Not generate SSL about dokku-posteio HOT 12 CLOSED

It seems there is an issue with your nginx configuration. Can you post the content of systemctl status nginx.service ?

from dokku-posteio.

I have the same issue, is there any solution?

from dokku-posteio.

It seems to be an error with the reverse proxy config, but I have no idea what exactly without the logs.
@vitalii-bulyzhyn same as above, can you publish the contents of systemctl status nginx.service or journalctl -xe, like the error message says ?

from dokku-posteio.

I think HTTPS support really should use dokku's letsencrypt (and therefore also proxy) plugin.

Otherwise, AFAICS, this can only work if the dokku host does not run any other dokku HTTP application. If it does then a connection to 443 will be handled by dokku's web server, and that will present the certificate of one of the other apps (i.e. with a different name.)

In order to prevent this poste.io's certificate would have to be synchronized between the host nginx and the container nginx as well, which at least gets complicated.

Using dokku's letsencrypt and proxy plugin would mean:

1. set up a "mail" application on the dokku host
2. adjust poste.io image to listen on 80 and 443 only on an internal network interface; 443 could even be disabled;
3. remove the SSL cert page from the poste.io admin area

(..but correct me if I am wrong..)

from dokku-posteio.

Hello,

AFAICS, this can only work if the dokku host does not run any other dokku HTTP application ... and that will present the certificate of one of the other apps

I'll try to look into this...

Using dokku's letsencrypt and proxy plugin would mean:

1. set up a "mail" application on the dokku host
2. adjust poste.io image to listen on 80 and 443 only on an internal network interface; 443 could even be disabled;
3. remove the SSL cert page from the poste.io admin area

I think the app version should be in another repository. This repository uses the dokku plugin system, changing it by creating an app is a completely different thing, knowing that when I created this plugin, opening the SMTP, POP3 and IMAP ports for an app was much more of a pain in the ass than handling HTTPS with the plugin version. (maybe I lack knowledge, cf: https://poste.io/doc/network-schemes)

3. remove the SSL cert page from the poste.io admin area

Poste.io is not an opensource software and should not be modified.

from dokku-posteio.

no prob. I am aware that a plugin is not an app :) but, again, if your plugin manages a mail. subdomain then if a server is handling requests on 443 on the dokku host (i.e. deploying other apps apart from the plugin) it must present the mail.host.name cert, which is managed by poste.io, if a request comes in for that subdomain.

This didn't work for me.

I am just trying to get poste.io into an app; here you see how ports can be managed (note: this is not tested)

dokku apps:create mail

# SMTP ports
dokku docker-options:add mail deploy,run -p 0.0.0.0:25:25/tcp
dokku docker-options:add mail deploy,run -p 0.0.0.0:587:587/tcp

# IMAP ports
dokku docker-options:add mail deploy,run -p 0.0.0.0:143:143/tcp

# POP3: still relevant?
# dokku docker-options:add mail deploy,run -p 0.0.0.0:110:110/tcp
# dokku docker-options:add mail deploy,run -p 0.0.0.0:995:995/tcp

dokku docker-options:add mail deploy,run -e TZ=Europe/Berlin
dokku docker-options:add mail deploy,run -h mail.your.doma.in

dokku docker-options:add mail deploy,run -e HTTP_PORT=5000
dokku docker-options:add mail deploy,run -e HTTPS=OFF 
dokku proxy:ports-set mail http:80:5000

# storage
mkdir /var/lib/dokku/data/storage/mail
dokku storage:mount mail /var/lib/dokku/data/storage/mail:/data

# get and deploy image
docker pull analogic/poste.io
docker tag analogic/poste.io:latest dokku/mail:latest

dokku tags:deploy mail latest
dokku letsencrypt:enable mail

from dokku-posteio.

on a sidenote: whichever way you look at this: certs must be available on the host and inside the poste.io container. If you need any support debugging, the installation I am playing with is non-critical; I can play around and break things, if that helps :)

from dokku-posteio.

Now with the additional details, I'm not sure I understand the problem...
Normally, as written in the plugin documentation, once the certificate is generated by Poste.io you have to toggle the SSL in the plugin to tell it to serve the generated certificate (command: dokku posteio:toggle-ssl). Normally if the generation goes well (what I had the impression that does not work) everything works, I have several instances without any problem with other web apps managed by dokku and with the right certificate for mail.example.com.

Is the problem due to the transition being a bit shaky while generating the certificate? Or a desire not to use SSL? Or is it just that it doesn't work even though the plugin has SSL enabled?

from dokku-posteio.

thanks, I will have a closer look again

from dokku-posteio.

@d1ceward now it seems to have resolved itself. I am not sure what the difference is between this and the first attempt. The only thing that is different from what I can see in the README is that I could not connect to http://mail.example.com/admin/settings/#certificate but via HSTS was redirected to https://mail.example.com/admin/settings/#certificate which warned of an invalid cert (because I have other apps running first, so maybe HSTS is enabled on all subdomains?)

long story short: this works as advertised, thank you for your help @d1ceward

from dokku-posteio.

Glad to hear it, but I'll still try to improve the SSL certificate generation step, to make it easier 😎

from dokku-posteio.

Fixed with v1.6, more info: #7 (comment)

from dokku-posteio.