Rocket.Chat no Ubuntu 16.04 + Apache2 SSL Proxy não funciona

1

Problema: O Rocket.Chat Server roda perfeitamente sobre HTTP, mas infelizmente não consigo trabalhar com HTTPS e Proxy Reverso Apache2 ...

Apache-Config sub.example.com (Rocket.Chat):

> <VirtualHost IP:443>
> 
> ServerAdmin [email protected]
> ServerName sub.example.com
> ServerAlias www.sub.example.com
> ErrorLog /var/log/chat.sub.example.com_error.log
> TransferLog /var/log/chat.sub.example.com_access.log
> LogLevel info
> SSLEngine On
> SSLCertificateFile /etc/letsencrypt/live/sub.example.com/fullchain.pem
> SSLCertificateKeyFile /etc/letsencrypt/live/sub.example.com/privkey.pem
> 
> <Location />
>         Order allow,deny
>         Allow from all
> </Location>
> 
> RewriteEngine On
> RewriteCond %{HTTP:Upgrade} =websocket [NC]
> RewriteRule /(.*) ws://localhost:3000/$1 [P,L]
> RewriteCond %{HTTP:Upgrade}           !=websocket [NC]
> RewriteRule /(.*) http://localhost:3000/$1 [P,L]
> 
> ProxyPassReverse / http://localhost:3000/
> </VirtualHost>

Na parte superior, o exemplo.com também serve outro conteúdo via https:

<VirtualHost *:443>
    # The ServerName directive sets the request scheme, hostname and port that
    # the server uses to identify itself. This is used when creating
    # redirection URLs. In the context of virtual hosts, the ServerName
    # specifies what hostname must appear in the request's Host: header to
    # match this virtual host. For the default virtual host (this file) this
    # value is not decisive as it is used as a last resort host regardless.
    # However, you must set it for any further virtual host explicitly.
    #ServerName www.example.com

    ServerAdmin [email protected]
    ServerName example.com
    ServerAlias www.example.com
    DocumentRoot /var/www/example.com/public_html

    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
    # error, crit, alert, emerg.
    # It is also possible to configure the loglevel for particular
    # modules, e.g.
    #LogLevel info ssl:warn

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    # For most configuration files from conf-available/, which are
    # enabled or disabled at a global level, it is possible to
    # include a line for only one particular virtual host. For example the
    # following line enables the CGI configuration for this host only
    # after it has been globally disabled with "a2disconf".
    #Include conf-available/serve-cgi-bin.conf
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.example.com [OR]
RewriteCond %{SERVER_NAME} =example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]


  </VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Caddy-Files é assim:

> https://sub.example.com
> proxy / localhost:3000 {
>   websocket
>   transparent
> }

Caddy-Status (Toda vez que edito o arquivo caddy padrão nas configurações acima, o serviço parece falhar):

link

Resumo (/./ - > Remoção de links):

[Website] HTTPS https:/./example.com --> Working

[Rocket.Chat] HTTP http:/./sub.example.com:3000 --> Working

[Rocket.Chat] HTTPS https:/./sub.example.com:3000 --> NOT WORKING (ERR_CONNECTION_CLOSED)

Alguém é capaz de me dar uma dica? Eu acho que é um problema com o domínio de topo e os VirtualHosts ... Muito obrigado!

    
por abcdef123e 30.03.2017 / 16:45

1 resposta

0

Eu tenho o mesmo problema com centos7 e apache, resolvido com a instalação do certificado intermediário! Parece que a API para dispositivos móveis precisava disso. Teste seu servidor SSL com link . Se você receber um erro de "cadeia incompleta" no teste de certificado, use o link para resolvê-lo.

Cole no último site seu certificado ssl real e use o resultado para seu certificado intermediário. Reinicie o httpd, outro teste em ssllabs deve parecer OK na cadeia de certificados e o aplicativo móvel parece bom.

    
por 12.07.2017 / 13:57