Join the conversation

Wekan

General

Wekan is an open-source kanban board (Trello like) which allows a card-based task and to-do management.

More active conversations

Wekan / General

ssl

Wekan/General · January 21, 2020 at 8:30pm

ssl

Wekan / General · January 21, 2020 at 8:30pm (Edited 4 years ago)

When you put wekan behind an elb with an ssl certificate everything works fine (everything really) until you click on the info hambuger in the middle of any wekan card. In Firefox it says Secure Connection Failed

An error occurred during a connection to xx.xx.xx.xx. SSL received a record that exceeded the maximum permissible length.

Error code: SSL_ERROR_RX_RECORD_TOO_LONG

and on chrome it says This site can’t provide a secure connection xx.xx.xx.xxsent an invalid response.

ERR_SSL_PROTOCOL_ERROR. Any idea how to remedy this? its something about date or something like this when you try and view the comments and labels or something (hard to know at this point. THanks

Just for grins I set a send path through the elb without the ssl and the info window pops up fine with all the details (member, assigned, due..... its something about that window encoding. Thanks

Load previous messages

March 7, 2020 at 7:36pm

Paul Verdone@pvcon13

7:36pm

"Specifying your own certificate and key disables automatic HTTPS, including the changing of the port and redirecting HTTP to HTTPS. You will need to do that yourself if you are managing your own certificates"

Edited

7:38pm

what does that mean that I have to do in snap to change caddy around to make that work?

Lauri Ojansivu@xet7

Team

8:25pm

In /var/snap/wekan/common/certificates/wekan.team.pem one file I have 1. private key 2. cert

8:27pm

At /var/snap/wekan/common/Caddyfile I have

http://boards.wekan.team https://boards.wekan.team {
        tls {
            load /var/snap/wekan/common/certificates
            alpn http/1.1
        }
        proxy / localhost:3001 {
          websocket
          transparent
        }
}

Team

This is when I use CloudFlare Origin SSL cert. But should work also with other cert.

Paul Verdone@pvcon13

8:28pm

Yeah doing that and its not working

Lauri Ojansivu@xet7

Team

8:28pm

This is using Wekan Snap

LOGS?

yup

Team

and then: sudo snap set wekan caddy-enabled='true'

Paul Verdone@pvcon13

8:29pm

yup

8:29pm

tried all that and the HTTPS is erroring and not the HTTP

8:29pm

so if I could see the caddy logs maybe I could see a config error?

Lauri Ojansivu@xet7

Team

8:30pm

sudo snap logs wekan.caddy

Paul Verdone@pvcon13

8:30pm

do the certs and key file name matter?

8:30pm

ok looking

8:31pm

wow that is a hint

8:31pm

error: snap "wekan" has no service "caddy"

8:32pm

its wekan.caddy?

8:32pm

or wekan wekan.caddy?

Lauri Ojansivu@xet7

Team

8:34pm

Anyway, full logs are at /var/log/syslog

8:34pm

sudo tail -1000 /var/log/syslog | less

Paul Verdone@pvcon13

8:45pm

Mar 7 19:49:40 ip-172-31-35-186 wekan.caddy[3205]: 2020/03/07 19:49:40 /var/snap/wekan/common/Caddyfile:24 - Error during parsing: Unable to load certificate and key files for 'http://devkanban.xxxxxxxx.com': tls: failed to find any PEM data in key input

8:46pm

some sort of syntax thing