Phabricator Notification Servers SSL error

Question

My Ubuntu 18.04 server is using Apache 2 for webserver , and i created an ssl using letsencrypt for phabricator vhost domain

  sudo certbot --apache -d phabricator.xxxx.com

i tried to setup notification.servers configuration for my phabricator like this:

[
  {
    "type": "client",
    "host": "phabricator.xxxx.com",
    "port": 22280,
    "protocol": "https"
  },
  {
    "type": "admin",
    "host": "127.0.0.1",
    "port": 22281,
    "protocol": "http"
  }
]

but i when i check the config page for notification servers it shows:

here's the vhost configuration file phabricator.xxxx.com.conf & phabricator.xxxx.com-le-ssl.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>
     ServerAdmin xxx@xxxx.com
     DocumentRoot /var/www/html/repository/phabricator/webroot
     ServerName phabricator.xxxx.com
     ServerAlias www.phabricator.xxxx.com

           RewriteEngine on
           RewriteRule ^/rsrc/(.*)     -                       [L,QSA]
           RewriteRule ^/favicon.ico   -                       [L,QSA]
           RewriteCond %{REQUEST_URI}  ^/ws/
           RewriteCond %{QUERY_STRING} transport=websocket
           RewriteRule /(.*)           ws://localhost:22280/$1 [B,P,L]
           RewriteRule ^(.*)$          /index.php?__path__=$1  [B,L,QSA]

     ErrorLog ${APACHE_LOG_DIR}/error.log
     CustomLog ${APACHE_LOG_DIR}/access.log combined

     <Directory /var/www/html/repository/phabricator/webroot/>
            Require all granted
        LimitRequestBody  45242880
    </Directory>

    <IfModule mpm_itk_module>
      AssignUserId phab phab
    </IfModule>    

SSLCertificateFile /etc/letsencrypt/live/phabricator.xxxx.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/phabricator.xxxx.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

i already add /var/www/html/repository/phabricator/support/preamble.php with content like this:

<?php

$_SERVER['HTTPS'] = true;

According to the error message, there is an issue with SSL. Please tell us how you configured the SSL termination for aphlict. If you did not do any configuration for aphlict SSL termination you need to understand that it is a different server and needs its own SSL termination. You get an explanation in the docs: https://secure.phabricator.com/book/phabricator/article/notifications/ — Bastian, Jan 17 '20 at 10:36

score -1 · Answer 1 · answered Nov 21 '19 at 03:28

-1

It looks like the port in your notification servers config should be 443 since that's the port for your host in Apache. 22280 will be the port used by Aphlict, which isn't using https.

answered Nov 21 '19 at 03:28

CasualSuperman

59
1
3

not working `Got HTTP 200, but expected HTTP 501 (WebSocket Upgrade)!` – mileven Nov 21 '19 at 04:08
Have you enabled [mod_proxy_wstunnel](https://httpd.apache.org/docs/2.4/mod/mod_proxy_wstunnel.html)? – CasualSuperman Nov 22 '19 at 01:31
Try updating your Websocket `RewriteCond`s to use [this technique](https://stackoverflow.com/a/34371105/3102011). – CasualSuperman Nov 22 '19 at 01:51
Not sure I can help any more then, unfortunately. The websocket is at least connecting to Apache, but something is going wrong with the reverse proxy to Aphlict. I usually use nginx; I just noticed the issue with the Phabricator configuration. Good luck! – CasualSuperman Nov 22 '19 at 02:18

Phabricator Notification Servers SSL error

1 Answers1