It looks like your camlistored is not using your let's encrypt cert,
but an auto-gen one instead, isn't it? If you don't specify the cert
to use with httpsCert and httpsKey in the server config, it will use
the ones found at .config/camlistore/tls.[crt|key]. So I think you
need to fix that first.
Then, to answer your question about the config, I've just tried with a
config like that:
{
"auth": "userpass:foo:bar",
"listen": ":3179",
"baseURL": "https://camli.gthomas.eu:3179";,
"https": true,
"identity": "BF117793",
"identitySecretRing": "/home/mpl/.config/camlistore/identity-secring.gpg",
"blobPath": "/home/mpl/var/camlistore/blobs",
"packRelated": true,
"levelDB": "/home/mpl/var/camlistore/index.leveldb",
"publish": {
"/pics/": {
"camliRoot": "picsRoot",
"goTemplate": "gallery.html"
}
},
"dbNames": null
}
and it looks like everything is working for me. Except I'm not hitting
a Caddy front-end first of course. I can try to setup an equivalent
proxy if you think the Caddy part is still making a difference.
On 27 May 2016 at 20:53, Gulácsi Tamás <[email protected]> wrote:
> It's been Caddy, as at that time only she offered no fuss automatic Let's
> Encrypt certs.
> I see now camlistored supports it, too.
> I've transformed my config to:
> Caddy listens on https://camli.gthomas.eu, forwards the connection to
> https://127.0.0.1:3179, where camlistored listens.
>
> But I get
> PUBLISHER: 2016/05/27 20:51:26 Starting publisher version
> 2016-05-23-8d4f18e; Go go1.6.2 (linux/amd64)
> PUBLISHER: 2016/05/27 20:51:26 Starting to listen on https://127.0.0.1:33699
> 2016/05/27 20:51:26 Available on https://camli.gthomas.eu/ui/
> 2016/05/27 20:51:26 http: TLS handshake error from 127.0.0.1:50550: EOF
> 2016/05/27 20:51:30 http: proxy error: x509: certificate signed by unknown
> authority
> 2016/05/27 20:51:30 http: TLS handshake error from 127.0.0.1:50556: remote
> error: bad certificate
>
> even with 6646/2.
>
> What kind of config works?
>
>
> Mathieu Lonjaret <[email protected]> ezt írta (időpont: 2016. máj.
> 27., P, 15:47):
>>
>> I've been making changes so that the app should work by itself (i.e.
>> when getting requests directly, not proxied through camlistored), but
>> let's stay with the usual case for now, i.e. camlistored gets the
>> requests and its app handler proxies them to the publisher. So yes,
>> let's keep your Caddy proxying as it is.
>>
>> Next question: if Caddy is listening on TLS, why aren't you doing the
>> same thing for camlistored? Why do you want unencrypted traffic
>> between Caddy and Camlistore?
>>
>> On 27 May 2016 at 15:30, Gulácsi Tamás <[email protected]> wrote:
>> > Yes.
>> > Caddy is listening on 0.0.0.0:443, forwarding anything for
>> > https://camli.gthomas.eu:443/ to http://localhost:3179.
>> > So Camlistored is listening on http://127.0.0.1:3179.
>> >
>> > I can make Caddy proxy https://camli.gthomas.eu/pics/ to somewhere else,
>> > but
>> > now it goes to camlistored, without modification.
>> >
>> > Mathieu Lonjaret <[email protected]> ezt írta (időpont: 2016.
>> > máj.
>> > 27., P, 15:09):
>> >>
>> >> Alright, so let's discuss your setup so I can try to reproduce it
>> >> please.
>> >>
>> >> Is Caddy the software facing the outside world? And it is listening on
>> >> https://camli.gthomas.eu:443 ?
>> >> And do I understand correctly that the end goal for you is to have the
>> >> publisher displayed when someone hits https://camli.gthomas.eu/pics/ ?
>> >> How do you make Caddy proxy the relevant requests to your Camlistore
>> >> instance?
>> >>
>> >>
>> >> On 25 May 2016 at 01:46, Mathieu Lonjaret <[email protected]>
>> >> wrote:
>> >> > Hey Tamás,
>> >> >
>> >> > Could you please let me know if
>> >> > https://camlistore-review.googlesource.com/6646 makes it easier for
>> >> > you to run the publisher with your setup?
>> >> > Note that in the high-level config for the publisher, baseURL is now
>> >> > backendURL, and that you can now specify "listen" too.
>> >> >
>> >> > thanks,
>> >> > Mathieu
>> >> >
>> >> >
>> >> > On 13 May 2016 at 13:21, Gulácsi Tamás <[email protected]> wrote:
>> >> >> Thanks!
>> >> >> Changed.
>> >> >>
>> >> >> Adrian Tritschler <[email protected]> ezt írta (időpont:
>> >> >> 2016.
>> >> >> máj. 13., P, 13:15):
>> >> >>>
>> >> >>> I'm not sure if you intended it, but you've posted the URL, login
>> >> >>> and
>> >> >>> password of your camlistore. You may wish to change the password.
