Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't deploy it with ssl and nginx #1073

Open
roip890 opened this issue Dec 14, 2023 · 3 comments
Open

Can't deploy it with ssl and nginx #1073

roip890 opened this issue Dec 14, 2023 · 3 comments
Assignees
@rennokki
Labels
status:triage Awaiting triage.

Comments

@roip890
Copy link

roip890 commented Dec 14, 2023
edited

Hi, I try to deploy soketi over digital ocean droplet with SSL.
I tried to do that with the environment variables and docker compose and it didn't worked.

I than tried to do that with nginx-proxy and I still getting an error.
This is the docker-compose file:

version: '3.9'
services:
  # ...

  soketi:
    container_name: 'soketi-server'
    restart: unless-stopped
    image: 'quay.io/soketi/soketi:latest-16-alpine'
    ports:
      - '${SOKETI_PORT:-6001}:6001'
      - '${SOKETI_METRICS_SERVER_PORT:-9601}:9601'
    environment:
      VIRTUAL_HOST: soketi.ctzone.io
      SOKETI_DEBUG: ${DEBUG:-1}
      DEFAULT_APP_ID: ${PUSHER_APP_ID:-app-id}
      DEFAULT_APP_KEY: ${PUSHER_APP_KEY:-app-key}
      DEFAULT_APP_SECRET: ${PUSHER_APP_SECRET:-some-app-secret}
      PUSHER_HOST: ${PUSHER_HOST:-127.0.0.1}
      PUSHER_PORT: ${PUSHER_PORT:-6001}
      PUSHER_SCHEME: ${PUSHER_SCHEME:-http}
      METRICS_SERVER_PORT: ${METRICS_SERVER_PORT:-9601}
      DEFAULT_APP_ENABLE_CLIENT_MESSAGES: ${DEFAULT_APP_ENABLE_CLIENT_MESSAGES:-false}
    #      - SOKETI_SSL_CA=/app/certs/ca.crt
    #      - SOKETI_SSL_CERT=/app/certs/server.crt
    #      - SOKETI_SSL_KEY=/app/certs/server.key
    #      - SOKETI_SSL_PASS=CityZone5
    volumes:
      - /usr/local/share/ca-certificates/ca.crt:/app/certs/ca.crt
      - /root/soketi/certs/server.key:/app/certs/server.key
      - /root/soketi/certs/server.crt:/app/certs/server.crt
    networks:
      - soketi-network

  nginx-proxy:
    image: jwilder/nginx-proxy:latest
    container_name: nginx-proxy
    ports:
      - "80:80"
      - "443:443"
    restart: "always"
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - /etc/nginx/vhost.d
      - /root/soketi/nginx/conf.d/soketi.conf:/etc/nginx/conf.d/soketi.conf
      - /usr/share/nginx/html
      - shared_certs:/etc/nginx/certs
    environment:
      DEFAULT_HOST: soketi.ctzone.io
      VIRTUAL_HOST: soketi.ctzone.io
      LETSENCRYPT_HOST: soketi.ctzone.io
      LETSENCRYPT_EMAIL: [email protected]
    labels:
      - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy=true"
    network_mode: "host"

  letsencrypt:
    image: jrcs/letsencrypt-nginx-proxy-companion:latest
    container_name: letsencrypt
    depends_on:
      - nginx-proxy
    restart: "always"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /etc/nginx/vhost.d
      - /root/soketi/nginx/conf.d/soketi.conf:/etc/nginx/conf.d/soketi.conf
      - /usr/share/nginx/html
      - shared_certs:/etc/nginx/certs
    environment:
      NGINX_PROXY_CONTAINER: nginx-proxy
    network_mode: "host"

networks:
  soketi-network:
    driver: bridge

volumes:
  shared_certs:

This is the conf file of the nginx:

server {
    listen 80;
    server_name soketi.ctzone.io;

    client_body_buffer_size 64k;
    client_header_buffer_size 16k;
    large_client_header_buffers 16 128k;

    location / {
        proxy_pass http://localhost:6001;  # Assuming your Soketi service is named "soketi" in your Docker Compose.
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

    # Redirect HTTP requests to HTTPS
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name soketi.ctzone.io;

    # SSL certificate and key paths (provided by Let's Encrypt companion)
    ssl_certificate /etc/nginx/certs/default.crt;
    ssl_certificate_key /etc/nginx/certs/default.key;

    client_body_buffer_size 64k;
    client_header_buffer_size 16k;
    large_client_header_buffers 16 128k;

    location / {
        proxy_pass http://localhost:6001;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

this is the error I am getting when trying to get to soketi subdomain (soketi.citizone.io):

