Bien le bonjour ici,
Il y'a quelques jours, j'ai installé KiwiIRC sur mon serveur qui semble plutôt s'être bien passé ( du moins je pense ).
Le souci que je rencontre est que j'arrive pas a y accéder en https pourtant il me semble avoir fait ce qu'il fallait.
Lorsque je lance j'ai ceci :
Code: 2022/02/13 09:07:30.879721 L_WARN Listening with letsencrypt failed: listen tcp 0.0.0.0:443: bind: address already in use
Dans la configuration j'ai ceci :
Code: # The websocket / http server
[server.1]
bind = "0.0.0.0"
port = 7778
# Example TLS server
[server.2]
bind = "0.0.0.0"
port = 443
tls = true
cert = server.crt
key = server.key
# If you don't have a certificate, uncomment the below line to automatically ge>
# free certificate using letsencrypt.com (overrides the above cert/key options)>
# a server running on port 80 to initially generate the certificate.
letsencrypt_cache = ./certs
du coté Apache j'ai :
Code: <VirtualHost *:80>
ServerName webchat.networkblabla
ServerAdmin Support@networkblabla
# Kiwi IRC client files are located here
DocumentRoot /usr/share/kiwiirc
DirectoryIndex index.html
# Reverse proxy websocket connections
# requires: a2enmod rewrite proxy proxy_wstunnel
RewriteEngine On
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteRule .* ws://localhost:7778%{REQUEST_URI} [P,QSA,L]
# Reverse proxy http connections
# requires: a2enmod proxy proxy_http
ProxyVia On
ProxyRequests Off
ProxyPass /webirc/ http://localhost:7778/webirc/
ProxyPassReverse /webirc/ http://localhost:7778/webirc/
ProxyPreserveHost on
# send all connections to https (can remove above rewrite/proxy rules)
RewriteCond %{SERVER_NAME} =webchat.networkblabla
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:443>
ServerName webchat.networkblabla
ServerAdmin Support@networkblabla
# Kiwi IRC client files are located here
DocumentRoot /usr/share/kiwiirc
DirectoryIndex index.html
# SSL config
# requires: a2enmod ssl
SSLEngine on
# Reverse proxy websocket connections
# requires: a2enmod rewrite proxy proxy_wstunnel
RewriteEngine On
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteRule .* ws://localhost:7778%{REQUEST_URI} [P,QSA,L]
# Reverse proxy http connections
# requires: a2enmod proxy proxy_http
ProxyVia On
ProxyRequests Off
ProxyPass /webirc/ http://localhost:7778/webirc/
ProxyPassReverse /webirc/ http://localhost:7778/webirc/
ProxyPreserveHost on
# Letsencrypt certificates
SSLCertificateFile /etc/letsencrypt/live/webchat.networkblabla/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/webchat.networkblabla/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
J'ai effectué la commande :
Code: openssl genrsa -out server.key
openssl req -new -key server.key -out csr.pem
openssl x509 -req -days 9999 -in csr.pem -signkey server.key -out cert.pem
rm csr.pem
et j'ai bien csr.pem et server.key et pourtant il veut pas :/
Une petite idée pour me guider ?
Merci d'avance :)
13/02/2022, 14:19
(This post was last modified: 13/02/2022, 14:19 by aliasangelius.)
Salut,
Je dirais peut-être du côté de : lets-encrypt ? je ne suis pas sûre de moi
(13/02/2022, 14:19)aliasangelius Wrote: Salut,
Je dirais peut-être du côté de : lets-encrypt ? je ne suis pas sûre de moi
La page s'affiche correctement en https mais impossible de se connecter :/
En gros si j'utilise le port 443 j'ai ceci :
Code: L_WARN Listening with letsencrypt failed: listen tcp 0.0.0.0:443: bind: address already in use
J'ai donc remplacé par le port 7777 et j'ai fait ceci dans apache :
Code: <IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName webchat.networkblabla
ServerAdmin Support@networkblabla
# Kiwi IRC client files are located here
DocumentRoot /usr/share/kiwiirc
DirectoryIndex index.html
# SSL config
# requires: a2enmod ssl
SSLEngine on
# Reverse proxy websocket connections
# requires: a2enmod rewrite proxy proxy_wstunnel
RewriteEngine On
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteRule .* ws://localhost:7777%{REQUEST_URI} [P,QSA,L]
# Reverse proxy http connections
# requires: a2enmod proxy proxy_http
ProxyVia On
ProxyRequests Off
ProxyPass /webirc/ http://localhost:7777/webirc/
ProxyPassReverse /webirc/ http://localhost:7777/webirc/
ProxyPreserveHost on
# Letsencrypt certificates
SSLCertificateFile /etc/letsencrypt/live/webchat.networkblabla/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/webchat.networkblabla/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
Lorsque je vais sur lelien.com/webirc j'ai :
Code: Client sent an HTTP request to an HTTPS server.
