self hosting -- cert issue

[debianmaster]

Can you help me with a little readme on how to tls certs with this binary?

jlisfsg6odga64r3k4xivgrcrq.tunnel.xyz not found
May 11 13:11:03 tunnel remotemoe[741]: 2022/05/11 13:11:03 http: TLS handshake error from 183.82.115.199:45382: 400 urn:ietf:params:acme:error:rejectedIdentifier: Error creating new order :: Cannot issue for "irwdcbzqprzif66tkifrsvhxsxjlisfsg6odga64r3k4xivgrcrq.tunnel": Domain name does not end with a valid public suffix (TLD)
May 11 13:11:03 tunnel remotemoe[741]: 2022/05/11 13:11:03 http: TLS handshake error from 183.82.115.199:45384: acme/autocert: missing certificate
May 11 13:11:03 tunnel remotemoe[741]: 2022/05/11 13:11:03 http: TLS handshake error from 183.82.115.199:45392: acme/autocert: missing certificate
May 11 13:11:03 tunnel remotemoe[741]: 2022/05/11 13:11:03 http: TLS handshake error from 183.82.115.199:45390: acme/autocert: missing certificate

[fasmide]

Given you have configured the DNS zone for tunnel.xyz correctly, I think what's missing here is remotemoe's ability to figure out the hosts fully qualified domain name - remotemoe uses os.Hostname() result as an FQDN and as such, you will need to configure /etc/hostname accordingly

Have a look at your shell, if the output of hostname reads just tunnel - you will need to edit /etc/hostname and set it to the full domain name, e.g. tunnel.xyz - and maybe even reboot the machine

I don't know if remotemoe should treat the hostname as an FQDN, but that's where its at, at the moment :)

[fasmide]

Somehow my eyes read "Preview" when in fact the button said "Comment and close issue" ...

it wasn't my intention to close the issue :)

[debianmaster]

thanks @fasmide for your respone. when i changed hostname to full fqdn it worked on port 80
how do i attach certs to installation and make it work for https ?

[fasmide]

Hi
remotemoe doesn't support adding or removing certificates manually - it's all done with ACME (Using let's encrypt by default)
But I would imagine that you are referring to the same issue as #3 . Namely, remotemoe won't send HTTPS (port 443) traffic upstream to a non-ssl webserver on port 80.

For now, the "mapping" needs to be 1:1 e.i. incoming traffic using SSL on port 443, can only be upstreamed through the ssh tunnel with SSL on port 443.

So, if you need to accept HTTPS traffic, you will need to forward port 443, and have an HTTPS server ready to accept the traffic - however - remotemoe does not verify the peer inside the ssh tunnel - so the certificate used can be self-signed and autogenerated

[debianmaster]

thanks for the detaild answer @fasmide
acme cert issuer is now working and im able to forward request on desired port. but encountered another challenge
While the root path for service is working anything after root path i.e. / or /healthz or /apis/test are providing same result. ex:-

https://irwdcbzqprzif66tkifrsvhxsxjlisfsg6odga64r3k4xivgrcrq.remote.moe/
https://irwdcbzqprzif66tkifrsvhxsxjlisfsg6odga64r3k4xivgrcrq.remote.moe/healthz
gives same result while paths are different

[debianmaster]

@fasmide can you suggest any tweaks in go code which i can work to support my previous comment

[fasmide]

@debianmaster I don't think this is an artifact of using remotemoe, It does no kind of rewriting and I am pretty sure when it receives a request to /api/test it will pass the same URL upstream