Skip to content

Instantly share code, notes, and snippets.

@tbart

tbart/Metronome_SSL_questions.md

Created September 4, 2022 15:55
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save tbart/8aa354ccb5803e3de4ab173bbf058023 to your computer and use it in GitHub Desktop.
Save tbart/8aa354ccb5803e3de4ab173bbf058023 to your computer and use it in GitHub Desktop.
Download ZIP
Metronome SSL questions
Raw
Metronome_SSL_questions.md

Hi! Can anybody point me to what needs to be done to get the SSL setup for sending files (with Conversations, so I guess HTTP upload) and OMEMO working correctly? I have a setup now that works, but it does not seem right. I have a main domain chat.example.org (with a letsenrypt certificate) Another one for uploads upload.chat.example.org (with another letsencrypt cert) However I cannot assign the certificate for upload.chat.example.org for a virtualhost defined for it (metronome does not start, no errors in the logs, I think this is a bug). Only if I set ssl ={ .. } in the global config space and use the upload cert, it works. This however seems a little strange. Is this only supposed to work with one wildcard cert for all domains, i.e. the main on port 5222 and the upload domain on 5280 ? Relevant parts of my current config:

ssl = {
  key = "/etc/metronome/certs/upload.chat.example.org_privkey.pem";
  certificate = "/etc/metronome/certs/upload.chat.example.org_fullchain.pem";
}
http_ports = { }
https_ports = { 5280 }
VirtualHost "chat.example.org"
  ssl = {
    key = "/etc/metronome/certs/chat.example.org_privkey.pem";
    certificate = "/etc/metronome/certs/chat.example.org_fullchain.pem";
  }
  enabled = true
Component "upload.chat.example.org" "http_upload"
    http_file_quota = 120*1024*1024 -- File quota per user
    http_file_expire_after = 86400 -- Time to expire files
    http_file_size_limit = 10000000
    ssl = {
        key = "/etc/metronome/certs/upload.chat.example.org_privkey.pem"; -- DOES NOT GET USED!
        certificate = "/etc/metronome/certs/upload.chat.example.org_fullchain.pem";
    }

If I additionally define

VirtualHost "upload.chat.example.org"
  ssl = {
    key = "/etc/metronome/certs/upload.chat.example.org_privkey.pem";
    certificate = "/etc/metronome/certs/upload.chat.example.org_fullchain.pem";
    }
  enabled = true

Metronome won't start. Thanks a lot in advance! (PS: I would have looked into the message log that's linked in the MUC message, https://muc.metronome.im/logs/grimoire/ but that's a 404) (PPS: Long messages in the MUC also lead to pastebins on the same domain, with also a 404 being generated, so here is my message)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment