SSL LetsEncrypt Help

[adoreparler]

Trilium Version

latest docker image

What operating system are you using?

Other Linux

What is your setup?

Server access only

Operating System Version

Debian 12

Description

I am having issues with SSL I turn it on and define the key/cert path /etc/letsencrypt/[mydomainhere]/cert.pem & similar for privkey.pem

I am using docker docker run .... -v {normal path for config} -v /etc/letsencrypt/[mydomainhere]:/etc/letsencrypt/[mydomainhere] .. rest of command

When I set ssl to true in the config and restart docker container I get a no such directory error for /etc/letsencrypt/[mydomainhere]/cert.pem

I can start a shell in the container and ls the directory just fine

Error logs

No response

[sottey]

It is interesting that you posted this. I am in exactly the same situation. I have also tried putting symbolic links into the trilium-data folder. This does not work either.

I am never sure if it is a bug or me not knowing what I am doing :-)

[adoreparler]

Lol I tried the symbolic links too...

[jwhonce]

maybe -v /etc/letsencrypt/[mydomainhere]:/home/node/trilium-data/certs ?

[adoreparler]

I ended up just setting the SSL cert at NGINX Reverse Proxy instead of at the application it self. The proxy and the Trilium server are on the same box so encryption can end at the proxy.

[ianrego]

@adoreparler how did you do this exactly, would you be able to share? I'm having a problem figuring out the certpath and keypath for the config.ini, I don't even know if this is proxy configuration or not, but I'm hoping your configuration will help me.

[meichthys]

@ianrego with a reverse proxy you don't need a certificate on trilium itself. You would leave trilium without SSL and the reverse proxy would handle this for you. A good reverse proxy visualization is:

The client will see a valid ssl certificate since the reverse proxy , well 'proxies' the traffic and secures the traffic on the way out.

[meichthys]

I would highly recommend nginxproxymanager. It's very easy to setup reverse proxy hosts and to auto-request ssl certificates. In the end you'd be able to connect to trilium with a url like https://trilium.yourdomain.com even though trilium in your local network is running at 192.168.###.###:8080 (and you can still access it at the local address, but why would you when you can use a nice https fancy url :)

[rauenzi]

Alternatively if using docker I can also suggest traefik, I use it myself and have a handy guide here: https://trilium.rocks/TnJosFkIKTvr#reverse-proxy--traefik-

[ianrego]

I have figured out the proxy configuration and it is working now. Thanks everyone!

On Thu, Nov 30, 2023, 5:35 PM Zerebos @.***> wrote:

Alternatively if using docker I can also suggest traefik https://traefik.io/, I use it myself and have a handy guide here: https://trilium.rocks/TnJosFkIKTvr#reverse-proxy--traefik-

— Reply to this email directly, view it on GitHub https://github.com/zadam/trilium/issues/4270#issuecomment-1834668334, or unsubscribe https://github.com/notifications/unsubscribe-auth/ATZUNIC4P2IUPKSOO55DAGTYHEC25AVCNFSM6AAAAAA46ITTDSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMZUGY3DQMZTGQ . You are receiving this because you were mentioned.Message ID: @.***>