#community-help

Troubleshooting Typesense Launch with HTTPS Protocol via Docker

TLDR Gines struggled to launch Typesense with HTTPS, initially failing to mount the certificate directory in Docker. Even after addressing this, Gines hit an SSL error, to which Kishore Nallan confirmed that an actual hostname, not an IP address, was needed.

Powered by Struct AI

1

Sep 14, 2022 (13 months ago)
Gines
Photo of md5-7d463c0d7894ed9aa348f9842f6bc7b5
Gines
01:38 PM
Hey, I am having some troubles at launching typesense with the https protocol.

I'm using docker with these parameters:

docker run -p 8108:8108 -v/tmp/data:/data typesense/typesense:0.23.1 --data-dir /data --api-key=xyz --ssl-certificate=/etc/ssl/certs/nginx-selfsigned.crt --ssl-certificate-key=/etc/ssl/private/nginx-selfsigned.key --api-port=443

But I get the message "Bye." and nothing happens... this occurs when I attach the parameter: --ssl-certificate
Kishore Nallan
Photo of md5-4e872368b2b2668460205b409e95c2ea
Kishore Nallan
01:42 PM
The /etc directory won't contain the cert which I presume will be on your local machine. So you have to mount the directory that contains the cert and make the args point to the mounted path.
Gines
Photo of md5-7d463c0d7894ed9aa348f9842f6bc7b5
Gines
01:59 PM
I have my auto-signed cert in /etc/ssl/certs, is it wrong to use this path for certificates? and what would be the best way to generate certificates for typesense? my website uses https so I need typesense to use https too
Kishore Nallan
Photo of md5-4e872368b2b2668460205b409e95c2ea
Kishore Nallan
02:12 PM
But it won't be available inside the docker container unless you mount the directory like it's done for the data directory
Gines
Photo of md5-7d463c0d7894ed9aa348f9842f6bc7b5
Gines
03:33 PM
okay, that was the problem, with the directory mounted it starts correctly, but, now I am getting the following error when I try to index data:
SSL: no alternative certificate subject name matches target host name _*<IP ADDRESS>*_

I am generating the cert with openssl for the specific server IP, am I doing something wrong? i need to specify the port or something?
Kishore Nallan
Photo of md5-4e872368b2b2668460205b409e95c2ea
Kishore Nallan
03:34 PM
SSL certificate must be associated with a host name.
Sep 15, 2022 (13 months ago)
Gines
Photo of md5-7d463c0d7894ed9aa348f9842f6bc7b5
Gines
12:28 PM
Oh okay, so I need a subdomain and generate a SSL cert for it? so how can i redirect typesense ip to hostname? Do I need any special configuration?
Kishore Nallan
Photo of md5-4e872368b2b2668460205b409e95c2ea
Kishore Nallan
12:37 PM
No, Typesense uses SSL certs the same way as any other web server like nginx or Apache. You cannot use self signed cert with IP address. You need actual host name. Since this is a generic question, I think someone on Stackoverflow will be able to help in detail: it's not specific to Typesense.

1