search

Infisical / infisical

♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI
https://infisical.com
Other
12.93k stars 667 forks source link

Email isn't send using https self-hosted #1633

Open levx-me opened 3 months ago

levx-me commented 3 months ago

Describe the bug

Email isn't send using https self-hosted

To Reproduce

Steps to reproduce the behavior:

  1. Go to 'Account Control'
  2. Click on 'Add Member'
  3. Type in email address
  4. See error 
    B86C4EE42E7F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:354:

Expected behavior

An email should be sent

Screenshots

Screenshot 2024-03-28 at 4 49 32 AM

Platform you are having the issue on:

Fedora 39

Additional context

I set up self hosted using docker-compose and I'm accessing it through https using nginx config like: TSL certificate was issued using certbot by letsencrypt and I'm bypassing request to 8001 which docker-compose is run at.

server {
        listen 443 ssl;
        server_name infisical.my.domain;

        ssl_certificate /etc/letsencrypt/live/infisical.my.domain/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/infisical.my.domain/privkey.pem;

        proxy_redirect      off;
        proxy_set_header    X-Real-IP $remote_addr;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header    Host $http_host;

        location / {
            proxy_pass http://localhost:8001/;
            proxy_buffering off;
            proxy_buffer_size 16k;
            proxy_busy_buffers_size 24k;
            proxy_buffers 64 4k;
        }
    }
akhilmhdh commented 3 months ago

Which email service are you using. https://infisical.com/docs/self-hosting/configuration/envars#email-service

levx-me commented 3 months ago

both gmail and resend doesn't work

maidul98 commented 3 months ago

@levx-me are you able to try Sendgrid?

mtracz commented 2 months ago

I faced the same issue when upgrading from infisical/infisical:v0.43.16 to infisical/infisical:v0.51.9-postgres self-hosted. Gmail SMTP stopped working.

based on infisical's SMTP docs: https://github.com/Infisical/infisical/blob/246e6c64d1e26f69a0ba8e006a329d8a2c11e919/docs/self-hosting/configuration/envars.mdx?plain=1#L212-L228

not work:

SMTP_HOST=smtp.gmail.com
SMTP_PORT=587
SMTP_SECURE="true"

works (port 465):

SMTP_HOST=smtp.gmail.com
SMTP_PORT=465
SMTP_SECURE="true"

works (secure false):

SMTP_HOST=smtp.gmail.com
SMTP_PORT=587
SMTP_SECURE="false"

Regarding to node mailer docs, which is used in Infisical (https://github.com/Infisical/infisical/blob/main/backend/package.json#L113)

https://www.nodemailer.com/smtp/

secure – if true the connection will use TLS when connecting to server. If false (the default) then TLS is used if server supports the STARTTLS extension. In most cases set this value to true if you are connecting to port 465. For port 587 or 25 keep it false

I think Infisical docs should be adjusted.

akhilmhdh commented 1 month ago

Hmmm @mtracz good point. I think the default values should be adjusted according to this and also doc.

@levx-me Did port 465 resolved issue for you