Omeka S file management multiple VMs

ppr · June 13, 2023, 9:48pm

I have an Omeka S installation distributed on three VMs.

VM1 is a public VM where the http traffic arrived.
VM2 is a private VM with the Omeka S installation
VM3 is a private VM with a mysql server and the database used in Omeka S.

In VM1, apache has a virtual host redirecting the traffic for domain x.com to the VM2 through port 8081

<VirtualHost *:80>
	ServerName x.com
	ProxyPass / http://ip_vm2:8081/
	ProxyPassReverse / http://ip_vm2:8081/
</VirtualHost>

On VM2 another apache installation contained the document root directive.


<VirtualHost *:8081>
	ServerName x.com
	DocumentRoot /var/www/myomekas
</VirtualHost>

The Omeka S is live and working.

My issue is regarding files management.

If I upload a file as media, it will be uploaded correctly but is not displayed because the file URI is using the (private) ip of VM2

http://ip_vm2:8081/files/original/0f64303e41a2e4681e075a2e5f55e371db3be844.jpg

If I am connected though my VPN with direct access to VM2, I can access the file.
Without VPN, If I replace ip_vm2:8081by my domain name, I can access the file (because it goes through public VM1)

How can I configure Omeka S to using only URI with my domain name for files (and not the ip of the VM containing the files)?

Any other suggestion is welcomed.

ppr · June 14, 2023, 8:48am

I specify that I can access publicly the file if I change

http://ip_vm2:8081/files/original/0f64303e41a2e4681e075a2e5f55e371db3be844.jpg

to my domain name

http://x.com/files/original/0f64303e41a2e4681e075a2e5f55e371db3be844.jpg

So my question is mostly about how to tell Omeka S to ignore local URI when ingesting files and using domain instead.

jflatnes · June 14, 2023, 4:42pm

Try setting ProxyPreserveHost On in your VirtualHost section on VM1.

ppr · June 14, 2023, 9:18pm

Thanks. I just found this also and it is working.

I also found this thread mentioning this module. Does it do something more than ProxyPreserveHost On?

jflatnes · June 14, 2023, 9:29pm

I wrote that module: the difference there is it lets you just explicitly set what hostname you want the server to use when creating absolute URLs. Sometimes (if, for example, you don’t have control over the proxy you’re behind, or your local server configuration won’t accept a “fake” Host header) it’s important to have that greater level of control.

If you’re working fine with ProxyPreserveHost I wouldn’t necessarily bother with the module, but it’s another route that would work.

ppr · August 30, 2023, 4:22pm

If you use the module ViewerJs (or PdfViewer) to display pdfs (and more) on a multiple VMs configuration, Apache ProxyPreserveHost On setting is not enough and you will have an error when displaying pdfs; the ServerUrlOverride module fixes it (and is very welcomed, thank you!).

P-S: It looks like there is no issue when using ServerUrlOverride on current master version 4.1.0-alpha6, the omeka_version_constraint = “^3.1.0”` could maybe be upgraded.

jflatnes · August 30, 2023, 11:41pm

I can update the module’s listed compatibility.

I do find it a little unexpected that there’s a difference between ProxyPreserveHost and ServerUrlOverride for the modules you mention, as the code they use to build URLs should pretty much be the same as is used anywhere else in Omeka S.

ppr · August 31, 2023, 10:31am

The issue is in fact related to the https certification.

I use certbot to generate ssl certificats.

With a http installation, I have no problem to display pdfs with ViewerJs.

I do no know if there is a easy way to fix it on the apache side.

Here is my apache configuration for a test.

On vm1

 <VirtualHost *:80>
	ServerName omeka-s.ahp-numerique.fr
	ServerAdmin pierre.willaime@univ-lorrainoospame.fr
	ProxyPreserveHost On
	ProxyPass / http://hidden_ip:8082/
	ProxyPassReverse / http://hidden_ip:8082/

	ErrorLog ${APACHE_LOG_DIR}/error-omeka-s.log
	CustomLog ${APACHE_LOG_DIR}/access-omeka-s.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =omeka-s.ahp-numerique.fr
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

</VirtualHost>

certbot added the last three lines and another virtual host for 443 port:

<IfModule mod_ssl.c>
<VirtualHost *:443>
	ServerName omeka-s.ahp-numerique.fr
	ServerAdmin pierre.willaime@univ-lorrainoospame.fr
	ProxyPreserveHost On
	ProxyPass / http://hidden_ip:8082/
	ProxyPassReverse / http://hidden_ip:8082/

	ErrorLog ${APACHE_LOG_DIR}/error-omeka-s.log
	CustomLog ${APACHE_LOG_DIR}/access-omeka-s.log combined


SSLCertificateFile /etc/letsencrypt/live/omeka-s.ahp-numerique.fr/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/omeka-s.ahp-numerique.fr/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

jflatnes · August 31, 2023, 6:47pm

It’s possible the problem is related to the proxy forwarding an HTTPS connection to a HTTP backend. You might try adding an X-Forwarded-Proto header in the HTTPS vhost on the frontend proxy:

RequestHeader set X-Forwarded-Proto "https"

Of course if the other method of setting the URL is working for you, that’s fine too.

ppr · September 21, 2023, 12:03pm

Thanks John. I can confirm

RequestHeader set X-Forwarded-Proto "https"

works (and replace the module ServerUrlOverride)

jflatnes · September 25, 2023, 9:07pm

Great. Thanks for reporting back on that.