Lets encrypt for qwebirc at port 5000


#1

hey, im running lets encrypt on my site, and i have part which is viewing irc content on web , thats qwebirc web client. working on port 5000. that never included cert, its working like , domain.com:5000 but no certs :(, actually i was not excepting if it works :slight_smile: , but if someone can tell me a way, (if there is), that will be miracle for me


#2

Does the web IRC content service use exactly the same hostname as your current certificate?

If so, you might be able to re-use the current Let’s Encrypt certificate from your website for your web IRC service.

The question is: does that web IRC content service support TLS in the first place? What software are you using for it?

If it doesn’t support TLS, you might be able to set up a reverse proxy or something for it with your webserver.


#3

hi , thank you for your response. domain is wzion.com and qwebirc is working on wzion.com:5000
and i m using unrealircd inner side of qwebirc , it does not support ssl, but i was using another version which support ssl before, it was not working too, but isn not it about qwebirc on web, cos its not directly using unrealircd, how can i use cert for that port ?
(note i can cover unrealircd with ssl thats okay but its about qwebirc at the moment)


#4

qwebirc supports SSL:

https://qwebirc.org/faq

How do I set up SSL support?
Install OpenSSL (most UNIX systems have it by default, Shining Light Productions offer a version for Windows) and pyOpenSSL.
You can then pass your PEM encoded certificate and key into run.py using the -C and -k options.

Should work.


#5

You should also use -H. This isn’t included in the FAQ above, but reading the source code (does that piece of software even have proper documentation? :persevere:), you should use these (extra) switches:

--certificate /etc/letsencrypt/directoryofyourcertificate/cert.pem --key /etc/letsencrypt/directoryofyourcertificate/privkey.pem --certificate-chain /etc/letsencrypt/directoryofyourcertificate/chain.pem

Or, if you’d like the short options:

-C /etc/letsencrypt/directoryofyourcertificate/cert.pem -k /etc/letsencrypt/directoryofyourcertificate/privkey.pem -H /etc/letsencrypt/directoryofyourcertificate/chain.pem

Also, if you renew your certificate, you probably have to manually reload or restart qwebirc so it can use the new certificate.


#6

For these reasons it may just be easier to just

<VirtualHost *:5443>
  ServerName wzion.com
  SSLCertificateFile /etc/letsencrypt/live/wzion.com/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/wzion.com/privkey.pem
  ProxyPass / http://localhost:5000
  ProxyPassReverse / http://localhost:5000
</VirtualHost>

or even setup a name-based irc. subdomain on port 443 and avoid the annoying extra port.


#8

exactly qwebirc ssl definations had some missing parts guys. thank you for details, i m excited _az and Osiris, :slight_smile: _az way seems very easy ,and for the record i do not have to use 5000 i can use any port , tried 333, 399 told have no permission, if this detail gives me a path , i really would like to know.
(i can create an irc subdomain but i m pointing qwebirc to the ip adress which is same with the domain, how can qwebirc know the difference ?, if needed i can pick an other ip and can you please teach me how to tell qwebirc to work on the domain or subdomain, on run.py area there is port colomn to fill , what should i type , 443 ? i guess will say i have no permission, or should i keep blank ? )
<VirtualHost *:5443>
ServerName wzion.com
SSLCertificateFile /etc/letsencrypt/live/wzion.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/wzion.com/privkey.pem
ProxyPass / http://localhost:5000
ProxyPassReverse / http://localhost:5000

i added this virtual host , could not start apache because of missed modules , and then i install needed proxy modules and loaded virtual host without any problem. but did not work. maybe it wont. i did not see any https who use this web clients, if i could , it should be a big step.
and then i complated osiris files
parser.add_option("-C", “–certificate”, help="/etc/letsencrypt/live/wzion.com/cert.pem", dest=“sslcertificate”)
parser.add_option("-k", “–key”, help="/etc/letsencrypt/wzion.com/privkey.pem", dest=“sslkey”)
parser.add_option("-H", “–certificate-chain”, help="/etc/letsencrypt/wzion.com/chain.pem", dest=“sslchain”)
this one also loaded without any problems , the page wzion.com:5000 is just a web page , its not connected irc yet, so i think the cert should work at least on this page
+turned off unreal and tried ,too


#9

Uch, no offence, but I’m gonna need to find myself an hour in my agenda and schedule the reading in of your post to only understand your post in total, it’s rather (understatement) un-structured and hard to follow IMHO.


#10

i feel some ashamed please take it easy . this is an unsolved case for all who use this program ( qwebirc but including a modified theme) , as i told i have never seen a ssl version in professional resellers , too… so very probably there are right reasons for not working with ssl. i mean its not a simple case, there are ircd hosting componies who sell and host this program but they do not have ssl, (none of them ) , so this difference means a lot of thing including money. i m not on that side , i m working just for my site,if solved , then the site would be best in this type of sites. yes there are qwebirc with ssl, but not this one, this is few steps newer then last qwebirc , a developed and new features added one. thank you for your interest.
if you would like to examine the program , i can send via mail,and tell the fixes. this program needs some fixes because as i told its developed and not setting up as same as the main qwebirc, i can not paste on a common file area because its on sale, not a reachable one at the moment, better i dont. i m not the developer but owner. , just saying


#11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.