Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pumactl & SSL: How to use --bind? "Invalid auth token" #2242

Closed
anon987654321 opened this issue May 1, 2020 · 2 comments
Closed

pumactl & SSL: How to use --bind? "Invalid auth token" #2242

anon987654321 opened this issue May 1, 2020 · 2 comments

Comments

@anon987654321
Copy link

What's the proper equivalent for --bind in pumactl? --control-url returns Invalid auth token.

Working:

puma --bind 'ssl://127.0.0.1:3000?key=/etc/ssl/private/myapp.key&cert=/etc/ssl/myapp.crt' --environment production

Not working:

pumactl --control-url 'ssl://127.0.0.1:8000?key=/etc/ssl/private/myapp.key&cert=/etc/ssl/myapp.crt' --environment production start
puma --control-url 'ssl://127.0.0.1:8000?key=/etc/ssl/private/myapp.key&cert=/etc/ssl/myapp.crt' --environment production

# curl -v https://myapp.com
*   Trying <my IP>:443...
* TCP_NODELAY set
* Connected to myapp.com (<my IP>) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: CN=myapp.com
*  start date: Apr 26 15:19:28 2020 GMT
*  expire date: Jul 25 15:19:28 2020 GMT
*  subjectAltName: host "myapp.com" matched cert's "myapp.com"
*  issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
*  SSL certificate verify ok.
> GET / HTTP/1.1
> Host: myapp.com
> User-Agent: curl/7.66.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 403 Forbidden
< Content-Length: 18
< Content-Security-Policy: default-src 'self'
< Content-Type: text/plain
< Feature-Policy: accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
< Referrer-Policy: strict-origin
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-XSS-Protection: 1; mode=block
<
* Connection #0 to host myapp.com left intact
Invalid auth token

Thanks!
@dentarg
Copy link
Member

dentarg commented May 2, 2020
edited

What's the proper equivalent for --bind in pumactl?

I don't see any equivalent flag. I think you need to specify that information in the puma config file (then either let pumactl automatically find that file or tell it where it is with -F, --config-file)

@dentarg dentarg mentioned this issue May 2, 2020
Closed
@anon987654321
Copy link
Author

All good!

@anon987654321 anon987654321 mentioned this issue May 2, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dentarg @anon987654321