Set up own SSL certificate SSL - developer edition

nagyworldcup · January 21, 2021, 8:23am

Dears,
seeking for help i got the following error :-
Please note that i’m sure the certificates files already exists in the mentioned path there.

nginx: [emerg] cannot load certificate “/opt/seatable/seatable-data/ssl/seat.visitqatar.qa.crt”: BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen(‘/opt/seatable/seatable-data/ssl/seat.visitqatar.qa.crt’,‘r’) error:2006D080:BIO routines:BIO_new_file:no such file)
root@qntc-ctable01:/opt/seatable#

One more question :-
Upload the SSL certificate file to the SeaTable data directory : `/Your SeaTable data volume/ssl/
is that path is mandatory to keep the certificate on it or we can change the location , i changed the location to some place outside SeaTable data volume, the certificate is loaded but the system not longer work so i reverted back

kindly advice what to do.

rdb · January 21, 2021, 5:21pm

Hello! I guess it’s either a path or permission problem. nginx reports a file not found when the file is not accessible. Or, if you have copy-pasted a path, your configuration may contain one or mor funny characters.
Here’s what I would do:
1.) Check for funny characters: Use ‘cat -A’ on the file. Check for characters that should not be there.
2.) Test nginx configuration: Execute ‘nginx -t’. If there is a mistake in the configuration, the command will tell you where in the file
3.) Check permissions: The user running nginx (usually www-data) requires permission to read the certificate files.

If you need more help, could you paste the relevant part of your nginx conf here? Additionally, could you paste the result of ‘ls -l /opt/seatable/seatable-data/ssl/’ here?

nagyworldcup · January 22, 2021, 8:16am

Kindly find below :-
root@seatable01:~# nginx -t
Command ‘nginx’ is available in ‘/usr/sbin/nginx’
The command could not be located because ‘/usr/sbin’ is not included in the PATH environment variable.
This is most likely caused by the lack of administrative privileges associated with your user account.
nginx: command not found

root@seatable01:~# ls -l /opt/seatable/seatable-data/ssl/
total 8
-rw-rw-rw- 1 root www-data 2386 Jan 21 23:04 seat.visitqatar.qa.crt
-rw-rw-rw- 1 root www-data 2108 Jan 21 23:04 seat.visitqatar.qa.key

**Part of nginx config file lcated in **
/opt/seatable/seatable-data/seatable/conf/

=====================
server {

if ($host = 40.125.79.166) {

    return 301 https://$host$request_uri;

}

listen 80;

server_name 40.125.79.166;

return 404;

}

server {
server_name 40.125.79.166;
listen 443 ssl;
ssl_certificate /opt/seatable/seatable-data/ssl/seat.visitqatar.qa.crt;
ssl_certificate_key /opt/seatable/seatable-data/ssl/seat.visitqatar.qa.key;

proxy_set_header X-Forwarded-For $remote_addr;

=========================

and finally the error

root@seatable01:~# docker exec -it seatable /usr/sbin/nginx -s reload
nginx: [emerg] cannot load certificate “/opt/seatable/seatable-data/ssl/seat.visitqatar.qa.crt”: BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen(‘/opt/seatable/seatable-data/ssl/seat.visitqatar.qa.crt’,‘r’) error:2006D080:BIO routines:BIO_new_file:no such file)
root@seatable01:~#

rdb · January 22, 2021, 5:17pm

Oh, I see the problem.
You are using a path from the host in the docker container. No wonder nginx complains about the absence of the file.

Let me elaborate: You saved the certificate files under /opt/seatable/seatable-data/. This is a directory in the host. nginx, by contrast, runs in the docker container. As a consequence, nginx cannot access /opt/seatable/seatable-data.

The directory /opt/seatable/seatable-data is available in the Docker container, but not unter /opt/seatable/seatable-data. When you look at the docker-compose, you can see where (last line):

[…]
seatable:
image: seatable/seatable:latest
container_name: seatable
ports:
- “80:80”
- “443:443” # If https is enabled, cancel the comment.
volumes:
- /opt/seatable/seatable-data:/shared # Requested, specifies the path to Seafile data persistent store.
[…]

Long story short: Please edit the nginx configuration in the container. Specifically, /opt/seatable/seatable-data/ shoud be replaced by /shared/

This is how you do it:

Go into the container: docker container exec -it seatable /bin/bash
Edit the default conf-file in /etc/nginx/sites-enabled and save
Test the nginx configuration typing nginx -t → there should be no error message
Reload nginx configuration typing nginx -s reload → now nginx should properly start

You can also see the relevant paths to the certificate files in nginx here: Help - SeaTable

nagyworldcup · January 23, 2021, 10:52am

Dear Thanks for your help
please check below the result

root@34fe0a17495e:/opt/seatable# nginx -t
Enter PEM pass phrase:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
root@34fe0a17495e:/opt/seatable#

root@34fe0a17495e:/opt/seatable# nginx -s reload
Enter PEM pass phrase:
root@34fe0a17495e:/opt/seatable#

root@34fe0a17495e:/shared/ssl# ls
seat.visitqatar.qa.crt seat.visitqatar.qa.key

this is the URL is working fine
http://52.247.209.46/
but when i try https not working what is the issue ?

https://52.247.209.46/ not working

rdb · January 23, 2021, 1:28pm

Glad to hear that we are making headway!

Have you modified the other configuration files besides the nginx config?

This is from the manual:

Upload the SSL certificate file to the SeaTable data directory : /Your SeaTable data volume/ssl/
Change the “http” of each SERVER_URL in ccnet.conf, dtable_web_settings.py and dtable_server_config.json to “https”.
Restart the SeaTable service : docker exec -it seatable /shared/seatable/scripts/seatable.sh restart
Restart the Memcached service： docker restart seatable-memcached
Modify the nginx configuration file : /Your SeaTable data volume/seatable/conf/nginx.conf
Reload the nginx configuration file : docker exec -it seatable /usr/sbin/nginx -s reload

Obviously, you have done 1, 5 and 6. Have you also done 2, 3 and 4?

nagyworldcup · January 24, 2021, 8:39am

Thanks, yes i did all these steps, but the same result

i tested the same in another server as well but same result.

here is partial updates correspondent to each file name
file :- ccnet.conf
[General]
SERVICE_URL = https://52.247.209.46/

i made the same for the rest of the files but since i’m new user, i was not able to add them here it allow only two link

please if you need access to the machine i can share the user name and password

rdb · January 24, 2021, 12:37pm

I just sent you a personal message. There should be a little overlay on your avatar in the top right corner indicating the receipt of a pm. Can you reply to it? Optionally, you can also write to support@seatable.io.