opencred icon indicating copy to clipboard operation
opencred copied to clipboard
verified publisher icon stateofca

“Service Unavailable” when trying to run via Docker

Open stevaner opened this issue 1 year ago • 1 comments

I am trying to run the app via Docker with the following config (the diff between combined.yaml and config.example.yaml):

app:
  server:
     baseUri: "https://localhost"
  opencred:
    caStore:
      - pem: |
          -----BEGIN CERTIFICATE-----
          MYCERT
          -----END CERTIFICATE-----
    signingKeys:
      - type: ES256
        privateKeyPem: |
          -----BEGIN EC PRIVATE KEY-----
          MYPRIVATEKEY
          -----END EC PRIVATE KEY-----
        publicKeyPem: |
          -----BEGIN PUBLIC KEY-----
          MYPUBKEY
          -----END PUBLIC KEY-----
        purpose:
          - id_token
          - authorization_request
  …
  enableAudit: false

I’m getting Service Unavailable when I visit https://localhost:22443. Any idea what the problem is?

stevaner avatar Jul 03 '24 13:07 stevaner

This flag controls whether the app will run on HTTP only (not HTTPS).

If you run with httpOnly = false, the server will operate on the HTTPS ports using a self-signed certificate.

The httpOnly = true setting is appropriate when running behind a tunnel or load balancer that provides TLS as explained in the readme: https://github.com/stateofca/opencred/tree/main?tab=readme-ov-file#optional-remote-tunnel-setup

https://github.com/stateofca/opencred/blob/main/configs/server.js#L13

mattcollier avatar Jul 03 '24 15:07 mattcollier