<mrdomino>
i,i i want a rocket.chat bot that will post the currently playing song on my groovebasin into my chat
<mrdomino>
maybe that is an abuse of i,i but i'm more expressing a desire for this to exist than i am placing any expectation on any person to do it
<asheesh>
: D re: docs improvements discussions
<asheesh>
leomen: What are your specific symptoms?
<asheesh>
That is to say, are you having trouble adding the right SSLCertificateFile stanzas to the right VirtualHost sections, and therefore e.g. getting a non-ssl listener on port 443?
<asheesh>
In my dream world I can write scripts to automatically find everyone's problems of all kinds.
<leomen>
Hi ash! I believe there is a problem with my certificate :)
<leomen>
My http access is working fine.
<leomen>
my https access shows me:
<leomen>
An error occurred during a connection to ss.ifspmatao.edu.br. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG
<asheesh>
That usually means that you are listening on port 443 but speaking unencrypted HTTP.
<leomen>
So maybe I'm making a reverse redirection?
<asheesh>
re: one thing at a time: What I would do is make sure that you can serve a HTTPS site from your Apache, even if it doesn't go to Sandstorm, just reads files from /var/www , and then in your browser you can confirm that HTTPS works, and then once that's true, set up the Sandstorm reverse proxying.
<asheesh>
Interesting, yeah.
<leomen>
OK, let me make it blank and be sure it is serving on https.
<asheesh>
Note that I said http://...:443/ not https://...:443/ !
<leomen>
it seems exactly that.
<asheesh>
It might be smart to remove the port 80 stuff and disable plain-HTTP for now, just to make the problem have fewer moving parts.
<asheesh>
Get the one most essential/difficult part fixed, which is properly listening on HTTPS from the Apache server, and then re-add the other non-essential/non-hard parts.
<leomen>
Ok. I made a dissite to my 80 virtual host.
n8a has quit [Ping timeout: 250 seconds]
<asheesh>
"SSLEngine on" should really be enough to enable HTTPS for that VHost. Are you sure that VHost is enabled? And/or perhaps a default VHost is overriding that one.
<leomen>
Ok. I took down my 80 listening.
<leomen>
I will try to up a test page on https so we can make sure it's working.
<asheesh>
Great. Keep mep posted.
<leomen>
Okie Dokie
wolcen_ has joined #sandstorm
nwf has quit [Ping timeout: 264 seconds]
<leomen>
OK, the virtual host wasn't really enabled.
<leomen>
So now I have a http:// and a https:// working.
<leomen>
https is serving my certificates also.
<asheesh>
Yes!!!
<leomen>
Now is there a way that I can force my users to use https?
<leomen>
A redirect?
<leomen>
This line, maybe?
<leomen>
# By default, send all requests to Sandstorm over http://
<leomen>
Ah, ok. I use it on my other webserver =D
<leomen>
Feel relieved it's kind of a common practice haha
<asheesh>
: D
wolcen_ has quit [Quit: Leaving]
kecors has quit [Quit: Leaving]
<leomen>
Beautiful =D
<asheesh>
BTW, if you're willing to chat by email, I'd love to learn more about how you're hoping to use your Sandstorm server, since it's always nice when we know more about that sort of thing. I'm asheesh@sandstorm.io fwiw.
<leomen>
mailing you right now :)
<leomen>
And now back to my wildcard host message hahahaha
<asheesh>
neynah: ^
<asheesh>
(context: neynah and I were discussing this week how to make that easier for people)
<leomen>
WARNING: This server seems to have its WILDCARD_HOST misconfigured. Until you fix it, you will not be able to use any apps. You can read more info in the Sandstorm docs and in your browser's Javascript console. You'll need to adjust DNS, SSL/TLS certificates, or edit the sandstorm.conf file. If you see no information in the JS console, or wish to t
<leomen>
est if you have fixed the problem, reload this page to re-run the test. If you're still having problems, please file an issue.
<leomen>
Oh.
<asheesh>
leomen: Yeah - if you look at the JS console, what error(s) do you see in red? You might need to reload the wildcard host test page to make it log the error.
<asheesh>
Also I guess I should implement zarvox's idea that WILDCARD_HOST inherit the port number from BASE_URL thing.
<zarvox>
asheesh: +1 ;)
<leomen>
Ok, so for me to organize myself. I think i can help with some suggestions about how documentation could make it easier about hot to implement the https on self hosted servers :)
<asheesh>
I'll be AFK a for little bit.
<leomen>
Ok. I will answer your mail and see what's going wrong here haha
<zarvox>
dwrensha: you can also clone pycapnp and "pip install path/to/pycapnp" if you anticipate potentially making changes to pycapnp to further debug
<dwrensha>
"No module name 'Cython'"
<dwrensha>
okay, I'll `pip install cython` first
<dwrensha>
but i didn't need to do that when I did `pip install pycapnp` previously
sydney_u1tangle has joined #sandstorm
sydney_untangle has quit [Ping timeout: 250 seconds]
frigginglorious has quit [Quit: frigginglorious]
n8a has joined #sandstorm
<leomen>
Guys, it's looking like my websocket isn't going up... I'm missing something but can't fint where =/
<leomenz>
Considering dependency proxy for proxy_wstunnel:
<leomenz>
Module proxy already enabled
<leomenz>
Module proxy_wstunnel already enabled
<asheesh>
For me, WebSockets seem to work OK. If you reload the page, does the problem go away?
<leomenz>
No =/ I'm getting both warns about Wildcard and websocket =/
<asheesh>
I do see the WILDCARD_HOST issue, but that's presumably because I haven't added your custom CA to my browser.
<asheesh>
Interestingly anyone can go to https://ss.ifspmatao.edu.br/admin/ and trigger the self-test, so you can do that in an incognito window.
<leomenz>
Do you want the certificate to test it properly?
<asheesh>
I need to finish up something else unfortunately; for now, I propose you accept my word that the websockets test is passing for me, so I encourage you to focus on the wildcard host issue for now.
<zarvox>
dwrensha: thanks for catching https://github.com/sandstorm-io/sandstorm/pull/2106 - I'm curious if a misbehavior caused you to track it down, or if you managed to catch it through intense attention to detail