SSL TLS issue

[georgebaileyster]

Hi Toby,

I now have all my nodejs apps running in arozOS but some need SSL to be accessed via anything other than localhost.

I have tried everything I can think of and more including reverse proxy, redirects and starting in tls mode with the .pem certificate files in root of the aroz directory but either permanent errors such as PR_CONNECT_REST_ERROR or just not connecting at all or constant loading of the page.

The one I think did work was localtunnel.run or similar but it dies and you have to keep resetting everything.

Am running 2016r2 with x5660 and 40GB free memory.

Any ideas?

Thanks

George.

[tobychui]

Hi @georgebaileyster,

I personally use Zoraxy for providing https for my ArozOS system. https://zoraxy.arozos.com/

This is how I set it up in zoraxy (ArozOS listening on localhost:8081).

But in theory, you can use the build in TLS http server to serve your site with https. In your case I think it is mostly a network issue than a bug in the ArozOS source code. If you discovered any more details regarding this issue, please let me know so we can discuss further.

[georgebaileyster]

Hi Toby,

I installed zoraxy and configured in various options after watching the video demo. On the occations it appeared to work zoraxy returned tls handshake didn't appear correct system refused to connect.

But I did notice one of the complaints was regarding tls 1.0. I am assuming that azos needs to start in basic tls mode and I need to connect from 443 to 8443?

I also tried tcp proxy in starter mode but that didn't help either so there is obviously something stupid I'm just not understanding. The public IP address is applied to the server aroz runs on so it starts with that address and the url's are attached to the same IP by A record so if I try to connect using url on one an IP of aroz, it gives a 404 page not found, if I use http it connects fine.

Warmest regards

George.

On Fri, 8 Dec 2023 at 07:56, Toby Chui @.***> wrote:

Hi @georgebaileyster https://github.com/georgebaileyster,

I personally use Zoraxy for providing https for my ArozOS system. https://zoraxy.arozos.com/

This is how I set it up in zoraxy (ArozOS listening on localhost:8081). default.png (view on web) https://github.com/tobychui/arozos/assets/24617523/46cc6eea-a47c-4aa0-97bf-adb1a9a4c608

But in theory, you can use the build in TLS http server to serve your site with https. In your case I think it is mostly a network issue than a bug in the ArozOS source code. If you discovered any more details regarding this issue, please let me know so we can discuss further.

— Reply to this email directly, view it on GitHub https://github.com/tobychui/arozos/issues/142#issuecomment-1846587879, or unsubscribe https://github.com/notifications/unsubscribe-auth/AE4PUI3LNGA7TQO2BLVMD7LYIKTZXAVCNFSM6AAAAABAHPKJTCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNBWGU4DOOBXHE . You are receiving this because you were mentioned.Message ID: @.***>

-- “what is the good of gold, except to make things of, or the bright stones except to play with?

What is the good of anything except food to eat and power and wisdom that can open the secret doors of knowledge, of things seen and things unseen, and love that brings the joy and forgetfulness of self and takes away the awful loneliness of the soul, if only for a little while? I stand for the ways which are lawful and true and all other ways I utterly abore.”

[georgebaileyster]

Just an update, I have managed to get the ssl working correctly. In case it helps someone else the solution is:-

Load the certificate files (cert, chain and fullchain) into windows server by mmc. Make sure you right click on the web-server under certificates and load them there. It is important if you have more than one domain pointing to the same IP / site, that you include all of them when you make the certificate, DO NOT make individual ones you can only load per machine.

When done, copy and paste the cert.pem and privkey.pem or whatever equivalent into the root of the ariozOS (paste them next to the arozOS.exe file or whatever you called it. Then simply run the following remembering to change the names for key and cert:-

arozos -tls_port 443 -tls=true -cert "mycert.crt" -key "mykey.key"

It has however broken the apps I was trying run in aroz in the first place though. If anyone can come up with a simple reverse proxy configuration to communicate between localhost:8086 and the URL on the public IP which is attached to the machine not the router keeping in mind that the apps are running inside the browser, I would be grateful.

Thanks.

On Fri, 8 Dec 2023 at 07:56, Toby Chui @.***> wrote:

Hi @georgebaileyster,

I personally use Zoraxy for providing https for my ArozOS system. https://zoraxy.arozos.com/

This is how I set it up in zoraxy (ArozOS listening on localhost:8081). default.png (view on web)

But in theory, you can use the build in TLS http server to serve your site with https. In your case I think it is mostly a network issue than a bug in the ArozOS source code. If you discovered any more details regarding this issue, please let me know so we can discuss further.

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned.Message ID: @.***>

-- “what is the good of gold, except to make things of, or the bright stones except to play with?

What is the good of anything except food to eat and power and wisdom that can open the secret doors of knowledge, of things seen and things unseen, and love that brings the joy and forgetfulness of self and takes away the awful loneliness of the soul, if only for a little while? I stand for the ways which are lawful and true and all other ways I utterly abore.”

[bmeares]

Has anyone found a way to run ArozOS as a plain HTTP server? I'm using NGINX to manage my reverse proxies. I've tried editing start.sh to add -tls=false and changing the port to no avail.

[tobychui]

@bmeares Not sure what you mean. The ArozOS is running on plain HTTP server by default with port 8080. If you are constantly being redirected to https://, make sure your browser cache is cleared or try another browser.

[bmeares]

@tobychui The issue was two-fold: (1) the port flag was being ignored (running on Fedora 40) and (2) Docker had already bound to the default port.

I managed to get ArozOS running with this Docker image: https://github.com/SysAdmin74/ArozOS-Docker

[tobychui]

@bmeares Still not sure what is your issue. If you want to report an issue, please follows the bug report template.

Generally speaking, if you are using docker, ports setting are handled by docker, so you will need to config docker to forward the container :8080 to external port of preference. If you are running natively, make sure you are setting the port value correctly (e.g. using -port and not -tls_port and the correct syntax is -port=8080 instead of -port 8080.