SSL not working on production hosting | Appwrite | Page 1

toxic summit Mar 5, 2023, 8:04 AM

#

I tried to install ssl certificate on production hosting of appwrite but it is showing 404 not found error

#

``

#

`
<VirtualHost *:443>
ServerName appwrite.exampledev.xyz
#ServerAlias appwrite.exampledev.xyz
ServerAdmin [email protected]
DocumentRoot /var/www/appwrite.exampledev.xyz
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

ProxyPass / http://127.0.0.1:3031/
ProxyPassReverse / http://127.0.0.1:3031/
#proxy_set_header Host $host;
#ProxyRequests Off
ProxyPassReverseCookieDomain  "127.0.0.1:3030"  "appwrite.exampledev.xyz"
ProxyPreserveHost On

#SSL
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/exampledev.xyz/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/exampledev.xyz/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/exampledev.xyz/chain.pem
SSLCipherSuite EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5
SSLProtocol All -SSLv2 -SSLv3 -TLSv1
SSLHonorCipherOrder On

</VirtualHost>
`

#

this is the vhost configuration of my server

#

please help me

spare current Mar 5, 2023, 8:10 AM

#

Hey there 👋
I believe first proxy is required to take care of certificates. When running your own proxy in front of Appwrite, you will need to configure your proxy to handle certificates instead of Appwrite (and internally simply proxy everything over HTTP).

With that said, 404 error doesnt seem to be certificate problem. I dont think so.
Can you show me what kind of 404 error it is? I am trying to figure out if it's coming from your proxy, or Appwrite one.
Also while at it, check out docker compose ps and see if everything is running - 404 might mean that a container is missing

toxic summit Mar 5, 2023, 8:12 AM

#

#

http working but https not working

spare current Mar 5, 2023, 9:34 AM

#

What is your HTTP configuration in Apache?

toxic summit Mar 5, 2023, 2:27 PM

#

Mentioned in above messages

#

Check my first message

muted sage Mar 5, 2023, 3:24 PM

#

toxic summit Check my first message

Your first message has the https configuration, but doesn't have the http one

toxic summit Mar 5, 2023, 3:25 PM

#

It have configuration for 443 also

#

Ohhhh

#

Yes it have only 443

#

Wait I am sending http . 80

muted sage Mar 5, 2023, 3:27 PM

#

toxic summit Wait I am sending http . 80

Huh?

toxic summit Mar 5, 2023, 3:27 PM

#

`
<VirtualHost *:80>
ServerName appwrite.exampledev.xyz
ServerAlias appwrite.exampledev.xyz
ServerAdmin [email protected]
DocumentRoot /var/www/appwrite.exampledev.xyz
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

ProxyPass / http://127.0.0.1:3030/
ProxyPassReverse / http://127.0.0.1:3030/
#proxy_set_header Host $host;
#ProxyRequests Off
ProxyPassReverseCookieDomain  "127.0.0.1:3030"  "appwrite.exampledev.xyz"
ProxyPreserveHost On

</VirtualHost>
`

#

3030 is http port and 3031 is https

muted sage Mar 5, 2023, 3:27 PM

#

toxic summit ` <VirtualHost *:80> ServerName appwrite.exampledev.xyz ServerAlias appw...

Btw, for multi line, it's best to use 3 back ticks instead of 1

toxic summit Mar 5, 2023, 3:28 PM

#

okay

#

😀

muted sage Mar 5, 2023, 3:29 PM

#

toxic summit ` <VirtualHost *:443> ServerName appwrite.exampledev.xyz #ServerAlias ap...

Maybe your proxy pass over here should go to https

toxic summit Mar 5, 2023, 3:30 PM

#

ProxyPass / https://127.0.0.1:3031/
ProxyPassReverse / https://127.0.0.1:3031/

#

like this ?

