search

zodern / meteor-up

Production Quality Meteor Deployment to Anywhere
http://meteor-up.com/
MIT License
1.27k stars 281 forks source link

SSL is not configured #1218

Open juliensl opened 3 years ago

juliensl commented 3 years ago

Hi everyone,

Mup version (mup --version): 1.5.3

Mup config

{
  "servers": {
    "one": {
      "host": "1.2.3.4",
      "username": "lfg",
      "password": "password"
    }
  },
  "app": {
    "name": "my-app",
    "path": "../",
    "servers": {
      "one": {}
    },
    "buildOptions": {
      "serverOnly": true
    },
    "env": {
      "ROOT_URL": "https://subdomain.host.com",
      "MONGO_URL": "mongodb+srv://user:pass@subdomain.subdomain.host.com/production?retryWrites=true&w=majority",
      "APOLLO_KEY": "service:API_KEY",
      "APOLLO_GRAPH_VARIANT": "current",
      "APOLLO_SCHEMA_REPORTING": "true",
      "VIRTUAL_HOST": "subdomain.host.com,subdomain2.host.com",
      "HTTPS_METHOD": "redirect",
      "LETSENCRYPT_HOST": "subdomain.host.com,subdomain2.host.com",
      "LETSENCRYPT_EMAIL": "email@domain.com",
      "VIRTUAL_PORT": 3000,
      "HTTP_FORWARDED_COUNT": 1
    },
    "docker": {
      "image": "abernix/meteord:node-12-base",
      "buildInstructions": [
        "RUN apt update && apt install -y graphicsmagick"
      ],
      "stopAppDuringPrepareBundle": true,
      "imagePort": 3000
    },
    "enableUploadProgressBar": true,
    "type": "meteor"
  },
  "proxy": {
    "domains": "subdomain.host.com,subdomain2.host.com",
    "clientUploadLimit": "100M",
    "ssl": {
      "letsEncryptEmail": "email@domain.com",
      "forceSSL": true
    }
  }
}

The deploy works well, but after, when I redirect the DNS to my ip adress server, I do not have any SSL for my subdomain2.host.com http://subdomain2.host.com works but https://subdomain2.host.com has a 500 Internal Server Error

I do not know how to troubleshoot the problem. Does anybody has this problem too ? Or has a method to debug it ?

Thank you for your work :D

AlekseyMalyshev commented 3 years ago

mup requests a new SSL certificate every deployment. If you make more than ten deployments a week, Let's Encrypt refuses to issue a certificate. You can check how many certificates you requested for your domain here.

Until this problem is fixed, you need to manually obtain a certificate and renew it regularly. You can use certbot for this:

certbot certonly --standalone --preferred-challenges http -d your.domain

Here is how to specify certificates manually in mup.js:

proxy: {
    domains: 'your.domain',

    ssl: {
      crt: 'your.domain/fullchain.pem',
      key: 'your.domain/privkey.pem',
      forceSSL: true
    }
  }