21:13 <abliss> So it looks like the sandstorm http bridge strips off any Authorization headers that the client sends (from within the ui iframe). Is this documented somewhere? Is there a good reason for it? Any way to disable it?

21:39 <syf_z_otchlani> hiya

21:39 <abliss> Hi!

21:40 <syf_z_otchlani> I'm trying to make the app working

21:40 <syf_z_otchlani> wih

21:40 <syf_z_otchlani> https://docs.sandstorm.io/en/latest/administering/self-signed/

21:40 <syf_z_otchlani> with this config

21:40 <syf_z_otchlani> but I think nginx is not longer used

21:42 <syf_z_otchlani> so point 10 doesn't make sense

21:43 <abliss> Why do you think nginx is no longer used?

21:44 <syf_z_otchlani> can't find its config anywhere on machine with sandstorm installed

21:44 <abliss> Currently, as shipped, sandstorm will only terminate SSL if it is using a sandcats.io domain. If you want any other SSL termination, you have to put it behind an nginx reverse proxy.

21:45 <abliss> I assume your machine which has sandstorm installed but no nginx either has (a) sandstorm configured to use SSL with a sandcats.io domain; or (b) is not using SSL at all; or (c) has some other reverse proxy set up to terminate the SSL (apache?).

21:46 <abliss> (Actually, sandstorm is able to terminate its own SSL more generically, but this has no support or UI or documentation, so it's unlikely to be doing that in your case.)

21:47 <syf_z_otchlani> uhm

21:47 <syf_z_otchlani> just wanted to make it work, automatic way doesn't work for me because I dont have external IP

21:48 <abliss> Can you clarify what you mean by "make it work"?

21:50 <syf_z_otchlani> cant connect with https because the browser accepts exception only for main window

21:50 <syf_z_otchlani> iframes are never asked and they are in subdomains / wildcards territory

21:50 <syf_z_otchlani> so no app is able to run

21:51 <abliss> What exception did you put in for the main window? is it using a self-signed cert without a corresponding cert authority?

21:52 <syf_z_otchlani> it's still serving it signed with sandcat.io obtained certificate

21:53 <abliss> if you have a sandcats.io cert, then you must've been exposed to the internet at some previous time, is that right?

21:53 <syf_z_otchlani> I don't know where is the variable stored with link to certs

21:54 <syf_z_otchlani> yes, it was automatic install

21:54 <abliss> do you have a file at `/opt/sandstorm/sandstorm.conf` ? if so, can you paste its contents?

21:55 <syf_z_otchlani> but I can't connect with external hostname, even if I forward ports I don't have my own IP visible from internet

21:55 <abliss> i'm guessing you probably need to go back to https://docs.sandstorm.io/en/latest/administering/reverse-proxy/#configure-nginx and set up the nginx reverse proxy before you can set up your self-signed cert.

21:55 <syf_z_otchlani> sure, i will paste it

22:01 <syf_z_otchlani> SERVER_USER=sandstorm

22:01 <syf_z_otchlani> MONGO_PORT=6081

22:01 <syf_z_otchlani> PORT=80

22:01 <syf_z_otchlani> BASE_URL=https://tuleap.local

22:01 <syf_z_otchlani> BIND_IP=0.0.0.0

22:01 <syf_z_otchlani> WILDCARD_HOST=*.tuleap.local

22:01 <syf_z_otchlani> UPDATE_CHANNEL=dev

22:01 <syf_z_otchlani> ALLOW_DEV_ACCOUNTS=false

22:01 <syf_z_otchlani> SMTP_LISTEN_PORT=25

22:01 <syf_z_otchlani> HTTPS_PORT=443

22:02 <abliss> yep, see the page I linked above. ESpecially " Make sure there is no HTTPS_PORT=... line, as the HTTPS_PORT=... configuration option enables Sandstorm's auto-renewing sandcats.io free SSL. "