Sandcats recovery looks broken
32 views
Skip to first unread message
truthliber...@gmail.com
Jan 26, 2022, 7:10:52 PM1/26/22
to Sandstorm Development
I've had trouble getting sandstorm installed again. I think I will just paste my log on why:
<valenoern> I can't recover my sandcats subdomain [saucernexus.sandcats.io]
<valenoern> I read on an issue report that years ago this happened and the admins simply raised the limit on attempts
<valenoern> When I was trying to recover sandcats, it would send me a token but it wouldn't take it.
<valenoern> I got this error:
<html><head><title>400 The SSL certificate error</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><center>The SSL certificate error</center><hr><center>nginx/1.9.11</center></body></html>
<valenoern> an entire html page telling me "bad request"
<valenoern> I tried to install sandstorm one time and the configuration was very messed up, I couldn't get https to work on my own domain. So then I used "uninstall" and wiped the directory, and tried to recover sandcats. And that made me think I might be running up against the error where I tried too many times and hit the limit
<valenoern> I actually think I may have gotten a similar error on sandcats the first time that made me try my own domain
<valenoern> wish I'd saved that, but I didn't.
<valenoern> So the other possibility is the certificate for running sandcats expired or something
<valenoern> I can't recover my sandcats subdomain [saucernexus.sandcats.io]
<valenoern> I read on an issue report that years ago this happened and the admins simply raised the limit on attempts
<valenoern> When I was trying to recover sandcats, it would send me a token but it wouldn't take it.
<valenoern> I got this error:
<html><head><title>400 The SSL certificate error</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><center>The SSL certificate error</center><hr><center>nginx/1.9.11</center></body></html>
<valenoern> an entire html page telling me "bad request"
<valenoern> I tried to install sandstorm one time and the configuration was very messed up, I couldn't get https to work on my own domain. So then I used "uninstall" and wiped the directory, and tried to recover sandcats. And that made me think I might be running up against the error where I tried too many times and hit the limit
<valenoern> I actually think I may have gotten a similar error on sandcats the first time that made me try my own domain
<valenoern> wish I'd saved that, but I didn't.
<valenoern> So the other possibility is the certificate for running sandcats expired or something
Troy Farrell
Jan 27, 2022, 12:27:19 AM1/27/22
to Sandstorm Development
I successfully recovered a sandcats.io subdomain on January 17th, so I know that it was possible 9 days ago.
I don't know what to make of that error message, except that seeing nginx in the error makes me think that you are trying to run nginx as a reverse proxy for Sandstorm. Note that if you want to use sandcats.io, then you need to use sniproxy per this page in the documentation:
https://docs.sandstorm.io/en/latest/administering/reverse-proxy/
https://docs.sandstorm.io/en/latest/administering/reverse-proxy/
truthliber...@gmail.com
Jan 29, 2022, 7:37:41 PM1/29/22
to Sandstorm Development
Here's the rest of my log from that day:
<valenoern> On my server I have nginx and an https certificate for that that seems to be working
<valenoern> But as a result sandstorm had to try to use port 6080
<valenoern> It seemed like setting up my existing Let's Encrypt certificate with sandstorm was really complicated, and thus I gave up on that and tried to get sandcats back
<valenoern> I wanted nginx to be the main thing and sandstorm to be accessed some other way like by putting :6080
<valenoern> or simply, my certificate is for my own domain and sandstorm manages a sandcats subdomain
<valenoern> I don't have a fully configured sandstorm right now because of the sandcats problem
<valenoern> It's stuck halfway and I've just left the installer open
<valenoern> I gave up the first time because I couldn't get github authentication to succeed, and I never got to the point where I could make an admin account and access grains in the browser
[I eventually aborted the install process in the middle too, so it's any guess what would happen on the third try]
<valenoern> On my server I have nginx and an https certificate for that that seems to be working
<valenoern> But as a result sandstorm had to try to use port 6080
<valenoern> It seemed like setting up my existing Let's Encrypt certificate with sandstorm was really complicated, and thus I gave up on that and tried to get sandcats back
<valenoern> I wanted nginx to be the main thing and sandstorm to be accessed some other way like by putting :6080
<valenoern> or simply, my certificate is for my own domain and sandstorm manages a sandcats subdomain
<valenoern> I don't have a fully configured sandstorm right now because of the sandcats problem
<valenoern> It's stuck halfway and I've just left the installer open
<valenoern> I gave up the first time because I couldn't get github authentication to succeed, and I never got to the point where I could make an admin account and access grains in the browser
[I eventually aborted the install process in the middle too, so it's any guess what would happen on the third try]
Troy Farrell
Jan 30, 2022, 9:07:52 AM1/30/22
to Sandstorm Development
I suspect that you may find this document helpful:
It explains how to use sniproxy to share the HTTPS port with other applications. This will work until Encrypted ClientHello becomes widespread. Hopefully, we'll have a better DNS story for sandcats.io and we can get the certificates with a DNS challenge.
Good luck!
Troy
Reply all
Reply to author
Forward
0 new messages