root
/
greenlock-express.js
mirror of https://github.com/therootcompany/greenlock-express.js.git
2
1
Fork 0
Code Issues 43 Releases Wiki Activity

[doc] workaround for local dns hairpinning failure #10

New Issue
Closed
opened 2019-11-03 19:44:13 +00:00 by Ghost · 35 comments
Ghost commented 2019-11-03 19:44:13 +00:00
Copy Link

Building a socket.io (sorry not webpush) with express app.
I have a custom greenlock.json for altnames/sites.

function httpsWorker(glx) {
	server = glx.httpsServer();
	glx.serveApp(app);
};
var glx = require("greenlock-express").init(function getConfig() {
		return {
			package: { name: "XXX", version:"E" },
			maintainerEmail: "XXXX@hotmail.com",  // *real email in code
			cluster: false,
			configFile : "greenlock.json",
			debug:true
		};
}).serve(httpsWorker);

Everything works fine until a client try to connect :

get adress info ENOTFOUND domain.fr 80. * where domain.fr is my real domain.

Building a socket.io (sorry not webpush) with express app. I have a custom greenlock.json for altnames/sites. function httpsWorker(glx) { server = glx.httpsServer(); glx.serveApp(app); }; var glx = require("greenlock-express").init(function getConfig() { return { package: { name: "XXX", version:"E" }, maintainerEmail: "XXXX@hotmail.com", // *real email in code cluster: false, configFile : "greenlock.json", debug:true }; }).serve(httpsWorker); Everything works fine until a client try to connect : get adress info ENOTFOUND domain.fr 80. * where domain.fr is my real domain.
Ghost changed title from [doc] to [doc] client cannot connect 2019-11-03 19:47:38 +00:00
coolaj86 commented 2019-11-03 19:52:38 +00:00
Owner
Copy Link

That's a DNS resolution error.

Are you seeing that error on the server side, or on the client side?

Are you trying to run on localhost? (for that you need to use one of the DNS plugins with an API key or token from your DNS provider)

That's a DNS resolution error. Are you seeing that error on the server side, or on the client side? Are you trying to run on `localhost`? (for that you need to use one of the DNS plugins with an API key or token from your DNS provider)
Ghost closed this issue 2019-11-04 08:49:08 +00:00
Ghost reopened this issue 2019-11-04 08:49:19 +00:00
Ghost commented 2019-11-04 08:49:42 +00:00
Author
Copy Link

Thanks for having a look. You are doing an awesome work!!
This is a server side error.
I am not on localhost but in local network. (loopback in my Synology router).
Please note that it is running well with current certificates and old let's encrypt script.

Morevoer, I am looking deeply in your code to try to make it works.
I don't understand the logic of having a file to configures the domains for greenlock-express. I don't see anyother way to configure it (I would like to have it as gl.add like for main library 'greenlock')

Thanks for having a look. You are doing an awesome work!! This is a server side error. I am not on localhost but in local network. (loopback in my Synology router). Please note that it is running well with current certificates and old let's encrypt script. Morevoer, I am looking deeply in your code to try to make it works. I don't understand the logic of having a file to configures the domains for greenlock-express. I don't see anyother way to configure it (I would like to have it as gl.add like for main library 'greenlock')
2019-11-03_20-40-22.jpg
174 KiB
2019-11-03_20-40-22.jpg
coolaj86 commented 2019-11-04 17:08:50 +00:00
Owner
Copy Link

I would like to have it as gl.add like for main library greenlock'

That's the same as it was:

// See "JavaScript API" > "Greenlock#add" at
// https://git.rootprojects.org/root/greenlock.js

gl.add({ subject, altnames })

However, that's probably not what you want.
You probably want the CLI:

# (will be published to npm today)

npm install 'git+https://git.coolaj86.com/coolaj86/greenlock.js.git#next'

npx greenlock add --subject xxxx --altnames xxxx,xxxx

If you in fact do want the API from within Greenlock itself, I'd like to chat with you so that I can understand your use case and how to expose it.

I am not on localhost but in local network.

You have to have a public connection in order to do http-01 validations. You'll need to switch to dns-01 validation.

If you do have a public inbound connection... is the synology server local DNS misconfigured?

