Ok I broke something on my saidit install. Pastebin shows section of admin config I was working on when I broke the UI :(

submitted by portcity from pastebin.com

sorted by:
top
newinsightfulfun
you are viewing a single comment's thread.

view the rest of the comments →

[–]portcity[S] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (26 children)

Ok, a bit of progress: after copying the chat features from example.ini into development.update and futzing with them a bit, the chat box has changed from saying "reddit.local" to this mysterious link:

https://portcity.online:2053/?tls=true&lockchannel&autologin&user=VtFOG9xkX3JrlbYFog00RJnWW5HxmM&al-password=sAUfvG5XAgKOpR1xyzNFp9Mlk8KR1G&autoconnect&nick=portcity&username=portcity&realname=portcity&join=%23%255BDEV%255D%2520saidit

Does that mean anything to you? You could just look at it at https://portcity.online if that's easier.

[–][deleted] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (25 children)

That's good, your reddit is trying to load TheLounge chat in an iframe in the sidebar. TheLounge needs its SSL cert configured then it will load properly.

[–]portcity[S] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (24 children)

This is what I have in theLounge config: key: "/etc/ssl/private/ssl-cert-snakeoil.key", certificate: "/etc/ssl/certs/ssl-cert-snakeoil.pem",

And those are the same as what I have in the Unrealircd config so I'm not sure what I need to change here?

[–][deleted] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (23 children)

Both thelounge and unreal should have your real SSL cert configured. Snakeoil is the self signed Reddit default one. Just update the paths like you already did for nginx.

[–]portcity[S] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (22 children)

Ok, I changed both thelounge and unreal ssl certs ... now I'm getting permission denied again when I try to start unreal:

[warning] Failed to load SSL certificate /etc/letsencrypt/live/portcity.online/fullchain.pem error:0200100D:system library:fopen:Permission denied

I ran the chown and chmod you gave me earlier today multiple times on that certificate above and it didn't work. Could it have something to do with the fact that now i'm in user: chatuser (instead of user: reddit)?

Here is ls -l output:

chatuser@redditclone:~/unrealircd$ sudo ls -l /etc/letsencrypt/live/portcity.online/fullchain.pem lrwxrwxrwx 1 reddit ssl-cert 44 Jul 20 01:48 /etc/letsencrypt/live/portcity.online/fullchain.pem -> ../../archive/portcity.online/fullchain1.pem

[–][deleted] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (21 children)

Could it have something to do with the fact that now i'm in user: chatuser (instead of user: reddit)?

Yep!

Try

$ sudo usermod -aG ssl-cert chatuser
$ sudo chown -h reddit:ssl-cert /etc/letsencrypt/live/portcity.online/fullchain.pem
$ sudo chmod g+r /etc/letsencrypt/live/portcity.online/fullchain.pem
# restart unreal

[–]portcity[S] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (20 children)

sudo chmod g+r /etc/letsencrypt/live/portcity.online/fullchain.pem

I'm still getting the same permission denied:

[warning] Failed to load SSL certificate /etc/letsencrypt/live/portcity.online/fullchain.pem error:0200100D:system library:fopen:Permission denied error:20074002:BIO routines:FILE_CTRL:system lib error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib [warning] Failed to load SSL (see error above), proceeding without SSL support...

Here's the output from sudo ls -l:

chatuser@redditclone:~/unrealircd$ sudo ls -l /etc/letsencrypt/live/portcity.online/fullchain.pem lrwxrwxrwx 1 reddit ssl-cert 44 Jul 20 01:48 /etc/letsencrypt/live/portcity.online/fullchain.pem -> ../../archive/portcity.online/fullchain1.pem

[–][deleted] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (19 children)

Sorry I think we're getting stuck on the symlink. Mine doesn't have a symlink.

Why don't you copy both cert files to chatusers' home dir, give chatuser full permissions, and reconfigure unreal to use that path.

If that doesn't work, make 'irc' the file owner. I think unreal runs as user 'irc'.

[–]portcity[S] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (18 children)

Ok, we've got a partial victory ... Unreal is running!! (again!) I tried literally everything, and after just googling a bunch of stuff (because I truly don't want to keep messaging you all day for fear of burning you out, when I know I'm gonna really need you on much bigger stuff later ...) These are the commands I found that worked: 

sudo chgrp -R ssl-cert /etc/letsencrypt
sudo chmod -R g=rX /etc/letsencrypt

I had a hunch that it had something to do with the ssl-cert group not having the right permissions, so I googled that, and that's what led me to the above commands which "let me in" so to speak.

All that said, don't release the balloon drop just yet ... the chatbox is still greyed out, with the same link inside it.

This is what sudo ls -l gives me: chatuser@redditclone:~/unrealircd$ sudo ls -l /etc/letsencrypt/live/portcity.online/fullchain.pem lrwxrwxrwx 1 reddit ssl-cert 44 Jul 20 01:48 /etc/letsencrypt/live/portcity.online/fullchain.pem -> ../../archive/portcity.online/fullchain1.pem

[–][deleted] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (17 children)

Good work! Thank you for learning and researching on your own. All of this frustrating little stuff is great linux admin experience.

the chatbox is still greyed out, with the same link inside it

What's in it? Does TheLounge load?

Can you restart unrealircd without issue?

Can you start TheLounge without issue?