Https:/ problem with webodm redirect

Hello all… doing some testing trying to allow clients to access webodm hosted on a local machine. It’s Docker Desktop (on a windows machine). Have set up the router forwarding on ports 443 and 80. Set up the DNS forward with the domain host. It works just fine with 80, but it fails on https. Anyone be so kind as to steer me in the right direction? I’m not much of a coder. NoTE: I’ve replaced my domain with [MY DOMAIN] in the code below.

$ ./webodm.sh restart --ssl --hostname [MY DOMAIN]
Checking for docker… OK
Checking for docker-compose… OK
Restarting WebODM…
docker-compose -f docker-compose.yml -f docker-compose.nodeodm.yml -f docker-compose.nodemicmac.yml down --remove-orphans
Container webapp Stopping
Container webapp Stopping
Container webapp Stopped
Container webapp Removing
Container webapp Removed
Container webodm_node-odm_1 Stopping
Container webodm_node-odm_1 Stopping
Container worker Stopping
Container worker Stopping
Container webodm_node-odm_1 Stopped
Container webodm_node-odm_1 Removing
Container webodm_node-odm_1 Removed
Container worker Stopped
Container worker Removing
Container worker Removed
Container broker Stopping
Container broker Stopping
Container db Stopping
Container db Stopping
Container db Stopped
Container db Removing
Container broker Stopped
Container broker Removing
Container db Removed
Container broker Removed
Network webodm_default Removing
Network webodm_default Removed
Starting WebODM…

Using the following environment:

Host: [MY DOMAIN]
Port: 8000
Media directory: appmedia
SSL: YES
SSL key:
SSL certificate:
SSL insecure port redirect: 80
Celery Broker: redis://broker
Default Nodes: 1

Make sure to issue a ./webodm.sh down if you decide to change the environment.

