I can't access my webui - SSL_ERROR_RX_RECORD_TOO_LONG

[s-kaczmarek]

Hi,

I'm trying to set up my sync node in cloud. These are the steps I've done:

I created resilio instance as a docker container with docker-compose:

---
version: "2.1"
services:
  resilio-sync:
    image: ghcr.io/linuxserver/resilio-sync
    container_name: resilio-sync
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Warsaw
      - UMASK_SET=022 #optional
    volumes:
      - /home/user/sync_config:/config
      - /mnt/volume_sgp1_01/containers_data/sync_downloads:/downloads
      - /mnt/volume_sgp1_01/sync:/sync
    ports:
      - 443:8888
      - 55555:55555
    restart: unless-stopped

Once I accessed web ui, browser complained about lack of ssl certificate, so I tried to generate one with command:

openssl req -newkey rsa:2048 -nodes -keyout domain.key-x509 -days 36500 -out sync.crt

I've adjusted resilio settings to use that certificate:

    "webui" :
    {
	"listen" : "0.0.0.0:8888",
	"allow_empty_password" : false,
        "dir_whitelist" : [ "/sync", "/sync/folders", "/sync/mounted_folders" ],
        "ssl_certificate" : "/config/sync.crt"
    }

After restarting of container, it started without issues, but when I'm trying to access web ui once again, my browser gives me error: SSL_ERROR_RX_RECORD_TOO_LONG

What have I done wrong?

[s-kaczmarek]

Hello, is this forum alive?

[Daria]

By default, Resilio Sync uses self-signed certificate (no need to generate a new one) causing the browser to give a warning, here are several workarounds:
https://help.resilio.com/hc/en-us/articles/4404757430291-Browser-warning-Your-connection-is-not-private-

So, there is no much sense in generating the new self-signed certificate.

When one acquires a certificate from CA to protect access to Sync's WebUI, one should also specify the path to the private key ("ssl_private_key") :
https://help.resilio.com/hc/en-us/articles/206178884-Running-Sync-in-configuration-mode 

[s-kaczmarek]

Thanks for answer. My browser (firefox), says nothing about certificate, that's why I thought, there is no certificate at all. It only says "connection not encrypted" and "This website does not supply ownership information.". I doesn't say anywhere, that there is a certificate issued by Resilio Sync as per example in help center. Are you sure, that there is no risk of password being compromised?

How can I verify, that this certificate exists?

[Daria]

18 hours ago, s-kaczmarek said:

How can I verify, that this certificate exists?

There are numerous guides, e.g. this.

18 hours ago, s-kaczmarek said:

Are you sure, that there is no risk of password being compromised?

Resilio Sync is not CA. The certificate is a self-signed one - of course, they aren't that secure as those issued by CA.

 

[s-kaczmarek]

22 hours ago, Daria said:

There are numerous guides, e.g. this.

As mentioned above, in my previous message, I can't check that certificate from the browser level. How can I make sure, that self-signed certificate exists? Is there any way to verify that from the server level?