[SOLVED] Good nginx ssl instructions

ralph.ronnquist · 2023-01-03 02:24:38

Right. with wget -H http://www.realupnow.com I get that it connects on port 80, responds with redirect (301) to https, and then fails connection on port 443.

That is an indication that the ssl setup is wrong in some way. Perhaps you could show the log again, following your last entry.

dcolburn · 2023-01-03 02:36:27

access.log

205.185.118.237 - - [02/Jan/2023:07:43:15 -0500] "POST /boaform/admin/formLogin HTTP/1.1" 404 125 "http://66.172.90.106:80/admin/login.asp" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0"
205.185.118.237 - - [02/Jan/2023:07:43:15 -0500] "" 400 0 "-" "-"

The error.log I just posted is the most recent.

Last edited by dcolburn (2023-01-03 02:37:33)

ralph.ronnquist · 2023-01-03 02:40:23

The error.log I just posted is the most recent

Did you confirm that? I accessed your server more recent than that and before I made my post.

dcolburn · 2023-01-03 02:46:36

ralph.ronnquist wrote:

The error.log I just posted is the most recent
Did you confirm that? I accessed your server more recent than that and before I made my post.

I hit Reload - just did it, again.

Wait, I recall noticing that there's an access1.log and an error1.log ...

I'm not sure why there is a second version but I'll check there and post in a minute.

dcolburn · 2023-01-03 02:47:53

error.log.1

2023/01/01 14:46:03 [info] 19798#19798: Using 131072KiB of shared memory for nchan in /etc/nginx/nginx.conf:65
2023/01/01 14:46:16 [info] 19810#19810: Using 131072KiB of shared memory for nchan in /etc/nginx/nginx.conf:65
2023/01/01 20:28:19 [emerg] 21905#21905: invalid parameter "realupnow.com" in /etc/nginx/sites-enabled/realupnow.com:24
2023/01/01 20:58:50 [info] 22144#22144: Using 131072KiB of shared memory for nchan in /etc/nginx/nginx.conf:65
2023/01/01 21:49:38 [info] 22479#22479: Using 131072KiB of shared memory for nchan in /etc/nginx/nginx.conf:65
2023/01/01 21:49:49 [info] 22493#22493: Using 131072KiB of shared memory for nchan in /etc/nginx/nginx.conf:65
2023/01/01 21:57:58 [emerg] 22559#22559: invalid parameter "realupnow.com" in /etc/nginx/sites-enabled/realupnow.com.conf:24

dcolburn · 2023-01-03 02:49:37

access.log (I think I posted access.log.1 before.)

94.102.61.10 - - [02/Jan/2023:21:02:18 -0500] "GET / HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36"
192.168.50.1 - - [02/Jan/2023:21:05:09 -0500] "GET / HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Mobile Safari/537.36"
203.220.142.95 - - [02/Jan/2023:21:19:08 -0500] "GET / HTTP/1.1" 301 169 "-" "Wget/1.21"
103.149.192.59 - - [02/Jan/2023:21:30:23 -0500] "GET / HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36"
168.196.124.13 - - [02/Jan/2023:21:48:23 -0500] "GET / HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"

dcolburn · 2023-01-03 03:14:09

root@devuan1:/var/www# ls -al
total 16
drwxr-xr-x  4 root     root     4096 Jan  1 22:12 .
drwxr-xr-x 12 root     root     4096 Dec 24 21:35 ..
drwxr-xr-x  2 root     root     4096 Jan  1 01:03 html
drwxr-xr-x  2 www-data www-data 4096 Jan  1 16:25 realupnow.com
root@devuan1:/var/www#

dcolburn · 2023-01-03 03:16:41

root@devuan1:/etc/nginx/sites-enabled# ls -al
total 8
drwxr-xr-x 2 root root 4096 Jan  1 21:47 .
drwxr-xr-x 9 root root 4096 Dec 31 16:32 ..
lrwxrwxrwx 1 root root   45 Jan  1 21:47 realupnow.com.conf -> /etc/nginx/sites-available/realupnow.com.conf
root@devuan1:/etc/nginx/sites-enabled#

dcolburn · 2023-01-03 03:17:44

root@devuan1:/etc/nginx/sites-available# ls -al
total 16
drwxr-xr-x 3 root root 4096 Jan  2 22:14 .
drwxr-xr-x 9 root root 4096 Dec 31 16:32 ..
-rw-r--r-- 1 root root  838 Jan  2 22:14 realupnow.com.conf
drwxr-xr-x 2 root root 4096 Dec 30 17:24 sitesavailableunusedfiles
root@devuan1:/etc/nginx/sites-available#

ralph.ronnquist · 2023-01-03 03:18:12

Ok. hmm 203.220.142.95 would be me, yes.

ralph.ronnquist · 2023-01-03 03:21:36

Is there a recent /var/log/php7.4-fpm.log and how does that look, if so?

dcolburn · 2023-01-03 03:38:56

ralph.ronnquist wrote:

Is there a recent /var/log/php7.4-fpm.log and how does that look, if so?

