UPDATE — John Pumford-Green 27/04/23 06:16

The shack webserver has a mirror of my real dokuwiki, to use as a test-bed and after setting it up I discovered that the encryption plugin I was using on the real wiki Encrypted Passwords Plugin didn't work.

After some head scratching, and after trying out another plugin (dokucrypt2 plugin), I figured out the difference between the 2 web servers….

The real server is configured to do proper HTTPS, with a real, signed SSL certificate. The shack server only does plain old HTTP, no encryption.

To test out my theory that this is what was breaking Encrypted Password Plugin I setup self-signed SSL on the shack webserver. It's just for local testing so there's no need for traceable certification, just the ability to handle HTTPS traffic.

It turned out to be quite simple….

I found the information here : https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-apache-in-ubuntu-16-04

gm4slv@shack:~/ssl_setup$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt
Generating a RSA private key
.......................+++++
...........+++++
writing new private key to '/etc/ssl/private/apache-selfsigned.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:GB
State or Province Name (full name) [Some-State]:Shetland
Locality Name (eg, city) []:Clousta
Organization Name (eg, company) [Internet Widgits Pty Ltd]:GM4SLV
Organizational Unit Name (eg, section) []:GM4SLV
Common Name (e.g. server FQDN or YOUR name) []:shack
Email Address []:

The certificates are put in the directories already pointed to in the default SSL site config file so all I had to do was tell apache to enable ssl

sudo a2enmod ssl

and enable the default SSL site

gm4slv@shack:/etc/apache2/sites-enabled$ sudo a2ensite default-ssl.conf
Enabling site default-ssl.
To activate the new configuration, you need to run:
  systemctl reload apache2
gm4slv@shack:/etc/apache2/sites-enabled$ sudo service apache2 restart

Browse to https://shack/dokuwiki and I got the usual dire Chrome warning

…. but chose to continue anyway…

and it works!

Then I tested the Encrypted Passwords Plugin and it also works

UPDATE— John Pumford-Green 31/05/22 21:13

The plugin page does say that HTTPS is needed:

Please note that the modern encryption mechanisms used within this Plugin require a modern Browser, JavaScript enabled and a wiki served via HTTPS!

I can now use the sandbox wiki to test everything that's running on the real wiki server.

(UPDATE — John Pumford-Green 31/05/22 10:08)

edit

/etc/apache2/sites-enabled/000-default.conf

to add

ServerName gm4slv.plus.com
Redirect permanent / https://gm4slv.plus.com/

Open & forward router's port TCP/443 to the shack webserver

sudo service apache2 restart

Hey presto - external access to HTTPS

— John Pumford-Green 30/05/22 19:05

Page last updated: 04/04/24 21:35 BST