I’ve got the hub finally running self-hosted on a synology. Not locally, as I couldn’t get that to work, but in production mode. It works – it works well – I love it!
After a succesful unlock of any vault, I am being redirected to the hub online. However, this always gives an invalid redirect: 502 Bad Gateway openresty. A similar issue was noted on Github – and fixed in an earlier version. Maybe it is reoccuring?
It doesn’t affect the behavior of Cryptomator. Logins and unlocking are okay – it’s just the redirect, opening a browser tab with the error message. Perhaps you can look into it? Or is it something to adjust in Keycloak perhaps?
Thanks for Cryptomator (long time happy user) and the hub!
Tigo
I doubt that, no other hub client ever mentioned this.
My guess ist, that your reverese proxy config contains an error.
Cryptomator Hub uses OAuth2 for native apps to authorize vault access. In the process, a locally started server listening on localhost is spawned. When the authorization answer is recieved from the browser, the local server recieves a redirect response to the unlock-success url inside your vault.cryptomator config file. You can check the unlock-success url by copying the contents of your vault.cryptomator file into the enoded field of https://jwt.io/.
The unlock-error url works properly: i get a cryptomator page saying the vault couldn’t open. However, the unlock-succes url gives a bad gateway error.
I use Nginx Proxy Manager and had to use unequal ports for the hub container and the keycloack container. In the setup template, the port number for these containers is the same. My issue must be related to all that. It’s not a big deal but it would be nice to solve it. In any case, I like the new beta. Congrats, great work!
Would you like to share your Nginx config, maybe we can add it to the Hub setup wizard on Cryptomator Hub: Setup Wizard like Traefik to avoid such trouble in the future?
Sure. I think it’s pretty straightforward. When executing the setup wizard script in docker (running on a synology nas), docker says port 443 – or any other port number I use here – is already taken. I therefore switched to ports 9443 for the hub and 8443 for the kc container. This works, save for the Bad Gateway error on opening a vault succesfully.
Below is the NPM config. The Advanced tab is left out as it contains no values. I hope this helps others setting up Cryptomator Hub.
BTW: for the docker script to work on my Synology, I had to leave out the deploy-sections from the wizard script.