search

algolia / sup3rS3cretMes5age

Simple to use, simple to deploy, one time self destruct messaging service, with hashicorp vault as a backend
MIT License
519 stars 81 forks source link

manual TLS : can't read the certificat from a location #61

Closed Shaltz closed 2 years ago

Shaltz commented 3 years ago

Hi,

I'm trying to set the certificate to be used, but I end up with this error

2021/06/23 17:38:12 [INFO] HTTP Binding Address: :80
2021/06/23 17:38:12 [INFO] HTTPS Binding Address: :443
2021/06/23 17:38:12 [INFO] HTTPS Redirect enabled: true
2021/06/23 17:38:12 [INFO] TLS Auto Domain: 
2021/06/23 17:38:12 [INFO] TLS Cert Filepath: /home/me/tools/mydomain.io/STAR_mydomain_io.pem
2021/06/23 17:38:12 [INFO] TLS Cert Key Filepath: /home/me/tools/mydomain.io/STAR_mydomain_io.key

   ____    __
  / __/___/ /  ___
 / _// __/ _ \/ _ \
/___/\__/_//_/\___/ v3.3.10-dev
High performance, minimalist Go web framework
https://echo.labstack.com
____________________________________O/_______
                                    O\
⇨ http server started on [::]:80
{"time":"2021-06-23T17:38:12.264996285Z","level":"FATAL","prefix":"echo","file":"main.go","line":"50","message":"open /home/me/tools/mydomain.io/STAR_mydomain_io.pem: no such file or directory"}

when I know for a fact that the file is in this folder. I've set the owner of the files/folder to the same user I run the docker-compose command with...

My docker-compose file

version: '3.2'

services:
  vault:
    image: vault:latest
    container_name: vault
    environment:
      VAULT_DEV_ROOT_TOKEN_ID: supersecret
    cap_add:
      - IPC_LOCK
    expose:
      - 8200

  supersecret:
    build: ./
    image: algolia/supersecretmessage:latest
    container_name: supersecret
    environment:
      VAULT_ADDR: http://vault:8200
      VAULT_TOKEN: supersecret
      SUPERSECRETMESSAGE_HTTP_BINDING_ADDRESS: ":80"
      SUPERSECRETMESSAGE_HTTPS_BINDING_ADDRESS: ":443"
      SUPERSECRETMESSAGE_HTTPS_REDIRECT_ENABLED: "true"
      SUPERSECRETMESSAGE_TLS_CERT_FILEPATH: /home/me/tools/mydomain.io/STAR_mydomain_io.pem
      SUPERSECRETMESSAGE_TLS_CERT_KEY_FILEPATH: /home/me/tools/mydomain.io/STAR_mydomain_io.key
    ports:
      - "80:80"
      - "443:443"
    depends_on:
      - vault

what am I missing ?

This "new" TLS setup ends up to be a nightmare... no way to get it to work when everything was working fine before... Why ? :(

eranchetz commented 3 years ago

@Shaltz let me try and reproduce that and see if I can understand what went wrong here

Overlio commented 3 years ago

Hello, Got any update on the tests performed? I've been experiencing the exact same issue (causing me e lot of headache before finding this thread, lol).

eranchetz commented 2 years ago

It was solved here: https://github.com/algolia/sup3rS3cretMes5age/issues/65