Nothing today and yesterday it just says error log reopened.

The folder/file permissions I posted all look OK?

Last edited by dcolburn (2023-01-03 03:39:52)

dcolburn · 2023-01-03 03:56:57

/var/www/realupnow.com/index.html is root:root

ralph.ronnquist · 2023-01-03 04:12:28

Yes all configuration looks fine, although some ssl settings can probably be tuned. But it should connect and allow access. One thing missing is the ssl_dhparam setting which according to doc is required when/if DH ciphers are used. But I would have thought nginx would issue an error message when started/restarted if that would stop it from opening the ssl listener. Try with stopping nginx, then starting it, and check the error log.

Does that host have any local firewall?

dcolburn · 2023-01-03 04:20:01

ralph.ronnquist wrote:

Does that host have any local firewall?

Are you speaking of namecheap, my router, or the Dell-Devuan server, please?

dcolburn · 2023-01-03 04:21:33

nginx stopped and restarted. This is all that showed up in error.log

2023/01/02 23:18:01 [info] 28307#28307: Using 131072KiB of shared memory for nchan in /etc/nginx/nginx.conf:65

dcolburn · 2023-01-03 04:25:08

Is there any chance at all that something is insisting on looking at root /var/www/html rather than /var/www?

Or, can you really use about any location e.g. /home/david1/html ?

Last edited by dcolburn (2023-01-03 04:25:24)

dcolburn · 2023-01-03 04:36:22

I need to crash. Eyes getting bleary and starting to sneeze.

I'll check here in the morning for any additional guidance you can offer.

Thanks again.

ralph.ronnquist · 2023-01-03 04:38:00

I meant the host that runs nginx; would be "the Dell-Devuan server" in your house

My port probing says that port 80 is open and port 443 is closed; other ports called filtered.

Since you also don't get service on port 443 it means that either nginx does not listen at all, or there is some firewall block in between.

Just for completeness, you should generate the dhparam.pem file:

# openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

and add an ssl_dhparam directive as new line 25 in realupnow.com.conf:

    ssh_dhparam /etc/ssl/certs/dhparam.pem ;

And restart nginx.

After that nginx you could try on that host
# wget -H -O/dev/null http://realupnow.com/
in order to verify that nginx services port 443 (ssl).

EDIT: added semi-colon to the config line.

dcolburn · 2023-01-03 14:25:09

root@devuan1:/etc/nginx/sites-available# openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
........................+...............................................+...........................................................................................................................................................+....................................................................................................................................................................................................................................................................................................+.......................................................................................+.....+.......+..............................+.........................................................................................................................................................................................................................................................................................................................+......................+................................................................................................................................++*++*++*++*
root@devuan1:/etc/nginx/sites-available# sudo service nginx restart
Restarting nginx: nginx failed!
root@devuan1:/etc/nginx/sites-available# nginx -t
nginx: [emerg] unknown directive "ssh_dhparam" in /etc/nginx/sites-enabled/realupnow.com.conf:26
nginx: configuration file /etc/nginx/nginx.conf test failed
root@devuan1:/etc/nginx/sites-available#

There was a typo "ssh" rather than "ssl"

I corrected that ... see three posts down ...

Last edited by dcolburn (2023-01-03 14:53:52)

dcolburn · 2023-01-03 14:30:12

This is on the router ...

