TLS handshake error from IP:PORT remote error: tls: bad certificate
ZelphirKaltstahl opened this issue · comments
I built galene inside a docker container, using the build commands mentioned in same installation guide at https://github.com/jech/galene/blob/master/INSTALL#L5. I am starting the container like this:
docker run --detach --name galene --volume example-groups.json:/opt/galene/groups/test.json --publish 8443:8443 --publish 1194:1194 zelphir/galene:latest
I have an entrypoint looking like this:
#!/bin/bash
set -Eeuxo pipefail
printf "%s\n" "starting galene"
printf "app directory: %s\n" "${APP_DIR}"
ls -al
exec ./galene ${@}
The installation guide at https://github.com/jech/galene/blob/master/INSTALL#L47 says I should be able to connect to galene, but what actually happens is this:
+ printf '%s\n' 'starting galene'
+ printf 'app directory: %s\n' /opt/galene
+ ls -al
starting galene
app directory: /opt/galene
total 9852
drwxr-xr-x 1 root root 50 Jul 3 23:55 .
drwxr-xr-x 1 root root 12 Jul 3 23:26 ..
-rwxrwxr-x 1 root root 486 Jul 3 23:47 entrypoint.sh
-rwxr-xr-x 1 root root 10080408 Jul 3 23:03 galene
drwxr-xr-x 1 root root 18 Jul 3 23:55 groups
+ exec ./galene
2024/07/03 23:55:02 TURN: no public addresses
2024/07/03 23:55:22 Relay test failed: timeout
2024/07/03 23:55:22 Perhaps you didn't configure a TURN server?
The built galene
binary is in that directory and galene
seems to run, but contrary to simply being able to visit it in the browser at https://localhost:8443. I do see the expected untrusted certificate warning of my browser. However, when I add an exception, I get to a page that says:
Not found
While I see the following in the logs:
2024/07/03 23:59:48 http: TLS handshake error from 172.17.0.1:36444: remote error: tls: bad certificate
On https://galene.org/INSTALL.html it says:
If you don’t have a TLS certificate, Galène will generate a self-signed certificate automatically (and print a warning to the logs). If you have a certificate, install it in the files data/cert.pem and data/key.pem:
But this seems to be wrong. The TLS certificate generated cannot be used, because it is somehow "bad". Or is galene simply refusing to serve, when using a self-signed cert? But then Why generate one at all?
Not found
Have you copied the static
directory into the container's filesystem?
2024/07/03 23:59:48 http: TLS handshake error from 172.17.0.1:36444: remote error: tls: bad certificate
Please ignore this, it's just a warning that indicates that the browser rejected the certificate. Unfortunately, it cannot be easily suppressed, since it's generated by Go's HTTP code.
Closing. Please reopen if including the static
directory doesn't fix your issue.
Saw your response. Thanks for your suggestion! Need more time to test things. Will post here, if I figure something out.
The 404 disappears, when I have the static
directory. Thanks!