search

kiwiirc / kiwiirc

šŸ„ Next generation of the Kiwi IRC web client
https://kiwiirc.com/
Apache License 2.0
874 stars 216 forks source link

SSL 502 Bad Getaway error #1802

Closed farazi closed 1 year ago

farazi commented 1 year ago

I installed a certificate for SSL and portless login. The certificate is OK. Kiwiirc login opens with ssl the port look https://irc.beklenti.com.tr:7778 (but not connected reseon: unknown error), and but when I try to enter the virtual directory, there is an error. 502 bad getaway. as follows

1977 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: 127.0.0.1, server: irc.xxx.com.tr, request: "GET /webirc/kiwiirc HTTP/1.1", upstream: "https://127.0.0.1:7778/webirc/kiwiirc", host: "127.0.0.1:7778"

my kiwi conf file tls lines and my vhost conf file (nginx) virtual directory lines as follows;

kiwi conf lines:

The websocket / http server

[server.1] bind = "194.87.246.56" port = 7778

Example TLS server

[server.2] bind = "194.87.246.56" port = 443 tls = true cert = /etc/pki/tls/certs/irc.beklenti.com.tr.crt key = /etc/pki/tls/certs/irc.beklenti.com.tr.key

nginx vhost conf lines

location /webirc/ {

Forward incoming requests to local webircgateway socket

    proxy_pass https://127.0.0.1:7778/webirc/;

    # Set http version and headers
    proxy_http_version 1.1;

    # Add X-Forwarded-* headers
    proxy_set_header X-Forwarded-Host   $host;
    proxy_set_header X-Forwarded-Proto  $scheme;
    proxy_set_header X-Forwarded-For    $remote_addr;

    # Allow upgrades to websockets
    proxy_set_header Upgrade     $http_upgrade;
    proxy_set_header Connection  "upgrade";

}

location /files/ {
    # Forward incoming requests to local fileuploader instance
    proxy_pass https://127.0.0.1:7778/files/;

    # Disable request and response buffering
    proxy_request_buffering  off;
    proxy_buffering          off;
    proxy_http_version       1.1;

    # Add X-Forwarded-* headers
    proxy_set_header X-Forwarded-Host   $host;
    proxy_set_header X-Forwarded-Proto  $scheme;
    proxy_set_header X-Forwarded-For    $remote_addr;

    # Allow fileuploader to control the max size
    client_max_body_size         0;
}
ItsOnlyBinary commented 1 year ago

use http for the proxy_pass and make sure [server.1] has the same bind/port in config.conf

I'm still getting ERR_CERT_AUTHORITY_INVALID visiting https://irc.beklenti.com.tr/ though

farazi commented 1 year ago

use http for the proxy_pass and make sure [server.1] has the same bind/port in config.conf

I'm still getting ERR_CERT_AUTHORITY_INVALID visiting https://irc.beklenti.com.tr/ though

okey now working checked my ssl files: https://irc.beklenti.com.tr/ but still not connect reseon: unknown error. https://irc.beklenti.com.tr/webirc/kiwiirc 502 bad getaway

Error log file last lines now

9430#9430: *6 connect() failed (111: Connection refused) while connecting to upstream, client: [IP], server: irc.beklenti.com.tr, request: "GET /webirc/kiwiirc HTTP/1.1", upstream: "http://127.0.0.1:7778/webirc/kiwiirc", host: "irc.beklenti.com.tr:7778"

ItsOnlyBinary commented 1 year ago

bind [server.1] to 127.0.0.1 then completely comment out [server.2] (its not needed)

farazi commented 1 year ago

127.0.0.1

yes! you great. :) now worked https://irc.beklenti.com.tr/webirc/kiwiirc/

but not connect irc server "Could not connect securely" i am trying kiwi config file tsl false?

ItsOnlyBinary commented 1 year ago

that will be an issue in [upstream.1]

make sure that is the details for connecting to your ircd so hostname / port / tls

eg irc.beklenti.com.tr / 6697 / true

you will also want to set a webirc password and a matching webirc/cgiirc block to your ircd's config

farazi commented 1 year ago

that will be an issue in [upstream.1]

make sure that is the details for connecting to your ircd so hostname / port / tls

eg irc.beklenti.com.tr / 6697 / true

you will also want to set a webirc password and a matching webirc/cgiirc block to your ircd's config

thanks. I have been struggling between nginx confs, apache confs and ssl providers for 5 days. my head was about to explode but I won't give up easily. I realized it at the last moment. my root admin panel is running a cron and revoking my manual certificate. the cron every hours make a free ssl (lets)

thanks for all help. I didn't fully understand the message above because my English is not good. But I will work on it. :)

šŸ‘ šŸ’˜

ItsOnlyBinary commented 1 year ago

https://www.unrealircd.org/docs/WebIRC_block <--- webirc block for unrealircd

seems you dont have ssl setup on 6697 for your ircd yet, so for config.conf

[upstream.1]
hostname = "irc.beklenti.com.tr"
port = 6667
tls = false

then webirc = "" would be the password you put in unreal as shown in the docs

farazi commented 1 year ago

https://www.unrealircd.org/docs/WebIRC_block <--- webirc block for unrealircd

seems you dont have ssl setup on 6697 for your ircd yet, so for config.conf

[upstream.1]
hostname = "irc.beklenti.com.tr"
port = 6667
tls = false

then webirc = "" would be the password you put in unreal and said in the docs

I understand. you say it is related to SSL unrealircd there. i will need to edit unrealircd.conf for this. I'm fixing this now. thanks.

ItsOnlyBinary commented 1 year ago

https://www.unrealircd.org/docs/Using_Let%27s_Encrypt_with_UnrealIRCd

you also might want to look into updating your unrealircd install as its quite and old version.

Keep posting here if you have move questions but i will close this and the other issue ;)