> I would like to have it as gl.add like for main library greenlock' That's the same as it was: ``` // See "JavaScript API" > "Greenlock#add" at // https://git.rootprojects.org/root/greenlock.js gl.add({ subject, altnames }) ``` However, that's probably not what you want. You probably want the CLI: ```bash # (will be published to npm today) npm install 'git+https://git.coolaj86.com/coolaj86/greenlock.js.git#next' ``` ```bash npx greenlock add --subject xxxx --altnames xxxx,xxxx ``` If you in fact do want the API from within Greenlock itself, I'd like to chat with you so that I can understand your use case and how to expose it. > I am not on localhost but in local network. You have to have a public connection in order to do http-01 validations. You'll need to switch to dns-01 validation. If you do have a public inbound connection... is the synology server local DNS misconfigured?
Ghost commented 2019-11-04 20:56:33 +00:00
Author
Copy Link

Right ok but not for greenlock expres object. Maybe I misunderstood how to use greenlock-express. Sould I build a greenlock object before gl-express?

With your previous code letsencrpyt the http-01 challenge was working well to renew certificate.

It looks like
my port is blocked (I made the tip to open root port)...
or...REDIRECT HTTPP->HTPPS is wrong maybe?

Thank you for your time.
It is to run my own progressive web app I use for home automation. a personnal project.
It is quite demanding to have its own app for home automation due to maintenance and libraries update/depencies : I need to update my node.js >11.2 to run your code.

If I lost my certificate, I cannot benefit from advanced services i.e. notifications.
Alexandre.

Right ok but not for greenlock expres object. Maybe I misunderstood how to use greenlock-express. Sould I build a greenlock object before gl-express? With your previous code letsencrpyt the http-01 challenge was working well to renew certificate. It looks like my port is blocked (I made the tip to open root port)... or...REDIRECT HTTPP->HTPPS is wrong maybe? Thank you for your time. It is to run my own progressive web app I use for home automation. a personnal project. It is quite demanding to have its own app for home automation due to maintenance and libraries update/depencies : I need to update my node.js >11.2 to run your code. If I lost my certificate, I cannot benefit from advanced services i.e. notifications. Alexandre.
2019-11-04_21-45-36.jpg
19 KiB
2019-11-04_21-46-41.jpg
38 KiB
2019-11-04_21-45-36.jpg 2019-11-04_21-46-41.jpg
coolaj86 commented 2019-11-04 21:37:40 +00:00
Owner
Copy Link

I need to update my node.js >11.2 to run your code.

It should be compatible with node v8+. I've been testing mostly on v10.

There a warnings about missing features in < 11.2, but it does not require an update.

With your previous code letsencrpyt the http-01 challenge was working well to renew certificate

Hmm... the challenge module is the same module.

greenlock.add()

Why not use the CLI? The .add() function is only intended for dynamic adding of domains via API. It is not intended for single domains.

I see the error in your code snippet, and I can give you the correction, but I want to understand: Why are you trying to do it this way?

Do you need the API for multiple, dynamic domains? or are you just adding a single domain?

ENOTFOUND

What happens when you do this, from your synology box?

dig YOUR_DOMAIN.fr

curl http://YOUR_DOMAIN.fr

Do dig and curl also give you an error?

> I need to update my node.js >11.2 to run your code. It should be compatible with node v8+. I've been testing mostly on v10. There a _warnings_ about missing features in < 11.2, but it does not _require_ an update. > With your previous code letsencrpyt the http-01 challenge was working well to renew certificate Hmm... the challenge module is the same module. > greenlock.add() Why not use the CLI? The `.add()` function is only intended for dynamic adding of domains via API. It is not intended for single domains. I see the error in your code snippet, and I can give you the correction, but I want to understand: Why are you trying to do it this way? Do you need the API for multiple, dynamic domains? or are you just adding a single domain? > `ENOTFOUND` What happens when you do this, from your synology box? ```bash dig YOUR_DOMAIN.fr ``` ```bash curl http://YOUR_DOMAIN.fr ``` Do `dig` and `curl` also give you an error?
coolaj86 commented 2019-11-04 21:39:31 +00:00
Owner
Copy Link

Can you get on chat?

I'm @coolaj86 on Keybase.

