Hi Ryan, Don't worry about that! Thank you very much for taking the time to take a l ook at my problem.
On Wed, Aug 17, 2016 at 8:21 AM, Ryan Kelly <[email protected]> wrote: > > Hi Juan, sorry for the delay in replying here. > > On 11/08/2016 00:50, Juan García wrote: > > The sync-server complains about the > > public ip not being correctly set > > (http://paste.scratchbook.ch/view/ac632e8f) and I just don't know where > > I can tell it (or some other server) to use https. > > This error means that the python webserver itself does not believe it's > running under https. > > Do you have the server running behind e.g. a reverse proxy that's > providing the SSL? > > Yes I do :) > If so then the "right" way to resolve this, is to > ensure that the proxy is sending the right headers through to the python > server. For example with nginx, you need the X-Forwarded-Proto header > turned on like this: > > > https://github.com/mozilla/fxa-dev/blob/master/roles/ > sync/templates/nginx.conf.j2#L3 > > But that can be a bit fiddly and depends a lot on exactly how you're > running the server. So if you're sure your SSL setup is otherwise > working correctly, there's also an easy way to fix this, which it so set > this undocumented config option to tell syncserver to stop complaining: > > > https://github.com/mozilla-services/syncserver/blob/ > master/syncserver/__init__.py#L143 Yup, it was fiddly. I coudln't get it to work, so I just changed the variable so that it stops complaining. > > > Browserid or oauth, > > or both (I don't really understand how this all works) cannot assert > > stuff (http://paste.scratchbook.ch/view/4a3472fc and > > http://paste.scratchbook.ch/view/cdf1c5fe) > > The error message "unable to verify the first certificate" comes from > SSL, and indicates that your SSL certificate is being rejected. I > suspect that node and/or python are not recognizing the self-hosted > certificate that you've installed in the host's certificate store. > > Unfortunately I'm not familiar enough with using customs certificates in > node to offer any advice, although you may find this a good starting point: > > https://github.com/coolaj86/node-ssl-root-cas > > > Thank you very much for the link! I have the debian package installed and in theory, the debian team has patched it so that it looks in the system wide certificates, to which I have added the CA created by me. It still doesn't seem to believe I am who I say I am :) Thank you very much for the hint! At least now I know all the problems I have are just SSL-related. Cheers, Juanito
_______________________________________________ Sync-dev mailing list [email protected] https://mail.mozilla.org/listinfo/sync-dev
