-
-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ROCKET_TLS with Letsencrypt #340
Comments
Did you check https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-HTTPS? There is a problem with some cert applications that use symlinks, this might be related. |
I did - I've checked all symlinks and there is at least read access for all owner/users/other. |
Are you running bitwarden_rs in container? |
I am running bitwarden_rs via docker. Http was working fine. But considering I gave read access to other I should be able to have the docker container read the symlinked files. There was two locations pointing to the actual pem files. |
Not sure why that would fail, then. Make sure you are using the same format, quotes an all, just in case: Other than that, I'm not sure. |
Maybe try to |
Hmm so I'm using quotes, this is my -e ROCKET_TLS='{certs=/ssl/fullchain.pem,key=/ssl/privkey.pem}' /ssl/ is mapped to the link to the folder with the symlinks. And the symlinks resolve properly using the exec command above showing -> to the proper files. I also tried linking the docker container straight to the files the symlinks are resolving to but that does not work either. I mean I could give read and write access to these files to see if it works but I'd rather not mess with the permissions on the pem files above read-level access. Any more thoughts? |
Hello @barqers, But :
Looking at nginx error log, I see:
So at this point, I'm not sure if the issue comes from bw or my server configuration. I have other sites configured on same server and domain, and everything is running fine. |
what happens if you connect to the bitwarden docker ip via https, bypassing nginx? Does that work without errors, besides maybe not being valid. also, how do you have nginx configured to connect to bwrs? |
Hey @BlackDex, thanks for your help! And yes, I'm using a proxy pass to connect to bwrs in nginx. I didn't have the option proxy_ssl_verify specified to off, I gave it a shot but still getting the same error. I'll continue investigating and keep you updated. Thanks! |
I found the issue... As I tried many configurations, container was pointing to a directory on the NAS where the certificates were stored, but using symlinks (which is not supported as the documentation states). Now I'm able to connect to bwrs using https. Another issue seems to be happening: Thanks all for your help, I'm making progress now! |
@killuminiiiou, your welcome :). indeed running bitwarden on a sub-url is not possible at this point except when modifying the vault code as stated in #241 |
I'm going to close this as we haven't heard from @barqers for couple weeks, so hopefully this has been resolved, but feel free to re-open if issue persists. |
I'm unable to point ROCKET_TLS to letsencrypt cert files without getting errors below:
[2019-01-15 14:11:38][rocket::config::error][ERROR] environment variable ROCKET_TLS='{certs=/ssl/cert.pem,key=/ssl/privkey.pem}' could not be parsed [2019-01-15 14:11:38][_][INFO] expected EOF but found { (eof) Logger failed to initialize: attempted to set a logger after the logging system was already initialized Logger failed to initialize: attempted to set a logger after the logging system was already initialized
I've tried certs as cert.pem and fullchain.pem and key as privkey.pem and priv-fullchain-bundle.pem which all produce the same errors.
The text was updated successfully, but these errors were encountered: