After configuring the TLS-certificate in the coder config I can no longer reach the web ui

After configuring the TLS-certificate in the coder config I can no longer reach the web ui. I am getting HTTP ERROR 400. Coder-setup: - I am running coder v0.14.1 as system proccess via the install script - To reach coder I am using nginx as a proxy server. It should only proxy request from https://coder.domain.com/ to http://127.0.0.1:3000/ (to reach the coder ui). It also redirects http://coder.domain.com/ to https://coder.domain.com/. The wildcard certificate is also installed here with nginx - My wildcard domain in coder is *.domain.com
No description
10 Replies
Tom Thomson
Tom ThomsonOP2y ago
Steps to reproduce: - I generated a wildcard certificate using certbot with the command certbot certonly --manual -d *.domain.com -d domain.com --agree-tos --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory --register-unsafely-without-email --rsa-key-size 4096 - I put the certificate in the directory /etc/coder.d and gave file permission to the coder user - in the coder.env file I enabled the TLS certificate:
CODER_ACCESS_URL=https://coder.domain.com
CODER_WILDCARD_ACCESS_URL=*.domain.com

CODER_ADDRESS=127.0.0.1:3000
CODER_PG_CONNECTION_URL=
CODER_TLS_CERT_FILE=/etc/coder.d/fullchain.pem
CODER_TLS_ENABLE=TRUE
CODER_TLS_KEY_FILE=/etc/coder.d/privkey.pem
CODER_ACCESS_URL=https://coder.domain.com
CODER_WILDCARD_ACCESS_URL=*.domain.com

CODER_ADDRESS=127.0.0.1:3000
CODER_PG_CONNECTION_URL=
CODER_TLS_CERT_FILE=/etc/coder.d/fullchain.pem
CODER_TLS_ENABLE=TRUE
CODER_TLS_KEY_FILE=/etc/coder.d/privkey.pem
- I restart the coder service using systemctl restart coder - The process starts with no errors: service coder status:
Jan 11 09:39:41 XXX systemd[1]: Starting "Coder - Self-hosted developer workspaces on your infra"...
Jan 11 09:39:41 XXX coder[243669]: WARN: --address and -a are deprecated, please use --http-address and --tls>
Jan 11 09:39:41 XXX coder[243669]: Using built-in PostgreSQL (/home/coder/.config/coderv2/postgres)
Jan 11 09:39:41 XXX coder[243669]: Started TLS/HTTPS listener at https://127.0.0.1:3000
Jan 11 09:39:41 XXX coder[243669]: View the Web UI: https://coder.domain.com
Jan 11 09:39:43 XXX coder[243669]: 2023-01-11 08:39:43.874 [INFO] (coderd.update_checker) <./co>
Jan 11 09:39:43 XXX coder[243669]: ==> Logs will stream in below (press ctrl+c to gracefully exit):
Jan 11 09:39:43 XXX systemd[1]: Started "Coder - Self-hosted developer workspaces on your infra".
Jan 11 09:39:41 XXX systemd[1]: Starting "Coder - Self-hosted developer workspaces on your infra"...
Jan 11 09:39:41 XXX coder[243669]: WARN: --address and -a are deprecated, please use --http-address and --tls>
Jan 11 09:39:41 XXX coder[243669]: Using built-in PostgreSQL (/home/coder/.config/coderv2/postgres)
Jan 11 09:39:41 XXX coder[243669]: Started TLS/HTTPS listener at https://127.0.0.1:3000
Jan 11 09:39:41 XXX coder[243669]: View the Web UI: https://coder.domain.com
Jan 11 09:39:43 XXX coder[243669]: 2023-01-11 08:39:43.874 [INFO] (coderd.update_checker) <./co>
Jan 11 09:39:43 XXX coder[243669]: ==> Logs will stream in below (press ctrl+c to gracefully exit):
Jan 11 09:39:43 XXX systemd[1]: Started "Coder - Self-hosted developer workspaces on your infra".
Tom Thomson
Tom ThomsonOP2y ago
Error: When I try to reach coder.domain.com I get the error HTTP 400: I wanted to start coder manualy to keep streaming logs but I can't do so as root user. Also I can't login as the coder user. Should I maybe create a new user and try running coder server?
No description
Tom Thomson
Tom ThomsonOP2y ago
With CODER_TLS_ENABLE=FALSE everything is working again.
Scott
Scott2y ago
@Tom Thomson - working again, as in you can access your coder with TLS?
Tom Thomson
Tom ThomsonOP2y ago
No, this disables tls and when I access my workspaces I don't have ssl certificates.
Scott
Scott2y ago
Ah. Ok. Unfortunately, I'm not using TLS at the Coder level, so can't help much.
Tom Thomson
Tom ThomsonOP2y ago
Thanks anyway
Atif
Atif2y ago
Also, for my personal setup i use a wildcard certificate *.coder.domain.com If possible why don't you try with caddy? Coder has some documentations on setting that up.
Tom Thomson
Tom ThomsonOP2y ago
With caddy it works
Codercord
Codercord2y ago
Marked the thread as resolved.

Did you find this page helpful?