search

subspacecommunity / subspace

A fork of the simple WireGuard VPN server GUI community maintained
MIT License
1.8k stars 131 forks source link

Large number of tls errors #189

Closed tropnikovvl closed 3 years ago

tropnikovvl commented 3 years ago

Describe the bug I am using the latest version of the application and there are a large number of errors in the container logs

To Reproduce Steps to reproduce the behavior:

  1. docker run ...
  2. wait for automatic letsencrypt registration
  3. see the errors after a few hours

Screenshots Screenshot 2021-06-04 at 23 28 25

Desktop (please complete the following information): Ubuntu 18.04 LTS

firewall rules:

Chain INPUT (policy DROP 311 packets, 19332 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:123
25098 2780K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22
50533 8258K ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:51825
 4746  581K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443
  389 24278 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80
30838   20M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
  448 31045 ACCEPT     all  --  *      *       10.99.97.0/24        0.0.0.0/0
  157 12635 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0

Output all accept

gchamon commented 3 years ago

sorry for not answering sooner

Are you running this on a VPS or on a residential network? Is your server behind a NAT service?

It looks to me like something is preventing LetsEncrypt from reaching your server. You might want to check if virtual firewall port forwarding rules are correct or if your ISP (in case of a residential network) allows for HTTP/HTTPS connections on the usual 80 and 443 ports (some residential providers block any and all incoming requests to those ports).

tropnikovvl commented 3 years ago

hi, this is vps, but ports 80 and 443 are open, otherwise I would not be able to connect to the server

gchamon commented 3 years ago

I am trying to get more information about your infrastructure because I had no issues generating certificates on AWS for instance

Can you provide your config file or launch command? My second guess would be misconfiguration of the SUBSPACE_ENDPOINT_HOST parameter

tropnikovvl commented 3 years ago

I used standard parameters. And I'm not using arg SUBSPACE_ENDPOINT_HOST

docker create \
    --name subspace \
    --restart always \
    --network host \
    --cap-add NET_ADMIN \
    --volume /data:/data \
    --volume /usr/bin/wg:/usr/bin/wg \ 
    --env SUBSPACE_HTTP_HOST="subspace.example.com" \
    --env SUBSPACE_NAMESERVERS="1.1.1.1,8.8.8.8" \
    --env SUBSPACE_LISTENPORT="51825" \
    --env SUBSPACE_IPV6_NAT_ENABLED=0 \
    subspacecommunity/subspace:latest

Also my provider has a firewall, but there I opened 80, 443 and a port for wireguard

gchamon commented 3 years ago

You should change SUBSPACE_HTTP_HOST to a valid URL. The error is letsencrypt trying to reach your server using subspace.example.com which will not work. You can try it using duckdns.

gchamon commented 3 years ago

Closing since it is not a bug. However the readme should be updated. Where it reads SUBSPACE_ENDPOINT_HOST should be SUBSPACE_HTTP_HOST.