Just finished deploying my first self-
Just finished deploying my first self-hosted convex application and I ran into similar problem as @bastianwegge, I solved by using Caddy as a reverse proxy with TLS adding that security layer to the convex apps running on docker
And then I had the problem that for some reason my containers weren't able to access my domain-name:port and I thought it was a problem of running non-443 port, but it was some weird docker networking problem that I workarounded with an entry on /etc/hosts; shoul anyone else run into the slight headache that I did
3 Replies
If you're feeling altruistic - if you write up your setup (or make some kind of template) and put it on github, I'm sure other folks would appreciate it.
There are a few things about JWT in convex that I learned is that setting up self-hosted on localhost doesn't work because (at least last I checked) the backend forces https:// into the issuer when checking it, so it ends up checking https://http://127.0.0.1:3211 against the value on the issuer and it just never works
And the other thing, the one I ran into today was that after configuring convex and reverse proxy on my VPS, I learned that despite being the issuer, convex will go to the issuer URL and try to load /.well-known/ apis to discover it's own public keys and validate the token, and that will fail if the container is unable to reach your host machine from your domain name;
Still unbeknownst to me, in my case it was failing and I solved it with a /etc/hosts hack, if anyone knows what truly was going on I appreciate the input
Also as a last addendum the Convex AI told me that I was supposed to host my /.well-known at port 443, absolutely, unabashedly and I pressed X to doubt on that, couldn't find anything else on the internet specifying that OAuth discovery was to be obligatorily hosted on port 443; Alas, despite that shortcoming the Convex Docs AI was of great help