search

revoltchat / self-hosted

Deploy Revolt using Docker.
904 stars 116 forks source link

DOMException: The operation is insecure on login #82

Closed Jhall1990 closed 1 day ago

Jhall1990 commented 5 months ago

What happened?

I'm trying to deploy a revolt instance with HTTPS. I'm able to access the landing page and registration page. I create an account then when I try to login I get the "It's time to choose a username page" I enter the username I want and click "Looks good!" and that's when I see the DOMException in the browser console.

I saw a similar issue here: https://github.com/revoltchat/self-hosted/issues/10 which mentioned making sure that https:// is prefixed on all URLs in the env as well as wss:// for the web socket, which I have done.

Redacted env file:

##
## Quark configuration
##

# MongoDB
MONGODB=mongodb://database

# Redis
REDIS_URI=redis://redis/

# Hostname used for Caddy
# This should in most cases match REVOLT_APP_URL
HOSTNAME=https://<my-domain-name>

# URL to where the Revolt app is publicly accessible
REVOLT_APP_URL=https://<my-domain-name>

# URL to where the API is publicly accessible
REVOLT_PUBLIC_URL=https://<my-domain-name>/api
VITE_API_URL=https://<my-domain-name>/api

# URL to where the WebSocket server is publicly accessible
REVOLT_EXTERNAL_WS_URL=wss://<my-domain-name>/ws

# URL to where Autumn is publicly available
AUTUMN_PUBLIC_URL=https://<my-domain-name>/autumn

# URL to where January is publicly available
JANUARY_PUBLIC_URL=https://<my-domain-name>/january

##
## hCaptcha Settings
##

# If you are sure that you don't want to use hCaptcha, set to 1.
REVOLT_UNSAFE_NO_CAPTCHA=1

# hCaptcha API key (This is the "Secret key" from your User Settings page)
# REVOLT_HCAPTCHA_KEY=0x0000000000000000000000000000000000000000

# hCaptcha site key
# REVOLT_HCAPTCHA_SITEKEY=10000000-ffff-ffff-ffff-000000000001

##
## Email Settings
##

# If you are sure that you don't want to use email verification, set to 1.
REVOLT_UNSAFE_NO_EMAIL=1

# SMTP host
# REVOLT_SMTP_HOST=smtp.example.com

# SMTP username
# REVOLT_SMTP_USERNAME=noreply@example.com

# SMTP password
# REVOLT_SMTP_PASSWORD=CHANGEME

# SMTP From header
# REVOLT_SMTP_FROM=Revolt <noreply@example.com>

##
## Application Settings
##

# Whether to only allow users to sign up if they have an invite code
REVOLT_INVITE_ONLY=1

# Maximum number of people that can be in a group chat
REVOLT_MAX_GROUP_SIZE=150

# VAPID keys for push notifications
# Generate using this guide: https://gitlab.insrt.uk/revolt/delta/-/wikis/vapid
# --> Please replace these keys before going into production! <--
REVOLT_VAPID_PRIVATE_KEY=<vapid-private-key>
REVOLT_VAPID_PUBLIC_KEY=<vapid-public-key>

##
## Autumn configuration
##

# S3 Region
AUTUMN_S3_REGION=minio

# S3 Endpoint
AUTUMN_S3_ENDPOINT=http://minio:9000

# MinIO Root User
MINIO_ROOT_USER=minioautumn

# MinIO Root Password
MINIO_ROOT_PASSWORD=minioautumn

# AWS Access Key ID
AWS_ACCESS_KEY_ID=minioautumn

# AWS Secret Key
AWS_SECRET_ACCESS_KEY=minioautumn

I was checking each of the endpoints that's exposed in the Caddyfile and they all work, but noticed that when I go to https://\<my-domain-name>/api I get the following (redacted) JSON which does not match what's in my env file.

{
  "revolt": "0.7.1",
  "features": {
    "captcha": {
      "enabled": false,
      "key": ""
    },
    "email": false,
    "invite_only": false,
    "autumn": {
      "enabled": true,
      "url": "http://local.revolt.chat/autumn"
    },
    "january": {
      "enabled": true,
      "url": "http://local.revolt.chat/january"
    },
    "voso": {
      "enabled": false,
      "url": "",
      "ws": ""
    }
  },
  "ws": "ws://local.revolt.chat/ws",
  "app": "http://local.revolt.chat",
  "vapid": "<different-vapid-key>",
  "build": {
    "commit_sha": "<failed to generate>",
    "commit_timestamp": "<failed to generate>",
    "semver": "<failed to generate>",
    "origin_url": "<failed to generate>",
    "timestamp": "<failed to generate>"
  }
}

Here is my Caddyfile:

{$HOSTNAME} {
        tls {
                dns duckdns <duckdns-api-key>
        }

        route /api* {
                uri strip_prefix /api
                reverse_proxy http://api:8000
        }

        route /ws {
                @upgrade {
                        header Connection *Upgrade*
                        header Upgrade websocket
                }

                uri strip_prefix /ws
                reverse_proxy @upgrade http://events:9000
        }

        route /autumn* {
                uri strip_prefix /autumn
                reverse_proxy http://autumn:3000
        }

        route /january* {
                uri strip_prefix /january
                reverse_proxy http://january:7000
        }

        reverse_proxy http://web:5000
}

I tried tearing down all the volumes and deleting the data directory and redeploying but that didn't change anything.

One other thing is that there are no errors on any of the containers in the docker compose (seems like the error is only client side)

Anything obvious here that I have wrong?

If you need any other information please let me know

Thanks!

kbalt commented 5 months ago

Hey, I had the same problem until I noticed this comment in the README

❗ Important: configuration strategy has changed but this guide is out of date TL;DR mount Revolt.toml at /Revolt.toml for both api and events. Proper documentation will follow in due time.

When I configured using the linked Revolt.toml and mounted it into the api and events container it worked.

nssassassin commented 3 months ago

Hey, I had the same problem until I noticed this comment in the README

❗ Important: configuration strategy has changed but this guide is out of date TL;DR mount Revolt.toml at /Revolt.toml for both api and events. Proper documentation will follow in due time.

When I configured using the linked Revolt.toml and mounted it into the api and events container it worked.

Would you be able to give an example of where I'm supposed to do this, in the docker-compose? Do I add a volume?

fvlasie commented 3 months ago

I can't find the Revolt.toml file in any of the docker containers. Does anyone know how to edit Revolt.toml on a docker deployment? Thank you!

Rushmore75 commented 2 months ago

@fvlasie basically you'll need to download this file, configure it the same as the .env file. Then add the lines:

volumes:
  - ./Revolt.toml:/Revolt.toml

to both the api and events container in the Docker Compose file.

insertish commented 1 day ago

README updated to include new setup information