The web page just continuously reverts to 'Warning: Potential Security Risk Ahead" after clicking through the self-signed warning. Tested in both firefox and chrome. The following is from the pydio.json file:
The following are the env vars in the docker-compose file:
CELLS_BIND=0.0.0.0:8087
CELLS_EXTERNAL=https://:8087
CELLS_NO_SSL=0
The actual domain has been replaced above with DOMAIN. Cells worked initially with SSL but when I removed the pydio container and recreated it, that is when things started to go awry.
How do I resolve this issue? Is the cells container creating new SSL certs each time the container is recreated?
The web server used by Cells is Caddy, and caddy stores the self signed certificates in memory and they are also only valid for 7 days, you should either use your own self signed (mounted in a volume) or no ssl.
The above occurred on day 1 so adding the self-signed certs may not resolve the issue. Please advise.
Also, what is the volume that the self-signed certs need to be added to and what commands need to be executed to ensure that the self-signed certs are recognized by the server?
I added custom ssl certs to an existing install (by bind mounting the files per the example) but the cert for the server is still the Caddy self-signed cert. I verified that the files were correctly mounted in the container.
Server certificate
subject=/O=Caddy Self-Signed
issuer=/O=Caddy Self-Signed
No client certificate CA names sent
Peer signing digest: SHA256
Server Temp Key: X25519, 253 bits
SSL handshake has read 759 bytes and written 423 bytes
Verification error: unable to verify the first certificate
New, TLSv1.2, Cipher is ECDHE-ECDSA-AES256-GCM-SHA384
Server public key is 256 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-ECDSA-AES256-GCM-SHA384
Session-ID: A1D9C8E247ECA01E25B01671812CE987A21D9E9F8572293AC54329B8CDE3A0DB
Session-ID-ctx:
Master-Key: D314B480003EBBC80761776D87B504C7493F56EA6930CE8FC47A3117E5504B9641CB42EDB07288EAE6462A9B2F2BB714
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket:
0000 - 11 85 d2 ba e2 15 06 d7-20 6a e2 1b 63 b9 38 67 … j…c.8g
0010 - 1b 51 c6 34 bb c8 82 73-cd 94 29 62 92 f3 14 45 .Q.4…s…)b…E
0020 - dd 18 e9 1d 38 67 37 35-fc ce 89 36 be 39 e5 bb …8g75…6.9…
0030 - b7 20 45 a3 27 8f ad dc-46 d4 e2 db e6 c6 a0 c7 . E.’…F…
0040 - cd 3e 23 81 44 20 35 bb-d0 73 1e b4 2b ef 76 8f .>#.D 5…s…+.v.
0050 - 71 63 6e 27 98 58 95 77-cb 1a 53 71 3d ca 19 d6 qcn’.X.w…Sq=…
0060 - 7b 95 d9 90 c8 73 0f 82-3f 1b b2 22 8d 8f 76 65 {…s…?.."…ve
0070 - 61 2d 16 50 cd c9 c7 da- a-.P…
Start Time: 1568219590
Timeout : 7200 (sec)
Verify return code: 21 (unable to verify the first certificate)
Extended master secret: no