Can you get on chat? I'm @coolaj86 on Keybase.
coolaj86 changed title from [doc] client cannot connect to [doc] workaround for local dns failure 2019-11-05 11:06:37 +00:00
coolaj86 commented 2019-11-05 11:06:59 +00:00
Owner
Copy Link

I've updated the docs. Let me know what you think.

I've updated the docs. Let me know what you think.
Ghost commented 2019-11-05 16:19:13 +00:00
Author
Copy Link

Nice to talk to you by phone/screen sharing yesterday!
When doing the command
sudo vi /etc/resolv.conf (*sudo otherwise read-only)

I changed to google dns servers instead of my router local address 192.168.1.1
nameserver 8.8.8.8
nameserver 8.8.4.4

below image is the new error.
the port 80 is already used. I will double check if don't launch 'twice' the same command on my side and come back later...but I doubt.

Nice to talk to you by phone/screen sharing yesterday! When doing the command sudo vi /etc/resolv.conf (*sudo otherwise read-only) I changed to google dns servers instead of my router local address 192.168.1.1 nameserver 8.8.8.8 nameserver 8.8.4.4 below image is the new error. the port 80 is already used. I will double check if don't launch 'twice' the same command on my side and come back later...but I doubt.
2019-11-05_17-13-22.jpg
23 KiB
image.png
796 B
2019-11-05_17-13-22.jpg image.png
coolaj86 commented 2019-11-05 16:40:18 +00:00
Owner
Copy Link

EADDRINUSE sometimes happens when a process exits while still listening, but there's definitely something else using port 80.

Try one of these:

lsof -i TCP:80

or

netstat --tcp --listening --programs --numeric
`EADDRINUSE` sometimes happens when a process exits while still listening, but there's definitely something else using port 80. Try one of these: ```bash lsof -i TCP:80 ``` or ```bash netstat --tcp --listening --programs --numeric ```
Ghost commented 2019-11-05 21:39:14 +00:00
Author
Copy Link

After a reboot. A new error appears.
Fail to load greenlock-manager-fs.
I have tried unbuild / install without success.

After a reboot. A new error appears. Fail to load greenlock-manager-fs. I have tried unbuild / install without success.
image.png
7.9 KiB
2019-11-05_17-13-22.jpg
23 KiB
image.png 2019-11-05_17-13-22.jpg
Ghost commented 2019-11-05 21:45:15 +00:00
Author
Copy Link

Result of your command when my app is running with node6 and old letsencrypts.

Result of your command when my app is running with node6 and old letsencrypts.
2019-11-05_22-41-05.jpg
32 KiB
2019-11-05_22-41-05.jpg
coolaj86 commented 2019-11-05 21:53:26 +00:00
Owner
Copy Link

From the top

What node version? (should be v8+)

node --version
v11.14.0

Is there anything already listening on port 80?

sudo lsof -i TCP:80

COMMAND  PID USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
node    4277 root   21u  IPv4 5409381      0t0  TCP *:http (LISTEN)

sudo netstat --tcp --listening --programs --numeric

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      4277/node

Yes, there is. I have to kill it:

sudo killall node

Fresh, clean start in a new project directory:

mkdir -p my-project
pushd my-project
npm init -y
npm install --save greenlock-express@3

Initialize greenlock, fresh:

npx greenlock init
npx greenlock defaults --subscriber-email 'jon@example.com'
npx greenlock add --subject beta.example.org --altnames beta.example.org
npm start -- --staging

Get a certificate from the staging environment:

curl -k https://beta.rootprojects.org

Flawless

Check each one of those things and let me know what you get.

The unexpected token function sounds like node v6 encountering var x = async function () {};;

# From the top What node version? (should be v8+) ```bash node --version v11.14.0 ``` Is there anything already listening on port 80? ```bash sudo lsof -i TCP:80 ``` ``` COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME node 4277 root 21u IPv4 5409381 0t0 TCP *:http (LISTEN) ``` ```bash sudo netstat --tcp --listening --programs --numeric ``` ```bash Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 4277/node ``` Yes, there is. I have to kill it: ``` sudo killall node ``` Fresh, clean start in a new project directory: ```bash mkdir -p my-project pushd my-project npm init -y npm install --save greenlock-express@3 ``` Initialize greenlock, fresh: ```bash npx greenlock init npx greenlock defaults --subscriber-email 'jon@example.com' npx greenlock add --subject beta.example.org --altnames beta.example.org npm start -- --staging ``` Get a certificate from the staging environment: ```bash curl -k https://beta.rootprojects.org ``` # Flawless Check each one of those things and let me know what you get. The `unexpected token function` sounds like node v6 encountering `var x = async function () {};`;
coolaj86 commented 2019-11-05 22:02:33 +00:00
Owner
Copy Link

You absolutely have another process listening on ports 80 and 443. The results of your netstat show that without question.

However, the output is truncated. You probably need to run it with sudo to see the process name.

You absolutely have another process listening on ports 80 and 443. The results of your netstat show that without question. However, the output is truncated. You probably need to run it with `sudo` to see the process name.
Ghost commented 2019-11-06 20:58:58 +00:00
Author
Copy Link

I think I made some progress. but the /etc/resolv.conf came back to its previous. It is written on the top of the file "generated by resolvconf".
On my rasp PI 2, this file is managed by /etc/dhcpcd.conf. So I should modify this file instead. I wil lcome back.

I think I made some progress. but the /etc/resolv.conf came back to its previous. It is written on the top of the file "generated by resolvconf". On my rasp PI 2, this file is managed by /etc/dhcpcd.conf. So I should modify this file instead. I wil lcome back.
image.png
1.2 KiB
image.png
Ghost commented 2019-11-07 20:05:39 +00:00
Author
Copy Link

I am back with a nodeJs 8.16.0.

  • I have difficulties to take control of /etc/resolv.conf that is changed by a network manager. I need to investigate.
  • new error appears : socket hang up. (si below)
I am back with a nodeJs 8.16.0. - I have difficulties to take control of /etc/resolv.conf that is changed by a network manager. I need to investigate. - new error appears : socket hang up. (si below)
image.png
1.2 KiB
2019-11-07_21-02-16.jpg
43 KiB
2019-11-07_17-07-16.jpg
36 KiB
image.png 2019-11-07_21-02-16.jpg 2019-11-07_17-07-16.jpg
Ghost commented 2019-11-07 21:12:43 +00:00
Author
Copy Link

npx greenlock init
npx greenlock defaults --subscriber-email 'jon@example.com'
npx greenlock add --subject beta.example.org --altnames beta.example.org
npm start -- --staging

I failed at 'npm start --staging'.
Where to add the maintainerEmail?

npx greenlock init npx greenlock defaults --subscriber-email 'jon@example.com' npx greenlock add --subject beta.example.org --altnames beta.example.org npm start -- --staging I failed at 'npm start --staging'. Where to add the maintainerEmail?
2019-11-07_22-11-45.jpg
95 KiB
2019-11-07_22-11-45.jpg
coolaj86 commented 2019-11-07 21:43:24 +00:00
Owner
Copy Link

Where to add the maintainerEmail?

In the author field of package.json, or in server.js (in init).

> Where to add the maintainerEmail? In the `author` field of `package.json`, or in `server.js` (in `init`).
Ghost commented 2019-11-08 08:09:24 +00:00
Author
Copy Link
  • I found a way to keep control of dns resolv manager
  • I have found the origin of port 80 already occupied
  • I have updated greenlock-express (latest) and got a new error see image below. Looks like I absoltly need to move to node.js 11 minimum
- I found a way to keep control of dns resolv manager - I have found the origin of port 80 already occupied - I have updated greenlock-express (latest) and got a new error see image below. Looks like I absoltly need to move to node.js 11 minimum
2019-11-07_22-19-39.jpg
42 KiB
2019-11-07_22-19-39.jpg
coolaj86 commented 2019-11-09 19:46:34 +00:00
Owner
Copy Link

If you set accountKeyType: "RSA-2048", it should get past that error. However... you'll be much better off with v10+.

I could put in a backport for ECDSA support on node v8. I think it's been there since v0.x, but it was exposed in a weird way until v10.x

If you set `accountKeyType: "RSA-2048"`, it should get past that error. However... you'll be much better off with v10+. I could put in a backport for ECDSA support on node v8. I think it's been there since v0.x, but it was exposed in a weird way until v10.x
Ghost commented 2019-11-09 20:26:01 +00:00
Author
Copy Link

Hi.
I am back with nodejs v11.14.0. That was quite a bit of challenge to migrate serialport, openzwave and socket.io.
I just tested the app.
I have a nice message like everything is ok (see image below) but from chrome client nothing happens.

Please note that before (with old lex code) I created the server like that :

     var server = require('https').createServer(lex.httpsOptions, lex.middleware(app))

Now it is

            var httpsWorker = function (glx) {
	server = glx.httpsServer();
	glx.serveApp(app); };
Hi. I am back with nodejs v11.14.0. That was quite a bit of challenge to migrate serialport, openzwave and socket.io. I just tested the app. I have a nice message like everything is ok (see image below) but from chrome client nothing happens. Please note that before (with old lex code) I created the server like that : var server = require('https').createServer(lex.httpsOptions, lex.middleware(app)) Now it is var httpsWorker = function (glx) { server = glx.httpsServer(); glx.serveApp(app); };
Ghost commented 2019-11-09 20:29:03 +00:00
Author
Copy Link

Error after some times...socket hang up

Error after some times...socket hang up
2019-11-09_21-28-12.jpg
44 KiB
2019-11-09_21-28-12.jpg
coolaj86 commented 2019-11-09 20:41:51 +00:00
Owner
Copy Link

You've clipped it down only to the exact error message, so I can't tell what else is going on.

Did you add your domain to your config file?

You've clipped it down only to the exact error message, so I can't tell what else is going on. Did you add your domain to your config file?
Ghost commented 2019-11-10 10:59:25 +00:00
Author
Copy Link

The full error message.
It is repeated itself several time.

The full error message. It is repeated itself several time.
2019-11-10_11-58-30.jpg
114 KiB
2019-11-10_11-58-30.jpg
Ghost commented 2019-11-10 13:10:53 +00:00
Author
Copy Link

I have tried from a new project/directory as you explained the steps to make it work. but same results, nothing happens at client side.

I have tried from a new project/directory as you explained the steps to make it work. but same results, nothing happens at client side.
2019-11-10_14-09-36.jpg
45 KiB
2019-11-10_14-09-36.jpg
Ghost commented 2019-11-10 14:23:59 +00:00
Author
Copy Link

for test project with npx greenlock init, everything looks good in greenlock.json.
I have tried again today. No progress. SOCKET HANG UP. I have open TCP 80 and 443 ports everywhere in my network.

for test project with npx greenlock init, everything looks good in greenlock.json. I have tried again today. No progress. SOCKET HANG UP. I have open TCP 80 and 443 ports everywhere in my network.
d.jpg
40 KiB
d.jpg
Ghost commented 2019-11-11 21:54:35 +00:00
Author
Copy Link

Short questions concerning this local issuing of domains:

Does this mean I can also have a local offline https generation so that I can use the same server setup for testing, development and online (apart from the store or method being different?)

Or do I need to setup some server stuff and this is rather for container communication or something?

Thank you for clarifying.

Short questions concerning this local issuing of domains: Does this mean I can also have a local offline https generation so that I can use the same server setup for testing, development and online (apart from the store or method being different?) Or do I need to setup some server stuff and this is rather for container communication or something? Thank you for clarifying.
coolaj86 commented 2019-11-12 00:44:25 +00:00
Owner
Copy Link

This is really a different question that you're asking, not related to this thread, but I can see how you might have mistaken it (local dns).

local offline https generation

Yes, but you need to use a DNS challenge. See the README.

this is rather for container communication or something

This thread is in regards to a DNS resolution failure. It's a highly technical and unusual setup in which the DNS server isn't a commonplace router you'd have in a normal home or office, but rather a full-blown dedicated DNS server, and one which happens to not handle "hairpinning" correctly (ideally it would resolve internal requests in an optimized way, but still respond to the same queries as if they were for external domains).

This is really a different question that you're asking, not related to this thread, but I can see how you might have mistaken it (local dns). > local offline https generation Yes, but you need to use a DNS challenge. See the README. > this is rather for container communication or something This thread is in regards to a DNS resolution failure. It's a highly technical and unusual setup in which the DNS server isn't a commonplace router you'd have in a normal home or office, but rather a full-blown dedicated DNS server, and one which happens to not handle "hairpinning" correctly (ideally it would resolve internal requests in an optimized way, but still respond to the same queries as if they were for external domains).
coolaj86 changed title from [doc] workaround for local dns failure to [doc] workaround for local dns hairpinning failure 2019-11-12 00:44:49 +00:00
Ghost commented 2019-11-12 19:35:01 +00:00
Author
Copy Link

I was not aware to have a special setup. I just want to make my raspberry accessible from internal as well as external network. I use the DNS server app of my synology router to make a hairpinning/loopback (see config below). It works fine with my current code version

I was not aware to have a special setup. I just want to make my raspberry accessible from internal as well as external network. I use the DNS server app of my synology router to make a hairpinning/loopback (see config below). It works fine with my current code version
coolaj86 commented 2019-11-12 20:02:53 +00:00
Owner
Copy Link

I don't see any config attached here.

The version that you had didn't do a self-test, hence the misconfigured hairpinning didn't cause a problem. I'll have a way to turn off the self-test as well.

Yeah, advanced DNS like what you have with the Synology is tricky beast. You won't have these kind of issues with your typical consumer router.

P.S. I'm not at NAT guru, so I really won't be able to help you with the DNS issues other than to say use an external resolver.

I once spent several hours with a networking expert trying to get hairpinning working one of these advanced routers and had no success.

I don't see any config attached here. The version that you had didn't do a self-test, hence the misconfigured hairpinning didn't cause a problem. I'll have a way to turn off the self-test as well. Yeah, advanced DNS like what you have with the Synology is tricky beast. You won't have these kind of issues with your typical consumer router. <small> P.S. I'm not at NAT guru, so I really won't be able to help you with the DNS issues other than to say use an external resolver. I once spent several hours with a networking expert trying to get hairpinning working one of these advanced routers and had no success. </small>
Ghost commented 2019-11-12 20:23:14 +00:00
Author
Copy Link

Config attached.
My internet consumer router does not have the loopback option. This is why I use this tricky beast. Do you known a better way to have domain address pointing to local raspberry when client inside local network?

okay forget my previous question. How to remove local test? I can do a quick test before you release a code.

Config attached. My internet consumer router does not have the loopback option. This is why I use this tricky beast. Do you known a better way to have domain address pointing to local raspberry when client inside local network? okay forget my previous question. How to remove local test? I can do a quick test before you release a code.
2019-11-12_20-02-56.jpg
56 KiB
2019-11-12_20-02-56.jpg
coolaj86 commented 2019-11-12 21:27:04 +00:00
Owner
Copy Link

Given my experience and my lack of proper understanding of NAT I would have the DNS server configured to give a different address to an internal request than an external request and skip the NAT issue altogether.

However, you'd perhaps still have to configure a firewall to do mangling of DNS requests, or you'd perhaps have to have to DNS servers.

Hmm...

I think this is what I'd do:

  1. Set up Static DHCP, so that the Pi always gets the same address
  2. Use external DNS for the domain (i.e. name.com)
  3. Use a local DNS for caching (i.e. dnsmasque)
  4. Edit the local DNS to always point to the static DNS for internal requests
Given my experience and my lack of proper understanding of NAT I would have the DNS server configured to give a different address to an internal request than an external request and skip the NAT issue altogether. However, you'd perhaps still have to configure a firewall to do mangling of DNS requests, or you'd perhaps have to have to DNS servers. Hmm... I think this is what I'd do: 1. Set up _Static_ DHCP, so that the Pi always gets the same address 2. Use external DNS for the domain (i.e. name.com) 3. Use a local DNS for caching (i.e. dnsmasque) 4. Edit the local DNS to always point to the static DNS for internal requests
coolaj86 commented 2019-11-12 21:28:18 +00:00
Owner
Copy Link

The big question is WHY can't your raspberry pi access local DNS?

You CAN'T do curl http://yourdomain.tld from the Pi, we tested that.

Can you even do any DNS at all from the Pi? Can you do curl https://google.com?

The big question is WHY can't your raspberry pi access local DNS? You CAN'T do `curl http://yourdomain.tld` from the Pi, we tested that. Can you even do _any_ DNS at all from the Pi? Can you do `curl https://google.com`?
Ghost commented 2019-11-12 21:40:00 +00:00
Author
Copy Link

With my current settings, app is on. Everything looks good. (see image) : http: redirecting ok, https: forwarded to login page.

With my current settings, app is on. Everything looks good. (see image) : http: redirecting ok, https: forwarded to login page.
2019-11-12_22-35-39.jpg
34 KiB
2019-11-12_22-35-39.jpg
Ghost commented 2019-11-13 21:27:49 +00:00
Author
Copy Link

Today, the test project says "Hello encrypted wrold". Without changing the resolv.conf file!
I tried to replicate the test envrionement in my project folder.
Unfortunatly, "npx greenlock add" in cli return "greenlock command not found".
I have tried uninstall/unbuild greenlock /-express / root. and reinstall clean but no progress so far.

... Good news. It works fine...until I try to run the program on start (with a bash in reboot file). The greenlock.json is generated in root of raspberry with high privilege, and npx greelock add command ask again.

Today, the test project says "Hello encrypted wrold". Without changing the resolv.conf file! I tried to replicate the test envrionement in my project folder. Unfortunatly, "npx greenlock add" in cli return "greenlock command not found". I have tried uninstall/unbuild greenlock /-express / root. and reinstall clean but no progress so far. ... Good news. It works fine...until I try to run the program on start (with a bash in reboot file). The greenlock.json is generated in root of raspberry with high privilege, and npx greelock add command ask again.
Ghost commented 2019-11-15 10:44:41 +00:00
Author
Copy Link

Last comment for this issue. It is now solved and in "production".
Lessons learned :

  • thanks to this issue my app is now upgraded from node6 to node11.
  • my production directory was show corrupted. not possible to execute in cli the command "glx greenlock init/add". So I had to create a new production directory and reinstall everything. my app is now just fresh and clean!
  • the cli command to create certificate are the things that works for me.
  • the code needs to be executed from the folder : forever /path/to/the/project.js will not make it work. You must make a cd "/path/to/the/" & forever project.js" to make it works in a bash file.
  • I don't need to change my resolv.conf file neither my loopback/hairpinning network settings.

=> Awesome work @Root !

Last comment for this issue. It is now solved and in "production". Lessons learned : * thanks to this issue my app is now upgraded from node6 to node11. * my production directory was show corrupted. not possible to execute in cli the command "glx greenlock init/add". So I had to create a new production directory and reinstall everything. my app is now just fresh and clean! * the cli command to create certificate are the things that works for me. * the code needs to be executed from the folder : forever /path/to/the/project.js will not make it work. You must make a cd "/path/to/the/" & forever project.js" to make it works in a bash file. * I don't need to change my resolv.conf file neither my loopback/hairpinning network settings. => Awesome work @Root !
Ghost closed this issue 2019-11-15 10:44:41 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
master
github
next
v4
npm
v3
v2
beta
v2.0
greenlock
express
v1.x
v4.0.4
v4.0.3
v4.0.1
v3.1.0
v3.0.12
v3.0.11
v3.0.10
v3.0.9
v3.0.8
v3.0.7
v3.0.6
v3.0.5
v3.0.4
v3.0.3
v3.0.2
v3.0.1
v3.0.0
v2.7.18
v2.7.17
v2.7.16
v2.7.15
v2.7.12
v2.7.11
v2.7.10
v2.7.9
v2.7.8
v2.7.6
v2.7.3
v2.7.2
v2.7.1
v2.7.0
v2.6.9
v2.6.8
v2.6.7
v2.6.6
v2.6.5
v2.6.4
v2.6.3
v2.6.2
v2.6.1
v2.6.0
v2.5.0
v2.4.10
v2.4.9
v2.4.8
v2.4.7
v2.4.6
v2.4.5
v2.4.4
v2.4.3
v2.4.2
v2.4.1
v2.4.0
v2.3.4
v2.3.2
v1.3.1
v2.1.6
v2.1.5
v2.1.4
v2.1.3
v2.1.2
v2.1.1
v2.0.12
v2.0.11
v2.0.10
v2.0.9
v2.0.8
v2.0.7
v2.0.6
v2.0.5
v2.0.4
v2.0.3
v2.0.2
v2.0.1
v2.0.0
v1.2.0
v1.1.5
v1.1.4
v1.1.3
v1.1.2
v1.1.1
v1.1.0
v1.0.8
v1.0.7
v1.0.6
v1.0.5
v1.0.4
v1.0.3
v1.0.2
v1.0.1
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: root/greenlock-express.js#10
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?