Troubleshootiong ssl connection refused errors to web interface

Get help, report and discuss bugs.
Post Reply
blisterfingers
Posts: 2
Joined: 28 Dec 2020, 20:24

Troubleshootiong ssl connection refused errors to web interface

Post by blisterfingers » 28 Dec 2020, 22:34

NZBGet v21.0 running in a Docker container on my Synology NAS, in a home environment, and no ports/services exposed to the Internet. Regular HTTP connections to port 6789 working fine, as are all connections to indexers.

I'm in process of configuring HTTPS for all my Intranet apps (routers, Pi-Hole, Radarr, NZBHydra, Sonarr, Bazarr, and NZBGet).

I'm seeing ERR_CONNECTION_REFUSED when connecting via HTTPS on port 6791 on Windows 10 and Max OS X devices (Safari and Edge browsers).

Here's what I've configured . . .

NZBGet security settings:
  • ControlIP set to 0.0.0.0
  • SecureControl enabled, secure port 6791
  • SecureCert path /config/keystore/certificate.pem
  • SecureKey path /config/keystore/private_key.pem
  • /config is mapped to a folder in a volume on my NAS and the account running NZBGET in Docker has full permissions to the folder
  • CertCheck setting toggled on and off (makes no difference)

I've tried three different certs (all encoded as BASE64 ASCII (PEM)):
  • Server cert issued from internal CA (internal root CA is trusted by all devices)
  • Valid server cert issued from a commercial CA
  • Self-signed test cert issued from selfsignedcertificate.com

I don't think the issue is related to certificate encoding. If it was working I would expect to at least see a browser warning.

I've checked that the server is listening on tcp/6791:

Code: Select all

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:6789            0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:6791            0.0.0.0:*               LISTEN      -
I've restarted the container after changing settings.
I've temporarily disabled the Windows 10 firewall app, and my Mac doesn't run a firewall app.

I'm running low on troubleshooting ideas, any pointers greatly appreciated :?

hugbug
Developer & Admin
Posts: 7645
Joined: 09 Sep 2008, 11:58
Location: Germany

Re: Troubleshootiong ssl connection refused errors to web interface

Post by hugbug » 28 Dec 2020, 22:41

NAS and docker - seems a lot to configure.
As a test I suggest to install nzbget on a Windows PC or Mac and configure SSL there. You don't have to configure news servers or anything else download related.
The certificates from selfsignedcertificate.com should work (with a warning in browser).

blisterfingers
Posts: 2
Joined: 28 Dec 2020, 20:24

Re: Troubleshootiong ssl connection refused errors to web interface

Post by blisterfingers » 28 Dec 2020, 22:52

I forgot to map the port in the Docker container config :oops:

All working now

Post Reply

Who is online

Users browsing this forum: No registered users and 46 guests