EACS03: get healthz endpoint: tls: failed to verify certificate: x509:
From what I see, I am getting these certificate errors due to them being made for 127.0.0.1 rather than 192.168.0.81. (I am not able to use Tunneling due to firewall restrictions.)
In a likely related note, I am unable to use workspaces as they become unhealthy/unresponsive.
Any ideas would be greately appreciated.
25 Replies
Hi. Is coder running behind a reverse proxy? Or directly exposed?
I will suggest using a reverse proxy like caddy
It's currently directly exposed
I'm not too literate, is there a guide I can follow to try that?
Yes yes. Let me link it.
I'm assumeing the main issue is that this is all being hosted on local IPs which don't have cets
Thank you
I personally use caddy.
As long as I can connect via HTTP, that's fine
Actually I am not sure. Let's try and see if it works.
Some reacted docs on local certs.
https://caddyserver.com/docs/automatic-https#local-https
Automatic HTTPS - Caddy Documentation
Caddy is a powerful, enterprise-ready, open source web server with automatic HTTPS written in Go
You can also check this guide if your network is air gapped.
https://coder.com/docs/install/offline
I'm following this guide for setting up Caddy, and I get this error:
from the error, it looks like you are mounting a file over a directory or vice virsa
I'm assuming I need a domain to reverse proxy, right?
Yes. It may be possible without that too on your internel network.
After getting a domain, I now get this error with the mostly stock coder config.
Am I doing something wrong?
OpenSSL SSL_connect: SSL_ERROR_SYSCALL seems to be the issue acording to cul
When I use :80, I am able to see the default page on HTTPcan you share you Caddyfile?
There I set the selector (hidden red part) to just the domain
(xyz.xyz.com)
After following this guide (since the one I used and that you sent was removed), these are my Caddyfile and Docker Compose:
I am able to connect to Coder via 127.0.0.1:8080 and [local_ip]:8080. However, when trying to connect to the https://[subdomain].[domain].online I get the error PR-END-OF-FILE-ERROR.
Let's Debug gives me two errors:
- ANotWorking: [subdomain].[domain].online has an A (IPv4) record ([IP]) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
- IssueFromLetsEncrypt: A test authorization for feta-usda.ecosearch.online to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.
After some changes, this allows Coder to be used from outside the network although on port 4433 and it gives an error regarding self-signed certs.
Narrowed down the issue to being that Coder isn't responsive on port 80. CURL is able to get an HTML file although when I attempt to connect to Coder via HTTP on port 80 I get redirected to port 443
I'm assuming my ISP has started to block ports 80 and 443.
getting redirected to port 443 is totally normal
why do you think so? from what I can tell your instance should be healthy