || (!empty( $_SERVER['HTTP_X_FORWARDED_FOR'])) ) { $_SERVER['HTTPS'] = 'on'; }
Save the file with CTRL + O and leave nano with CTRL + X
Now we need to edit the vHost for apache:
nano /etc/apache2/sites-available/wordpress.conf
Add this under ServerName
Protocols h2 h2c http/1.1
RemoteIPHeader X-Forwarded-For
SetEnvIf X-Forwarded-Proto "^https$" HTTPS=on
Save the file with CTRL + O and leave nano with CTRL + X
Restart apache with sudo systemctl restart apache2 and reload your page!
Adminpanel
You can now leave the root shell with
exit
Tested with Wordpress and Apache on a hostinstallation and Wordpress in Docker (wordpress:latest) with existing sites.
Installing Go is required to build Zoraxy. The packages in the Ubuntu and Debian repositories provide an outdated version (v1.18 for Ubuntu 22.04 and v1.15 for Debian Bullseye), but Zoraxy needs v1.20.
For Ubuntu, you can use the snap package, which is easily installed with:
sudo snap install go --classic
On Debian we need a few more steps, but it is not this hard:
-
Copy Go to your host:
wget https://go.dev/dl/go1.20.4.linux-amd64.tar.gz -
Extract the archive and copy it to the right place:
sudo tar -C /usr/local -xzf go1.20.4.linux-amd64.tar.gz -
Add Go to PATH:
echo "export PATH=/usr/local/go/bin:${PATH}" | sudo tee -a $HOME/.profile -
Normally you would need to logout and login again, or you run this to apply:
source $HOME/.profile -
Check Go version with:
go version
Successfully installed Go
When you get the following error, you will not be able to renew the SSL certificate, you will only be able to upload the certificate manually, and when you add a new proxy rule, the certificate will not be created. So, if your case is like what I predicted, please follow the following method. You won't need to reinstall zoraxy or anything.
Error:
Error: one or more domains had a problem: [sub-domain.domain.net] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: 2606:4700:3035::ac43:9b40: Invalid response from https://sub-domain.domain.net/.well-known/acme-challenge/TkzCltSxBm5sYYU1HqaYa6_T5MSmDM50gVuOLgBM1eY: 525
How to solve:
- Open
ACME Tool - Fill field
Domain(s)isdomain.xx, *.domain.xx(you must change your domain) - Edit DNS Challange depending on your provider
- Done
Get Certificate.
Now, let 's check if the error has been fixed successfully. The reason why this problem happens. Simply this is a bug from Zoraxy when integrating ACME, like your primary certificate has a problem that makes all other certificates not have a root certificate to rely on and makes ACME unable to resolve domain names.
Issue 527 is still not resolved, but there is an easy workaround for this. Zoraxy and Docmost can work together with a little help from NGINX.
My workaround uses the official dockerexample from Docmost. We only need to add a few lines :)
- Change in the directory of your docker compose file from Docmost
- Stop Docmost via
docker compose down nano docker-compose.yml- Comment out the ports of Docmost by adding # at the beginning of the line
version: '3'
services:
docmost:
image: docmost/docmost:latest
depends_on:
- db
- redis
environment:
APP_URL: 'http://localhost:3000'
APP_SECRET: 'REPLACE_WITH_LONG_SECRET'
DATABASE_URL: 'postgresql://docmost:STRONG_DB_PASSWORD@db:5432/docmost?schema=public'
REDIS_URL: 'redis://redis:6379'
# ports:
# - "3000:3000"
restart: unless-stopped
volumes:
- docmost:/app/data/storage
- Add NGINX at the end of the file, but before the volume section. You can freely change the port 8100 to anything else.
nginx:
restart: always
container_name: docmost-nginx
image: nginx:latest
ports:
- 8100:80
volumes:
- ./docmost.conf:/etc/nginx/conf.d/docmost.confYour docker-compose.yml should now look like this:
Save and exit
- Now we need a NGINX config for Docmost,
nano docmost.conf
And put this into the new file and change your Docmost URL but without http or https
server {
listen 80;
listen [::]:80;
http2 on;
server_name your.docmost.url;
# Allow any size file to be uploaded.
# Set to a value such as 100m; to restrict file size to a specific value
client_max_body_size 50m;
# Security headers
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options DENY;
add_header X-XSS-Protection "1; mode=block";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_pass_header Server;
proxy_connect_timeout 300;
# Default is HTTP/1, keepalive is only enabled in HTTP/1.1 (Websockets)
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
tcp_nodelay on;
proxy_pass http://docmost:3000;
}
}
Save and exit again
- Spin up Docmost again via
docker compose up -d - Create a new proxy rule in Zoraxy for the NGINX Container and use port 8100 if you did not change it.
For my example with Zoraxy inside docker:
docmost-nginx:8100