Hum, je pense que j'ai plus l'âge pour tous ceci 
Un avis à la con:
Code: ProxyPass /webirc/ http://localhost:7777/webirc/
ProxyPassReverse /webirc/ http://localhost:7777/webirc/
Tu n'oublierais pas de mettre plutôt du https dans ton proxypass ?
14/02/2022, 06:55
(This post was last modified: 14/02/2022, 08:58 by Amand.)
Bonjour,
Tu utilises le port 443 dans ta config kiwiirc alors qu'il est déjà utilisé.
Modifie ta conf :
Quote:# Example TLS server
[server.2]
bind = "0.0.0.0"
port = 443
Change le port 443 en 7779 et fait attention à mettre le bon chemin de ton cert et key, si tu utilises letsencrypt par exemple :
Quote:cert = "/etc/letsencrypt/live/tondomaine/fullchain.pem"
key = "/etc/letsencrypt/live/tondomaine/privkey.pem"
N'oublie pas de restart kiwiirc.
14/02/2022, 19:00
(This post was last modified: 14/02/2022, 20:08 by kipof.)
Bonjour à tous :)
Alors j'ai effectué quelques modifications mais des que je suis en https, il ne veut pas se connecter :/
Du coté de Apache j'ai :
Proxy 7778 sur port 80
Code: <VirtualHost *:80>
ServerName webchat.networ.bla
ServerAdmin Support@networ.bla
# Kiwi IRC client files are located here
DocumentRoot /usr/share/kiwiirc
DirectoryIndex index.html
# Reverse proxy websocket connections
# requires: a2enmod rewrite proxy proxy_wstunnel
RewriteEngine On
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteRule .* ws://localhost:7778%{REQUEST_URI} [P,QSA,L]
# Reverse proxy http connections
# requires: a2enmod proxy proxy_http
ProxyVia On
ProxyRequests Off
ProxyPass /webirc/ http://localhost:7778/webirc/
ProxyPassReverse /webirc/ http://localhost:7778/webirc/
ProxyPreserveHost on
# send all connections to https (can remove above rewrite/proxy rules)
# RewriteCond %{SERVER_NAME} =webchat.networ.bla
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
Proxy 7779 sur port 443
Code: <IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName webchat.networ.bla
ServerAdmin Support@networ.bla
# Kiwi IRC client files are located here
DocumentRoot /usr/share/kiwiirc
DirectoryIndex index.html
# SSL config
# requires: a2enmod ssl
SSLEngine on
# Reverse proxy websocket connections
# requires: a2enmod rewrite proxy proxy_wstunnel
RewriteEngine On
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteRule .* ws://localhost:7779%{REQUEST_URI} [P,QSA,L]
# Reverse proxy http connections
# requires: a2enmod proxy proxy_http
ProxyVia On
ProxyRequests Off
ProxyPass /webirc/ https://localhost:7779/webirc/
ProxyPassReverse /webirc/ https://localhost:7779/webirc/
ProxyPreserveHost on
# Letsencrypt certificates
SSLCertificateFile /etc/letsencrypt/live/webchat.networ.bla/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/webchat.networ.bla/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
Dans la config.conf de kiwiirc :
Code: # The websocket / http server
[server.1]
bind = "0.0.0.0"
port = 7778
# Example TLS server
[server.2]
bind = "0.0.0.0"
port = 7779
tls = true
cert = server.cert
key = server.key
# If you don't have a certificate, uncomment the below line to automatically generate a
# free certificate using letsencrypt.com (overrides the above cert/key options). This requires
# a server running on port 80 to initially generate the certificate.
letsencrypt_cache = ./certs
J'ai beau coller https sur le proxy 443 il veut pas se connecter une fois sur la page il me dit :
Code: Nous ne pouvons pas nous connecter à ce serveur :(
Unknown error
Lorsque je lance j'ai maintenant :
Code: 2022/02/14 16:53:59.034623 Using config /home/kiwiirc/1kiwiirc/config.conf
2022/02/14 16:53:59.037471 L_INFO Serving files from /usr/share/kiwiirc/
2022/02/14 16:53:59.038133 L_INFO Listening with letsencrypt TLS on webchat.network.bla:7779
2022/02/14 16:53:59.038210 L_INFO Listening on webchat.network.bla:7778
Plus d'erreurs avec Letsencrypt, juste l'accès en htttps://webchat.network.bla qui ne veut pas se faire mais kiwirc s'affiche correctement :/
Je saigne des yeux avec cette histoire :D
ah oui, si je vais sur le lien https://webchatblalbla:7779 j'ai une page blanche :/
Merci encore à vous :)
14/02/2022, 22:05
(This post was last modified: 14/02/2022, 22:06 by kipof.)
