Skip to content
This repository has been archived by the owner on Aug 25, 2019. It is now read-only.

Letsencrypt for both PHABRICATOR_HOST and PHABRICATOR_CDN #30

Closed
sheershoff opened this issue Jun 3, 2016 · 4 comments
Closed

Letsencrypt for both PHABRICATOR_HOST and PHABRICATOR_CDN #30

sheershoff opened this issue Jun 3, 2016 · 4 comments
Assignees
Labels

Comments

@sheershoff
Copy link
Contributor

As far as I understand, I can point the PHABRICATOR_CDN to another domain that points to the same machine to serve files from another domain but from this machine and this should do the security trick since we're not authorized on the alternate domain.

I'm using letsencrypt way. And the certificates do not not work. I've checked the 15-https file and tried to improve it, but got stuck on --csr option and DER format.

Is it possible to automate the CDN portion with letsencrypt?

@hach-que
Copy link
Contributor

hach-que commented Jun 5, 2016

Can you give me a startup log? What does Let's Encrypt output?

Does the Let's Encrypt startup work for PHABRICATOR_HOST?

@sheershoff
Copy link
Contributor Author

sheershoff commented Jun 6, 2016

Yes, it works for PHABRICATOR_HOST, but 15-https is missing PHABRICATOR_CDN mentions at all. So the installation now tuns ok with https but without the PHABRICATOR_CDN option.

If I enable the PHABRICATOR_CDN option when I point another domain to the same machine and open the PHABRICATOR_HOST url, css and images are missing, so the web part of phabricator becomes unusable. If I open some css file from the PHABRICATOR_CDN, the browser comes up with the "Security issue, that's a trap, run for your life!" message. Changing https to http gives me the correct css file.

So, I checked nginx.conf and read the nginx docs. It seems that the easiest way would be the alternateDomainName option that incorporates several domains into one file.

If I enable the PHABRICATOR_CDN option the 15-https log portion is the following:

[ STARTING ] /etc/init.simple/15-https
Upgrading certbot-auto 0.7.0 to 0.8.0...
Replacing certbot-auto...
Traceback (most recent call last):
  File "/root/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module>
    sys.exit(main())
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/main.py", line 735, in main
    return config.func(config, plugins)
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/main.py", line 576, in obtain_cert
    notify("Certificate not yet due for renewal; no action taken.", pause=False)
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/display/util.py", line 78, in notification
    self.dialog.msgbox(message, height, width=self.width)
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/dialog.py", line 3016, in msgbox
    kwargs)
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/dialog.py", line 1765, in _widget_with_no_output
    widget_name, output))
PythonDialogBug

Applying post-letsencrypt script...
[ STARTING ] /etc/init.simple/20-postfix

UPD: it's actually the same in logs if I disable it. Sometimes the log contains no errors.

@hach-que hach-que self-assigned this Jun 17, 2016
@hach-que hach-que added the bug label Jun 17, 2016
@hach-que
Copy link
Contributor

Support for this is being worked on.

@hach-que
Copy link
Contributor

This is now implemented in the latest version.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Development

No branches or pull requests

2 participants