Will enable SSL (Lets Encrypt)
docker-compose -f docker-compose.yml -f docker-compose.nodeodm.yml -f docker-compose.ssl.yml up --scale node-odm=1
Network webodm_default Creating
Network webodm_default Created
Container webodm_node-odm_1 Creating
Container db Creating
Container broker Creating
Container webodm_node-odm_1 Created
Container broker Created
Container db Created
Container worker Creating
Container worker Created
Container webapp Creating
Container webapp Created
Attaching to broker, db, webapp, node-odm_1, worker
broker | 1:C 20 Dec 2021 18:50:47.711 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
broker | 1:C 20 Dec 2021 18:50:47.712 # Redis version=6.2.6, bits=64, commit=00000000, modified=0, pid=1, just started
broker | 1:C 20 Dec 2021 18:50:47.712 # Warning: no config file specified, using the default config. In order to specify a config file use redis-server /path/to/redis.conf
broker | 1:M 20 Dec 2021 18:50:47.717 * monotonic clock: POSIX clock_gettime
broker | 1:M 20 Dec 2021 18:50:47.720 * Running mode=standalone, port=6379.
broker | 1:M 20 Dec 2021 18:50:47.721 # Server initialized
broker | 1:M 20 Dec 2021 18:50:47.721 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add ‘vm.overcommit_memory = 1’ to /etc/sysctl.conf and then reboot or run the command ‘sysctl vm.overcommit_memory=1’ for this to take effect.
broker | 1:M 20 Dec 2021 18:50:47.723 * Ready to accept connections
db |
db | PostgreSQL Database directory appears to contain a database; Skipping initialization
db |
db | LOG: database system was shut down at 2021-12-20 18:50:40 UTC
db | LOG: MultiXact member wraparound protections are now enabled
db | LOG: database system is ready to accept connections
db | LOG: autovacuum launcher started
worker | Postgres is up - executing command
worker | wait-for-it.sh: waiting for broker:6379 without a timeout
worker | wait-for-it.sh: broker:6379 is available after 0 seconds
worker | wait-for-it.sh: waiting for webapp:8000 without a timeout
node-odm_1 | info: Authentication using NoTokenRequired
node-odm_1 | info: Listening on 0.0.0.0:6367 UDP for progress updates
node-odm_1 | info: No tasks dump found
node-odm_1 | info: Checking for orphaned directories to be removed…
node-odm_1 | info: Server has started on port 3000
webapp | Postgres is up - executing command
webapp | wait-for-it.sh: waiting for broker:6379 without a timeout
webapp | wait-for-it.sh: broker:6379 is available after 0 seconds
webapp |
webapp | _ __ __ ____ ____ __ ___
webapp | | | / /__ / /_ / __ / __ / |/ /
webapp | | | /| / / _ / __ / / / / / / / /|/ /
webapp | | |/ |/ / __/ /
/ / // / // / / / /
webapp | |/|/_/./_/__// //
webapp |
webapp |
webapp | Checking python version… 3.x, good!
webapp | Checking GDAL version… GDAL 3.2.2, released 2021/03/05, excellent!
webapp | Running migrations
webapp | Generated secret key
webapp | Operations to perform:
webapp | Apply all migrations: admin, app, auth, contenttypes, guardian, nodeodm, sessions
webapp | Running migrations:
webapp | No migrations to apply.
webapp | Checking for celery… OK
webapp | Scheduler is not running.
webapp | Generating nginx configurations from templates…
webapp | - nginx/nginx-ssl.conf
webapp | - nginx/nginx.conf
webapp | Launching letsencrypt-autogen.sh
webapp | celery beat v4.4.0 (cliffs) is starting.
webapp | Saving debug log to /webodm/nginx/letsencrypt/letsencrypt.log
webapp | Plugins selected: Authenticator standalone, Installer None
webapp | Requesting a certificate for [MY DOMAIN]
webapp | Performing the following challenges:
webapp | http-01 challenge for [MY DOMAIN]
webapp | Waiting for verification…
webapp | __ - … __ - _
webapp | LocalTime → 2021-12-20 18:51:03
webapp | Configuration →
webapp | . broker → redis://broker:6379//
webapp | . loader → celery.loaders.app.AppLoader
webapp | . scheduler → celery.beat.PersistentScheduler
webapp | . db → celerybeat-schedule
webapp | . logfile → [stderr]@%WARNING
webapp | . maxinterval → 5.00 minutes (300s)
webapp | Challenge failed for domain [MY DOMAIN]
webapp | http-01 challenge for [MY DOMAIN]
webapp | Cleaning up challenges
webapp | Some challenges have failed.
webapp | IMPORTANT NOTES:
webapp | - The following errors were reported by the server:
webapp |
webapp | Domain: [MY DOMAIN]
webapp | Type: unauthorized
webapp | Detail: Invalid response from
webapp | http://[MY DOMAIN]/.well-known/acme-challenge/ggovjbXK5vWns8n4ddJ3UUhzoAR9DvVFURopGf-2H04
webapp | [3.33.152.147]: 404
webapp |
webapp | To fix these errors, please make sure that your domain name was
webapp | entered correctly and the DNS A/AAAA record(s) for that domain
webapp | contain(s) the right IP address.
webapp | WARN: We couldn’t automatically generate the SSL certificate. Review the console log. WebODM will likely be inaccessible.
webapp | Using nginx SSL configuration
webapp | nginx: [warn] the “ssl” directive is deprecated, use the “listen … ssl” directive instead in /webodm/nginx/nginx-ssl.conf:43
webapp | nginx: [emerg] cannot load certificate “/webodm/nginx/ssl/cert.pem”: BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen(’/webodm/nginx/ssl/cert.pem’,‘r’) error:2006D080:BIO routines:BIO_new_file:no such file)
webapp | [2021-12-20 18:51:06 +0000] [95] [INFO] Starting gunicorn 19.7.1
webapp | [2021-12-20 18:51:06 +0000] [95] [INFO] Listening at: unix:/tmp/gunicorn.sock (95)
webapp | [2021-12-20 18:51:06 +0000] [95] [INFO] Using worker: sync
webapp | /usr/lib/python3.9/os.py:1023: RuntimeWarning: line buffering (buffering=1) isn’t supported in binary mode, the default buffer size will be used
webapp | return io.open(fd, *args, **kwargs)
webapp | [2021-12-20 18:51:06 +0000] [105] [INFO] Booting worker with pid: 105
webapp | [2021-12-20 18:51:06 +0000] [106] [INFO] Booting worker with pid: 106
webapp | [2021-12-20 18:51:06 +0000] [107] [INFO] Booting worker with pid: 107
webapp | [2021-12-20 18:51:06 +0000] [108] [INFO] Booting worker with pid: 108
webapp | [2021-12-20 18:51:06 +0000] [109] [INFO] Booting worker with pid: 109
webapp | [2021-12-20 18:51:06 +0000] [110] [INFO] Booting worker with pid: 110
webapp | [2021-12-20 18:51:06 +0000] [111] [INFO] Booting worker with pid: 111
webapp | [2021-12-20 18:51:06 +0000] [112] [INFO] Booting worker with pid: 112
webapp | [2021-12-20 18:51:06 +0000] [113] [INFO] Booting worker with pid: 113
webapp |
webapp | Trying to establish communication…
webapp |
webapp | Something doesn’t look right! ¯_(ツ)_/¯
webapp | The server returned a status code of 000 when we tried to reach it.
webapp | ==========================
webapp |
webapp | Check if WebODM is running, maybe we tried to reach it too soon.
webapp |
webapp | Open a web browser and navigate to https://[MY DOMAIN]:443
webapp |

