search

ddvk / rmfakecloud

host your own cloud for the remarkable
GNU Affero General Public License v3.0
751 stars 61 forks source link

Running rmfakecloud behing a SWAG reverse proxy? #324

Open P9k opened 1 day ago

P9k commented 1 day ago

Dear community,

Has anyone managed to successfully set up rmfakecloud behind a SWAG reverse proxy service (https://docs.linuxserver.io/general/swag)?

I was able to get the rmfakecloud Docker container running via docker-compose and also managed to access the web-GUI from a subdomain that I have added to my dynamic DNS provider (something like https://rmfakecloud.my-own-dyndns-domain.com).

I have used a very basic Nginx reverse proxy configuration file (rmfakecloud.subdomain.conf) inspired by my other services that I run in a similar fashion behind the reverse proxy:

   server {
    listen 443 ssl;
    listen [::]:443 ssl;
    http2 on;

    server_name rmfakecloud.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 200M;

    # enable for ldap auth (requires ldap-location.conf in the location block)
    #include /config/nginx/ldap-server.conf;

    # enable for Authelia (requires authelia-location.conf in the location block)
    #include /config/nginx/authelia-server.conf;

    # enable for Authentik (requires authentik-location.conf in the location block)
    #include /config/nginx/authentik-server.conf;

    location / {

        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;

        set $upstream_app rmfakecloud;
        set $upstream_port 3000;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }
}

The automagic installer finishes smoothly on my reMarkable2 and choosing https://rmfakecloud.my-own-dyndns-domain.com as the corresponding domain when asked.

From the reMarkable, I am able to ping https://rmfakecloud.my-own-dyndns-domain.com, but it fails with the TLS handshake error when trying to wget https://rmfakecloud.my-own-dyndns-domain.com. Thus it is no wonder that the sync between server and tablet cannot be properly set up.

I am aware that this problem arises from missing or wrongly assigned certificates, but I don't know how and where to resolve this issue. The problem appears to be that the SWAG service automatically renews the certificates for every subdomain (see for example https://docs.linuxserver.io/general/swag/#subdomain-proxy-conf), so my guess would be that these clash with the certificates generated by the automagic script.

Maybe someone had some success in setting up rmfakecloud in a such an environment and could share their experience?

Eeems commented 1 day ago

Wget on device does not support SSL have you checked the xochitl and sync service logs to see what the error is there?