Giter Site home page Giter Site logo

Comments (9)

Lissy93 avatar Lissy93 commented on June 19, 2024 4

Ahh, I see. Sorry, I'd totally overlooked that.
In which case your fix does look correct, I'll try it out this weekend and get a PR submitted.

from dashy.

nwh3365 avatar nwh3365 commented on June 19, 2024 2

@Lissy93 The lack of the cert file existence check for health-check is in fact the issue. The health-check works if the cert files are provided AND the env vars are set, but according to the docs, when using docker, you only need to provide the cert files, not specify the env vars. While Dashy itself detects SSL correctly based on the presence of the cert files, the health-check does not; the env vars must be specified for health-check to work.

It would be nice if the health-check could use the same criteria as Dashy to make the SSL determination (i.e., if the cert files are present OR the env vars are present then use SSL). In all honesty, I think what really matters is that the cert files are present as specifying the env vars without the files being there doesn't provide SSL support. I think the better test would be:

  1. Do these two files exist: fileExists("/etc/ssl/certs/dashy-priv.key") && fileExists("/etc/ssl/certs/dashy-pub.pem"
    OR
  2. Do the files referenced by these two env vars (not just the env vars themselves) exist: !!process.env.SSL_PRIV_KEY_PATH && !!process.env.SSL_PUB_KEY_PATH.

If either is true, use SSL.

I think the same test (whatever it is) should be used by both Dashy and Health-check so that they are in sync with respect to SSL usage.

from dashy.

liss-bot avatar liss-bot commented on June 19, 2024

If you're enjoying Dashy, consider dropping us a ⭐
🤖 I'm a bot, and this message was automated

from dashy.

clsty avatar clsty commented on June 19, 2024

Same issue here.

--env SSL_PUB_KEY_PATH ... --env SSL_PRIV_KEY_PATH ... does not change anything for my problem.

As for statusCheckAllow Insecure: true, it seems to require a http endpoint for detection, but this one usually being 302 redirect when setting up nginx reverse proxy.

I'm using mkcert as the root CA to self-sign ssl certs.

On the same machine, the homepage's Site Monitor feature just works. I'm NOT saying that homepage is better than dashy: Actually, homepage is kinda lightweight and much less powerful than dashy. If this issue could be truly resolved, I'd be very glad to migrate from homepage to dashy.

Oh, and another thing (but actually the same thing I guess), I specified
icon: https://mymachine.lan/img/icon.png for an item. This img url can be opened on my browser normally, and can be downloaded by curl, but the log of dashy says The path to 'https://mymachine.lan/img/icon.png' could not be resolved.

For adding the same url as icon, homepage works again.

I mean, it seems really weird how dashy process those url links.
Does "could not be resolved" means that dashy even choose the different DNS as the machine it is running on?
Or at least it seems that dashy does not refer to the system's (nor the browser's) CA root trust store.

from dashy.

RamonAbudAlcala avatar RamonAbudAlcala commented on June 19, 2024

This #1025 (possibly related) feature request about adding a custom SSL CA might solve the problem.

from dashy.

RamonAbudAlcala avatar RamonAbudAlcala commented on June 19, 2024

Ok I think I definitely missunderstood what the problem was in my previous comment.

But I was having this problem. I added the environment variables as @nwh3365 original comment suggests and I have the problem no more! Thanks!

I think this should be fairly simple to solve [technically], but unfortunately I don't know any javascript... Is it difficult to check for the existence of a file with javascript? If not, this should be enough. A possible fix to the boolean isSsl could include the following check.

[pseudocode] pretend that fileExists is a function or method to check if a file exists or not. It takes the path of the file as a parameter, returns a boolean.

const isSsl = ( !!process.env.SSL_PRIV_KEY_PATH && !!process.env.SSL_PUB_KEY_PATH ) || ( fileExists("/etc/ssl/certs/dashy-priv.key") && fileExists("/etc/ssl/certs/dashy-pub.pem") );

or perhaps another suitable solution is to simply ask the user directly if they want to use ssl or not, i.e., have an environment variable for that.
Something like USE_SSL = False added to the dockerfile. Then isSsl = process.env.USE_SSL

from dashy.

CrazyWolf13 avatar CrazyWolf13 commented on June 19, 2024

Once 2.1.2 is avaiable on docker, can you test and see if the issue persists? There was one PR (#1076) related to this topic, but I cannot really test, as I do not have any SSL set up yet.

from dashy.

nwh3365 avatar nwh3365 commented on June 19, 2024

I just upgraded to 2.1.2. The issue still exists exactly as described in my original post. The suggestion by @RamonAbudAlcala is basically what I was thinking in terms of a fix, but like RamonAbudAlcala, I'm not a javascript coder.

from dashy.

Lissy93 avatar Lissy93 commented on June 19, 2024

I don't think 2.1.2 will have fixed this, but I was expecting #1076 to have done so 😬


@RamonAbudAlcala - your psudo-code solution does look correct, although that's basically what's happening already (minus the checking if the file exists)

const isSsl = !!process.env.SSL_PRIV_KEY_PATH && !!process.env.SSL_PUB_KEY_PATH;

(I'd expect the file checking part to not be necessary, as if you set SSL_PRIV_KEY_PATH / SSL_PUB_KEY_PATH and it didn't exist, then the start log will show a WARN.)

from dashy.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.