New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Firebase integration with self-hosted server #12
Comments
I made it to work with letsencrypt, email me i cann share my config,it encrypts but you shall have to switch to localhost for inserts and curl only for upserts and reading remotely. |
Thanks! |
The extension expects Typesense to be running on port 443 with https enabled. So you need to start the Typesense server with the ssl key, ssl cert and api port (443) specified in the configs. More info about these params here: https://typesense.org/docs/overview/benchmarks.html You can definitely use certbot / LetsEncrypt SSL certs. Self-signed certs don’t work. |
@britisharmy Curious why you had to do this:
|
I see. Now my problem is that I have a virtual host in my server which has certbot SSL installed and I tried to use it as my API address with its certificates api-address = domain.com I can now curl with https in port 8108 Now when I change the port to 443, my typesense server fails to start when I restart it :( I am guessing that I'm doing something wrong in setting up my SSL but I don't know how exactly to set it up in this case |
I am almost done, updating the multiple catalogs i have and then i shall revisit the ssl issue and email you. I don't recall why, but i made some notes somewhere, once the entire catalog is up, i am going to shoot you an email. |
@echo-slam-jam You want to use an IP address for api-adddress, not domain name. Could you also post the logs from /var/log/typesense/typesense.log? |
Do I need to post the whole log file? |
Just since the last restart. You should see a line saying Starting Typesense when you restart Typesense. |
OHH so that's one thing I needed to know haha Actually I tried to input the IP address on the host at the firebase extension and the error was about not being recognized by the certificate ext-firestore-typesense-search-indexToTypesenseOnFirestoreWrite Request #1628516055899: Request to Node 0 failed due to "ERR_TLS_CERT_ALTNAME_INVALID Hostname/IP does not match certificate's altnames: IP: my public IP is not in the cert's list: " |
Will continue to reply tomorrow since it's midnight here in the Philippines I guess the problem I have now is setting up SSL for this case? |
It sounds like you've generated your certificate using a domain name, but you've used your IP address when configuring the Firebase extension. Instead, you want to use the domain name in the Firebase extension - the same domain name you used when generating the SSL cert. Separately, those logs seem like they're from before you had changed the port to 443. If the above still doesn't work, could you change the port, restart Typesense and then capture the logs from that point on? |
My config [server] api-address = xxx.xx.xxx.xxx |
May I know which cloud provider you’re running this on? It looks like the public IP address is not directly accessible on the instance. May be try using the private IP of the instance for api-address? |
The virtual machine is actually owned by the university where I am studying at. I tried the private IP which also didn't work What might be the cause of this accessibility problem? I can try to bring this up to the manager of the server. |
The server is actually hosted by the university where I study at. |
Notice how the log here says "Cannot assign requested IP". That's the underlying issue.
|
Could you post the logs, once you update the IP address in the Typesense configs to |
Yup, so some other process is already using port 443. You can try |
Ah, if you're already using 443 for Apache, another thing you could do is run Typesense with |
Ohh nice. This is what @britisharmy also suggested. Are these steps for elasticsearch applicable? |
That link doesn't seem to cover https. This looks more recent and talks about https setup as well: https://www.digitalocean.com/community/tutorials/how-to-use-apache-http-server-as-reverse-proxy-using-mod_proxy-extension The key thing to change in that guide is:
becomes
|
I see. Do I need to follow the whole steps starting from Modifying The Default Configuration Or just Enabling SSL Reverse-Proxy Support |
Everything except "Enabling Load-Balancing" |
ok I'll get back to you after I do it |
This is my config for the 000-default
Listen 443 NameVirtualHost *:443
I cannot restart apache2 because of the error Line 16 is Listen 443 |
The certificate cant work on a naked ip. You shall need a sub domain or a tld. |
Hmmm So I managed to successfully restart apache2.
This is now my config for 000-default
And here is my config for typesense GNU nano 4.8 /etc/typesense/typesense-server.ini ; Typesense Configuration [server] api-address = 10.207.9.46 Now both services are running Are these configs correct? I can't curl https version What should I be able to curl? |
You only need
and NOT
Essentially, the idea is that you're running multiple web-servers behind Apache, one is your existing site, and the other is Typesense. Depending on what hostname shows up in the HTTP headers, Apache will either send the request to your existing site or to Typesense. HTTPS/SSL is handled by Apache and the connection to Typesense uses regular http on port 8108. In this setup, the idea is that if you've configured say typesense.domain.com to reverse proxy to |
If I understand correctly, do I need to create a subdomain for my domain which I will call, say, "typesense.domain" which I will reverse proxy to http://10.207.9.46:8108 |
Yeah, either of those should work. You might have to do some URL re-writing so Typesense doesn't see the |
Ok Now I went to the firebase extension and typesense host: mydomain/typesense so I changed it to What should be the correct host? |
Oh hang on, my bad. While Typesense itself can be hosted under a path, the Firebase extension requires Typesense to be hosted under the root domain (and not in a sub-path). So you'd need to create a new virtual host in Apache and move the reverse proxy config under that, and setup a different sub-domain just for Typesense. |
Hmmm let me clarify. Currently, the process goes like this extension -> my SSL domain/typesense subpath (is this what you were talking about?) -> reverse proxy to 10.207.9.46:8108 Can you illustrate in terms of this process chain? |
You'd have to set it up this way: Extension -> https://typesense-sub.domain (setup in Apache as a separate Virtual Host with its own SSL cert) -> reverse proxy to 10.207.9.46:8108 |
Hmm can I still use my ssl domain like this? extension -> https://mydomain/typesense -> reverse proxy to newly created https://typesense -> reverse proxy to 10.207.9.46:8108 So in this way I wont have to request for another public DNS from the university |
That won’t work with the Firebase extension. So you need a new domain/sub-domain just for Typesense, but it can still run on the same server. |
Ok I just checked with the server handler and I can fully use the root of mydomain So now I don't need the subpath anymore and my process now is this: |
NICE it is finally working !!!!! THANKS @jasonbosco and @britisharmy for your assistance :) Also I noticed that it fails to write empty arrays |
Idk why but now it accepts empty arrays haha |
Amazing! Kudos to you for your persistence! 🙌 🙌 It would be awesome if you're able to share the final Apache configs that worked for you, for the benefit of other folks who might have a need to reverse proxy through Apache in the future. |
Sure! So the process goes like this for me: Firebase extension -> my SSL (by certbot) "domain.xxx" -> Reverse proxy to my VM local IP address My reverse proxy settings on my domain's xxx-le-ssl.conf file ProxyPreserveHost On The config for my typesense api-address: local IP Then on the firebase extension, use the ssl domain name like "sampledomain.xxx" Make sure to enable the necessary modules in apache for reverse proxying Apache docs about reverse proxying that might help understand this stuff Also, if you are using the domain for other subdirectories like domain.xxx/otherpath ex. |
Is there a reason why Typesense extension doesn't allow to specify a custom port? Is this a Firebase requirement? |
@braincomb It's not a Firebase requirement, but a security best practice: #22 (comment) |
Description
I installed typesense in my
ubuntu 20.04 apache server
and it is successfully running but I can't succeed in trying to sync my firestore data using the firebase extension. When I input the public IP of my server in the typesense host portion, it fails to upsert the data.
Steps to reproduce
firebase extension
and this is my config file for typesense server
I'm guessing that it needs SSL certification but where do I get my SSL certificates to put in the configs?
Can self-signed work? Can certbot work?
I'm new to this so have mercy on me
""
Expected Behavior
Actual Behavior
Metadata
Typsense Version:
OS:
The text was updated successfully, but these errors were encountered: