I can't seem to get the https proxy for my Realm Object Server running. I've followed every step in the docs, which include editing the configuration.yml file to change:
proxy.https.enable: true
proxy.https.listen_address: ::
proxy.https.listen_port: 9443
proxy.https.certificate_path: 'cert_path'
proxy.https.private_key_path: 'private_key_path'
When I visit http://example.com:9080 it's fine, but visiting https://example.com:9443 doesn't work - I've verified the paths are correct, and the cert/private key combination is valid.
Any help configuring this would be much appreciated, as I'm trying to get the app in conformance with Apple's ATS requirements!
The Realm Object Server is started by the "realm" user, you should check that the user has permissions to access the certificates.
Here is a list of instructions for setting up https with letsencrypt! on Ubuntu 16.04, maybe it helps identify your issue:
- Install ROS, letsencrypt and generate certs
curl -s https://packagecloud.io/install/repositories/realm/realm/script.deb.sh | sudo bash
apt-get install realm-object-server-developer
apt-get install letsencrypt
letsencrypt certonly --standalone -d ${mydomain.com}
# set up permissions for the realm user on /etc/letsencrypt.
sudo groupadd ssl
sudo usermod -a -G ssl realm
sudo chgrp -R ssl /etc/letsencrypt
sudo chmod -R g=rX /etc/letsencrypt
- Edit the config to enable ssl in the "proxy" section
Section in /etc/realm/configuration.yml:
https:
## Whether or not to enable the HTTPS proxy module. It enables multiplexing requests
## by forwarding incoming requests on a single port to all services.
## Note that even if it enabled, the HTTPS proxy will only start if supplied
## with a valid pair of certificates through certificate_path and private_key_path below.
enable: true
## The path to the certificate and private keys (in PEM format) that will be used
## to set up the HTTPS server accepting connections.
## These configuration options are MANDATORY to start the HTTPS proxy module.
certificate_path: '/etc/letsencrypt/live/${mydomain.com}/cert.pem'
private_key_path: '/etc/letsencrypt/live/${mydomain.com}/privkey.pem'
## The address/interface on which the HTTPS proxy module should listen. This defaults
## to 127.0.0.1. If you wish to listen on all available interfaces,
## uncomment the following line.
listen_address: '::'
## The port that the HTTPS proxy module should bind to.
# listen_port: 9443
Connect to the dashboard and create an account. ( Go to https://${mydomain.com}:9443 )
Go to the browser and choose "Connect to Object Server"
Enter realms://${mydomain.com}:9443 as Server Url and the username and password you just created.
You should see a list of realms.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 走好不送 的文章《Https Proxy for Realm Object Server not working》','https://www.manongdao.com/article-945616.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}