Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Caddy with SSL does not work for dynamic loading screen #293

Open
valankar opened this issue Apr 27, 2024 · 6 comments
Open

Caddy with SSL does not work for dynamic loading screen #293

valankar opened this issue Apr 27, 2024 · 6 comments
Labels
bug Something isn't working

Comments

@valankar
Copy link
Contributor

Describe the bug
When using HTTPS endpoint, it seems the dynamic loading screen does not work. Here is the curl output:

valankar@debian ~/caddy> curl -v https://valankar.ftp.sh/accounts_plotly/
*   Trying [2a01:4f9:c011:8a49::1]:443...
* Connected to valankar.ftp.sh (2a01:4f9:c011:8a49::1) port 443 (#0)
* ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=valankar.ftp.sh
*  start date: Apr 20 10:31:25 2024 GMT
*  expire date: Jul 19 10:31:24 2024 GMT
*  subjectAltName: host "valankar.ftp.sh" matched cert's "valankar.ftp.sh"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
* using HTTP/2
* h2h3 [:method: GET]
* h2h3 [:path: /accounts_plotly/]
* h2h3 [:scheme: https]
* h2h3 [:authority: valankar.ftp.sh]
* h2h3 [user-agent: curl/7.88.1]
* h2h3 [accept: */*]
* Using Stream ID: 1 (easy handle 0x55b2107d0400)
> GET /accounts_plotly/ HTTP/2
> Host: valankar.ftp.sh
> user-agent: curl/7.88.1
> accept: */*                                                                                                                                                                                                                                                                              >
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* HTTP/2 stream 1 was not closed cleanly: PROTOCOL_ERROR (err 1)
* Connection #0 to host valankar.ftp.sh left intact
curl: (92) HTTP/2 stream 1 was not closed cleanly: PROTOCOL_ERROR (err 1)

And when I use the HTTP endpoint, it works:

valankar@debian ~/caddy> curl -v http://valankar.ftp.sh/accounts_plotly/
...
<div class="terminal">
    <h1><span>Starting </span> <span class="error_code">Accounts</span>...</h1>
    <p class="output"><span>Your instance(s) will stop after 1 minutes of inactivity</span>.</p>

    <div class="details">
        <p class="output small command"><span>sablier status <span class="error_code">accounts</span></span></code></p>
        <p class="output small success"><span>accounts</span> is not-ready <code>(0/1)</code></p>
    </div>

</div>
</body>

Context

  • Sablier version: 1.6.1
  • Provider: docer 26.1.0
  • Reverse proxy: caddy 2.7.6
  • Sablier running inside a container? yes

Expected behavior
Working via HTTPS.
@valankar valankar added the bug Something isn't working label Apr 27, 2024
@valankar
Copy link
Contributor Author

Here is the relevant Caddyfile config:

valankar.ftp.sh, valankar.ftp.sh:80 {
        log
        route {
                sablier http://localhost:10000 {
                        names accounts
                        session_duration 1m
                        dynamic {
                                display_name Accounts
                        }
                }
                reverse_proxy localhost:8050
        }
}

@acouvreur
Copy link
Owner

Maybe HTTP2 is the issue, can you try without HTTP2 ?

@valankar
Copy link
Contributor Author

valankar commented May 3, 2024

I switched to using Cloudflare tunnels and don't need SSL in Caddy anymore. It works great in that case.

Feel free to close. But might want to verify whether it works via SSL in your end-to-end test.

@cheats-py
Copy link

I'm having loads of trouble getting sablier to work with TLS. I've tried with traefik and caddy, as soon as I add TLS to the route it stops working. It would be nice to see some examples in the documentation on how to use TLS both with caddy and traefik reverse proxies.

@acouvreur
Copy link
Owner

I'm having loads of trouble getting sablier to work with TLS. I've tried with traefik and caddy, as soon as I add TLS to the route it stops working. It would be nice to see some examples in the documentation on how to use TLS both with caddy and traefik reverse proxies.

Hello, can you please share your setup ?

I have no issue with Traefik and TLS.

@cheats-py
Copy link

I just revisited this and now its working LOL, sorry. The only thing i changed in my compose is the treafik version and sablier version. I originally had traefik:v2.10 and acouvreur/sablier:1.6.0. I changed both to latest and now its working. I spent hours trying to get this to work about a month ago.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@acouvreur @valankar @cheats-py