RF Eclectica Wiki

Try to learn something about everything, and everything about something - Thomas Huxley

User Tools

Site Tools


02 : Computers

Sandbox Server

UPDATE — John Pumford-Green 27/04/23 06:16

I have removed the self-signed SSL configuration on the shack sandbox server and reverted it to plain HTTP. I may re-instate it at some point in the future, but I decided I didn't want the hassle of persuading Chrome to accept the self-signed unsafe certificate all the time.

The details below show how it was originally set up, and can be used in future should I decide to repeat the process.


The shack webserver has a mirror of my real dokuwiki, to use as a test-bed and after setting it up I discovered that the encryption plugin I was using on the real wiki Encrypted Passwords Plugin didn't work.

After some head scratching, and after trying out another plugin (dokucrypt2 plugin), I figured out the difference between the 2 web servers….

The real server is configured to do proper HTTPS, with a real, signed SSL certificate. The shack server only does plain old HTTP, no encryption.

To test out my theory that this is what was breaking Encrypted Password Plugin I setup self-signed SSL on the shack webserver. It's just for local testing so there's no need for traceable certification, just the ability to handle HTTPS traffic.

It turned out to be quite simple….

I found the information here : https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-apache-in-ubuntu-16-04

gm4slv@shack:~/ssl_setup$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt
Generating a RSA private key
writing new private key to '/etc/ssl/private/apache-selfsigned.key'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:GB
State or Province Name (full name) [Some-State]:Shetland
Locality Name (eg, city) []:Clousta
Organization Name (eg, company) [Internet Widgits Pty Ltd]:GM4SLV
Organizational Unit Name (eg, section) []:GM4SLV
Common Name (e.g. server FQDN or YOUR name) []:shack
Email Address []:

The certificates are put in the directories already pointed to in the default SSL site config file so all I had to do was tell apache to enable ssl

sudo a2enmod ssl

and enable the default SSL site

gm4slv@shack:/etc/apache2/sites-enabled$ sudo a2ensite default-ssl.conf
Enabling site default-ssl.
To activate the new configuration, you need to run:
  systemctl reload apache2
gm4slv@shack:/etc/apache2/sites-enabled$ sudo service apache2 restart

SSL enabled

Browse to https://shack/dokuwiki and I got the usual dire Chrome warning

…. but chose to continue anyway…

and it works!

Encrypted Password Plugin

Then I tested the Encrypted Passwords Plugin and it also works

UPDATE— John Pumford-Green 31/05/22 21:13

The plugin page does say that HTTPS is needed:

Please note that the modern encryption mechanisms used within this Plugin require a modern Browser, JavaScript enabled and a wiki served via HTTPS!


I can now use the sandbox wiki to test everything that's running on the real wiki server.

Redirect to https

(UPDATEJohn Pumford-Green 31/05/22 10:08)



to add

ServerName gm4slv.plus.com
Redirect permanent / https://gm4slv.plus.com/

Open & forward router's port TCP/443 to the shack webserver

sudo service apache2 restart

Hey presto - external access to HTTPS

Page Info

John Pumford-Green 30/05/22 19:05

Page last updated: 04/04/24 21:35 BST

public/computers/sandbox_server.txt · Last modified: 04/04/24 21:35 BST by john