Page MenuHomePhabricator

Aphlict admin server doesn't connect when SSL cert and key are supplied
Closed, WontfixPublic

Description

When configuring the admin server via the aphlict.custom.js file if you supply the key and crt file paths (and edit notification.servers to https) Phabricator is unable to connect.

Upon removing the key and crt, and changing notification.servers everything works great.

phabricator b2db1ec2ca21fee8461b6e399671bef5944cfa1e (Fri, Apr 15)
arcanist 737f5c0df976fe2b3178aac6ab7feb3d3621d99e (Sat, Apr 9)
phutil 7a184448aff55465476da0e13477b7e6f3446a14 (Thu, Apr 14)

Event Timeline

From IRC, the HTTPS server didn't even start up (no port in netstat). So my first guess is that there's some 'error' handler we need to install, and that should tell us what the issue is (bad SSL key / weird Node stuff / who knows what).

I can't immediately reproduce this...

$ curl --insecure https://127.0.0.1:22281/status/
{"instance":"default","uptime":25686,"clients.active":0,"clients.total":0,"messages.in":0,"messages.out":0,"version":7}

Other stuff I tried:

Configuring both client and admin server as HTTPS, worked fine:

epriestley@orbital ~ $ curl --insecure https://127.0.0.1:22281/status/
{"instance":"default","uptime":13778,"clients.active":0,"clients.total":0,"messages.in":0,"messages.out":0,"version":7}
epriestley@orbital ~ $ curl --insecure https://127.0.0.1:22280/status/
HTTP/501 Use Websockets

Pointing SSL key at bogus nonsense file. This started aphlict (it probably should not) but gave me a clear error in aphlict debug:

<<< UNCAUGHT EXCEPTION! >>>

Error: error:0906D06C:PEM routines:PEM_read_bio:no start line
    at Object.exports.createCredentials (crypto.js:131:17)

Pointing SSL cert at a bogus nonsense file. This did pretty much the same thing.

We should fail harder on those errors, but I think I can't reproduce this.

I also tried swapping the ".key" and ".crt" but that gave me the same error as using a bogus file.

From IRC, this may be an issue with older ws (0.7.1) except that I also have 0.7.1 locally. But we should possibly upgrade / recommend upgrading / something like that.

Yea, so I think the path forward is to check the version of WS and to add some docs about it in the aphlict changes, and just the general updating guide.

epriestley claimed this task.

This is super old and doesn't have any apparent reproduction instructions.