#

no . . . . .
it's not working

#

last time i opened SMTP error and conclusion was we need to have ssl on appwrite.example.com

#

so now I have a ssl on domain, all subdomains

#

but it is not redirecting on https

#

<VirtualHost *:80>
    ServerName appwrite.exampledev.xyz
    ServerAlias appwrite.exampledev.xyz
    ServerAdmin [email protected]
    #DocumentRoot /var/www/appwrite.exampledev.xyz
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    ProxyPass / http://127.0.0.1:3030/
    ProxyPassReverse / http://127.0.0.1:3030/
    #proxy_set_header Host $host;
    #ProxyRequests Off
    ProxyPassReverseCookieDomain  "127.0.0.1:3030"  "appwrite.exampledev.xyz"
    ProxyPreserveHost On

</VirtualHost>

<VirtualHost *:443>
    ServerName appwrite.exampledev.xyz
    ServerAlias appwrite.exampledev.xyz
    ServerAdmin [email protected]
    #DocumentRoot /var/www/appwrite.exampledev.xyz
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    #ProxyPass / http://127.0.0.1:3031/
    #ProxyPassReverse / http://127.0.0.1:3031/
    #proxy_set_header Host $host;
    #ProxyRequests Off
    #ProxyPassReverseCookieDomain  "127.0.0.1:3031"  "appwrite.exampledev.xyz"
    #ProxyPreserveHost On

    #SSL
    SSLEngine On
    SSLCertificateFile /etc/letsencrypt/live/exampledev.xyz/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/exampledev.xyz/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/exampledev.xyz/chain.pem
    SSLCipherSuite EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5
    SSLProtocol All -SSLv2 -SSLv3 -TLSv1
    SSLHonorCipherOrder On

</VirtualHost>

#

here is complete vhost configuration

muted sage Mar 5, 2023, 3:42 PM

#

toxic summit here is complete vhost configuration

Uhh the 443 proxy pass is commented out 🧐 and it's not https

toxic summit Mar 5, 2023, 3:43 PM

#

<VirtualHost *:80>
    ServerName appwrite.exampledev.xyz
    ServerAlias appwrite.exampledev.xyz
    ServerAdmin [email protected]
    #DocumentRoot /var/www/appwrite.exampledev.xyz
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    ProxyPass / http://127.0.0.1:3030/
    ProxyPassReverse / http://127.0.0.1:3030/
    #proxy_set_header Host $host;
    #ProxyRequests Off
    ProxyPassReverseCookieDomain  "127.0.0.1:3030"  "appwrite.exampledev.xyz"
    ProxyPreserveHost On

</VirtualHost>

<VirtualHost *:443>
    ServerName appwrite.exampledev.xyz
    #ServerAlias appwrite.exampledev.xyz
    ServerAdmin [email protected]
    #DocumentRoot /var/www/appwrite.exampledev.xyz
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    ProxyPass / https://127.0.0.1:3031/
    ProxyPassReverse / https://127.0.0.1:3031/
    #proxy_set_header Host $host;
    #ProxyRequests Off
    ProxyPassReverseCookieDomain  "127.0.0.1:3031"  "appwrite.exampledev.xyz"
    ProxyPreserveHost On

    #SSL
    SSLEngine On
    SSLCertificateFile /etc/letsencrypt/live/exampledev.xyz/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/exampledev.xyz/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/exampledev.xyz/chain.pem
    SSLCipherSuite EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5
    SSLProtocol All -SSLv2 -SSLv3 -TLSv1
    SSLHonorCipherOrder On

</VirtualHost>

#

now ?????

#

muted sage Mar 5, 2023, 3:45 PM

#

toxic summit

Can you browse to your server using https on port 3031?

toxic summit Mar 5, 2023, 3:45 PM

#

okay

#

#

its working like this but ssl is not visible

muted sage Mar 5, 2023, 3:50 PM

#

toxic summit

Maybe you can check Apache logs for why this error is happening then

toxic summit Mar 5, 2023, 3:50 PM

#

🥲

#

not getting anything in logs

#

please tell me correct apache2 configuration for appwrite

#SSL not working on production hosting