MrLemur
commented
3 years ago Known issue: https://docs.meli.sh/configuration/reverse-proxy
Open alyx opened 3 years ago
MrLemur
commented
3 years ago Known issue: https://docs.meli.sh/configuration/reverse-proxy
alyx
commented
3 years ago Ah, I saw that but assumed that was only the situation when running behind a reverse proxy. Perhaps it would make sense to copy that warning over to https://docs.meli.sh/configuration/ssl ?
MrLemur
commented
3 years ago I think implementing #233 will make the situation easier, without having to mess around with sudomains of subdomains. Follows what Netlify does with having a subdomain like f78gh0f7wgff4fwdsa--sitename.netlify.app
gempain
commented
3 years ago @alyx as @MrLemur rightly raised, this is an issue we still need to fix. This change is making it to the top of our todo list and we will implement it just like Netlify. We'll be using -- as a separator and prevent users from using this separator in their site name.
In my deployment, I've found SSL certificate generation works perfectly for the primary subdomain for a site hosted in a Meli instance, but consistently seems to fail for branch subdomains.
I see the following error in the log output:
and in browsers loading the branch subdomain just fails with an SSL protocol error.
Testing both using the default CA (which, following Caddy's change, seems to now be ZeroSSL) and with manually setting the ACME server to Let's Encrypt via
MELI_ACME_SERVER: https://acme-v02.api.letsencrypt.org/directory, the error seems to consistently happen.Using Meli image:
getmeli/meli:beta,1.0.0-beta.20per package.json.