remotemoe icon indicating copy to clipboard operation
remotemoe copied to clipboard
verified publisher icon fasmide

self hosting -- cert issue

Open debianmaster opened this issue 3 years ago • 7 comments

Can you help me with a little readme on how to tls certs with this binary?

jlisfsg6odga64r3k4xivgrcrq.tunnel.xyz not found
May 11 13:11:03 tunnel remotemoe[741]: 2022/05/11 13:11:03 http: TLS handshake error from 183.82.115.199:45382: 400 urn:ietf:params:acme:error:rejectedIdentifier: Error creating new order :: Cannot issue for "irwdcbzqprzif66tkifrsvhxsxjlisfsg6odga64r3k4xivgrcrq.tunnel": Domain name does not end with a valid public suffix (TLD)
May 11 13:11:03 tunnel remotemoe[741]: 2022/05/11 13:11:03 http: TLS handshake error from 183.82.115.199:45384: acme/autocert: missing certificate
May 11 13:11:03 tunnel remotemoe[741]: 2022/05/11 13:11:03 http: TLS handshake error from 183.82.115.199:45392: acme/autocert: missing certificate
May 11 13:11:03 tunnel remotemoe[741]: 2022/05/11 13:11:03 http: TLS handshake error from 183.82.115.199:45390: acme/autocert: missing certificate

debianmaster avatar May 11 '22 13:05 debianmaster

Given you have configured the DNS zone for tunnel.xyz correctly, I think what's missing here is remotemoe's ability to figure out the hosts fully qualified domain name - remotemoe uses os.Hostname() result as an FQDN and as such, you will need to configure /etc/hostname accordingly

Have a look at your shell, if the output of hostname reads just tunnel - you will need to edit /etc/hostname and set it to the full domain name, e.g. tunnel.xyz - and maybe even reboot the machine

I don't know if remotemoe should treat the hostname as an FQDN, but that's where its at, at the moment :)

fasmide avatar May 11 '22 18:05 fasmide

Somehow my eyes read "Preview" when in fact the button said "Comment and close issue" ...

it wasn't my intention to close the issue :)

fasmide avatar May 11 '22 18:05 fasmide

thanks @fasmide for your respone. when i changed hostname to full fqdn it worked on port 80 how do i attach certs to installation and make it work for https ?

debianmaster avatar May 18 '22 08:05 debianmaster

Hi remotemoe doesn't support adding or removing certificates manually - it's all done with ACME (Using let's encrypt by default) But I would imagine that you are referring to the same issue as #3 . Namely, remotemoe won't send HTTPS (port 443) traffic upstream to a non-ssl webserver on port 80.

For now, the "mapping" needs to be 1:1 e.i. incoming traffic using SSL on port 443, can only be upstreamed through the ssh tunnel with SSL on port 443.

So, if you need to accept HTTPS traffic, you will need to forward port 443, and have an HTTPS server ready to accept the traffic - however - remotemoe does not verify the peer inside the ssh tunnel - so the certificate used can be self-signed and autogenerated

fasmide avatar May 18 '22 10:05 fasmide

thanks for the detaild answer @fasmide acme cert issuer is now working and im able to forward request on desired port. but encountered another challenge While the root path for service is working anything after root path i.e. / or /healthz or /apis/test are providing same result. ex:-

https://irwdcbzqprzif66tkifrsvhxsxjlisfsg6odga64r3k4xivgrcrq.remote.moe/ https://irwdcbzqprzif66tkifrsvhxsxjlisfsg6odga64r3k4xivgrcrq.remote.moe/healthz gives same result while paths are different

debianmaster avatar May 19 '22 18:05 debianmaster

@fasmide can you suggest any tweaks in go code which i can work to support my previous comment

debianmaster avatar May 20 '22 06:05 debianmaster

@debianmaster I don't think this is an artifact of using remotemoe, It does no kind of rewriting and I am pretty sure when it receives a request to /api/test it will pass the same URL upstream

fasmide avatar May 20 '22 07:05 fasmide