HTTPS support?

[amcsi]

It would be cool if there was https support when running this project on the host.

Otherwise the token in the URL is exposed insecurely.

I wouldn't even mind if random self-signed certs would be generated, because all I care about is the URL being encrypted.

[maccyber]

Thanks for the feedback 😄

I think people tend to use Nginx with SSL as a reverse proxy in front.
... but yes - I assume it will be easy to add SSL-support out of the box with something like this example https://github.com/zeit/micro/blob/master/examples/with-https/index.js

We just have to make it optional and off by default.

[amcsi]

Ah yes, that's what I did in the end, because I realized that everything I wanted to do on hook triggers I was able to do with shell scripts that apparently had access to my host's Docker :)

Before I realized that, I was trying to use this project on the host, but I think the letsencrypt-nginx-proxy-companion project doesn't work for HTTP servers happening outside of containers.

[mirestrepo]

I'm a little embarrassed to add the question here, but I can't seem to find much help on the DockerHub docs.

I have set up this listener on my server running on a docker container and with an nginx reverse proxy for https. If I test with a dummy json, my listener seems to be working. On DockerHub however it always shows !Error and the event doesn't reach listener. Any clues as of what could it be happening?

Thanks in advance!

[maccyber]

Are you sure that your webserver are reached externally?

• Test with apitester - Change example.com with your external IP and your-token with your token. See that it responds with status code 204 and that micro-dockerhub-hook logs the request.
• If not - check that port 443 is open and the port is forwarding to your webserver. Also see if nginx reverse proxy is correctly configured. I should add a how to configure nginx reverse proxy in the docs. Maybe @amcsi has some config to share.

If your webserver/micro-dockerhub-hook responds well with apitester, please tell me and I will look further into it :-)

[mirestrepo]

@maccyber Thanks for the pointers.

• apitester works - and my server logs the request.
• However - dockerhub's weebhook still shows an !error and my server doesn't log anything about it.
• My domain has structure https://example.com/dockerhub-listener/token, could the "subdomain" style cause any issue? I'm pretty confused as to what may be going on, since the request is never detected.

Thanks

[maccyber]

@mirestrepo
Just tested with my setup and everything seems to work as expected.

Some shots in the dark here:

• Could there be a problem with the certificate? (just added a /ping route, so you can check the certificate validity in the browser)
• Is it a public or private dockerhub repo? Do you have full access?

If it is a public repo and the certificate is valid - I'm out of ideas.

You could try to file an issue.
Docker Enterprise customers can file a ticket at https://support.docker.com
... if not, it's possible to create a issue at hub-feedback, but it's not likely to be answered.

[mirestrepo]

Thanks for all the tips!

It turned out to be an SSL issue. I guess I had a chain certificate and it wasn't properly set up. Most browsers don't complaint about so I hadn't realized that. The certificate is valid and some detect it as incomplete
Here is a section to nginx docs for chai certificates in case anyone runs into it http://nginx.org/en/docs/http/configuring_https_servers.html#chains

Thanks again for taking the time to add the extra route and sending all the tips. They were super helpful!

[maccyber]

Oh, that's hard to debug, especially when dockerhub just gives you "! Error" to go on.
Thanks for sharing your solution.