I have copied the contents of the (non OS ssl) privkey.pem into the fullchain.pem to create the /home/me/.config/tryton/x.y/ca_certs file. I then declared it in the trytond.conf with “SSLContext.load_cert_chain(/home/me/.config/tryton/x.y/ca_certs)” I am not sure if this is where SSLContext.load_cert_chain should be defined but couldn’t find any information to that effect. When gnuhealth is run it dies with this error:
systemd[1]: Started GNU Health server.
trytond[11389]: Traceback (most recent call last):
trytond[11389]: extra_files = config.update_etc(options.configfile)
trytond[11389]: File “/usr/lib/python3.6/site-packages/trytond/config.py”, line 107, in update_etc
trytond[11389]: read_files = self.read(configfile)
trytond[11389]: File “/usr/lib64/python3.6/configparser.py”, line 697, in read
trytond[11389]: self._read(fp, filename)
trytond[11389]: File “/usr/lib64/python3.6/configparser.py”, line 1111, in _read
trytond[11389]: raise e
trytond[11389]: configparser.ParsingError: Source contains parsing errors: ‘/etc/tryton/trytond.conf’
trytond[11389]: #011[line 60]: ‘SSLContext.load_cert_chain(/home/me/.config/tryton/x.y/ca_certs)\n’
systemd[1]: gnuhealth.service: Main process exited, code=exited, status=1/FAILURE
systemd[1]: gnuhealth.service: Unit entered failed state.
systemd[1]: gnuhealth.service: Failed with result ‘exit-code’.
systemd[1]: gnuhealth.service: Service RestartSec=100ms expired, scheduling restart.
systemd[1]: Stopped GNU Health server.
systemd[1]: gnuhealth.service: Start request repeated too quickly.
systemd[1]: Failed to start GNU Health server.
systemd[1]: gnuhealth.service: Unit entered failed state.
systemd[1]: gnuhealth.service: Failed with result ‘exit-code’.
sshd[11334]: pam_unix(sshd:session): session closed for user root
systemd-logind[1342]: Session 87 logged out. Waiting for processes to exit.
systemd-logind[1342]: Removed session 87.
sshd[11397]: Accepted keyboard-interactive/pam for root from 192.168.1.107 port 50177 ssh2
systemd-logind[1342]: New session 88 of user root.
systemd[1]: Started Session 88 of user root.
sshd[11397]: pam_unix(sshd:session): session opened for user root by (uid=0)
Could you please advise on what I’m doing wrong and how to sort it.
Actually, I initially set the paths to the key and certificate in tryton.conf before going the SSLContext.load_cert_chain way but that also threw an error like:
systemd[1]: Started GNU Health server.
trytond[21214]: Traceback (most recent call last):
trytond[21214]: use_reloader=options.dev)
trytond[21214]: File “/usr/lib/python3.6/site-packages/werkzeug/serving.py”, line 833, in run_simple
trytond[21214]: inner()
trytond[21214]: File “/usr/lib/python3.6/site-packages/werkzeug/serving.py”, line 793, in inner
trytond[21214]: fd=fd)
trytond[21214]: File “/usr/lib/python3.6/site-packages/werkzeug/serving.py”, line 679, in make_server
trytond[21214]: passthrough_errors, ssl_context, fd=fd)
trytond[21214]: File “/usr/lib/python3.6/site-packages/werkzeug/serving.py”, line 602, in init
trytond[21214]: self.socket = ssl_context.wrap_socket(sock, server_side=True)
trytond[21214]: File “/usr/lib/python3.6/site-packages/werkzeug/serving.py”, line 512, in wrap_socket
trytond[21214]: ssl_version=self._protocol, **kwargs)
trytond[21214]: File “/usr/lib64/python3.6/ssl.py”, line 1158, in wrap_socket
trytond[21214]: ciphers=ciphers)
trytond[21214]: File “/usr/lib64/python3.6/ssl.py”, line 750, in init
trytond[21214]: self._context.load_cert_chain(certfile, keyfile)
trytond[21214]: PermissionError: [Errno 13] Permission denied
systemd[1]: gnuhealth.service: Main process exited, code=exited, status=1/FAILURE
systemd[1]: gnuhealth.service: Unit entered failed state.
systemd[1]: gnuhealth.service: Failed with result ‘exit-code’.
systemd[1]: gnuhealth.service: Service RestartSec=100ms expired, scheduling restart.
systemd[1]: Stopped GNU Health server.
systemd[1]: Started GNU Health server.
sshd[21222]: Accepted keyboard-interactive/pam for root from 192.168.1.107 port 52141 ssh2
systemd[1]: Started Session 99 of user root.
systemd-logind[1342]: New session 99 of user root.
sshd[21222]: pam_unix(sshd:session): session opened for user root by (uid=0)
I am new to Tryton. Will appreciate if you could explain clearly how to deal with this.
Thank you.
Thanks for your reply but it is not helpful to me considering my request above.
Before posting for help, I’ve seen the reference to the PermissionError: and I have given both the directory and the the two files involved chmod 777 but tryton is still not permitted (got the same error) which is why I requested you to tell me clearly what needs to be done if you know it so it doesn’t have to take me another five questions or so to get there. Thanks
Hello. I am having a similar issue.
I already installed and set nginx. I am still learning on how to set up ssl on trytond.
I need to know if this is the way to set the graphic client to go trough ssl.
Thanks
Actually you dont need ssl on trytond if you’re behind the proxy, just use https between client and nginx and leave trytond without ssl. In this forum are some topics about how configure nginx for tryton
Hi! Thanks for the quick response.
I have seen many post, but actually I have no clue on how to set it up.
Is there any step-by-step on how to configure nginx without using docker?