<html>
<head><title>400 Request Header Or Cookie Too Large</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<center>Request Header Or Cookie Too Large</center>
<hr><center>nginx/1.25.2</center>
</body>
</html>

But when I am trying to get into the IP of the machine directly I am getting:

OK

I will like to here if there is a simpler way to deploy it over digital ocean droplet (or some machine) with SSL.
@roip890 roip890 added the status:triage Awaiting triage. label Dec 14, 2023
@codeautopilot CodeAutopilot
Copy link

codeautopilot bot commented Dec 14, 2023

Your organization has reached the subscribed usage limit. You can upgrade your plan at https://github.com/marketplace/code-autopilot-ai-coder

Disclaimer: This comment was entirely generated using AI. Be aware that the information provided may be incorrect.

Current plan usage: 159.51%

Have feedback or need help?
Discord
Documentation
[email protected]

@chrispage1
Copy link

I've got a similar setup and it works no problem.

Here's my nginx config:

server {
    listen 443 ssl http2;

    server_name ws.alltrac.test;
    server_tokens off;

    ssl_certificate /certs/dev.pem;
    ssl_certificate_key /certs/dev.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
    ssl_prefer_server_ciphers on;

    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";

    charset utf-8;

    location / {
        proxy_pass             http://soketi:6001;
        proxy_read_timeout     60;
        proxy_connect_timeout  60;
        proxy_redirect         off;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

    access_log off;
    error_log off;
}

config.json

{
    "debug": true,
    "port": 6001,
    "appManager.array.apps": [
        {
            "id": "testing",
            "key": "testing",
            "secret": "appSecret",
        }
    ]
}

And my docker-compose.yml:

version: "3.5"

services:

  nginx:
    volumes:
      - ./docker/nginx/nginx.conf:/etc/nginx/sites-available/default:delegated
      - ./docker/certificates:/certs:delegated # map our local project keys
      - ~/.mkcert-keys:/root/.local/share/mkcert:delegated # map our global mkcert key
    ports:
      - "80:80"
      - "443:443"

  soketi:
    depends_on:
      - nginx
    image: quay.io/soketi/soketi:1.5-16-debian
    command: soketi start --config=/config/config.json
    volumes:
      - .:/var/www:delegated
      - ./docker/soketi:/config
      - ~/.mkcert-keys:/mkcert:delegated # map our global mkcert key
    environment:
      - SOKETI_SSL_CA=/mkcert/rootCA-key.pem
    ports:
      - "6001:6001"
      - "9601:9601"

This is a local setup but works fine. Your issue appears to be more of an nginx misconfiguration.

1 similar comment
@chrispage1
Copy link

I've got a similar setup and it works no problem.

Here's my nginx config:

server {
    listen 443 ssl http2;

    server_name ws.alltrac.test;
    server_tokens off;

    ssl_certificate /certs/dev.pem;
    ssl_certificate_key /certs/dev.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
    ssl_prefer_server_ciphers on;

    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";

    charset utf-8;

    location / {
        proxy_pass             http://soketi:6001;
        proxy_read_timeout     60;
        proxy_connect_timeout  60;
        proxy_redirect         off;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

    access_log off;
    error_log off;
}

config.json

{
    "debug": true,
    "port": 6001,
    "appManager.array.apps": [
        {
            "id": "testing",
            "key": "testing",
            "secret": "appSecret",
        }
    ]
}

And my docker-compose.yml:

version: "3.5"

services:

  nginx:
    volumes:
      - ./docker/nginx/nginx.conf:/etc/nginx/sites-available/default:delegated
      - ./docker/certificates:/certs:delegated # map our local project keys
      - ~/.mkcert-keys:/root/.local/share/mkcert:delegated # map our global mkcert key
    ports:
      - "80:80"
      - "443:443"

  soketi:
    depends_on:
      - nginx
    image: quay.io/soketi/soketi:1.5-16-debian
    command: soketi start --config=/config/config.json
    volumes:
      - .:/var/www:delegated
      - ./docker/soketi:/config
      - ~/.mkcert-keys:/mkcert:delegated # map our global mkcert key
    environment:
      - SOKETI_SSL_CA=/mkcert/rootCA-key.pem
    ports:
      - "6001:6001"
      - "9601:9601"

This is a local setup but works fine. Your issue appears to be more of an nginx misconfiguration.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rennokki rennokki

Labels
status:triage Awaiting triage.
Milestone
No milestone
Development

No branches or pull requests
3 participants
@chrispage1 @roip890 @rennokki