Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Request for Spark! Tech Resources for MMF #3

Closed
zwang3583 opened this issue Apr 8, 2022 · 20 comments
Closed

Request for Spark! Tech Resources for MMF #3

zwang3583 opened this issue Apr 8, 2022 · 20 comments
Assignees
@IanSaucy

Comments

@zwang3583
Copy link
Contributor

  • Names + emails of all team members who need access:
    Zhenghui Wang (zwan1312@bu.edu)
    Conor Walsh (cewalsh@bu.edu)
    Phil Ledoit (pledoit@bu.edu)

  • Detailed list of resources needed
    Domain name

  • A complete description on how you plan to use the resources
    We need a registered domain name in order to enable traffic over HTTPS. Our app is currently running into this error:

Uncaught TypeError: Cannot read properties of undefined (reading 'generateKey')
    at Object.generateKeyPair (pki.js:95:40)
    at Object.generateSession (analystController.js:142:16)
    at HTMLButtonElement.<anonymous> (sessionView.js:23:40)
    at HTMLButtonElement.dispatch (jquery.js:3:10316)
    at HTMLButtonElement.q.handle (jquery.js:3:8343)

The root cause is described here: libp2p/js-libp2p-crypto#105

In order to set up HTTPS on GCP, we need a domain name as dictated here
image

  • List any relevant course deadlines
    Deployment: 4/9 (The app is deployed, but it doesn't work because the encryption library used does not allow HTTP traffic)
@IanSaucy
Copy link
Member

IanSaucy commented Apr 8, 2022
edited
Loading

I can create you a domain name under buspark.io but I'll need a resource to point it at. I've not used the Google Cert service before. Typically I used Lets Encrypt in which case, I'd just need the IP of the the machine, server, container etc that should be the destination. Maybe the Google one works in a similar way?

Unrelated but related, make sure you document the process for future teams, it's part of your grade (:

@zwang3583
Copy link
Contributor Author

Our external server IP is 34.135.53.102. Thanks in advance!

@IanSaucy
Copy link
Member

IanSaucy commented Apr 8, 2022

I added an A record for that IP under the following url mmf.buspark.io it might take a few minutes for it to propagate globally.

@zwang3583
Copy link
Contributor Author

zwang3583 commented Apr 8, 2022
edited
Loading

Is it possible to update the DNS nameservers to include one of the following?

ns-cloud-b1.googledomains.com.
ns-cloud-b2.googledomains.com.
ns-cloud-b3.googledomains.com.
ns-cloud-b4.googledomains.com.

@zwang3583
Copy link
Contributor Author

Perhaps related, should the A record point to our load balancer or our VM? We have a load balancer that is set up to convert all traffic into SSL and subsequently HTTPS, which then redirects to our VM.

Our load balancer IP is 34.110.151.180, and it is directing traffic to 34.135.53.102 (our VM).

@IanSaucy
Copy link
Member

IanSaucy commented Apr 9, 2022

The A record should point to whatever is the outermost "layer" of your setup. This would normally be your load balancer since you want traffic to hit your load balancer which then forwards it along.

That being said, I can either set the A record or the NS record. I can't do both since they're conflicting. So let me know which one you want.

@zwang3583
Copy link
Contributor Author

I think it should point to our load balancer. Were you able to add GCP’s DNS name server? Thanks so much!

@IanSaucy
Copy link
Member

IanSaucy commented Apr 9, 2022

I can't add both the nameserver(NS) and A record. You can have one or the other. Setting the nameserver says that, that sub-domain is now controlled by someone else who will manage other DNS records, such as A, CNAME records etc. So I need to know which one of either A or NS record you'd like set.

@zwang3583
Copy link
Contributor Author

Apologies, I misunderstood the original comment. Please set the NS record.

@IanSaucy
Copy link
Member

IanSaucy commented Apr 9, 2022

No worries, I added the first two as NS records! Feel free to close this issue once you are confident you got it at all working!

@zwang3583
Copy link
Contributor Author

Hey Ian,

I talked with Professor Langdon and it sounds like our current approach wouldn't work for the JS library since the load balancer will have to decrypt before communicating with our app.

How would we go about with Let's Encrypt? We are using Nginx. From the tutorial I've seen the Nginx configs are automatically modified once a TLS/SSL cert is obtained. Since it looks like buspark.io already has a certificate, can you assist us in configuring the settings?

@IanSaucy
Copy link
Member

I would just follow this tutorial or one of the many other ones available. We don't currently have any SSL certificates that I'm aware of right now. That being said, you can just get one specific to your sub-domain vs a wildcard for the TLD.

If you need me to update the DNS to point back to a VM vs the NS let me know.

https://www.nginx.com/blog/using-free-ssltls-certificates-from-lets-encrypt-with-nginx/

@zwang3583
Copy link
Contributor Author

zwang3583 commented Apr 12, 2022
edited
Loading

We are running into this error:

root@mmf:/# certbot --nginx -d mmf.buspark.io -d www.mmf.buspark.io
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for mmf.buspark.io
http-01 challenge for www.mmf.buspark.io
Using default address 80 for authentication.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. mmf.buspark.io (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mmf.buspark.io/.well-known/acme-challenge/6hVL_j5k59x9U-47TwxPFKCFMdkaH
9j0aKTlbmhYeSI [34.110.151.180]: 404
IMPORTANT NOTES:

If you can, please update the DNS record to point back to the VM (34.135.53.102)! I hope this solves this issue :(

@IanSaucy
Copy link
Member

Okay, I updated the DNS to point at the VM. We're using cloudflare so I had it just bypass and not proxy the traffic. Once you have things working let me know and i'll enable the cloudflare filtering so you get some DDOS protection etc.

I think this should also make the above command work as well.

@zwang3583
Copy link
Contributor Author

It's working now! Please enable the cloudflare filtering when you can. Thanks for your prompt response @IanSaucy!

@IanSaucy
Copy link
Member

I enabled Cloudflare, let me know if it broke things1

@zwang3583
Copy link
Contributor Author

Hey @IanSaucy , it looks like the website is no longer accessible with the following error:
image

I tried in incognito and on other platforms and confirmed that none of the options are working.

@zwang3583 zwang3583 reopened this Apr 13, 2022
@IanSaucy
Copy link
Member

I disabled it again

@IanSaucy
Copy link
Member

@zwang3583 Do you still need this open?

@zwang3583
Copy link
Contributor Author

All done! Thanks :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@IanSaucy IanSaucy

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zwang3583 @IanSaucy