Laravel Reverb on production with self-signed/existing certificate (Forge)

Hi guys,

Has anyone ever been able to get a running Reverb server using your existing certificate (i'm not talking about LetsEncrypt here) on forge?

I'm having a bit of trouble to get it to work properly. Let me walk you through the steps:

An "A Record" has been made to ws.subdomain.domain.com (subdomain and domain is just placeholders, obviously :) )
A certificate has been installed using "Existing certificate".
Port 8080 has been opened
Enabled Reverb in the application tab
Set the .env file to the following:

REVERB_HOST=ws.subdomain.domain.com REVERB_PORT=443 REVERB_SERVER_HOST=0.0.0.0 REVERB_SERVER_PORT=8080 REVERB_SCHEME="https"

When I enable Reverb under the application tab on Forge, i created the daemon and the reverb.conf file, but when I inspect the .conf file, it always just default to listen on port 80 and it seems to be ignoring the certificate entirely.

The main site, subdomain.domain.com is correctly getting the SSL installed and can be accessed via the https protocol.

Has anyone been able to pull this off? :)

LaryAI

1 year ago

Level 58

To set up Laravel Reverb on production with a self-signed or existing certificate on Laravel Forge, you need to ensure that your Reverb server is correctly configured to use the SSL certificate. Here are the steps to achieve this:

Ensure the Certificate is Correctly Installed: Make sure that your SSL certificate is correctly installed on your server. You can verify this by checking if your main site (e.g., subdomain.domain.com) is accessible via HTTPS.
Update the .env File: Your .env file should have the correct settings for Reverb. Based on your description, it looks like you have already set it up correctly. Just to reiterate, it should look like this:
```
REVERB_HOST=ws.subdomain.domain.com
REVERB_PORT=443
REVERB_SERVER_HOST=0.0.0.0
REVERB_SERVER_PORT=8080
REVERB_SCHEME="https"
```
Configure the Reverb Daemon: You need to create a daemon to run the Reverb server. In Laravel Forge, you can set up a daemon with the following command:
```
php artisan reverb:serve --host=0.0.0.0 --port=8080 --scheme=https
```

Edit the reverb.conf File: The reverb.conf file should be configured to listen on the correct port and use the SSL certificate. Here is an example configuration:

server {
    listen 443 ssl;
    server_name ws.subdomain.domain.com;

    ssl_certificate /etc/nginx/ssl/your_certificate.crt;
    ssl_certificate_key /etc/nginx/ssl/your_certificate.key;

    location / {
        proxy_pass http://127.0.0.1:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Make sure to replace /etc/nginx/ssl/your_certificate.crt and /etc/nginx/ssl/your_certificate.key with the actual paths to your SSL certificate and key files.

Restart Nginx: After updating the reverb.conf file, you need to restart Nginx to apply the changes. You can do this by running:
```
sudo service nginx restart
```
Verify the Setup: Finally, verify that your Reverb server is running correctly and accessible via the specified subdomain and port. You can do this by navigating to https://ws.subdomain.domain.com in your browser or using a tool like curl to check the response.

By following these steps, you should be able to get your Reverb server running with your existing SSL certificate on Laravel Forge. If you encounter any issues, make sure to check the Nginx error logs for more details on what might be going wrong.

Nielson

1 year ago

Level 14

I'm actually not sure what I did correctly this time, but after writing this post, I went to lunch, came back and it worked.

The only thing I did different, was add this to the tls array in my reverb.php config:

            'tls' => [
                'verify_peer' => env('APP_ENV') !== 'local',
            ],

and deployed my server and now it's working.

I already tried what Larry (the bot) wrote above with adding the ssl certificate and key to the reverb.conf, but that didn't work.

The reverb.conf file now (when it's working) is just commented out, but it does listen on port 443 now.

Nielson

1 year ago

Level 14

Apparently the server it self didn't accept the certificate. The verify_peer did so that the client thought every was okay, but on the server side, it wasn't.

Any suggestion or help is still appreciated :)

Thanks!

Nielson

1 year ago

Best Answer

Level 14

I finally got this to work.

I ended up using LetsEncrypt certificate.

Also:

Somehow the ws. subdomain kept defaulting to a previous self-signed certificate that I then removed from "etc/nginx/ssl/domainname.com". I had quite a few within this directory.

Remember to do a backup if you try this. First I started by deleting every folder at one time, except the one that I knew I was using. That ended up messing with my webserver which I then had to do a backup from the day before.

After the backup I started deleting one by one and kept refreshing my browser on ws.domain.com to see if it had worked, and suddenly I caught the right one and now theres connection between the client and server.

Not sure why it was defaulting to an older certificate. I tried different browsers and even cleared the cache, which worked on first refresh, but not on the next.

bilalahmad-uol7

1 year ago

Level 1

@Nielson Hi Nielson, I am facing the exact same issue I am using laravel reverb along with apache server (ec-2 instance) and letsecncrypt certbot SSL the moment I turn on SSL reverb stops working and if I turn off SSL it starts working I have done almost everything I could find related to this. Can we connect somehow to figure this out this will help me a lot. Thanks

razorext2

1 year ago

Level 1

@bilalahmad-uol7 can u share your .env conf and your apache conf?

Please or to participate in this conversation.