Ok I broke something on my saidit install. Pastebin shows section of admin config I was working on when I broke the UI :(

submitted by portcity from (pastebin.com)

sorted by:
top
newinsightfulfun
you are viewing a single comment's thread.

view the rest of the comments →

[–]portcity[S] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (24 children)

This is what I have in theLounge config: key: "/etc/ssl/private/ssl-cert-snakeoil.key", certificate: "/etc/ssl/certs/ssl-cert-snakeoil.pem",

And those are the same as what I have in the Unrealircd config so I'm not sure what I need to change here?

[–][deleted] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (23 children)

Both thelounge and unreal should have your real SSL cert configured. Snakeoil is the self signed Reddit default one. Just update the paths like you already did for nginx.

[–]portcity[S] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (22 children)

Ok, I changed both thelounge and unreal ssl certs ... now I'm getting permission denied again when I try to start unreal:

[warning] Failed to load SSL certificate /etc/letsencrypt/live/portcity.online/fullchain.pem error:0200100D:system library:fopen:Permission denied

I ran the chown and chmod you gave me earlier today multiple times on that certificate above and it didn't work. Could it have something to do with the fact that now i'm in user: chatuser (instead of user: reddit)?

Here is ls -l output:

chatuser@redditclone:~/unrealircd$ sudo ls -l /etc/letsencrypt/live/portcity.online/fullchain.pem lrwxrwxrwx 1 reddit ssl-cert 44 Jul 20 01:48 /etc/letsencrypt/live/portcity.online/fullchain.pem -> ../../archive/portcity.online/fullchain1.pem

[–][deleted] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (21 children)

Could it have something to do with the fact that now i'm in user: chatuser (instead of user: reddit)?

Yep!

Try

$ sudo usermod -aG ssl-cert chatuser
$ sudo chown -h reddit:ssl-cert /etc/letsencrypt/live/portcity.online/fullchain.pem
$ sudo chmod g+r /etc/letsencrypt/live/portcity.online/fullchain.pem
# restart unreal

[–]portcity[S] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (20 children)

sudo chmod g+r /etc/letsencrypt/live/portcity.online/fullchain.pem

I'm still getting the same permission denied:

[warning] Failed to load SSL certificate /etc/letsencrypt/live/portcity.online/fullchain.pem error:0200100D:system library:fopen:Permission denied error:20074002:BIO routines:FILE_CTRL:system lib error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib [warning] Failed to load SSL (see error above), proceeding without SSL support...

Here's the output from sudo ls -l:

chatuser@redditclone:~/unrealircd$ sudo ls -l /etc/letsencrypt/live/portcity.online/fullchain.pem lrwxrwxrwx 1 reddit ssl-cert 44 Jul 20 01:48 /etc/letsencrypt/live/portcity.online/fullchain.pem -> ../../archive/portcity.online/fullchain1.pem

[–][deleted] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (19 children)

Sorry I think we're getting stuck on the symlink. Mine doesn't have a symlink.

Why don't you copy both cert files to chatusers' home dir, give chatuser full permissions, and reconfigure unreal to use that path.

If that doesn't work, make 'irc' the file owner. I think unreal runs as user 'irc'.

[–]portcity[S] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (18 children)

Ok, we've got a partial victory ... Unreal is running!! (again!) I tried literally everything, and after just googling a bunch of stuff (because I truly don't want to keep messaging you all day for fear of burning you out, when I know I'm gonna really need you on much bigger stuff later ...) These are the commands I found that worked: 

sudo chgrp -R ssl-cert /etc/letsencrypt
sudo chmod -R g=rX /etc/letsencrypt

I had a hunch that it had something to do with the ssl-cert group not having the right permissions, so I googled that, and that's what led me to the above commands which "let me in" so to speak.

All that said, don't release the balloon drop just yet ... the chatbox is still greyed out, with the same link inside it.

This is what sudo ls -l gives me: chatuser@redditclone:~/unrealircd$ sudo ls -l /etc/letsencrypt/live/portcity.online/fullchain.pem lrwxrwxrwx 1 reddit ssl-cert 44 Jul 20 01:48 /etc/letsencrypt/live/portcity.online/fullchain.pem -> ../../archive/portcity.online/fullchain1.pem

[–][deleted] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (17 children)

Good work! Thank you for learning and researching on your own. All of this frustrating little stuff is great linux admin experience.

the chatbox is still greyed out, with the same link inside it

What's in it? Does TheLounge load?

Can you restart unrealircd without issue?

Can you start TheLounge without issue?

[–]portcity[S] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (14 children)

Unrealircd restart without issue in terminal. Thelounge starts without issue in terminal.

Inside the grey box is this link (which used to read reddit.local's ip address cannot be found but now reads this): https://portcity.online:2053/?tls=true&lockchannel&autologin&user=VtFOG9xkX3JrlbYFog00RJnWW5HxmM&al-password=sAUfvG5XAgKOpR1xyzNFp9Mlk8KR1G&autoconnect&nick=portcity&username=portcity&realname=portcity&join=%23%255BDEV%255D%2520saidit

I honestly can't tell if TheLounge is loading or not ... it does have that "chat in new window" button.

[–][deleted] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (13 children)

The lounge is not using the correct cert, you can see so when you try to visit the link. Stopping and starting TheLounge is a challenge. I'd use our script in Reddit/r2/scripts/saidit-flush-thelounge.sh (git pull to update your repo if you don't see it)

[–]portcity[S] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (1 child)

I've been looking at development.update. Does this look right:

Chat

chat_home_channel = %(portcity.online)s chat_all_channel = %(portcity.online)s chat_front_channel = %(portcity.online)s chat_client_url = https://%(domain)s:2053

Should that last line read "portcity.online" where it says "domain"?

[–][deleted] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

The chat_client_url is fine, but the rest should be simply

portcity

(I don't think period in a channel name is valid and no need for config variables here))