Setting up Reverse Proxy for Manual Certs

tolexy · June 9, 2020, 10:19pm

TL:DR Looking for a good quick and dirty place to start and/or finsih when implementing manual custom certs from a CA other than letsencrypt. Forums mention setting up reverse proxy, and we have done this but are at a complete loss on how to connect this to the containers, container start order, settings etc. Nothing seems to work, and short of digging through the certbot container for configs etc, was hoping there was a good starting point someone has had from past experience. Rev proxies are not my strong suit, yet!

So I have had an instance (or three) of kobo running for over a year and done several upgrades. Love the tool! Sadly, my organization is now restricting LetsEncrypt as a CA for our domain. Essentially we were getting the certs from letsencrypt auto renewed and all was perfect. We had our IT add records such that our DNS provided would accept an external CA. Great.

We have tried install nginx and config (which is probably wrong)

kobo-install: HTTPS => yes Auto-get certs => no behind rev proxy=> yes on server=> yes and keep getting bad gateway. I just feel like we are missing one small key piece to get everything connected properly.

Ubuntu 18, kobo-install-2.020.23 install nginx on VM outside of all containers.

any help or guide in the right direction for this is supremely welcome!!

Kal_Lam · June 12, 2020, 4:25pm

Hi @tolexy,

You could have a look at the configuration (Apache) as outlined here:

github.com/kobotoolbox/kobo-install

Fresh install not working

opened 04:31AM - 30 Jan 19 UTC

closed 04:34AM - 06 Feb 19 UTC

Stopi

Hi, I just tried to install this and it's not working. Here is my config : - A…lpine Linux 3.8.2 (last version, up to date) running on HyperV - docker 18.09.1-r0 - docker-compose 1.23.2 Here the output : ``` kobo [/home/kobo-install]# python run.py ╔═══════════════════════════════════════════════════════════════╗ ║ Welcome to `kobo-install`! ║ ║ ║ ║ You are going to be asked some questions that will ║ ║ determine how to build the configuration of `KoBoToolBox`. ║ ║ ║ ║ Some questions already have default values (within brackets). ║ ║ Just press `enter` to accept the default value or enter `-` ║ ║ to remove previously entered value. ║ ║ Otherwise choose between choices or type your answer. ║ ╚═══════════════════════════════════════════════════════════════╝ Where do you want to install? [/home/kobo-docker]: Do you want to see advanced options? 1) Yes 2) No [2]: What kind of installation do you need? 1) On your workstation 2) On a server [2]: Public domain name [kobo.local]: mydomain.tld KPI sub domain [kf]: koboform KoBoCat sub domain [kc]: kobocat Enketo Express sub domain name [ee]: enketo Do you use a reverse proxy or a load balancer? 1) Yes 2) No [1]: Use HTTPS? Please note that certificate has to be installed on the load balancer! 1) Yes 2) No [1]: Internal port used by reverse proxy? [80]: SMTP server: mail.mydomain.tld SMTP port [25]: 587 SMTP user: robot@mydomain.tld SMTP password: xxxx Use TLS? 1) True 2) False [1]: From email address [support@mydomain.tld]: robot@mydomain.tld Super user's username [super_admin]: Super user's password [^H$kNO-Tdi1Aq%EB]: xxxx Do you want to activate backups? 1) Yes 2) No [2]: Cloning into '/home/kobo-docker'... remote: Enumerating objects: 2546, done. remote: Total 2546 (delta 0), reused 0 (delta 0), pack-reused 2546 Receiving objects: 100% (2546/2546), 1.84 MiB | 1.04 MiB/s, done. Resolving deltas: 100% (1580/1580), done. Switched to a new branch 'kobo-install' From https://github.com/kobotoolbox/kobo-docker * branch kobo-install -> FETCH_HEAD Removing network kobo-docker_default WARNING: Network kobo-docker_default not found. Removing network kobo-docker_kobo-fe-network WARNING: Network kobo-docker_kobo-fe-network not found. Launching environment Creating network "kobo-docker_default" with the default driver Pulling mongo (mongo:3.4)... Pulling redis_main (redis:3.2)... Pulling postgres (mdillon/postgis:9.5)... Pulling rabbit (kobotoolbox/rabbit:latest)... Creating kobo-docker_mongo_1 ... done Creating kobo-docker_postgres_1 ... done Creating kobo-docker_rabbit_1 ... done Creating kobo-docker_redis_main_1 ... done Creating kobo-docker_redis_cache_1 ... done Creating network "kobo-docker_kobo-fe-network" with driver "bridge" WARNING: Found orphan containers (kobo-docker_redis_cache_1, kobo-docker_rabbit_1, kobo-docker_redis_main_1, kobo-docker_postgres_1, kobo-docker_mongo_1) for this project. If you removed or renamed this service in your compose file, you can run this command with the --remove-orphans flag to clean it up. Pulling nginx (kobotoolbox/nginx:latest)... Pulling kobocat (kobotoolbox/kobocat:2.018.48)... Pulling enketo_express (kobotoolbox/enketo-express-extra-widgets:1.72.2)... Pulling kpi (kobotoolbox/kpi:2.018.48)... Creating kobo-docker_enketo_express_1 ... done Creating kobo-docker_kpi_1 ... done Creating kobo-docker_nginx_1 ... done Creating kobo-docker_kobocat_1 ... done Waiting for environment to be ready. It can take a few minutes. ............................................................ `KoBoToolbox` has not started yet, wait for another 600 minutes! ............................................................ `KoBoToolbox` has not started yet, sometimes frontend containers can not communicate with backend containers. Let's restart frontend containers. Stopping kobo-docker_nginx_1 ... done Stopping kobo-docker_kpi_1 ... done Stopping kobo-docker_kobocat_1 ... done Stopping kobo-docker_enketo_express_1 ... done WARNING: Found orphan containers (kobo-docker_redis_cache_1, kobo-docker_rabbit_1, kobo-docker_redis_main_1, kobo-docker_postgres_1, kobo-docker_mongo_1) for this project. If you removed or renamed this service in your compose file, you can run this command with the --remove-orphans flag to clean it up. Removing kobo-docker_nginx_1 ... done Removing kobo-docker_kpi_1 ... done Removing kobo-docker_kobocat_1 ... done Removing kobo-docker_enketo_express_1 ... done Removing network kobo-docker_kobo-fe-network Launching frontend containers Creating network "kobo-docker_kobo-fe-network" with driver "bridge" WARNING: Found orphan containers (kobo-docker_redis_cache_1, kobo-docker_rabbit_1, kobo-docker_redis_main_1, kobo-docker_postgres_1, kobo-docker_mongo_1) for this project. If you removed or renamed this service in your compose file, you can run this command with the --remove-orphans flag to clean it up. Creating kobo-docker_enketo_express_1 ... done Creating kobo-docker_kpi_1 ... done Creating kobo-docker_nginx_1 ... done Creating kobo-docker_kobocat_1 ... done ........................................................... Something went wrong! Please look at docker logs ``` The docker logs can be accessed here : http://dl.pasteur.la/?t=8755da5a95e39d223a3109829c5ad5cd The syslog output `/var/log/docker.log` is here : http://dl.pasteur.la/?t=f4e53dd70f9c1cf9e7f51b12ab89054f Any help would be appreciated, thanks.

As a backup you could also have a look here:

Have a great day!