ssl

You can Google search about scaling Meteor, or Meteor behind ELB. I don't know.

I don't use ELB in front of Wekan.

will try aws application loadbalancers and reporf back here on what is required. Thanks again

setting up Caddy web server and its ok. But it not working with https yet. I am using my own wildcard cert and I placed it in the correct folder etc.

Please confirm its a pem file and the instructions suggest if has both first the private key and the the cert one after the other. Is that correct?

I edited the caddy config to point to that cert folder and the permissions of the file is correct. The name of the file matches the domain.

I reset the root and enabled caddy and stopped and restarted. I have my route53 point the subdomain at the machine. As I said it works like this with http but getting a security pr end of file message.

What else do I have to do?

I went looking in the questions here and the search feature or scrolling around is not finding any example om hos to configure your own purchased wildcard certificate in Caddy.

the instructions for caddy about the format of the pem(s) files does not match exactly the method that caddy suggests

https://caddyserver.com/v1/docs/tls

https://caddy.community/t/applying-wildcard-cert-to-caddy/4432

https://github.com/wekan/wekan/wiki/Caddy-Webserver-Config

the last one is what wekan suggests to set up the Pem file (singular). Caddy suggests I reference two files and one is the bundle. Which is it?

lmk

thanks

ok I tried using the bundled Pem and also the bundled CRT files as cert.XXX and then added the key file and used the locate all certs and keys by location method nogo. I noticed when I reset root for wekan I have to include the protocol and the port address and when you click on a card you still get the security message as the protocol for wekan root is HTTPS.

the error is the same PR_END_OF_FILE_ERROR (for firefox) getting the same behavior out of chrome BTW.

only think I am scratching my head about is this statement:

"Specifying your own certificate and key disables automatic HTTPS, including the changing of the port and redirecting HTTP to HTTPS. You will need to do that yourself if you are managing your own certificates"

what does that mean that I have to do in snap to change caddy around to make that work?

In /var/snap/wekan/common/certificates/wekan.team.pem one file I have 1. private key 2. cert

At /var/snap/wekan/common/Caddyfile I have

http://boards.wekan.team https://boards.wekan.team {
        tls {
            load /var/snap/wekan/common/certificates
            alpn http/1.1
        }
        proxy / localhost:3001 {
          websocket
          transparent
        }
}

ok

This is when I use CloudFlare Origin SSL cert. But should work also with other cert.