Yup, looks like it’s approved, thanks. Two follow up questions (I can a separate post if needed):
The documentation notes the following:
For evaluation purposes, we automatically grant the use of up to 5 devices.
Does this mean we can only have 5 devices use the proxy before we need we need to pay? Is there more information on this somewhere?
If you look at my snippet, nginx failed to load with [Errno -2] Name or service not known
. It doesn’t look like snap-proxy exposes nginx logs anywhere obvious that I can tell, but taking a guess, I think it’s an issue with the proxy.domain
variable. Looking at /snap/snap-store-proxy/current/templates/nginx.conf
, I see the following line:
server_name {{ cfg['proxy.domain'] }};
We use a wildcard cert for our domain, and the snap-proxy host is something like ubuntu.domain.com
. However, when I specify ubuntu.domain.com
as the proxy.domain
, I get the following error:
root@ubuntu:~# snap-proxy config proxy.domain="ubuntu.domain.com"
proxy.domain: ubuntu.domain.com
root@ubuntu~# cat cert key | snap-proxy import-certificate
ubuntu.domain.com domain not supported by this TLS certificate
root@ubuntu:~#
When I use domain.com
, it succeeds
root@ubuntu:~# sudo snap-proxy config proxy.domain="domain.com"
proxy.domain: domain.com
root@ubuntu:~# cat cert key | snap-proxy import-certificate
TLS certificate for domain.com configured.
root@ubuntu:~#
But the snap-proxy host isn’t domain.com
, it’s ubuntu.domain.com
, which (I believe) causes the nginx error. Is there a workaround for this?
Edit: Furthermore, after changing proxy.domain
to ubuntu.domain.com
to get a working proxy (albeit without SSL), I can’t remove the cert I added, either by running snap-proxy remove-ca-certs
or by trying to manually set proxy.tls.cert
(which `snap-proxy config shows is set to the wildcard cert I set earlier):
root@ubuntu:~# snap-proxy remove-ca-certs
error: Could not remove /var/snap/snap-store-proxy/common/ca-certificates.crt
root@ubuntu:~# systemctl restart snapd
root@ubuntu:~# snap-proxy status
Store ID: { id }
Status: approved
Connected Devices (updated daily): 0
Device Limit: 150
Internal Service Status:
memcached: running
nginx: not running: [('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')]
snapauth: running
snapdevicegw: running
snapdevicegw-local: running
snapproxy: running
snaprevs: running
root@ubuntu:~# # snap-proxy config shows proxy.tls.cert as the cert I set earlier
root@ubuntu:~# snap-proxy config proxy.tls.cert=""
no TLS certificate data
root@ubuntu:~# snap-proxy config proxy.tls.cert=
no TLS certificate data
root@ubuntu:~# snap-proxy config proxy.tls.cert="foo"
could not parse TLS certificate (PEM format)
root@ubuntu:~#