WGDashboard icon indicating copy to clipboard operation
WGDashboard copied to clipboard
verified publisher icon donaldzou

Gunicorn: How to add self-signed certificate?

Open monkyyx opened this issue 4 years ago • 9 comments

I've added keyfile, certfile & ca_certs to gunicorn.conf.py. But I'm not able to figure out what I have to change to "activate" the certificate. I want to run WGDashboard at the default port with https.

@pgalonza Any idea? I saw your PR #93 adding Gunicorn included something about Let's Encrypt. I'd like to use a self-signed certificate tho.

monkyyx avatar Feb 01 '22 14:02 monkyyx

I've added keyfile, certfile & ca_certs to gunicorn.conf.py. But I'm not able to figure out what I have to change to "activate" the certificate. I want to run WGDashboard at the default port with https.

@pgalonza Any idea? I saw your PR #93 adding Gunicorn included something about Let's Encrypt. I'd like to use a self-signed certificate tho.

Hi, you can look to my forked branch https://github.com/pgalonza/WGDashboard/blob/develop/src/wgd.sh I using console parameters --keyfile and --certfile. It`s working for me. And you can see how i using certbot.

You can attach your configure file and i testing with your settings in my env.

pgalonza avatar Feb 01 '22 17:02 pgalonza

Turns out that adding keyfile/certfile to wgd.sh or gunicorn.conf.py both works as intended if I start WGDashboard via ./wgd.sh start. If I start it via systemctl start wg-dashboard.service it's only available over http. I configured the service as documented executing ExecStart=/usr/bin/python3 /root/wgdashboard/src/dashboard.py (https://github.com/donaldzou/WGDashboard#autostart-wgdashboard-on-boot--v22)

@donaldzou Any idea what I did wrong or is it something related to dashboard.py?

@pgalonza Do you know if it's possible to automatically redirect from http to https?

monkyyx avatar Feb 02 '22 09:02 monkyyx

@monkyyx Hi, I believe is because the service file does not start with gunicorn, it started the dashboard directly. I can try to configure it to start with gunicorn, just like in the wgd.sh. Sorry I'm not an expert on Gunicorn, but i think @pgalonza might able to help you out, cuz pgalonza helped me out on integrating Gunicorn into the dashboard ;)

donaldzou avatar Feb 02 '22 14:02 donaldzou

I hid the function to use https with gunicorn in the latest release, the reason for that is i haven't figure out an out of the box solution to configure everything, or at lease it is easy to configure. Might implement it in the next major release. But you can still find the function in wgd.sh

donaldzou avatar Feb 02 '22 14:02 donaldzou

Turns out that adding keyfile/certfile to wgd.sh or gunicorn.conf.py both works as intended if I start WGDashboard via ./wgd.sh start. If I start it via systemctl start wg-dashboard.service it's only available over http. I configured the service as documented executing ExecStart=/usr/bin/python3 /root/wgdashboard/src/dashboard.py (https://github.com/donaldzou/WGDashboard#autostart-wgdashboard-on-boot--v22)

@donaldzou Any idea what I did wrong or is it something related to dashboard.py?

@pgalonza Do you know if it's possible to automatically redirect from http to https?

You cat change unit like this

[Unit] After=netword.service

[Service] WorkingDirectory=/root/wgdashboard/src ExecStart=/root/wgdashboard/src/wgd.sh start ExecStop=/root/wgdashboard/src/wgd.sh stop Restart=always

[Install] WantedBy=default.target

or using https://github.com/pgalonza/WGDashboard/blob/develop/src/wsgi.py and add it in unit

pgalonza avatar Feb 02 '22 19:02 pgalonza

gunicorn starting like https or http, not need to redirect

pgalonza avatar Feb 02 '22 19:02 pgalonza

I hid the function to use https with gunicorn in the latest release, the reason for that is i haven't figure out an out of the box solution to configure everything, or at lease it is easy to configure. Might implement it in the next major release. But you can still find the function in wgd.sh

What problem to configure https? I thought i automatized it.

When I finish my course, I will try to help with the project again.

pgalonza avatar Feb 02 '22 19:02 pgalonza

Hi, I believe is because the service file does not start with gunicorn, it started the dashboard directly. I can try to configure it to start with gunicorn, just like in the wgd.sh.

I think that would probably be best. Also considering that other users might have the same "problem" in the future.

You cat change unit like this

[Unit] After=netword.service

[Service] WorkingDirectory=/root/wgdashboard/src ExecStart=/root/wgdashboard/src/wgd.sh start ExecStop=/root/wgdashboard/src/wgd.sh stop Restart=always

[Install] WantedBy=default.target

or using https://github.com/pgalonza/WGDashboard/blob/develop/src/wsgi.py and add it in unit

Changing unit results in error "start-limit-hit" when starting the service. Using wsgi.py is the same as starting dashboard.py. Only http, no https.

gunicorn starting like https or http, not need to redirect

Accessing WGDashboard with SSL active over "http://..." results in "ERR_CONNECTION_RESET". I was looking for a way to automatically redirect to "https://...". But that's not very important, just a nice to have.

monkyyx avatar Feb 03 '22 10:02 monkyyx

Hi, I believe is because the service file does not start with gunicorn, it started the dashboard directly. I can try to configure it to start with gunicorn, just like in the wgd.sh.

I think that would probably be best. Also considering that other users might have the same "problem" in the future.

Maybe the best to have one entry point and now is wgd.sh

I using wgd.sh with activated certbot, and do not have problem and i think better to using this start script anywhere by default.

pgalonza avatar Feb 04 '22 21:02 pgalonza