Skip to main content

Selfhost Shaarli

·431 words·3 mins
Tools I Use Selfhosting Shaarli Bookmarks Opensource

I use Shaarli since ages to collect links, notes and bookmarks. I worked a little bit on that collection and started to share some as public lists.

On my mobile device I bought a license for Stakali, it fits perfectly into my workflows. I often search on my mobile and share the link through Stakali to my desktop. Stakali just needs the URL and the API Key of Shaarli, but I got errors. So I analyzed the source and app with:

Stakali has an option to disable SSL Key checking, so no need to use any more tools to intercept the traffic. On Android you normally have to disable SSL Pinning. Here is a good start to learn how to do this.

Even with enabled API it didn’t work. First I used the default .htaccess, but got Error 500 accessing the api.

.htaccess

# Disable directory listing
Options -Indexes

RewriteEngine On

# Prevent accessing subdirectories not managed by SCM
RewriteRule ^(.git|doxygen|vendor) - [F]

RewriteCond %{HTTP:Authorization} ^(.+)
RewriteRule ^(.*)$ $1 [E=HTTP_AUTHORIZATION:%1,PT]

# REST API
RewriteBase /           
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^ index.php [L]
...
  • Add this line

With RewriteBase the Error 500 accessing the API disappeared, but logon with mobile still wasn’t possible.

I enabled the debug mode and wrote a little php script to check the headers and environment variables:

shaarli/data/config.json.php

...
  },        
  "dev": {
    "debug": true
  }
}
  • Add a new element to the json to enable debugging

My hoster uses FastCGI with PHP and this strips the Authorization header, but the RewriteRule RewriteRule ^(.*)$ $1 [E=HTTP_AUTHORIZATION:%1,PT] should add an environment variable HTTP_AUTHORIZATION with the content of the Authorization header.

This does not work for me, but I found a workaround:

.htaccess

...
SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0        
# RewriteCond %{HTTP:Authorization} ^(.+)              
# RewriteRule ^(.*)$ $1 [E=HTTP_AUTHORIZATION:%1,PT]   
...

  • add this line

  • comment out

  • comment out

I replaced the RewriteRule with this SetEnvIf directive. Now I found the used Bearer JWT Token when I debugged the access, but Shaarli didn’t accept the token, because the variable was renamed to REDIRECT_HTTP_AUTHORIZATION and Shaarli is not aware of this.

I couldn’t find an easy way to get this working, so I changed the code directly and created a Pull Request. I added the comments to .htaccess to make it easier (just comment out or in the rewrite rules) and application/api/ApiMiddleware.php.

You can see all changes here. Not sure if this all is needed or good, but it works for me. I just added the new environment variable and the application doesn’t run into exceptions any more.

pr shaarli
Christoph Stoettner
Author
Christoph Stoettner
I work at Vegard IT GmbH as a senior consultant, focusing on collaboration software, Kubernetes, security, and automation. I primarily work with HCL Connections, WebSphere Application Server, Kubernetes, Ansible, Terraform, and Linux. My daily work occasionally leads to technical talks and blog articles, which I share here more or less regularly.
Matrix

Related

Using Docker and ELK to Analyze WebSphere Application Server SystemOut.log

·938 words·5 mins
Tools I Use Docker Elasticsearch ELK Opensource WebSphere
I often get SystemOut.log files from customers or friends to help them analyzing a problem. Often it is complicated to find the right server and application which generates the real error, because most WebSphere Applications (like IBM Connections or Sametime) are installed on different Application Servers and Nodes. So you need to open multiple large files in your editor, scroll each to the needed timestamps and check the lines before for possible error messages.