>> >> >>>
>> >> >>> Adrian
>> >> >>>
>> >> >>>
>> >> >>> On Monday, 9 May 2016 15:12:50 UTC+10, Tamás Gulácsi wrote:
>> >> >>>>
>> >> >>>> This is what I got in camlistored log for
>> >> >>>>
>> >> >>>> gthomas@tequila:~$ cat .config/camlistore/server-config.json
>> >> >>>> {
>> >> >>>> "listen": "0.0.0.0:3179",
>> >> >>>> "baseURL": "https://camli.gthomas.eu";,
>> >> >>>> "shareHandler": true,
>> >> >>>> "https": false,
>> >> >>>> "httpsCert":
>> >> >>>> "/home/gthomas/.config/camlistore/camli.gthomas.eu.crt",
>> >> >>>> "httpsKey":
>> >> >>>> "/home/gthomas/.config/camlistore/camli.gthomas.eu.key",
>> >> >>>> "auth": "userpass:gthomas:majdhafagy:+localhost",
>> >> >>>> "identity": "974EA38B",
>> >> >>>> "identitySecretRing":
>> >> >>>> "/home/gthomas/.config/camlistore/identity-secring.gpg",
>> >> >>>> "levelDB": "/home/gthomas/var/camlistore/camli-index.leveldb",
>> >> >>>> "blobPath": "/home/gthomas/var/camlistore/packs",
>> >> >>>> "packBlobs": true,
>> >> >>>> "runIndex": true,
>> >> >>>> "copyIndexToMemory": true,
>> >> >>>> "mysql": "",
>> >> >>>> "mongo": "",
>> >> >>>> "postgres": "",
>> >> >>>> "sqlite": "",
>> >> >>>> "s3": "",
>> >> >>>> "replicateTo": [],
>> >> >>>> "publish": {
>> >> >>>> "/pics/": {
>> >> >>>> "camliRoot": "pics",
>> >> >>>> "cacheRoot":
>> >> >>>> "/home/gthomas/var/camlistore/blobs/cache",
>> >> >>>> "goTemplate": "gallery.html"
>> >> >>>> }
>> >> >>>> }
>> >> >>>> }
>> >> >>>>
>> >> >>>> gthomas@tequila:~$ camget
>> >> >>>> sha1-de682600ddf64620b322971c94e7911bebe4865b
>> >> >>>> {"camliVersion": 1,
>> >> >>>> "camliSigner": "sha1-01c5e458c48552abac802d4f8b52b093efbb2caa",
>> >> >>>> "camliType": "permanode",
>> >> >>>> "key": "pics"
>> >> >>>>
>> >> >>>>
>> >> >>>>
>> >> >>>> ,"camliSig":"wsBcBAABCAAQBQJXE4QgCRAdaMP0l06jiwAAG0gIAIZlrpoWvCFnjptlprCE2QnlTma+R63G/2PLKlY5oZPC7p/yBQp+6ESBN5le3ohhDvp1TMWcuq1bFDushTYqdqparu6ZFGgf0NKKXaO47PYbPdDDUJcuZQ3dsCWguXcbT0Vaik297sQirakGUZ+TRisveqiWdswAx3OYFq1YpxQG542uF70RK6lHPO3si4mf5l30A6KNNc28W0/lHfSHteKNZxn1sFXw2nbRPF6JdXXq8YXXt28mOetcqXj9XhBfZbP0zrMEZ2NPOljIzaUSGCmAb2Xu/oTix5w7j/Zg7C+dBJ9JElXGfmYoTZcMpjw4UqS6CGhdjHVcgB6nX5elKJE==4waQ"}
>> >> >>>>
>> >> >>>> I get same error if I change the "camliRoot" to
>> >> >>>> "sha1-de682600ddf64620b322971c94e7911bebe4865b", so now I don't
>> >> >>>> know
>> >> >>>> what to
>> >> >>>> do.
>> >> >>>>
>> >> >>>>
>> >> >>>> What kind of permanode does publish need for its root?
>> >> >>>> Why is that "mypics" (the key) in the example config?
>> >> >>>> Why doesn't this work?
>> >> >>>>
>> >> >>>> Thanks,
>> >> >>>> Tamás Gulácsi
>> >> >>>>
>> >> >>> --
>> >> >>> You received this message because you are subscribed to a topic in
>> >> >>> the
>> >> >>> Google Groups "Camlistore" group.
>> >> >>> To unsubscribe from this topic, visit
>> >> >>>
>> >> >>> https://groups.google.com/d/topic/camlistore/bQlWEjy0i7o/unsubscribe.
>> >> >>> To unsubscribe from this group and all its topics, send an email to
>> >> >>> [email protected].
>> >> >>> For more options, visit https://groups.google.com/d/optout.
>> >> >>
>> >> >> --
>> >> >> You received this message because you are subscribed to the Google
>> >> >> Groups
>> >> >> "Camlistore" group.
>> >> >> To unsubscribe from this group and stop receiving emails from it,
>> >> >> send
>> >> >> an
>> >> >> email to [email protected].
>> >> >> For more options, visit https://groups.google.com/d/optout.
>> >>
>> >> --
>> >> You received this message because you are subscribed to a topic in the
>> >> Google Groups "Camlistore" group.
>> >> To unsubscribe from this topic, visit
>> >> https://groups.google.com/d/topic/camlistore/bQlWEjy0i7o/unsubscribe.
>> >> To unsubscribe from this group and all its topics, send an email to
>> >> [email protected].
>> >> For more options, visit https://groups.google.com/d/optout.
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> > Groups
>> > "Camlistore" group.
>> > To unsubscribe from this group and stop receiving emails from it, send
>> > an
>> > email to [email protected].
>> > For more options, visit https://groups.google.com/d/optout.
>>
>> --
>> You received this message because you are subscribed to a topic in the
>> Google Groups "Camlistore" group.
>> To unsubscribe from this topic, visit
>> https://groups.google.com/d/topic/camlistore/bQlWEjy0i7o/unsubscribe.
>> To unsubscribe from this group and all its topics, send an email to
>> [email protected].
>> For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Camlistore" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"Camlistore" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