1 Like

Welcome!

Do you know if anything else on your network is holding onto port 443 outbound?

Thanks for the reply… umm I don’t think so. There’s nothing else hosted on the LAN that’s open to passthrough… and this computer has nothing on it really other than Docker / WebODM

This seems salient.

Do you have the right certificate files in this path for nginx to make use of?

Probably not. I don’t really understand what it’s doing tbh. I thought it generated them automatically and placed them where they need to be…

The only difference I have made between regular and the SSL is setting the DNS to redirect to https:// and restarting the webodm with the --ssl parameter.

Is there something else I need to do?

Does your DNS provider issue you a security certificate for your URL?

Not that I’m aware of. Its godaddy

1 Like

It looks like they have a specific workflow for this. Might be worthwhile reaching out to their support to make sure your DNS Record is configured properly with them and HTTPS ready.

It looks like once that is all set, you can download your SSL certificate from them.

Thanks Saijin…

I think you’ve gotten to the bottom of this… It appears that GoDaddy doesn’t really work with LetsEncrypt… They’re on the list of NOT supported Hosts.
Web Hosting who support Let’s Encrypt - Issuance Tech - Let’s Encrypt Community Support (letsencrypt.org)

It maaaaay be possible to do… but is likely not worth the hoops that one would have to jump through. Disappointing.

2 Likes

Do you think you’ll work with another host from LetsEncrypt’s list?

It has been a long time but you said you created a dns forward but do you have a A record setup for your local/public IP. That seems to be the error in your log their.

webapp | To fix these errors, please make sure that your domain name was
webapp | entered correctly and the DNS A/AAAA record(s) for that domain
webapp | contain(s) the right IP address.

Thanks for the note… @Glhs958 yes I entered an A record with the router IP… and 443 is forwarded. I think it’s more the Let’s encrypt issue with GoDaddy.

So @Saijin_Naib … Yep, I bought a similar relevant domain on Squarespace (which is supposed to work with LetsEncrypt) and changed the A record to my routers IP4. Similar error… can’t generate SSL…


webapp | Timeout during connect (likely firewall problem)
webapp |
webapp | To fix these errors, please make sure that your domain name was
webapp | entered correctly and the DNS A/AAAA record(s) for that domain
webapp | contain(s) the right IP address. Additionally, please check that
webapp | your computer has a publicly routable IP address and that no
webapp | firewalls are preventing the server from communicating with the
webapp | client. If you’re using the webroot plugin, you should also verify
webapp | that you are serving files from the webroot path you provided.
webapp | WARN: We couldn’t automatically generate the SSL certificate. Review the console log. WebODM will likely be inaccessible. –

I don’t understand… I’ve checked my Windows Firewall and let docker through. And then on the router I have 80 and 443 forwarded. Arrgggghhhh!!!

Any further ideas?

1 Like

Did you purchase your SSL certificate and install it to the path in the logs? Or alternatively, is OpenSSL installed on your system?

Hi Saijin! No I didn’t… I followed the documentation on github>

WebODM has the ability to automatically request and install a SSL certificate via Let’s Encrypt, or you can manually specify your own key/certificate pair.

  • Setup your DNS record (webodm.myorg.com → IP of server).
  • Make sure port 80 and 443 are open.
  • Run the following:

./webodm.sh restart --ssl --hostname webodm.myorg.com

That’s it! The certificate will automatically renew when needed.

////

I could try and generate my own and manually install my own… but am wading into things I don’t fully understand…

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.