Enfin réussi 
Alors explication, pour le proxy vers le port 443 je colle le même donc dans mon cas 7778.
Et dans apache j'ai fait comme ceci :
Code: <IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName webchat.discut.biz
ServerAdmin Support@Discut.Biz
# Kiwi IRC client files are located here
DocumentRoot /usr/share/kiwiirc
DirectoryIndex index.html
# SSL config
# requires: a2enmod ssl
SSLEngine on
# Reverse proxy websocket connections
# requires: a2enmod rewrite proxy proxy_wstunnel
RewriteEngine On
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteRule .* ws://localhost:7778%{REQUEST_URI} [P,QSA,L]
# Reverse proxy http connections
# requires: a2enmod proxy proxy_http
ProxyVia On
ProxyRequests Off
ProxyPass /webirc/ http://localhost:7778/webirc/
ProxyPassReverse /webirc/ http://localhost:7778/webirc/
RedirectMatch /webirc/ https://localhost:7778/webirc/
ProxyPreserveHost on
# Letsencrypt certificates
SSLCertificateFile /etc/letsencrypt/live/webchat.discut.biz/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/webchat.discut.biz/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
en rajoutant un RedirectMatch et seulement lui en https
Ca été long mais bon :) Maintenant je vais me coucher car mon cerveau a fondu :p
Encore merci à vous :)
Type eggdrop:
- Eggdrop 1.6.x
- Eggdrop 1.8
23/10/2022, 14:34
(This post was last modified: 23/10/2022, 15:54 by KoolKain.)
Bonjour,
je déterre sans doute une vieille réponse mais voila.
j'ai installé aussi KiwiIrc et je souhaite qu'ils se connecte aussi en https sachant que j'ai mon SSL acheté.
Lorsque je souhaite me diriger sur le http sur l'ensemble de mon domaine, il me renvois bien sur le https sauf le KiwiIRC en https avec le port de configuration.
j'ai eu essayé mais en vain.
Que ce soit du proxypass à machin, j'ai fini par me perdre dans tous cela.
Il y avait eu un bon tuto sur IRCz mais vu qu'il n'existe plus, je suis paumé de chez paumé.
J'aurai souhaité savoir si une ame charitable pourrai m'aider ou me donner sa configuration car la...
J'ai déjà plus de cheveux, là, c'est la piste d'atterrissage...
En vous remerciant et bon dimanche :)
Tu utilises KiwiIRC v1 ou v2? Tu utilises apache ou nginx ? Tu as bien alimenté la conf de ton webircgateway pour indiquer le chemin de ton certificat ssl ? la conf de ton serveur web pour le reverse proxy est ok ?
Sans un complément d'information , on ne pourra pas t'aider. (regarde les posts de @"kipof")
Type eggdrop:
- Eggdrop 1.6.x
- Eggdrop 1.8
23/10/2022, 19:20
(This post was last modified: 23/10/2022, 19:23 by KoolKain.)
J'utilise la version KiwiIRC (0.9.5-dev).
Car j'ai Wheezy et j'ai des clients qui ont pas mal de choses qui fonctionnent pas avec les versions Supp.
J'utilise donc apache et celui-ci est bien en https de façon automatique.
J'ai essayé la façon de @ kipof mais en vain !!!
D'ou je viens vers vous.
Car le kiwi est dans le meme shell que le site.
Tester le reverse proxy, la c'est me parler chinois !
