Can't enable SSL for self-signed domain #284

nlarche · 2019-03-27T14:18:00Z

Hi,

I'm currently not able to activate SSL with dinghy.

I've one container with VIRTUAL_HOST: www.dyb.dev

and I've generated his certificate with openssl req -x509 -newkey rsa:2048 -keyout www.dyb.dev.key \ -out www.dyb.dev.crt -days 365 -nodes \ -subj "/C=US/ST=Oregon/L=Portland/O=Company Name/OU=Org/CN=www.dyb.dev" \ -config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:www.dyb.dev")) \ -reqexts SAN -extensions SAN

Trying to connect to https://www.dyb.dev always return : Failed to connect to www.dyb.dev port 443: Connection refused

ls ~/.dinghy/certs
www.dyb.dev.crt www.dyb.dev.key

And the nginx config which have SSL missing
(docker exec -it dinghy_http_proxy cat /etc/nginx/conf.d/default.conf)
and certs missing in /etc/nginx/certs

# If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the
# scheme used to connect to this server
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
  default $http_x_forwarded_proto;
  ''      $scheme;
}
# If we receive Upgrade, set Connection to "upgrade"; otherwise, delete any
# Connection header that may have been passed to this server
map $http_upgrade $proxy_connection {
  default upgrade;
  '' close;
}
# Apply fix for very long server names
server_names_hash_bucket_size 128;
# Default dhparam
ssl_dhparam /etc/nginx/dhparam/dhparam.pem;
gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
log_format vhost '$host $remote_addr - $remote_user [$time_local] '
                 '"$request" $status $body_bytes_sent '
                 '"$http_referer" "$http_user_agent"';
access_log off;
# HTTP 1.1 support
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
server {
  listen 80 default_server;
  server_name _;
  root /var/www/default/htdocs;
  error_page 404 /index.html;
}
upstream www.dyb.dev {
        server 172.20.0.6:80;
}
server {
        server_name www.dyb.dev;
        listen 80;
        access_log /var/log/nginx/access.log vhost;
        location / {
                proxy_pass https://www.dyb.dev;
        }
}
upstream .application.doyoubuzz.dev {
        server 172.20.0.6:80;
}
server {
        server_name .application.doyoubuzz.dev;
        listen 80;
        access_log /var/log/nginx/access.log vhost;
        location / {
                proxy_pass https://.application.doyoubuzz.dev;
        }
}
upstream .db.doyoubuzz.dev {
        server 172.20.0.3:3306;
}
server {
        server_name .db.doyoubuzz.dev;
        listen 80;
        access_log /var/log/nginx/access.log vhost;
        location / {
                proxy_pass https://.db.doyoubuzz.dev;
        }
}
upstream .memcache.doyoubuzz.dev {
        server 172.20.0.2:11211;
}
server {
        server_name .memcache.doyoubuzz.dev;
        listen 80;
        access_log /var/log/nginx/access.log vhost;
        location / {
                proxy_pass https://.memcache.doyoubuzz.dev;
        }
}
upstream .mongo.doyoubuzz.dev {
        server 172.20.0.4:27017;
}
server {
        server_name .mongo.doyoubuzz.dev;
        listen 80;
        access_log /var/log/nginx/access.log vhost;
        location / {
                proxy_pass https://.mongo.doyoubuzz.dev;
        }

any clue to explain why ssl is missing from the nginx config file ?

Dinghy 4.6.5
docker-machine version 0.16.1

thx

The text was updated successfully, but these errors were encountered:

codekitchen · 2019-03-27T16:39:23Z

It sounds like the root issue is the certs not showing up in /etc/nginx/certs in the container, that would explain them not being in the config too. I'm not sure how that'd happen, unless Dinghy is somehow getting confused about where your home dir is maybe. Do you see the ~/.dinghy/certs mount in docker inspect dinghy_http_proxy output?

nlarche · 2019-03-27T18:21:55Z

Thanks for your answer, yes /certs folder seems to be mounted...

codekitchen · 2019-03-27T20:47:06Z

Maybe the NFS mount isn't working, have you tried using any volumes mounted from the host yet on your Dinghy install?

Does dinghy status show that NFS is running?
If you dinghy ssh and then ls /Users/nicolaslarche/.dinghy/certs you should see the certs from within the docker-machine VM too, if NFS is working.

nlarche · 2019-03-28T08:56:53Z

ok, I see what happened, I change

export DINGHY_HOST_MOUNT_DIR=/Volumes/Data/...
export DINGHY_GUEST_MOUNT_DIR=/Volumes/Data...

So my home directory is not mounted anymore.

Can I share both my home directory and my project directory in /Volumes ?

or maybe, It's possible to add an environment variable to specify certs directory ?

codekitchen · 2019-03-29T16:36:29Z

Oh dang, that stinks. Good catch, your fix looks reasonable.

nlarche mentioned this issue Mar 29, 2019

Add DINGHY_CERT_PATH environment variable #286

Merged

codekitchen closed this as completed Mar 29, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Can't enable SSL for self-signed domain #284

Can't enable SSL for self-signed domain #284

nlarche commented Mar 27, 2019

codekitchen commented Mar 27, 2019

nlarche commented Mar 27, 2019

codekitchen commented Mar 27, 2019

nlarche commented Mar 28, 2019 •

edited

Loading

codekitchen commented Mar 29, 2019

Can't enable SSL for self-signed domain #284

Can't enable SSL for self-signed domain #284

Comments

nlarche commented Mar 27, 2019

codekitchen commented Mar 27, 2019

nlarche commented Mar 27, 2019

codekitchen commented Mar 27, 2019

nlarche commented Mar 28, 2019 • edited Loading

codekitchen commented Mar 29, 2019

nlarche commented Mar 28, 2019 •

edited

Loading