SSL Certificate for server

Software
21

Never mind! I figured out that issue. I had the environment set to development. :face_with_hand_over_mouth:

2 Likes
22

@stre1026 @pitou

I couldnā€™t figure out how to download the Gem into the container.

You need to:

  • add the entry to the Gemfile, eg: add a gem "rails" entry to install rails.

  • run sudo docker-compose run web bundle install.

  • Restart all containers

When I disable the variable, I have a browser call to wss://my-domain.com:3002/ws (but of course no answer)

I am unsure of this one and donā€™t have time to investigate, unfortunately. Perhaps you need to change the ws:// to wss:// when FORCE_SSL is enabled?

Hereā€™s how we do it in a production settings (on Heroku, not Docker):


# Notice, no `mqtt://` protocol specifier here

MQTT_HOST=foo.bar.com

# This will be system specific. The default is "/"

MQTT_VHOST=xyz

# This value is copy/pasted by the web app.

# Notice I added a protocol specifier and port number.

MQTT_WS=wss://foo.bar.com:443/ws/mqtt
23

Thanks @RickCarlino

@Pitou

Hereā€™s what Iā€™m going to try for the reverse-proxy and RabbitMQ:

Seems simple enough, but you know how this goes!

Thanks,
Steve

1 Like
24

When I put wss:// the browser does the get request for a websocket again. So I think itā€™s not possible to force https for the web application and to use ws:// at the same time.

I am unsure of this one and donā€™t have time to investigate

I donā€™t know if itā€™s a rule in the browser or something in the ruby application. Donā€™t lose your time on this, I will setup wss:// for Rabbit :wink:

1 Like
25

@RickCarlino

I just got HaProxy working for the RabbitMQ. The problem Iā€™m having right now is Iā€™m getting content security errors in the browser so it doesnā€™t work on the site of course but it is secure. Any idea how I can get around that? Iā€™m using the same root domain for both servers. I thought that was the only thing would affect CSP. Maybe something else Iā€™m missing?

Thanks!

26

@stre1026

I just got HaProxy working for the RabbitMQ.

:tada: This is great news! Congratulations! I hope you can share your steps with the community once we figure out the CSP issues.

RE: CSP problems- I think you probably are missing (or misconfigured) one of the following ENV vars.

I have provided example values after the # character.

Does this look similar on your end?

API_HOST      # => "foo.bar.org"
MQTT_HOST     # => "foo.bar.org"
EXTRA_DOMAINS # => "foo.bar.org" (probably not required- comman seperated list of all domains)
API_PORT      # => "443"
FORCE_SSL     # => "true"

Please let me know and if not, can keep investigating.

27

@RickCarlino

quote=ā€œRickCarlino, post:26, topic:6151ā€]
:tada: This is great news! Congratulations! I hope you can share your steps with the community once we figure out the CSP issues.
[/quote]

Absolutely. However, I think I broke it :frowning: I was trying to fix the CSP issues and now Iā€™m getting an error in the browser console that is saying: ā€œfailed: Connection closed before receiving a handshake responseā€ so I have to figure out what I did to cause that.

But I think Iā€™m close.

I also found another method to do this without the reverse-proxy which is along the lines of what @Pitou is doing but I have to figure out how to edit your RabbitMQ config file within the Docker container. Docker is relatively new to me.

28

@stre1026 I might be able to help. At one point, FarmBot had a script that would generate the RabbitMQ config at startup, based on .env files.

29

@RickCarlino

I want to see if I can get the reverse proxy working because Iā€™m invested now :wink: butā€¦

Is there a quick crash course on how to edit the config file in the Docker image you have?

30

@RickCarlino

Hereā€™s an odd one: Iā€™m getting this error now:

client.js:1076 Uncaught Error: Connection refused: Bad username or password
at _._handleConnack (client.js:1076)
at _._handlePacket (client.js:365)
at d (client.js:283)
at g.n._write (client.js:294)
at m (_stream_writable.js:428)
at _ (_stream_writable.js:417)
at g.write (_stream_writable.js:334)
at _.f (_stream_readable.js:619)
at _.o.emit (events.js:152)
at S (_stream_readable.js:291)

Any idea why this would happen after going through the HAProxy? I donā€™t think itā€™s requesting credentialsā€¦

31

@stre1026 A few things:

  1. Not sure whatā€™s going on with that error. It would be good to post your work onto Github (with build instructions in the README.md file) and I can take a look when I have time. In the meantime, I would try to completely log out and log back in to see if that helps.
  2. Editing the RabbitMQConfig happens in this file. It is basically Ruby code that dynamically generates the RabbitMQ config before the application starts. CC: @Pitou You will need to write some Ruby to make this work. Is this what you were looking for?
32

@RickCarlino

Thanks for your help as always!

I honestly havenā€™t modified much code at all. Iā€™ve only changed the .env file and I changed the docker-compose.yml file. Thatā€™s it. Iā€™m still running into the CSP issues on one browser but the socket appears to come up security now. Itā€™s still not working due to that login issue which is odd but Iā€™ll get there.

I appreciate the help with the rabbitMQ config. I will check that out. I just need to add some variables to the config so it looks like you pretty much have that outlined in there alreadyā€¦

Iā€™ll report back when I have more time to work on this. The weather is supposed to be beautiful this weekend in the Northeast so Iā€™m hoping to actually get outside and start assembling the Farmbot!

2 Likes