search

nubosoftware / linux-remote-desktop

Linux based secure, open source, multi-tenant environment for remote work.
Apache License 2.0
307 stars 33 forks source link

https - secure communication with Desktop Client #6

Closed M-Stenzel closed 2 years ago

M-Stenzel commented 2 years ago

Hi team,

I set up the system exactly according to

https://github.com/nubosoftware/linux-remote-desktop/blob/main/docs/getting-started-guide.md

Everything went smoothly, however, I have problems with accessing the server as

The main page (not for administration) does not open, since the certificate is self-signed and this is not accepted in many cases. I do have my own CA issued certificates, I put them in docker-compose.xml, see here:

environment: REGISTRY_HTTP_TLS_CERTIFICATE: /cert/xy-space.de.crt REGISTRY_HTTP_TLS_KEY: /cert/xy-space.de.key REGISTRY_AUTH: htpasswd REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm REGISTRY_AUTH_HTPASSWD_PATH: /cert/htpasswd REGISTRY_STORAGE_DELETE_ENABLED: 'true'

I changed in nubomanagement/.../Settings.json

the serverurl from http: to https:

"serverurl": "https://rds.xy-space.de/",

Still my certificate authority issued certificates do not get used (yes, they are readable). I verified with my browser which gives the information on the certificates.

How do you properly set up https (secure setup) for using the Desktop Client?

P. S. In the logs there ARE some errors (probably unrelated) but I wonder what their meaning is for the production server

2022-08-01T21:12:03.287Z nubo-ps platform_server[9] error: Cannot read ../cert/root.crt file, err: Error: ENOENT: no such file or directory, open '../cert/root.crt' 2022-08-01T21:12:03.289Z nubo-ps platform_server[9] error: Cannot read ../cert/platformFull.crt file, err: Error: ENOENT: no such file or directory, open '../cert/platformFull.crt' 2022-08-01T21:12:11.694Z nubo-frontend nubomanagement-public[17] error: Cannot read ../cert/root.crt file, err: Error: ENOENT: no such file or directory, open '../cert/root.crt' 2022-08-01T21:12:11.691Z nubo-frontend nubomanagement-public[17] error: Cannot read ../cert/root.crt file, err: Error: ENOENT: no such file or directory, open '../cert/root.crt' terve:/opt/nubo # docker logs nubo-rsyslog | grep Error 2022-08-01T21:12:03.286Z nubo-ps platform_server[9] info: initMachine cannot load machine details: Error: ENOENT: no such file or directory, open './machine.conf' 2022-08-01T21:12:03.287Z nubo-ps platform_server[9] error: Cannot read ../cert/root.crt file, err: Error: ENOENT: no such file or directory, open '../cert/root.crt' 2022-08-01T21:12:03.289Z nubo-ps platform_server[9] error: Cannot read ../cert/platformFull.crt file, err: Error: ENOENT: no such file or directory, open '../cert/platformFull.crt' 2022-08-01T21:12:03.289Z nubo-ps platform_server[9] error: Cannot read ../cert/platform.key file, err: Error: ENOENT: no such file or directory, open '../cert/platform.key' 2022-08-01T21:12:03.526Z nubo-ps platform_server[9] error: Unable to register on management (http://nubo-management:8080). err: Error: connect ECONNREFUSED 192.168.0.4:8080 Error: connect ECONNREFUSED 192.168.0.4:8080 2022-08-01T21:12:05.241Z nubo-gateway nubogateway[9] info: Cannot register gateway. Error: Error: connect ECONNREFUSED 172.30.0.3:8080 2022-08-01T21:12:08.564Z nubo-management nubomanagement[29] error: selfRegisterPlatformTtl error: Error: Platform registration not found! Error: Platform registration not found! 2022-08-01T21:12:11.694Z nubo-frontend nubomanagement-public[17] error: Cannot read ../cert/root.crt file, err: Error: ENOENT: no such file or directory, open '../cert/root.crt' 2022-08-01T21:12:11.691Z nubo-frontend nubomanagement-public[17] error: Cannot read ../cert/root.crt file, err: Error: ENOENT: no such file or directory, open '../cert/root.crt' 2022-08-01T21:12:38.811Z nubo-ps platform_server[9] info: Error create symlink for debs folder: Error: ENOENT: no such file or directory, unlink '/opt/platform_server/debs' 2022-08-01T21:12:38.871Z nubo-management nubomanagement-daemon[35] info: Common.mailer.send: Error: 140529894988592:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:331: 2022-08-02T03:02:03.314Z nubo-frontend nubomanagement-public[17] error: Error serving /favicon.ico - Not Found 2022-08-02T03:02:16.744Z nubo-frontend nubomanagement-public[17] error: Error serving /favicon.ico - Not Found 2022-08-02T03:02:20.357Z nubo-frontend nubomanagement-public[17] error: Error serving /favicon.ico - Not Found 2022-08-02T03:02:20.947Z nubo-frontend nubomanagement-public[17] error: Error serving /favicon.ico - Not Found 2022-08-02T03:02:25.966Z nubo-frontend nubomanagement-public[17] error: Error serving /favicon.ico - Not Found

Martin.

P. S. The admin control panel is accessible, no problem here.

nubosoftware commented 2 years ago

Hi Martin,

The docker instance that listen to HTTPS traffic is the frontend instance. You need to configure it to use your customized certificate/key files:

Edit frontend/conf/Settings.json

Add to the file:

"sslCerts": {
    "key": "/opt/cert/xy-space.de.crt",
    "certificate": "/opt/cert/xy-space.de.key"
  }

Please let me know if that solve this issue.

Best, Nubo Team

M-Stenzel commented 2 years ago

Hi team, thank you for the information, however, inserting the above lines resulted in the system not starting. I did a reinstallation and used my own certificates from the beginning (overwriting the self-signed certificates), this resolved the problem. It would be nice if the installation script would ask for existing CA issued certificates.

Thanks for your help!

nubosoftware commented 2 years ago

Hi Martin,

Thank you for the suggestion. We may add a script for certification installation.

It would be beneficial if you could please send the logs (from the system that did not start), so we could better understand the issue. The most common error would be a syntax error in the JSON file.

Best regards, Nubo Team