Dokku letsencrypt plugin resets proxy ports upon auto-renewal, breaking app

[michaelyork]

Woke up this morning to see my instance down. Tracked down the issue to a letsencrypt cert auto-renewal last night, and proxy port mappings that had been reset. Looks like they went from https:443:443 to https:443:80. Manually resetting to https:443:443 resolved the issue.

Is there something about the app config that causes this? Any way to fix?

[cooperaj]

dokku/dokku-letsencrypt#296

Feel free to boost/chuck some money at it :)

[cooperaj]

True to form, this happened to my instance last night.

[josegonzalez]

Wait so does this app use listen internally on port 443 as well? Does mastadon have its own self-signed cert it serves up?

[cooperaj]

Yeah. It's a weird one this image. I don't know quite why they default to this but they do.

https://docs.linuxserver.io/images/docker-mastodon/#strict-reverse-proxies tells you that it's necessary but not why. I believe it's because the node based streaming server is reliant on secure websockets (wss) and so they ship an image that can at least function - even if you're getting unknown certificate errors.

Because the image has the redirect from 80 to 443 in place it's not possible to make it work without ensuring traffic goes to 443 and dokku/dokku-letsencrypt#296 means that everytime letsencrypt refreshes it removes that port mapping and results in an infinite redirect loop when accessing the app through the dokku proxy.

[divSelector]

I'm debating installing this, but I've heard so many horror stories of people updating Mastodon that it scares me, because everything on my Dokku server is built my me and as a result is very elegant and small and simple. And if I add Mastodon, what kind of hammer am I throwing into my server gears?

Did you all find a solution to this?

edit: never mind, I read the other thread. :)