Unable to establish secure connection

Question

Unable to establish secure connection

taiBsu opened this issue 2 years ago · 1 comments

I'm running an inspIRCd server on my private server.
For online communication purposes, I installed thelounge using docker-compose:

version: "3"

services:
  irc_webclient:
    image: thelounge/thelounge:latest
    container_name: irc_webclient
    ports:
      - 9000:9000
    restart: always
    volumes:
      - ./config:/var/opt/thelounge
    networks:
      - ***

networks:
  ***:
    external: true

I enabled reverse proxy through the config.js:

# ...
reverseProxy: true
# ...

My apache subdomain config is as follows:
irc.my.domain.conf:

<VirtualHost *:80>
  ServerName irc.my.domain
  RewriteEngine on
  RewriteCond %{SERVER_NAME} =irc.my.domain
  RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

  RewriteCond %{REQUEST_URI}  ^/socket.io            [NC]
  RewriteCond %{QUERY_STRING} transport=websocket    [NC]
  RewriteRule /(.*)           ws://irc_webclient:9000/$1 [P,L]

  RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
  ProxyVia On
  ProxyRequests Off
  ProxyAddHeaders On
  ProxyTimeout 86400
</VirtualHost>

irc.my.domain-le-ssl.conf:

<IfModule mod_ssl.c>
<VirtualHost *:443>
  ServerName irc.my.domain

  ProxyPass / http://irc_webclient:9000/
  ProxyPassReverse / http://irc_webclient:9000/

  RewriteEngine On
  RewriteCond %{REQUEST_URI}  ^/socket.io            [NC]
  RewriteCond %{QUERY_STRING} transport=websocket    [NC]
  RewriteRule /(.*)           wss://irc_webclient:9000/$1 [P,L]

  RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
  ProxyVia On
  ProxyRequests Off
  ProxyAddHeaders On

  SSLCertificateFile /etc/letsencrypt/live/my.domain/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/my.domain/privkey.pem
  Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

as per the documentation, I haven't enabled https in the config.js:

https: {
  enable: false,
  key: "",
  certificate: "",
  ca: "",
},

Now when trying to connect having the "Only allow trusted certificates" option checked, I get the following error:

whereas when unchecking that option I'm able to connect but only with warnings:

What can I do to make this work properly?

Thanks a lot in advance.

Answer 1 · 2023-02-03T22:27:08.000Z

This is an issue tracker and not a support forum, head over to #thelounge on libera, or better yet some apache channel as you terminate TLS there.