search

thelounge / thelounge-docker

🐳 ‎ ‎Docker image for The Lounge, a self-hosted web IRC client
https://ghcr.io/thelounge/thelounge
MIT License
306 stars 73 forks source link

Unable to establish secure connection #146

Closed taiBsu closed 1 year ago

taiBsu commented 1 year ago

I'm running an inspIRCd server on my private server. For online communication purposes, I installed thelounge using docker-compose:

version: "3"

services:
  irc_webclient:
    image: thelounge/thelounge:latest
    container_name: irc_webclient
    ports:
      - 9000:9000
    restart: always
    volumes:
      - ./config:/var/opt/thelounge
    networks:
      - ***

networks:
  ***:
    external: true

I enabled reverse proxy through the config.js:

# ...
reverseProxy: true
# ...

My apache subdomain config is as follows: irc.my.domain.conf:

<VirtualHost *:80>
  ServerName irc.my.domain
  RewriteEngine on
  RewriteCond %{SERVER_NAME} =irc.my.domain
  RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

  RewriteCond %{REQUEST_URI}  ^/socket.io            [NC]
  RewriteCond %{QUERY_STRING} transport=websocket    [NC]
  RewriteRule /(.*)           ws://irc_webclient:9000/$1 [P,L]

  RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
  ProxyVia On
  ProxyRequests Off
  ProxyAddHeaders On
  ProxyTimeout 86400
</VirtualHost>

irc.my.domain-le-ssl.conf:

<IfModule mod_ssl.c>
<VirtualHost *:443>
  ServerName irc.my.domain

  ProxyPass / http://irc_webclient:9000/
  ProxyPassReverse / http://irc_webclient:9000/

  RewriteEngine On
  RewriteCond %{REQUEST_URI}  ^/socket.io            [NC]
  RewriteCond %{QUERY_STRING} transport=websocket    [NC]
  RewriteRule /(.*)           wss://irc_webclient:9000/$1 [P,L]

  RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
  ProxyVia On
  ProxyRequests Off
  ProxyAddHeaders On

  SSLCertificateFile /etc/letsencrypt/live/my.domain/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/my.domain/privkey.pem
  Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

as per the documentation, I haven't enabled https in the config.js:

https: {
  enable: false,
  key: "",
  certificate: "",
  ca: "",
},

Now when trying to connect having the "Only allow trusted certificates" option checked, I get the following error: grafik whereas when unchecking that option I'm able to connect but only with warnings: grafik

What can I do to make this work properly?

Thanks a lot in advance.

brunnre8 commented 1 year ago

This is an issue tracker and not a support forum, head over to #thelounge on libera, or better yet some apache channel as you terminate TLS there.