Changing virtual server app leads to 403

Hi Community!

Amongst other tools installed on my physical server (Debian 9 + Virtualmin), I’ve created a virtual server for our wiki (tikiwiki, php application), which is, as all others, protected by a Let’s Encrypt certificate which provides for https connection. So far so good.

I’ve tried last week to switch the wiki engine to another one (wiki.js, java app):

  • installed node.js on the server = OK
  • backed the whole wiki virtual server up = OK
  • deleted all files in wiki/www folder (except .htaccess) = OK
  • unpacked wiki.js = OK
  • ran node wiki as a service = OK
  • go to = OK (new wiki looks way better than the old one :wink:)
  • go to = HTTP 403!

Hence my questions:

  • is there any reason the certificate located in /wiki couldn’t be used for the new wiki?
  • is there anything which I should fix in the .htaccess file (not very familiar with it but I think this .htaccess is largely tikiwiki-oriented)?
  • should I change anything in the virtual server configuration as I’m now running a java app instead of a php one (Apache conf file)?

Note: the config.yml file for wiki.js includes the following section, which should obviously be edited.

      enabled: false (--> turned to TRUE)

      # Certificate format, either 'pem' or 'pfx': (what is the format of the certificates installed by Virtualmin?)
      format: pem (--> doesn't match the Let'sEncrypt ssl.cert / ssl.key format?)
      # Using PEM format:
      key: path/to/key.pem
      cert: path/to/cert.pem
      # Using PFX format:
      pfx: path/to/cert.pfx
      # Passphrase when using encrypted PEM / PFX keys (default: null):
      passphrase: null (Virtualmin-defined, so I have no access to this, if required)
      # Diffie Hellman parameters, with key length being greater or equal
      # to 1024 bits (default: null):
      dhparam: null

      # Listen on this HTTP port and redirect all requests to HTTPS.
      # Set to false to disable (default: 80):
      redirectNonSSLPort: 80

Thanks in advance for any help!


Certificates can be in different format.

You would need to convert current certificates used by Apache (usually located in domain’s home root dir).

Lear more here.

Thanks Ilia! Not sure it’s certificate related, I’m rather investigating the wiki.js installation…

Actually, I’ve managed to run the tool yesterday, in http only (got the initial settings page, created my home page) and was rejected when trying to access the site in https. Today, I’ve tried to fix this by enabling the proxy + proxy_http modules with Apache and modified the wiki.conf file:

#Paramètres du proxy pour Wiki.js
ProxyPreserveHost Off
ProxyPass / http://<myIPaddress>:3000/
ProxyPassReverse / http://<myIPaddress>:3000/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

It still doesn’t work and return 403 Forbidden on any access now (http and https)! I don’t know if any logfile exists which could help debugging this…

Thanks in advance for any help!

UPDATE: I stopped the node server and restarted it. I can now again access the wiki in http, but https access is still denied… I will investigate in installing node.js through virtualmin, maybe some proxy settings will come with the installation…


<IfModule mod_proxy.c>
	RewriteEngine On
	ProxyRequests Off
	SSLProxyEngine On
	SSLProxyVerify None 
	SSLProxyCheckPeerCN Off
	SSLProxyCheckPeerName Off
	SSLProxyCheckPeerExpire Off

	ProxyPass "/" ""
	ProxyPassReverse "/" ""

Hi there!

I finally used this quarantine time to make some cleanup on my server: made a backup of my wiki.js data, deleted the whole subdomain, created it again with SSL site = ON (everything was OK, including the SSL certificate request that previously failed) and made a fresh installation of the wiki.js app.

Bingo! Everything runs smoothly now, and I strongly suspect that both the certificate and the .htaccess files were corrupted.

So a warm thank you for your support! :ok_hand: