extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-21 23:43:17 +01:00
Code Issues Packages Projects Releases Wiki Activity

Document problem with self-signed certificates

Ralf Becker 2021-05-26 10:44:03 +02:00
parent ed88e043a6
commit 58cefd4bb9
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Update-recommendations-and-troubleshooting.md

@ -146,7 +146,7 @@ It allows the EGroupware server-side to push updates to every user online.
One way to test it's working is to login with the same account into EGroupware from two different computers, browsers or using an anonymous tab. Go to InfoLog on both and add a new InfoLog on one. It should **instantly** appear on the other one too.
> Not all apps implement push (with 20.1 release it's Calendar, InfoLog and Timesheet) or need [special configuration like Mail app on the used IMAP server](https://github.com/EGroupware/egroupware/wiki/IMAP-Push-Notifications).
> Not all apps implement push (with 20.1 release it's Calendar, InfoLog and Timesheet, with 21.1 Tracker and Addressbook too) or need [special configuration like Mail app on the used IMAP server](https://github.com/EGroupware/egroupware/wiki/IMAP-Push-Notifications).
If it does not, open developer tools in your browser, go to the networking tab, reload (F5), search for ```push``` and click on Messages:
[[https://raw.githubusercontent.com/wiki/EGroupware/egroupware/pics/dev-tools-push.png]]
@ -167,11 +167,14 @@ Www-Authenticate: Basic realm="EGroupware Push Server"
Missing Bearer Token!
```
3. if you get ```404 Not Found``` you have not the latest webserver configuration (/etc/egrouwpare-docker/nginx.conf or apache2.conf), eg. because you made some changes and the package update did not overwrite them. In that case look for a .dpkg-dist or .rpmnew file with the same name, add your changes to that file and rename it to just nginx.conf or apache2.conf. Then you need to reload your webserver with ```nginx -s reload``` or ```systemctl restart apache2``` (or httpd on RHEL/CentOS).
4. if you get the above output, but the not the connection in the browser (green array with ```{"subscribe":...```
4. if curl complains about the certificate, you either need to use an officially accepted one (eg. Let's Encrypt) or you need to make the CA used to sign the certificate available to the containers, which need to talk to each other (EGroupware, Collabora, Rocket.Chat, Guacamole, ...). The later is a lot of work and not recommended, since Let's Encrypt is available. There are [commented out commands](https://github.com/EGroupware/build.opensuse.org/blob/master/server:eGroupWare/egroupware-docker-21.1/egroupware-docker/docker-compose.override.yml#L48-L50) in each docker-compose.override.yml to make the CA known to the containers.
5. if you get the above output, but the not the connection in the browser (green array with ```{"subscribe":...```
* if you use Apache make sure /etc/egroupware-docker/apache2.conf is included in the used ssl VirtualHost, including it outside the vHost does NOT work for websockets in Apache!
* if you use eg. your firewall to terminate https or an other proxy, you have to enable websocket support!
5. if you see the green array, but no red one(s) when you eg. add an InfoLog, run the above curl command inside the ```egroupware``` container to see if you get the same output as above: ```docker exec -it egroupware curl -i https://example.org/egroupware/push```
6. if you see the green array, but no red one(s) when you eg. add an InfoLog, run the above curl command inside the ```egroupware``` container to see if you get the same output as above: ```docker exec -it egroupware curl -i https://example.org/egroupware/push```
* ```curl: (6) Could not resolve host: example.org``` or ```curl: (7) Failed to connect to example.org port 443: Connection refused``` either your (externally) used host-name could not be resolved in the container or your firewall does not allow access from the inside to your external address. Use an [extra_hosts entry in your /etc/egroupware/docker-compose.override](https://github.com/EGroupware/build.opensuse.org/blob/master/server:eGroupWare/egroupware-docker-20.1/egroupware-docker/docker-compose.override.yml#L70) with your docker0 address to which your webserver on the host is also listening:
```
service:
@ -181,7 +184,8 @@ service:
```
* ```curl: (60) SSL: no alternative certificate subject name matches target host name 'example.org'``` you use a self-signed certificate and need to [install your CA via /etc/egroupware-docker/docker-compose.override.yml](https://github.com/EGroupware/build.opensuse.org/blob/master/server:eGroupWare/egroupware-docker-20.1/egroupware-docker/docker-compose.override.yml#L48) in the ```egroupware``` container
* Collabora and Rocket.Chat also need to be able to access the EGroupware container and therefore need a similar fix see their docker-compose.yml files!
6. check the log of the push server: ```docker logs -f egroupware-push```
7. check the log of the push server: ```docker logs -f egroupware-push```
* if you only see ```server: handshake success with fd****, FAILED with unknown sessionid=**********``` check that ```egroupware``` and ```egroupware-push``` container share the session volume:
```
docker exec -it egroupware ls /var/lib/php/sessions