mixman68
commented
1 year ago I have same problem but with a regular SSL loaded by SSL_CERT and SSL_CERT_KEY
My pterodactyl is gone..
Open Maescool opened 1 year ago
mixman68
commented
1 year ago I have same problem but with a regular SSL loaded by SSL_CERT and SSL_CERT_KEY
My pterodactyl is gone..
VozDeOuro
commented
1 year ago Is there a way to enable the --debug option on the cert creation ? Because mine isn't working either.
VozDeOuro
commented
1 year ago When using letsencrypt cert directly, caddy starts on 443, but assets don't load When disabling ssl, content shows up fine
How did you disable it ? mine isn't disabling
mixman68
commented
1 year ago You can disable with SSL_CERT=none in the env fileLe 17 août 2023 à 04:33, Lucas @.***> a écrit :
When using letsencrypt cert directly, caddy starts on 443, but assets don't load When disabling ssl, content shows up fine How did you disable it ? mine isn't disabling
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you commented.Message ID: @.***>
ccarney16
commented
1 year ago My Pterodactyl image recently moved to almalinux and caddy, however I do not fully support the new methods that are built in (and scripted) due to certain issues with caddy and pterodactyl daemon unable to share certificates. I will also be advising to move to a reverse proxy configuration such as NGINX, Traefik, or an external caddy proxy.
In regards to asset loading, that is an issue I am currently looking into since I do notice that even on non http configurations.
VozDeOuro
commented
1 year ago i think the good way is to do by dns https://caddyserver.com/docs/automatic-https
VozDeOuro
commented
1 year ago hey @ccarney16 do you think that the ssl problem will be fix on a next build ? using ssl on the reverse proxy is giving some error on the panel
ccarney16
commented
1 year ago Hey, so I am currently recommending to set SSL parameters to none on panel and daemon containers and opt to use a reverse proxy to forward traffic. At the moment caddy's built in SSL system is considered experimental until I get it ironed out. I have already pushed this image to a few production deployments using traefik as the reverse proxy, I see no issues at this moment. However if anyone can verify that their current Let's Encrypt certificates are having issues, please let me know, as during testing, the only issues I've encountered have been in regards to out-of-tree patches to pterodactyl. If anyone can also confirm if the certbot container can still get certificates, that would be great.
VozDeOuro
commented
1 year ago I'm using exactly that on my setup, traefik and none as caddy config.
But on some forms, it's accusing that the page is not secure.
VozDeOuro
commented
1 year ago i can try some test on the certbot container but can you give me more info on which container is that ? i just those containers: panel, worker, daemon, cron.
ccarney16
commented
1 year ago Hm, might want to check your APP_URL in conf.d/panel.env if its using http:// or https://, I might also suggest seeing if TRUSTED_PROXIES is set correctly. If it is not, feel free to add on TRUSTED_PROXIES=
ccarney16
commented
1 year ago @VozDeOuro Certbot does not look to be enabled on your project, you need to pass the letsencrypt profile using the default deployment configuration to enable certbot. This is a newer docker-compose v2 feature, more information about profiles can be found here.
VozDeOuro
commented
1 year ago Hm, might want to check your APP_URL in
conf.d/panel.envif its using http:// or https://, I might also suggest seeing if TRUSTED_PROXIES is set correctly. If it is not, feel free to add on TRUSTED_PROXIES= or CIDR range.
its on http:// how can i add the TRUSTED_PROXIES= on the traefik or on the .env file ?
ccarney16
commented
1 year ago @VozDeOuro Trusted proxies need to be set in conf.d/panel.env for the panel container, Not traefik.
VozDeOuro
commented
1 year ago Sorry for the noob question, but what i need to input there ?
ccarney16
commented
1 year ago you need to set the variable to either the IP address of the proxy, or the CIDR range of the proxy. If traefik is on the same machine as the panel container, and using docker networking, you should be free to try out the CIDR range 172.16.0.0/12. However be aware this trusts all ip addresses in this range.
VozDeOuro
commented
11 months ago i fixed it adding this caddy config
https://panel.foo.com :81 {
root * /var/www/html/public
file_server
tls {
dns cloudflare xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
}
header {
-Server
-X-Powered-By
Referrer-Policy "same-origin"
X-Frame-Options "deny"
X-XSS-Protection "1; mode=block"
X-Content-Type-Options "nosniff"
}
encode gzip zstd
php_fastcgi unix//var/lib/caddy/php/php-fpm.sock
try_files {path} {path}/ /index.php?{query}
}that need to install a module on the caddy and you need to build it
VOLUME [ "/var/lib/caddy" ]
WORKDIR /var/www/html
WORKDIR /var/
RUN rm -fr /usr/bin/caddy;\
wget https://go.dev/dl/go1.21.0.linux-amd64.tar.gz ;\
rm -rf /usr/local/go && tar -C /usr/local -xzf go1.21.0.linux-amd64.tar.gz ;\
export PATH=$PATH:/usr/local/go/bin ;\
mkdir xcaddy_install ;\
cd /var/xcaddy_install;\
go install github.com/caddyserver/xcaddy/cmd/xcaddy@latest ;\
wget https://github.com/caddyserver/xcaddy/releases/download/v0.3.5/xcaddy_0.3.5_linux_amd64.tar.gz ;\
tar -xzvf xcaddy_0.3.5_linux_amd64.tar.gz ;\
chmod +x xcaddy ;\
# here is the module that need to be installed
./xcaddy build --with github.com/caddy-dns/cloudflare;\
cp caddy /usr/bin/caddy;\
chmod +x /usr/bin/caddy;\
caddy list-modules | grep dns.;
When using letsencrypt cert directly, caddy starts on 443, but assets don't load When disabling ssl, content shows up fine