No HTTPS for CV4PVE-ADMIN

[kenrmayfield]

The URL for CV4PVE-ADMIN can only be HTTP? HTTPS will not work. I can not use
CV4PVE-ADMIN in a Live Business Environment if only HTTP is used to reach the URL for CV4PVE-ADMIN.

There also No Option to Turn OFF HTTP and Turn ON HTTPS or just use HTTPS completely.

When you try the URL with HTTPS, you will Receive the Error:
Secure Connection Failed
An error occurred during a connection to 192.168.1.143:5000. SSL received a record that exceeded the maximum permissible length.
Error code: SSL_ERROR_RX_RECORD_TOO_LONG
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
Learn more…

I did also try Editing the the File appsettings.json and change "urls": "http://0.0.0.0:5000", to "urls": "https://0.0.0.0:5000",
however the Page will not come up.

This is a Great Tool however I can not use this in the Live Business Environment with the URL being HTTP due to the fact that anyone could SNIFF the Username and Password to the Tool since HTTP is Non Encrypted.

Thanks,
Kenneth

[franklupo]

hi,
thank you for your interest. Let's check how to resolve your request.

best reagrds

[kenrmayfield]

Frank,

I am doing a Follow Up?

Thanks,
Kenneth

[franklupo]

Sorry, I don't understand. What do you mean?

[kenrmayfield]

I was Referring to the Request that I made about HTTPS when I started this Post 5 Days Ago.

[matteocv]

Hello @kenrmayfield,
our development team is working on it, we will update you in this issue.

Best Regards,

[kenrmayfield]

I was wondering if Creating a NGINX SSL for Docker would Work?
I wanted to see what you think?
I was wondering if there is something in the Code I Manipulated below is missing something or it will not work?

I have Manipulated the Code Below with Steps:

Step 1: Create Directory

Create a directory with the name "docker_ssl_proxy" to store the NGINX Configuration file and the certificate and key

$ mkdir docker_ssl_proxy

Step 2: Change Directory to docker_ssl_proxy
NOTE:
You must be under this directory before executing the following steps (Commands).

Step 2.a: Use Signed Certificates
NOTE:
If you have Certificates you can simply copy the following 2 files to the Current Directory
key.pem
cert.pem

Step 2.b Create the Self-Signed Certificates (If needed)

Use OpenSSL to create a Self-Signed Certificate, following command will create a Self-Signed Certificate and a Private Key with a Validity of 365 days.

$ openssl req -subj '/CN=localhost' -x509 -newkey rsa:4096 -nodes -keyout key.pem -out cert.pem -days 365

Step 3: Find your container IP address
3.1: Find your Container ID.

$ docker ps
NOTE:
It will list all the processes that are running and find out your Container Id.

3.2 Find IP Address

To find the container IP address from the Host, you can run the command
NOTE:
(Container-ID): replace this with the value that you get from Step 3.1

$ docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' (Contrainer-ID)

NOTE:
The response of the above command will be an IP address

Step 4: Create the NGINX configuration file

In the same directory (docker_ssl_proxy), create a Configuration File that will Proxy All the Traffic to your upstream server. The upstream server is the application server running a non-SSL connection. The SSL will be using NGINX, and all the traffic will be Proxied to the Host (using the IP Address that you got in Step 3.2)

The Configuration File, which in this example is called "proxy_ssl.conf," but can have any name as long as it ends in .conf.
Example file: proxy_ssl.conf
NOTE: 5000 is the Port for CV4PVE-ADMIN.
The only thing you need to replace in this file is the Container IP Address.
This file simply instructs NginX to listen, with SSL and the correct Certs and Keys, on port 443 and to proxy all the requests to the Host on port 5000.

The File must have the following Contents below:

server {
listen 443;
ssl on;
ssl_certificate /etc/nginx/conf.d/cert.pem;
ssl_certificate_key /etc/nginx/conf.d/key.pem;
location / {
proxy_pass http://(Container IP):5000;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}

NOTE:
This file simply instructs NginX to listen, with SSL and the correct Certs and Keys, on port 443 and to Proxy All the Requests to the Host on port 5000

Step 5: Run the Docker Container

At this point, we have all the Configuration in place to Proxy the Traffic; we simply need to run the Docker Container with the following command.

$ docker run --name nginx_proxy -d -v pwd:/etc/nginx/conf.d -p 443:443 nginx

NOTE: 5000 is the Port for CV4PVE-ADMIN
If you face issues, try to replace PWD in the command above with the Full Directory Path for "docker_ssl_proxy", where you have Config and Cert files.

$docker run --name nginx_proxy -d -v (yourdirectory):/etc/nginx/conf.d -p 443:443 nginx

[franklupo]

you could use a docker compose

[kenrmayfield]

@matteocv
Frank,

On my Previous Posting........what did you think about the Code to try to get HTTPS to work?

As far as Docker Compose...........It will be the same Problem.........still No HTTPS. Even if you use a Container, that does not change the Protocol.

[franklupo]

hi,
I didn't enable Forwarded. In the next release we will come up with an example for Nginx

best reagrds

[franklupo]

see https://github.com/Corsinvest/cv4pve-admin/tree/main/src/Docker/Nginx/ReverseProxy

[kenrmayfield]

@matteocv

Frank,

I Sent you and Matteo a Email asking a Question about the Reverse Proxy.

[kenrmayfield]

@matteocv

Frank,

I was checking back on Previous Comment.

[kenrmayfield]

@matteocv

Frank,

Sent Response Email.

[kenrmayfield]

@matteocv

Frank,

Sent Response Email. Checking back with you Guys.

[franklupo]

Hi,
if you want attach the docker code for HTTPS.

best regards

[franklupo]

News?

[kenrmayfield]

@franklupo
@matteocv

Still having a Problem getting HTTPS to work?

I tried: https://github.com/Corsinvest/cv4pve-admin/tree/main/src/Docker/Nginx/ReverseProxy

[kenrmayfield]

@franklupo
@matteocv

Still having a Problem getting HTTPS to work?

I tried: https://github.com/Corsinvest/cv4pve-admin/tree/main/src/Docker/Nginx/ReverseProxy

[Aterfax]

@franklupo @matteocv

Still having a Problem getting HTTPS to work?

I tried: https://github.com/Corsinvest/cv4pve-admin/tree/main/src/Docker/Nginx/ReverseProxy

Set up a SWAG reverse proxy, HTTPS over port 5000. SSL all setup fine. Errors suggest the backend docker for CV4PVE seems to be incompatible with running in HTTPS in some manner.

Seeing in browser console:

Uncaught (in promise) WebSocket is not in the OPEN state

[2023-10-24T17:50:53.720Z] Error: System.Threading.Tasks.TaskCanceledException: A task was canceled.
   at Microsoft.JSInterop.JSRuntime.InvokeAsync[TValue](Int64 targetInstanceId, String identifier, Object[] args)
   at Microsoft.JSInterop.JSRuntimeExtensions.InvokeVoidAsync(IJSRuntime jsRuntime, String identifier, Object[] args)
   at Microsoft.AspNetCore.Components.Server.Circuits.RemoteNavigationManager.<>c__DisplayClass13_0.<<NavigateToCore>g__PerformNavigationAsync|0>d.MoveNext()

Seeing in docker logs:

[ERR] Navigation failed when changing the location to /login?key=d3f0d667-c2c7-4e7e-8676-REDACTED

[franklupo]

I found and fixed the problem for reverse proxy.