#community-help

Troubleshooting Typesense Launch with HTTPS Protocol via Docker

TLDR Gines struggled to launch Typesense with HTTPS, initially failing to mount the certificate directory in Docker. Even after addressing this, Gines hit an SSL error, to which Kishore Nallan confirmed that an actual hostname, not an IP address, was needed.

13mo

Join the chat

Sep 14, 2022 (13 months ago)

Photo of md5-7d463c0d7894ed9aa348f9842f6bc7b5

Gines

01:38 PM

Hey, I am having some troubles at launching typesense with the https protocol.

I'm using docker with these parameters:

docker run -p 8108:8108 -v/tmp/data:/data typesense/typesense:0.23.1 --data-dir /data --api-key=xyz --ssl-certificate=/etc/ssl/certs/nginx-selfsigned.crt --ssl-certificate-key=/etc/ssl/private/nginx-selfsigned.key --api-port=443

But I get the message "Bye." and nothing happens... this occurs when I attach the parameter: --ssl-certificate

Photo of md5-4e872368b2b2668460205b409e95c2ea

Kishore Nallan

01:42 PM

The /etc directory won't contain the cert which I presume will be on your local machine. So you have to mount the directory that contains the cert and make the args point to the mounted path.

Gines

01:59 PM

I have my auto-signed cert in /etc/ssl/certs, is it wrong to use this path for certificates? and what would be the best way to generate certificates for typesense? my website uses https so I need typesense to use https too

Kishore Nallan

02:12 PM

But it won't be available inside the docker container unless you mount the directory like it's done for the data directory

Gines

03:33 PM

okay, that was the problem, with the directory mounted it starts correctly, but, now I am getting the following error when I try to index data:
SSL: no alternative certificate subject name matches target host name _*<IP ADDRESS>*_

I am generating the cert with openssl for the specific server IP, am I doing something wrong? i need to specify the port or something?

Kishore Nallan

03:34 PM

SSL certificate must be associated with a host name.

Sep 15, 2022 (13 months ago)

Gines

12:28 PM

Oh okay, so I need a subdomain and generate a SSL cert for it? so how can i redirect typesense ip to hostname? Do I need any special configuration?

Kishore Nallan

12:37 PM

No, Typesense uses SSL certs the same way as any other web server like nginx or Apache. You cannot use self signed cert with IP address. You need actual host name. Since this is a generic question, I think someone on Stackoverflow will be able to help in detail: it's not specific to Typesense.

Typesense

Lightning-fast, open source search engine for everyone | Knowledge Base powered by Struct.AI

Indexed 2776 threads (79% resolved)

Join Our Community Manage subscription

Similar Threads

Setting up DNS Records for Typesense Servers and SSL Configuration

michtio needed assistance in setting up DNS records for Typesense servers in AWS and configuring SSL. Jason shared steps on how to set up A Records and fetch an SSL cert for HTTPS on port 443. The user later solved his issue with Jason's help.

17mo

Configuring Docker-hosted Typesense with Let's Encrypt SSL Certificates

Ian asked for help with setting up SSL certificates in a Docker-hosted Typesense. Jason provided suggestions but the issue remains unresolved due to port conflict.

6mo

Troubleshooting Typesense and Firestore Connection

Carter had trouble connecting Typesense and Firestore. After troubleshooting with Jason, the issue was identified to be SSL cert setup, and resolved through setting-up ngrok tunnel for local-hosting.

13mo

Typesense Certificate Error in Docker Compose

Suraj encountered an issue with typesense not finding SSL certificates in docker compose, even though certs were mounted successfully. After several suggestions by Jason, the issue was resolved by Suraj by mounting the correct folder in the docker compose file.

14mo

Setting Up and Accessing Remote Typesense Instance.

Kyle had trouble accessing a Typesense instance remotely. Jason helped them realize the solution lies in server configuration, opened ports, and necessary SSL certificates for individual sub-domains along with enabling CORS.

14mo