Skip to content

Commit

Permalink
Add VAPID backup and X-Original-URL to README
Browse files Browse the repository at this point in the history
  • Loading branch information
@p1gp1g
p1gp1g committed Dec 3, 2024
1 parent cf3b0ab commit 356db7b
Showing 1 changed file with 35 additions and 0 deletions.
35 changes: 35 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -216,6 +216,41 @@ If you don't receive a test notification, then your MollySocket server can't rea

You can get further troubleshooting information on this page: <https://unifiedpush.org/users/troubleshooting/>.

* **How to backup VAPID key**

MollySocket is designed for self-hoster, and the idea is to renew the VAPID key if you have to reinstall MollySocket somewhere else. If you are asking for this, you are probably trying to use systemd-creds, else you'd have the VAPID private key in plain text.

If you haven't generated the VAPID key yet, just pipe the command to a temporary file: `mollysocket vapid gen | tee key.tmp | systemd-creds encrypt --name=ms_vapid -p - -`, key.tmp will contain the key, you can store it in a safe and remove the file.

If you have already generated the key, and want to back up this key, you can retrieve it this way: First, copy the content of `SetCredentialEncrypted` to a file `ms_vapid`. Then use systemd-creds to decrypt it. You can then store it in a safe.

```console
# cat cipher.cred
k6iUCUh0RJCQyvL8k8q1UyAAAAABAAAADAAAABAAAAC1lFmbWAqWZ8dCCQkAAAAAgAAAA
AAAAAALACMA0AAAACAAAAAAfgAg9uNpGmj8LL2nHE0ixcycvM3XkpOCaf+9rwGscwmqRJ
cAEO24kB08FMtd/hfkZBX8PqoHd/yPTzRxJQBoBsvo9VqolKdy9Wkvih0HQnQ6NkTKEdP
HQ08+x8sv5sr+Mkv4ubp3YT1Jvv7CIPCbNhFtag1n5y9J7bTOKt2SQwBOAAgACwAAABIA
ID8H3RbsT7rIBH02CIgm/Gv1ukSXO3DMHmVQkDG0wEciABAAII6LvrmL60uEZcp5qnEkx
SuhUjsDoXrJs0rfSWX4QAx5PwfdFuxPusgE==
# systemd-creds decrypt ms_vapid
DSqYuWchrB6yIMYJtidvqANeRQic4uWy34afzZRsZnI
```

* **On MollySocket webpage, I see a alert saying the origin isn't correct**

You are using MollySocket behind a reverse proxy and the URL received by MollySocket doesn't match the one you are using in your web browser.

You need to pass the original URL to MollySocket with the `X-Original-URL` header. For instance, the Nginx config looks like this:

```nginx
location /molly/ {
proxy_pass http://127.0.0.1:8020/;
proxy_set_header Host $host;
proxy_set_header X-Original-URL $uri;
}
```

## About security

**Relative to Signal security**
Expand Down

0 comments on commit 356db7b

Please sign in to comment.