Enabling SSL https support

[edewillians10]

Summary

I am not able to enable the https. I am trying to use csr and key certificates and after making the parameter https: true on the /conf/config.json and restarting the controle I am gettting this output error:

Steps to reproduce the problem

Add the key and csr certificates on /conf and enable the item https: true on the config.json

Your Setup

Cronicle version 0.8.62

Operating system and version?

Ubuntu 18-04

Node.js version?

v8.10.0

Cronicle software version?

Are you using a multi-server setup, or just a single server?

Just single server

Are you using the filesystem as back-end storage, or S3/Couchbase?

Filesystem

Can you reproduce the crash consistently?

Yes, everytime I enable the function https = true

Log Excerpts

[1637002200.049][2021-11-15 11:50:00][cronicle-server][19362][WebServer][debug][2][Starting HTTPS (SSL) server on port: 443][]
Error: error:0906D06C:PEM routines:PEM_read_bio:no start line
at Object.createSecureContext (_tls_common.js:88:17)
at Server (_tls_wrap.js:805:25)
at new Server (https.js:54:14)
at Object.createServer (https.js:76:10)
at WebServer.startHTTPS (/opt/cronicle/node_modules/pixl-server-web/lib/https.js:53:33)
at /opt/cronicle/node_modules/pixl-server-web/web_server.js:179:10
at Server. (/opt/cronicle/node_modules/pixl-server-web/lib/http.js:224:4)
at Object.onceWrapper (events.js:313:30)
at emitNone (events.js:106:13)
at Server.emit (events.js:208:7)

[jhuckaby]

First let me say, even if you do get the certificates working, Cronicle has several known issues with HTTPS. Many features don't work properly, like the live log system. There are actually a lot of issues with HTTPS that make it undesirable. Please see previous issues on this topic.

If you REALLY want to attempt this, then I recommend you follow the instructions in pixl-server-web and use Let's Encrypt and certbot. Instructions here: https://github.com/jhuckaby/pixl-server-web#lets-encrypt-ssl-certificates

It looks like you are specify the wrong files for https_cert_file, https_key_file and https_ca_file . The error message you are receiving means that Node.js cannot even parse your cert files. So either you have the wrong file format, or you mixed up the cert, key, and/or CA files. Either way, try using Let's Encrypt and certbot.

Good luck!

[sdesalas]

Better to setup Nginx over the top with free 🍺 SSL via LetsEncrypt and then use proxypass:

There is a good write-up here.

This approach works well with a single server, except you have to remember to add in the extra config for websockets via socket.io.

https://socket.io/docs/v3/reverse-proxy/#nginx

http {
  server {
    listen 80;
    listen 443 ssl default_server;
    server_name cronicle.example.com;

    location / {
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Host $host;

      proxy_pass http://localhost:3012;

      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
    }
  }
}

[efanibi25]

If anyones wondering

for socket.io

   location ~/socket.io {

        set $upstream_app  localhost
        set $upstream_port 3012;
        set $upstream_proto http;
    
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header Host $host;
    
    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
        }