[BUG] Healthcheck fails due to incorrect detection of SSL status about dashy HOT 9 OPEN

Ahh, I see. Sorry, I'd totally overlooked that.
In which case your fix does look correct, I'll try it out this weekend and get a PR submitted.

from dashy.

@Lissy93 The lack of the cert file existence check for health-check is in fact the issue. The health-check works if the cert files are provided AND the env vars are set, but according to the docs, when using docker, you only need to provide the cert files, not specify the env vars. While Dashy itself detects SSL correctly based on the presence of the cert files, the health-check does not; the env vars must be specified for health-check to work.

It would be nice if the health-check could use the same criteria as Dashy to make the SSL determination (i.e., if the cert files are present OR the env vars are present then use SSL). In all honesty, I think what really matters is that the cert files are present as specifying the env vars without the files being there doesn't provide SSL support. I think the better test would be:

1. Do these two files exist: fileExists("/etc/ssl/certs/dashy-priv.key") && fileExists("/etc/ssl/certs/dashy-pub.pem"
   OR
2. Do the files referenced by these two env vars (not just the env vars themselves) exist: !!process.env.SSL_PRIV_KEY_PATH && !!process.env.SSL_PUB_KEY_PATH.

If either is true, use SSL.

I think the same test (whatever it is) should be used by both Dashy and Health-check so that they are in sync with respect to SSL usage.

from dashy.

If you're enjoying Dashy, consider dropping us a ⭐
_{🤖 I'm a bot, and this message was automated}

from dashy.

Same issue here.

--env SSL_PUB_KEY_PATH ... --env SSL_PRIV_KEY_PATH ... does not change anything for my problem.

As for statusCheckAllow Insecure: true, it seems to require a http endpoint for detection, but this one usually being 302 redirect when setting up nginx reverse proxy.

I'm using mkcert as the root CA to self-sign ssl certs.

On the same machine, the homepage's Site Monitor feature just works. I'm NOT saying that homepage is better than dashy: Actually, homepage is kinda lightweight and much less powerful than dashy. If this issue could be truly resolved, I'd be very glad to migrate from homepage to dashy.

Oh, and another thing (but actually the same thing I guess), I specified
icon: https://mymachine.lan/img/icon.png for an item. This img url can be opened on my browser normally, and can be downloaded by curl, but the log of dashy says The path to 'https://mymachine.lan/img/icon.png' could not be resolved.

For adding the same url as icon, homepage works again.

I mean, it seems really weird how dashy process those url links.
Does "could not be resolved" means that dashy even choose the different DNS as the machine it is running on?
Or at least it seems that dashy does not refer to the system's (nor the browser's) CA root trust store.

from dashy.

This #1025 (possibly related) feature request about adding a custom SSL CA might solve the problem.

from dashy.

Ok I think I definitely missunderstood what the problem was in my previous comment.

But I was having this problem. I added the environment variables as @nwh3365 original comment suggests and I have the problem no more! Thanks!

I think this should be fairly simple to solve [technically], but unfortunately I don't know any javascript... Is it difficult to check for the existence of a file with javascript? If not, this should be enough. A possible fix to the boolean isSsl could include the following check.

[pseudocode] pretend that fileExists is a function or method to check if a file exists or not. It takes the path of the file as a parameter, returns a boolean.

const isSsl = ( !!process.env.SSL_PRIV_KEY_PATH && !!process.env.SSL_PUB_KEY_PATH ) || ( fileExists("/etc/ssl/certs/dashy-priv.key") && fileExists("/etc/ssl/certs/dashy-pub.pem") );

or perhaps another suitable solution is to simply ask the user directly if they want to use ssl or not, i.e., have an environment variable for that.
Something like USE_SSL = False added to the dockerfile. Then isSsl = process.env.USE_SSL

from dashy.

Once 2.1.2 is avaiable on docker, can you test and see if the issue persists? There was one PR (#1076) related to this topic, but I cannot really test, as I do not have any SSL set up yet.

from dashy.

I just upgraded to 2.1.2. The issue still exists exactly as described in my original post. The suggestion by @RamonAbudAlcala is basically what I was thinking in terms of a fix, but like RamonAbudAlcala, I'm not a javascript coder.

from dashy.

I don't think 2.1.2 will have fixed this, but I was expecting #1076 to have done so 😬

@RamonAbudAlcala - your psudo-code solution does look correct, although that's basically what's happening already (minus the checking if the file exists)

(I'd expect the file checking part to not be necessary, as if you set SSL_PRIV_KEY_PATH / SSL_PUB_KEY_PATH and it didn't exist, then the start log will show a WARN.)

from dashy.