I can't access my webui - SSL_ERROR_RX_RECORD_TOO_LONG


Recommended Posts

Hi,

I'm trying to set up my sync node in cloud. These are the steps I've done:

I created resilio instance as a docker container with docker-compose:

---
version: "2.1"
services:
  resilio-sync:
    image: ghcr.io/linuxserver/resilio-sync
    container_name: resilio-sync
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Warsaw
      - UMASK_SET=022 #optional
    volumes:
      - /home/user/sync_config:/config
      - /mnt/volume_sgp1_01/containers_data/sync_downloads:/downloads
      - /mnt/volume_sgp1_01/sync:/sync
    ports:
      - 443:8888
      - 55555:55555
    restart: unless-stopped

Once I accessed web ui, browser complained about lack of ssl certificate, so I tried to generate one with command:

openssl req -newkey rsa:2048 -nodes -keyout domain.key-x509 -days 36500 -out sync.crt

I've adjusted resilio settings to use that certificate:

    "webui" :
    {
	"listen" : "0.0.0.0:8888",
	"allow_empty_password" : false,
        "dir_whitelist" : [ "/sync", "/sync/folders", "/sync/mounted_folders" ],
        "ssl_certificate" : "/config/sync.crt"
    }

After restarting of container, it started without issues, but when I'm trying to access web ui once again, my browser gives me error: SSL_ERROR_RX_RECORD_TOO_LONG

What have I done wrong?

Link to comment
Share on other sites

By default, Resilio Sync uses self-signed certificate (no need to generate a new one) causing the browser to give a warning, here are several workarounds:
https://help.resilio.com/hc/en-us/articles/4404757430291-Browser-warning-Your-connection-is-not-private-

So, there is no much sense in generating the new self-signed certificate.

When one acquires a certificate from CA to protect access to Sync's WebUI, one should also specify the path to the private key ("ssl_private_key") :
https://help.resilio.com/hc/en-us/articles/206178884-Running-Sync-in-configuration-mode 

Link to comment
Share on other sites

Thanks for answer. My browser (firefox), says nothing about certificate, that's why I thought, there is no certificate at all. It only says "connection not encrypted" and "This website does not supply ownership information.". I doesn't say anywhere, that there is a certificate issued by Resilio Sync as per example in help center. Are you sure, that there is no risk of password being compromised?

How can I verify, that this certificate exists?

Link to comment
Share on other sites

18 hours ago, s-kaczmarek said:

How can I verify, that this certificate exists?

There are numerous guides, e.g. this.

18 hours ago, s-kaczmarek said:

Are you sure, that there is no risk of password being compromised?

Resilio Sync is not CA. The certificate is a self-signed one - of course, they aren't that secure as those issued by CA.

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share