Ca fonctionne bien si je vais sur http://www.teamscript.net:7778/ mais pas sur le https://www.teamscript.net:7777/
j'ai mis ceci dans le default :
Code: <VirtualHost *:80>
ServerAdmin webmaster@teamscript.net
DocumentRoot /home/xxxx
ServerName teamscript.net
ServerAlias www.teamscript.net
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Redirect permanent / https://www.teamscript.net/
</VirtualHost>
et dans default-ssl :
Code: <IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@teamscript.net
DocumentRoot /home/www
ServerName teamscript.net
ServerAlias www.teamscript.net
ServerAdmin webmaster@localhost
DocumentRoot /home/xxxx
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /home/xxxx/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /etc/apache2/ssl/STAR_teamscript_net.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key
SSLCertificateChainFile /etc/apache2/ssl/SectigoRSADomainValidationSecureServerCA.crt
SSLProtocol -ALL +TLSv1 +TLSv1.1 +TLSv1.2
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:HIGH:!MD5:!aNULL:!EDH:!RC4
SSLCompression off
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
# Note: Inside SSLCACertificatePath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCACertificatePath /etc/ssl/certs/
#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
# Certificate Revocation Lists (CRL):
# Set the CA revocation path where to find CA CRLs for client
# authentication or alternatively one huge file containing all
# of them (file must be PEM encoded)
# Note: Inside SSLCARevocationPath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCARevocationPath /etc/apache2/ssl.crl/
#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth 10
# Access Control:
# With SSLRequire you can do per-directory access control based
# on arbitrary complex boolean expressions containing server
# variable checks and other lookup directives. The syntax is a
# mixture between C and Perl. See the mod_ssl documentation
# for more details.
#<Location />
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>
# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means that
# the standard Auth/DBMAuth methods can be used for access control. The
# user name is the `one line' version of the client's X.509 certificate.
# Note that no password is obtained from the user. Every entry in the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related `SSL_*' environment variables.
# Per default this exportation is switched off for performance reasons,
# because the extraction step is an expensive operation and is usually
# useless for serving static content. So one usually enables the
# exportation for CGI and SSI requests only.
# o StrictRequire:
# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
# under a "Satisfy any" situation, i.e. when it applies access is denied
# and no other module can change it.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
# SSL Protocol Adjustments:
# The safe and default but still SSL/TLS standard compliant shutdown
# approach is that mod_ssl sends the close notify alert but doesn't wait for
# the close notify alert from client. When you need a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
# This forces an unclean shutdown when the connection is closed, i.e. no
# SSL close notify alert is send or allowed to received. This violates
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
# this when you receive I/O errors because of the standard approach where
# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
# This forces an accurate shutdown when the connection is closed, i.e. a
# SSL close notify alert is send and mod_ssl waits for the close notify
# alert of the client. This is 100% SSL/TLS standard compliant, but in
# practice often causes hanging connections with brain-dead browsers. Use
# this only for browsers where you know that their SSL implementation
# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
CustomLog ${APACHE_LOG_DIR}/access.log combined
#Alias /awstatsclasses "/usr/share/awstats/classes/"
#Alias /awstatscss "/usr/share/awstats/css/"
Alias /awstats-icon "/usr/share/awstats/icon/"
ScriptAlias /awstats /usr/lib/cgi-bin/awstats.pl
</VirtualHost>
</IfModule>
code config.js de kiwiirc :
Code: // Example server block
conf.servers.push({
port: 7778,
address: "163.172.110.215"
});
// Example SSL server block
conf.servers.push({
port: 7777,
address: "163.172.110.215",
ssl: true,
ssl_key: "server.key",
ssl_cert: "STAR_teamscript_net.crt"
});
// Network interface for outgoing connections
conf.outgoing_address = {
IPv4: '163.172.110.215'
//IPv6: '::'
};
Type eggdrop:
- Eggdrop 1.6.x
- Eggdrop 1.8
23/10/2022, 19:39
(This post was last modified: 23/10/2022, 19:42 by KoolKain.)
J'ai déjà eu fait cela, mais rien n'y a fait !
j'ai tout préparé mais ça mouline dans le vide !
Code: // Whitelisted HTTP proxies in CIDR format
conf.http_proxies = ["163.172.110.215/32"];
Type eggdrop:
- Eggdrop 1.6.x
- Eggdrop 1.8
23/10/2022, 20:44
(This post was last modified: 23/10/2022, 20:56 by KoolKain.)
J'ai une page blanche maintenant 
C'est à péter un cable sérieux...
J'ai eu kipof sur mon IRC; (merci à toi) :)
Merci à toi et malgré ta conf que tu m'as envoyé, ça ne fonctionne toujours pas.
Une personne aurai un lien de KiwiIrc pour Wheezy ou bien des archives ?
Car Google me référence que des updates de max 2 ans !
Type eggdrop:
- Eggdrop 1.6.x
- Eggdrop 1.8
Je vais tenter merci :)
Ce que je comprend pas, je fais tout, tout est bien activé avec le mode proxy.
Quand je vais sur https://teamscript.net:7778/ et me dit que le certificat est pas valide et pourtant, sur le site simple il l'est !!!
Une fois que je clic dessus, ça mouline dans le vent.
Une chose encore, pourquoi il me redirige pas sur https://teamscript.net/webirc !!!!????
|
