Better support for letsencrypt HTTPS settings for all dietpi software

Suggestions for features and software you would like to see in DietPi, goes here.
Post Reply
johnfredhandy
Posts: 4
Joined: Sun Feb 16, 2020 6:48 am

Better support for letsencrypt HTTPS settings for all dietpi software

Post by johnfredhandy »

Not being a system administrator, I am not familiar with the details for setting up HTTPS for applications like Gitea, git, etc. Dietpi installation automates use of letencrypt for the supported web browesers. I do not know how to add support for Gitea or Git to use HTTPS. I have looked at the obvious places to see how to enable HTTPS for Gitea, but what I have tried has not worked. I am asking for an expert on this to graciously help us all out.
Thank you,
John Handy
User avatar
Joulinar
Posts: 2271
Joined: Sat Nov 16, 2019 12:49 am

Re: Better support for letsencrypt HTTPS settings for all dietpi software

Post by Joulinar »

Hi,

you can use letencrypt to generate your certificates. You would need to have one of the DietPi offered web server installed. Once you have created certs using letencrypt, you can adjust Gitea settings to point to the letencrypt cert.

I guess you would need to adjust the app.ini file by changing the 4 values

Code: Select all

CERT_FILE        = /etc/letsencrypt/live/example.org/fullchain.pem
KEY_FILE         = /etc/letsencrypt/live/example.org/privkey.pem
PROTOCOL         = https
ROOT_URL         = https://example.org:3000/
letencrypt always will store the cert within a specific folder and you would need to adjust your application to point to it.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
johnfredhandy
Posts: 4
Joined: Sun Feb 16, 2020 6:48 am

Re: Better support for letsencrypt HTTPS settings for all dietpi software

Post by johnfredhandy »

Thank you much for your quick reply.

Alas, it still does not work. The SSL certs work for the lightpd web and for owncloud, but not for gitea with the :3000 added to the URL. Is there something else I need to do with my router or DDNS service? I have forwarded ports 3000, 3080 and of course 443, 80, and 22.

Thank you,
John Handy
User avatar
Joulinar
Posts: 2271
Joined: Sat Nov 16, 2019 12:49 am

Re: Better support for letsencrypt HTTPS settings for all dietpi software

Post by Joulinar »

did you checked the Gitea Service log if there are error messages? I tested it this evening and for me https was working fine on Gitea.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
johnfredhandy
Posts: 4
Joined: Sun Feb 16, 2020 6:48 am

Re: Better support for letsencrypt HTTPS settings for all dietpi software

Post by johnfredhandy »

This is located at the end of the gitea.log file:

2020/02/16 22:00:14 ...s/graceful/server.go:55:NewServer() Starting new server: tcp:0.0.0.0:3000 on PID: 11281
2020/02/16 22:00:14 ...s/graceful/server.go:107:ListenAndServeTLS() [E] Failed to load https cert file /etc/letsencrypt/live/jfhprivate.ddns.net/fullchain.pem for tcp:0.0.0.0:3000: open /etc/letsencrypt/live/jfhprivate.ddns.net/fullchain.pem: permission denied
2020/02/16 22:00:14 cmd/web.go:204:runWeb() [C] Failed to start server: open /etc/letsencrypt/live/jfhprivate.ddns.net/fullchain.pem: permission denied
2020/02/16 22:00:14 cmd/web.go:206:runWeb() HTTP Listener: 0.0.0.0:3000 Closed
...
The protections:
root@HandyDietPi:/etc/letsencrypt/archive/jfhprivate.ddns.net# ls -ltr
total 16
-rw------- 1 root root 3272 Feb 14 23:19 privkey1.pem
-rw-r--r-- 1 root root 3916 Feb 14 23:19 fullchain1.pem
-rw-r--r-- 1 root root 1647 Feb 14 23:19 chain1.pem
-rw-r--r-- 1 root root 2269 Feb 14 23:19 cert1.pem

I do not know the user under which gitea runs. Maybe it needs write access?
Thank you!
John
User avatar
Joulinar
Posts: 2271
Joined: Sat Nov 16, 2019 12:49 am

Re: Better support for letsencrypt HTTPS settings for all dietpi software

Post by Joulinar »

Hi,

you can use the extrem easy way

Code: Select all

chmod -R 777 /etc/letsencrypt
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
johnfredhandy
Posts: 4
Joined: Sun Feb 16, 2020 6:48 am

Re: Better support for letsencrypt HTTPS settings for all dietpi software

Post by johnfredhandy »

That worked. However, is it best practice to open the restrictions on all of the letsencrypt files? How did this get messed up, since it was a fresh install?

Thank you
User avatar
Joulinar
Posts: 2271
Joined: Sat Nov 16, 2019 12:49 am

Re: Better support for letsencrypt HTTPS settings for all dietpi software

Post by Joulinar »

Hi,

there was nothing messed up. gitea is running on a total different user account that than the letsencrypt certificate was created. You could now fix the access for the gitea user explicitly or you do 777. As I said, 777 is the easiest an fastes way. You are free to adjust folder permissions on your needs.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
Post Reply