search

umputun / reproxy

Simple edge server / reverse proxy
http://reproxy.io
MIT License
1.23k stars 92 forks source link

Issues with auto-SSL #163

Closed bazzilic closed 1 year ago

bazzilic commented 1 year ago

I'm a little lost with this error, and I exhausted Google results pages looking for an answer, but still don't quite understand what is going on.

I'm launching reproxy like this (**** stands for the domain name):

docker run -it --rm  -v /var/run/docker.sock:/var/run/docker.sock:ro -p 443:443 umputun/reproxy:latest --gzip --ssl.type=auto --ssl.fqdn=**** --ssl.http-port=80 --timeout.tls=30s --listen=0.0.0.0:443 --docker.enabled --docker.auto

and whenever I try to make a connection via HTTPS, I get the following problem with unsupported protocol acme-tls/1, which leads to a failing challenge.

reproxy v1.0.0-2b92c11-20230528T18:41:09
2023/09/20 12:25:52.696 [INFO]  auto-api enabled for docker
2023/09/20 12:25:52.699 [INFO]  activate https server in 'auto' mode on 0.0.0.0:443
2023/09/20 12:25:52.700 [INFO]  activate http challenge server on port 0.0.0.0:80
2023/09/20 12:25:52.705 [INFO]  changes in running containers detected: refreshing routes
2023/09/20 12:25:53.708 [INFO]  proxy  docker: * ^/loving_franklin/(.*) -> http://172.17.0.3:443/$1
2023/09/20 12:25:53.708 [INFO]  proxy  docker: * ^/api/(.*) -> http://172.17.0.2:8000/$1
2023/09/20 12:26:02.705 [INFO]  changes in running containers detected: refreshing routes
2023/09/20 12:26:03.075 [WARN]  http: TLS handshake error from 54.149.148.224:56970: tls: client requested unsupported application protocols ([acme-tls/1])
2023/09/20 12:26:03.139 [WARN]  http: TLS handshake error from 3.137.141.185:10180: tls: client requested unsupported application protocols ([acme-tls/1])
2023/09/20 12:26:03.184 [WARN]  http: TLS handshake error from 23.178.112.104:50789: tls: client requested unsupported application protocols ([acme-tls/1])
2023/09/20 12:26:03.708 [INFO]  proxy  docker: * ^/loving_franklin/(.*) -> http://172.17.0.3:443/$1
2023/09/20 12:26:03.709 [INFO]  proxy  docker: * ^/api/(.*) -> http://172.17.0.2:8000/$1
2023/09/20 12:26:16.097 [WARN]  http: TLS handshake error from 121.6.121.133:61655: acme/autocert: unable to satisfy "https://acme-v02.api.letsencrypt.org/acme/authz-v3/266244976976" for domain "****": no viable challenge type found

Any ideas what I'm doing wrong? This same exact launch script worked fine several weeks ago, but today when I tried to restart reproxy, it started failing.

umputun commented 1 year ago

From the first sight, I'd say you forgot to add port mapping for 80, i.e. in your case, it would be -p 80:80

As a side note: you don't really need to pass --ssl.http-port=80 and --listen=0.0.0.0:443 unless you have a specific reason to do it. By default, it listens on :8080 and :8443 inside the container, and all you need to have is -p 80:8080 -p 443:8443

bazzilic commented 1 year ago

I'd say you forgot to add port mapping for 80, i.e. in your case, it would be -p 80:80

That did solve the problem, thank you! The big mystery now is how did it work the first time around :)

Ah, and thank you for the tip about the ports, makes sense!