New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Self hosted + SSL + Android App #454

Closed
GastroGeek opened this Issue Feb 10, 2019 · 2 comments

Comments

Projects
None yet
2 participants
@GastroGeek
Copy link

GastroGeek commented Feb 10, 2019

I have managed to set up self-hosted server and the macOS/android apps... without SSL... as soon as I add in an SSL cert, it breaks the android app. "Oops: A server error occurred while trying to sign in. Please try again". I have many other apps using the same SSL setup (mkcert, local debian server) and they all work fine.

No other messages are provided. I have tried running with:

rails s -p 6000 -b 0.0.0.0
rails s -p 6000 -b 0.0.0.0 -e production

And my NGINX config, looks like:

upstream notes {
  server 127.0.0.1:6000;
}

server {
  listen       443 ssl http2;
  server_name  notes.mydomain.com;

  ssl_certificate /etc/nginx/certs/notes.mydomain.com.pem;
  ssl_certificate_key /etc/nginx/certs/notes.mydomain.com-key.pem;

  ssl_session_timeout 1d;
  ssl_session_cache shared:SSL:50m;
  ssl_session_tickets off;

  ssl_protocols TLSv1.2;
  ssl_ciphers EECDH+AESGCM:EECDH+AES;
  ssl_ecdh_curve secp384r1;
  ssl_prefer_server_ciphers on;

  ssl_stapling on;
  ssl_stapling_verify on;

  add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload";#  
  add_header X-Frame-Options DENY;
  add_header X-Content-Type-Options nosniff;

  location / {
    expires -1;
    add_header Last-Modified "";
    if_modified_since off;
    etag off;
    proxy_pass http://notes;
    proxy_redirect off;
    proxy_buffering off;
    proxy_set_header        Host            $host;
    proxy_set_header        X-Real-IP       $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
  }
}

I have also tried with various stripped down NGINX configs but still, nothing seems to work...

NOTE: The macOS app works fine with both SSL and non-SSL but the android app baulks when SSL is introduced.

@mobitar

This comment has been minimized.

Copy link
Member

mobitar commented Feb 11, 2019

Is this a self signed cert? I'm not sure if it would work with that without custom configuration which you'd have to dig around for. I believe someone had this issue before, but it's related to system configuration rather than SN specific configuration.

@GastroGeek

This comment has been minimized.

Copy link
Author

GastroGeek commented Feb 13, 2019

Yes, self-signed via mkcert. I've set up all of the root certs across all devices/browsers and it all works fine with several other apps/servers running via reverse-proxy... but for some reason, this one simply blocks me out from the android app.

I guess It could still be SSL-related (in the self-signed sense)... I will try and dig deeper.

@GastroGeek GastroGeek closed this Feb 13, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment