Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Proxy/SSL config with Let's Encrypt breaks app

See original GitHub issue

I’m trying to add SSL to my app via Let’s Encrypt, but I’m running into quite a few issues.

Mup version

1.4.3

Mup config

{
  "servers": {
    "one": {
      "host": "1.2.3.4",
      "username": "root",
      "password": "password"
    }
  },
  "proxy": {
    "domains": "zenshome.jp,www.zenshome.jp",
    "ssl": {
      "crt": "./fullchain.pem",
      "key": "./privkey.pem"
    }
  },
  "app": {
    "name": "my-app",
    "path": "../../",
    "servers": {
      "one": {}
    },
    "buildOptions": {
      "serverOnly": true
    },
    "env": {
      "ROOT_URL": "http://host.com",
      "MONGO_URL": "mongodb://user:pass@subdomain.subdomain.host.com:15739/zensroom?ssl=true",
      "VIRTUAL_HOST": "zenshome.jp,www.zenshome.jp",
      "HTTPS_METHOD": "noredirect",
      "HTTP_FORWARDED_COUNT": 1
    },
    "docker": {
      "image": "abernix/meteord:node-8.9.1-base",
      "prepareBundle": false
    },
    "deployCheckWaitTime": 120,
    "enableUploadProgressBar": true,
    "type": "meteor"
  }
}

Output of `mup status`

=> Servers
  - 128.199.170.128: Ubuntu 16.04

=> Docker Status
 - 128.199.170.128: 17.11.0-ce Running

=> Meteor Status
 - 128.199.170.128: running
    Created at 2018-03-07T00:26:05.638159659Z
    Restarted 0 times
    ENV:
     - ROOT_URL=http://zenshome.jp/
     - MONGO_URL=xxx
     - VIRTUAL_HOST=zenshome.jp,www.zenshome.jp
     - HTTPS_METHOD=noredirect
     - HTTP_FORWARDED_COUNT=1
     - METEOR_SETTINGS={...}
     - PORT=80
     - PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
     - METEORD_DIR=/opt/meteord
     - NODE_VERSION=8.9.1
    Exposed Ports:
     - 80/tcp
    App available through reverse proxy
     - Available in app's docker container: true

=> Reverse Proxy Status
 - 128.199.170.128:
   - NGINX:
     - Status: Stopped
   - Let's Encrypt
     - Status: Stopped

Issue

As soon as I uncomment the proxy block in mup.js, my app stops working entirely. The GraphQL endpoint at http://zenshome.jp/graphql becomes unaccessible, both using http and https. If I comment out proxy everything goes back to normal.

Even if I have bad SSL certs or a bad config I would guess it should only show a warning? Is it normal for the app to go down completely? In other words curl zenshome.jp just gives me:

Failed to connect to zenshome.jp port 80: Connection refused

I should also mention that I experienced issues with Cloudflare’s SSL (see https://github.com/zodern/meteor-up/issues/819) although I don’t think it can be related?

Issue Analytics

State:
Created 6 years ago
Comments:17

Top GitHub Comments

5reactions

louwerscommented, Jul 8, 2019

For me simply running mup stop before mup setup and mup deploy did the trick.

3reactions

SachaGcommented, Mar 7, 2018

OK so I don’t know if this is the “proper” way, but this is what I did that worked (using the custom certificates technique):

Create a new Digital Ocean instance.
Point your DNS to it.
SSH into it.
Follow the certbot instructions but use the manual way (not nginx). So sudo certbot certonly.
zip and scp the resulting certs directory back to your local mup folder.
Extract the fullchain.pem and privkey.pem files, and then fill in the proxy section of mup.js.
Set forceSSL: true in your proxy.ssl block.
Add https to your root URL.
Run mup setup.
Run mup deploy.

I’m not sure if you actually need to run sudo certbot certonly on your server or if you can do it locally, but it seemed like doing it on your server saves a verification step.