cooperaj
commented
1 year ago https://github.com/dokku/dokku-letsencrypt/issues/296
Feel free to boost/chuck some money at it :)
Open michaelyork opened 1 year ago
cooperaj
commented
1 year ago https://github.com/dokku/dokku-letsencrypt/issues/296
Feel free to boost/chuck some money at it :)
cooperaj
commented
1 year ago True to form, this happened to my instance last night.
josegonzalez
commented
4 months ago Wait so does this app use listen internally on port 443 as well? Does mastadon have its own self-signed cert it serves up?
cooperaj
commented
4 months ago Yeah. It's a weird one this image. I don't know quite why they default to this but they do.
https://docs.linuxserver.io/images/docker-mastodon/#strict-reverse-proxies tells you that it's necessary but not why. I believe it's because the node based streaming server is reliant on secure websockets (wss) and so they ship an image that can at least function - even if you're getting unknown certificate errors.
Because the image has the redirect from 80 to 443 in place it's not possible to make it work without ensuring traffic goes to 443 and https://github.com/dokku/dokku-letsencrypt/issues/296 means that everytime letsencrypt refreshes it removes that port mapping and results in an infinite redirect loop when accessing the app through the dokku proxy.
Woke up this morning to see my instance down. Tracked down the issue to a letsencrypt cert auto-renewal last night, and proxy port mappings that had been reset. Looks like they went from
https:443:443tohttps:443:80. Manually resetting tohttps:443:443resolved the issue.Is there something about the app config that causes this? Any way to fix?