So this is what i am trying....
https://pagekite.net/wiki/Howto/TlsClientAuthentication/
but it's just not working.
- Port forwarding on router for 80 and 443 is disabled.
- The (two) certificates are within folder /hass/proxy/certs/ (Also mapped in docker-compose file to nginx proxy). But for now, I just try to get it done for the first services which runs on port 8123.
executing this:
python3 /usr/bin/pagekite.py --clean --frontend=hass3.mydomain.com:80 --tls_default=ssl --tls_endpoint=ssl:/hass/proxy/certs/hass3.mydomain.com.crt --proxy=ssl:/hass/proxy/certs/hass3.mydomain.com.crt@hass3.mydomain.com,commonName:443 --proxy=http:hass3.mydomain.com:443 --backend=http:hass3.mydomain.com:8123 --logfile=stdio --debugio
returns this, but I do not know if this is correct. Removing the debugging parameters prevents the output and I think I should save this.... but I also can not find the frontend.rc config file.
ts=620507e5; t=2022-02-10T12:41:09; ll=0; started=/usr/bin/pagekite.py; version=1.5.2.201011; platform=linux; python=3.6.12 (default, Dec 02 2020, 09:44:23) [GCC]; argv=--clean --frontend=hass3.mydomain.com:80 --tls_default=ssl --tls_endpoint=ssl:/hass/proxy/certs/hass3.mydomain.com.crt --proxy=ssl:/hass/proxy/certs/hass3.mydomain.com.crt@hass3.mydomain.com,commonName:443 --proxy=http:hass3.mydomain.com:443 --backend=http:hass3.mydomain.com:8123 --logfile=stdio --debugio; ca_certs=/etc/ssl/ca-bundle.pem; send_always_buffers=False; tunnel_socket_blocks=False
Where is the directory for the .rc file. PageKite is installed within /usr/bin/pagekite.py
I have also tried executing something like this:
sudo pagekite.py --clean --isfrontend \
--ports=80 --protos=http,raw \
--domain=http,raw:EXAMPLE.COM:yourpassword \
--tunnel_acl=allow:localhost
but then the shell also remains open and a text message tells: 'Waiting for back end...' which never ends because I was not able to execute the back-end command yet.
I think this is the list of question I have:
- Does this even theoretically work with docker-compose which contains two services behind an nginx with letsencrypt?
- Where are the .rc files and how to use it?
- Are the paths to the certificates correct? And do I need that ca certificate, because within the certs folder there are exclusively subdomains?
Cheers,
Chris
Let me know, if I should take this topic to a different forum.