meteor-up: Proxy/SSL config with Let's Encrypt breaks app

I’m trying to add SSL to my app via Let’s Encrypt, but I’m running into quite a few issues.

Mup version

1.4.3

Mup config

{
  "servers": {
    "one": {
      "host": "1.2.3.4",
      "username": "root",
      "password": "password"
    }
  },
  "proxy": {
    "domains": "zenshome.jp,www.zenshome.jp",
    "ssl": {
      "crt": "./fullchain.pem",
      "key": "./privkey.pem"
    }
  },
  "app": {
    "name": "my-app",
    "path": "../../",
    "servers": {
      "one": {}
    },
    "buildOptions": {
      "serverOnly": true
    },
    "env": {
      "ROOT_URL": "http://host.com",
      "MONGO_URL": "mongodb://user:pass@subdomain.subdomain.host.com:15739/zensroom?ssl=true",
      "VIRTUAL_HOST": "zenshome.jp,www.zenshome.jp",
      "HTTPS_METHOD": "noredirect",
      "HTTP_FORWARDED_COUNT": 1
    },
    "docker": {
      "image": "abernix/meteord:node-8.9.1-base",
      "prepareBundle": false
    },
    "deployCheckWaitTime": 120,
    "enableUploadProgressBar": true,
    "type": "meteor"
  }
}

Output of mup status

=> Servers
  - 128.199.170.128: Ubuntu 16.04

=> Docker Status
 - 128.199.170.128: 17.11.0-ce Running

=> Meteor Status
 - 128.199.170.128: running
    Created at 2018-03-07T00:26:05.638159659Z
    Restarted 0 times
    ENV:
     - ROOT_URL=http://zenshome.jp/
     - MONGO_URL=xxx
     - VIRTUAL_HOST=zenshome.jp,www.zenshome.jp
     - HTTPS_METHOD=noredirect
     - HTTP_FORWARDED_COUNT=1
     - METEOR_SETTINGS={...}
     - PORT=80
     - PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
     - METEORD_DIR=/opt/meteord
     - NODE_VERSION=8.9.1
    Exposed Ports:
     - 80/tcp
    App available through reverse proxy
     - Available in app's docker container: true

=> Reverse Proxy Status
 - 128.199.170.128:
   - NGINX:
     - Status: Stopped
   - Let's Encrypt
     - Status: Stopped

Issue

As soon as I uncomment the proxy block in mup.js, my app stops working entirely. The GraphQL endpoint at http://zenshome.jp/graphql becomes unaccessible, both using http and https. If I comment out proxy everything goes back to normal.

Even if I have bad SSL certs or a bad config I would guess it should only show a warning? Is it normal for the app to go down completely? In other words curl zenshome.jp just gives me:

Failed to connect to zenshome.jp port 80: Connection refused

I should also mention that I experienced issues with Cloudflare’s SSL (see https://github.com/zodern/meteor-up/issues/819) although I don’t think it can be related?

About this issue

  • Original URL
  • State: closed
  • Created 6 years ago
  • Comments: 17

Most upvoted comments

For me simply running mup stop before mup setup and mup deploy did the trick.

+5
louwers on Jul 8, 2019

OK so I don’t know if this is the “proper” way, but this is what I did that worked (using the custom certificates technique):

  1. Create a new Digital Ocean instance.
  2. Point your DNS to it.
  3. SSH into it.
  4. Follow the certbot instructions but use the manual way (not nginx). So sudo certbot certonly.
  5. zip and scp the resulting certs directory back to your local mup folder.
  6. Extract the fullchain.pem and privkey.pem files, and then fill in the proxy section of mup.js.
  7. Set forceSSL: true in your proxy.ssl block.
  8. Add https to your root URL.
  9. Run mup setup.
  10. Run mup deploy.

I’m not sure if you actually need to run sudo certbot certonly on your server or if you can do it locally, but it seemed like doing it on your server saves a verification step.

+3
SachaG on Mar 7, 2018

And I also managed the letsEncryptEmail method! https://zenshome.jp/

Turns out it just worked out of the box if you configure proxy before mup setup

+2
SachaG on Mar 7, 2018
Read more comments on GitHub
← meteor-up: No container deployed, mup logs fails with "No such container"
meteor-up: Setup and deploy doesn't work →