AutoKuma fails to connect to HTTPS Uptime Kuma service with self-signed certificate
landure opened this issue · 2 comments
landure commented
With Uptime Kuma configured with HTTPS using:
# Path to SSL key
UPTIME_KUMA_SSL_KEY=/run/secrets/uptime-kuma-tls-key
# Path to SSL certificate
UPTIME_KUMA_SSL_CERT=/run/secrets/uptime-kuma-tls-certand using mkcert to create the certificates:
command mkcert -key-file="./secrets/uptime-kuma-tls-key.secret" \
-cert-file="./secrets/uptime-kuma-tls-cert.secret" "uptime-kuma" "localhost"
And AutoKuma configured with:
AUTOKUMA__KUMA__URL=https://uptime-kuma:3001/Uptime Kuma authentication is turned off (it's behing a Traefik reverse proxy, that AutoKuma doesn't access).
AutoKuma fails with:
autokuma-1 | ERROR [kuma_client::util] Error during connect
autokuma-1 | WARN [kuma_client::client] Timeout while waiting for Kuma to get ready...
autokuma-1 | WARN [autokuma::sync] Encountered error during sync: Timeout while trying to connect to Uptime Kuma server
AutoKuma miss an option to declare the CA certificate public key for Uptime Kuma connection (and for Docker socket connection), and a flag to ignore TLS errors on HTTPS connections.
Thank you for your work.
The compose file is:
# compose.yml for uptime-kuma
networks:
# prometheus:
# name: prometheus-net
# external: true
traefik:
name: traefik-net
external: true
volumes:
uptime-kuma-data:
# uptime-kuma service's data volume
driver: local
secrets:
uptime-kuma-tls-key:
file: secrets/uptime-kuma-tls-key.secret
uptime-kuma-tls-cert:
file: secrets/uptime-kuma-tls-cert.secret
services:
uptime-kuma:
image: louislam/uptime-kuma:1
group_add:
- "1000"
env_file:
- ./env/uptime-kuma.env
networks:
default: {}
traefik: {}
# prometheus: {}
volumes:
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
- uptime-kuma-data:/app/data
secrets:
- uptime-kuma-tls-key
- uptime-kuma-tls-cert
restart: unless-stopped
labels:
com.centurylinklabs.watchtower.enable: "true"
traefik.enable: "true"
traefik.exposed-by-instance: traefik-public
traefik.http.services.uptime-kuma-uptime-kuma-service.loadbalancer.server.port: 3001
traefik.http.services.uptime-kuma-uptime-kuma-service.loadbalancer.server.scheme: https
traefik.http.services.uptime-kuma-uptime-kuma-service.loadbalancer.serversTransport: tls-skip-verify@file
traefik.http.routers.uptime-kuma-uptime-kuma-https.entrypoints: websecure,web
traefik.http.routers.uptime-kuma-uptime-kuma-https.service: uptime-kuma-uptime-kuma-service@docker
traefik.http.routers.uptime-kuma-uptime-kuma-https.rule: Host(`uptime-kuma.domain.com`)
traefik.http.routers.uptime-kuma-uptime-kuma-https.middlewares: hsts@file,security@file,compression@file
traefik.http.routers.uptime-kuma-uptime-kuma-https.tls: "true"
traefik.http.routers.uptime-kuma-uptime-kuma-https.tls.certresolver: default
depends_on:
- socket-proxy
socket-proxy:
image: lscr.io/linuxserver/socket-proxy:latest
env_file:
- ./env/socket-proxy.env
networks:
default: {}
volumes:
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
read_only: true
tmpfs:
- /run
security_opt:
- no-new-privileges=true
restart: unless-stopped
labels:
com.centurylinklabs.watchtower.enable: "true"
environment:
CONTAINERS: 1
autokuma:
image: ghcr.io/bigboot/autokuma:latest
env_file:
- ./env/autokuma.env
networks:
default: {}
volumes:
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
restart: unless-stopped
labels:
com.centurylinklabs.watchtower.enable: "true"
depends_on:
- socket-proxy
- uptime-kumaBigBoot commented
I've added the ability to specify a custom tls cert and disable cert verification when connecting to uptime kuma, for docker you can use the existing environment variables DOCKER_TLS_CERTDIR and DOCKER_TLS_VERIFY
landure commented
It works nicely. Thank you. Please add the corresponding environment variables to the README:
# Whether to verify Uptime Kuma's TLS certificate or not.
# AUTOKUMA__KUMA__TLS__VERIFY=0
# Path to custom TLS certificate in PEM format to use for connecting to Uptime Kuma
# AUTOKUMA__KUMA__TLS__CERT=/run/secrets/mkcert-root-ca