rmfakecloud icon indicating copy to clipboard operation
rmfakecloud copied to clipboard
verified publisher icon ddvk

Running rmfakecloud behing a SWAG reverse proxy?

Open P9k opened this issue 1 year ago • 2 comments

Dear community,

Has anyone managed to successfully set up rmfakecloud behind a SWAG reverse proxy service (https://docs.linuxserver.io/general/swag)?

I was able to get the rmfakecloud Docker container running via docker-compose and also managed to access the web-GUI from a subdomain that I have added to my dynamic DNS provider (something like https://rmfakecloud.my-own-dyndns-domain.com).

I have used a very basic Nginx reverse proxy configuration file (rmfakecloud.subdomain.conf) inspired by my other services that I run in a similar fashion behind the reverse proxy:

   server {
    listen 443 ssl;
    listen [::]:443 ssl;
    http2 on;

    server_name rmfakecloud.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 200M;

    # enable for ldap auth (requires ldap-location.conf in the location block)
    #include /config/nginx/ldap-server.conf;

    # enable for Authelia (requires authelia-location.conf in the location block)
    #include /config/nginx/authelia-server.conf;

    # enable for Authentik (requires authentik-location.conf in the location block)
    #include /config/nginx/authentik-server.conf;

    location / {

        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;

        set $upstream_app rmfakecloud;
        set $upstream_port 3000;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }
}

The automagic installer finishes smoothly on my reMarkable2 and choosing https://rmfakecloud.my-own-dyndns-domain.com as the corresponding domain when asked.

From the reMarkable, I am able to ping https://rmfakecloud.my-own-dyndns-domain.com, but it fails with the TLS handshake error when trying to wget https://rmfakecloud.my-own-dyndns-domain.com. Thus it is no wonder that the sync between server and tablet cannot be properly set up.

I am aware that this problem arises from missing or wrongly assigned certificates, but I don't know how and where to resolve this issue. The problem appears to be that the SWAG service automatically renews the certificates for every subdomain (see for example https://docs.linuxserver.io/general/swag/#subdomain-proxy-conf), so my guess would be that these clash with the certificates generated by the automagic script.

Maybe someone had some success in setting up rmfakecloud in a such an environment and could share their experience?

P9k avatar Oct 03 '24 12:10 P9k

Wget on device does not support SSL have you checked the xochitl and sync service logs to see what the error is there?

Eeems avatar Oct 03 '24 14:10 Eeems

check the logs, journalctl -u xochitl

ddvk avatar Oct 07 '24 16:10 ddvk