search

SEPIA-Framework / sepia-docs

Documentation and Wiki for SEPIA. Please post your questions and bug-reports here in the issues section! Thank you :-)
https://sepia-framework.github.io/
237 stars 16 forks source link

Docker | error setting up Self-Signed Cert #40

Open PlanetSmasher opened 4 years ago

PlanetSmasher commented 4 years ago

Describe the bug When SEPIA is Set-Up via Docker and Self-Signed Cert the script will copy the Ngnix Config to /etc/nginx/sites-enabled/ this folder is non-permanent so every reboot the SSL config gets wiped

SEPIA client and server versions

To Reproduce Steps to reproduce the behavior:

  1. Setup Sepia via Docker (e.g. docker-compose.yml) ` version: '3'

services: sepia: image: sepia/home:v2.4.1 ports:

  1. Create basic config
  2. Go to Commandline
  3. Setup SSL via ./setup-nginx.sh
  4. Clear all config
  5. Generate self signed certificate with any details
  6. shut down Container
  7. start container

  8. check /etc/nginx/sites-enabled/

    Expected behavior Persistent Changes in Webserverconfiguration Additional context maybe linking the nginx config folder to the sites-available in the persistent folder.

edit: The Service runs in Docker on Debian 9 with no additional WAF

sepia-assistant commented 4 years ago

oh I see, thanks for the note!

maybe linking the nginx config folder to the sites-available in the persistent folder

Could be a solution. A quick fix would be to add another volume during start, something like -v sepia-home-nginx:/etc/nginx/sites-enabled

I'll try the linking when I update the container for v2.5.0 :-)

PlanetSmasher commented 4 years ago

That seems to work with the autogenerated file set as a copy in the new Volume

I have got an additional problem running a Self-Signed Cert with the official app (github build) It seems that this app does not accept a Self-Signed one, so everytime it Tells me: "Login failed! Sorry, but it seems the server does not answer :-("

sepia-assistant commented 4 years ago

I have got an additional problem running a Self-Signed Cert with the official app (github build) It seems that this app does not accept a Self-Signed one, so everytime it Tells me: "Login failed! Sorry, but it seems the server does not answer :-("

With "official app" you mean the Android apk? The app is configured to accept user certificates (via network_security_config.xml) but in Android you have to import them manually first (and probably convert them). I haven't tested this process for quite some time but maybe this can help: https://www.lastbreach.com/blog/importing-private-ca-certificates-in-android

The Android app will accept non HTTPS URLs without a problem btw, just in case you're planning to use it only in your private Network anyway.