s-kaczmarek Posted November 14, 2021 Report Share Posted November 14, 2021 Hi, I'm trying to set up my sync node in cloud. These are the steps I've done: I created resilio instance as a docker container with docker-compose: --- version: "2.1" services: resilio-sync: image: ghcr.io/linuxserver/resilio-sync container_name: resilio-sync environment: - PUID=1000 - PGID=1000 - TZ=Europe/Warsaw - UMASK_SET=022 #optional volumes: - /home/user/sync_config:/config - /mnt/volume_sgp1_01/containers_data/sync_downloads:/downloads - /mnt/volume_sgp1_01/sync:/sync ports: - 443:8888 - 55555:55555 restart: unless-stopped Once I accessed web ui, browser complained about lack of ssl certificate, so I tried to generate one with command: openssl req -newkey rsa:2048 -nodes -keyout domain.key-x509 -days 36500 -out sync.crt I've adjusted resilio settings to use that certificate: "webui" : { "listen" : "0.0.0.0:8888", "allow_empty_password" : false, "dir_whitelist" : [ "/sync", "/sync/folders", "/sync/mounted_folders" ], "ssl_certificate" : "/config/sync.crt" } After restarting of container, it started without issues, but when I'm trying to access web ui once again, my browser gives me error: SSL_ERROR_RX_RECORD_TOO_LONG What have I done wrong? Quote Link to comment Share on other sites More sharing options...
s-kaczmarek Posted November 16, 2021 Author Report Share Posted November 16, 2021 Hello, is this forum alive? Quote Link to comment Share on other sites More sharing options...
Daria Posted November 19, 2021 Report Share Posted November 19, 2021 By default, Resilio Sync uses self-signed certificate (no need to generate a new one) causing the browser to give a warning, here are several workarounds:https://help.resilio.com/hc/en-us/articles/4404757430291-Browser-warning-Your-connection-is-not-private- So, there is no much sense in generating the new self-signed certificate. When one acquires a certificate from CA to protect access to Sync's WebUI, one should also specify the path to the private key ("ssl_private_key") :https://help.resilio.com/hc/en-us/articles/206178884-Running-Sync-in-configuration-mode Quote Link to comment Share on other sites More sharing options...
s-kaczmarek Posted November 21, 2021 Author Report Share Posted November 21, 2021 Thanks for answer. My browser (firefox), says nothing about certificate, that's why I thought, there is no certificate at all. It only says "connection not encrypted" and "This website does not supply ownership information.". I doesn't say anywhere, that there is a certificate issued by Resilio Sync as per example in help center. Are you sure, that there is no risk of password being compromised? How can I verify, that this certificate exists? Quote Link to comment Share on other sites More sharing options...
Daria Posted November 22, 2021 Report Share Posted November 22, 2021 18 hours ago, s-kaczmarek said: How can I verify, that this certificate exists? There are numerous guides, e.g. this. 18 hours ago, s-kaczmarek said: Are you sure, that there is no risk of password being compromised? Resilio Sync is not CA. The certificate is a self-signed one - of course, they aren't that secure as those issued by CA. Quote Link to comment Share on other sites More sharing options...
s-kaczmarek Posted November 23, 2021 Author Report Share Posted November 23, 2021 22 hours ago, Daria said: There are numerous guides, e.g. this. As mentioned above, in my previous message, I can't check that certificate from the browser level. How can I make sure, that self-signed certificate exists? Is there any way to verify that from the server level? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.