Source IP 		Port Range 	Protocol

192.168.50.4		80		TCP
192.168.50.4		443		TCP

Last edited by dcolburn (2023-01-03 14:30:34)

dcolburn · 2023-01-03 14:43:28

This ...

root@devuan1:/etc/nginx/sites-available# lsof -i -P -n | grep LISTEN

... shows that the Dell-Devuan box is listening to 6 different ports on IPv4 (plus a couple of additional ones on IPv6) including 22, 8080, 8001, 8002, 80, 443 - with multiple repetitions.

dcolburn · 2023-01-03 14:52:39

root@devuan1:/etc/nginx/sites-available# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
root@devuan1:/etc/nginx/sites-available# sudo service nginx restart
Restarting nginx: nginx.
root@devuan1:/etc/nginx/sites-available# wget -H -O/dev/null http://realupnow.com/
--2023-01-03 09:51:34--  http://realupnow.com/
Resolving realupnow.com (realupnow.com)... 127.0.0.1
Connecting to realupnow.com (realupnow.com)|127.0.0.1|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://realupnow.com/ [following]
--2023-01-03 09:51:34--  https://realupnow.com/
Connecting to realupnow.com (realupnow.com)|127.0.0.1|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 180 [text/html]
Saving to: ‘/dev/null’

/dev/null                           100%[=================================================================>]     180  --.-KB/s    in 0s      

2023-01-03 09:51:34 (492 MB/s) - ‘/dev/null’ saved [180/180]

root@devuan1:/etc/nginx/sites-available#

dcolburn · 2023-01-03 14:59:57

COMMAND     PID     USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
sshd       1430     root    3u  IPv4  15019      0t0  TCP *:22 (LISTEN)
sshd       1430     root    4u  IPv6  15021      0t0  TCP *:22 (LISTEN)
avahi-dae  1466    avahi   13u  IPv4  15033      0t0  UDP *:5353 
avahi-dae  1466    avahi   14u  IPv6  15034      0t0  UDP *:5353 
avahi-dae  1466    avahi   15u  IPv4  15035      0t0  UDP *:42925 
avahi-dae  1466    avahi   16u  IPv6  15036      0t0  UDP *:51083 
cups-brow  1492     root    3u  IPv6 119293      0t0  TCP [::1]:60702->[::1]:631 (CLOSE_WAIT)
cups-brow  1492     root    4u  IPv6  96897      0t0  TCP [::1]:50384->[::1]:631 (CLOSE_WAIT)
cups-brow  1492     root    7u  IPv4  15123      0t0  UDP *:631 
saned      1500     root    4u  IPv6    976      0t0  TCP *:6566 (LISTEN)
NetworkMa  1527     root   23u  IPv4  96009      0t0  UDP 192.168.50.4:68->192.168.50.1:67 
firefox-e  1792     root   35u  IPv4 127766      0t0  TCP 192.168.50.4:52534->162.247.241.14:443 (ESTABLISHED)
firefox-e  1792     root   61u  IPv4  95169      0t0  TCP 192.168.50.4:56298->52.40.68.141:443 (ESTABLISHED)
firefox-e  1792     root   83u  IPv4 129079      0t0  TCP 192.168.50.4:47766->104.16.248.249:443 (ESTABLISHED)
nginx     28312     root    7u  IPv4 123635      0t0  TCP *:8080 (LISTEN)
nginx     28312     root    8u  IPv4 123636      0t0  TCP *:8001 (LISTEN)
nginx     28312     root    9u  IPv4 123637      0t0  TCP *:8002 (LISTEN)
nginx     28312     root   10u  IPv4 123638      0t0  TCP *:80 (LISTEN)
nginx     28312     root   11u  IPv4 123639      0t0  TCP *:443 (LISTEN)
nginx     28313 www-data    7u  IPv4 123635      0t0  TCP *:8080 (LISTEN)
nginx     28313 www-data    8u  IPv4 123636      0t0  TCP *:8001 (LISTEN)
nginx     28313 www-data    9u  IPv4 123637      0t0  TCP *:8002 (LISTEN)
nginx     28313 www-data   10u  IPv4 123638      0t0  TCP *:80 (LISTEN)
nginx     28313 www-data   11u  IPv4 123639      0t0  TCP *:443 (LISTEN)
nginx     28314 www-data    7u  IPv4 123635      0t0  TCP *:8080 (LISTEN)
nginx     28314 www-data    8u  IPv4 123636      0t0  TCP *:8001 (LISTEN)
nginx     28314 www-data    9u  IPv4 123637      0t0  TCP *:8002 (LISTEN)
nginx     28314 www-data   10u  IPv4 123638      0t0  TCP *:80 (LISTEN)
nginx     28314 www-data   11u  IPv4 123639      0t0  TCP *:443 (LISTEN)
nginx     28315 www-data    7u  IPv4 123635      0t0  TCP *:8080 (LISTEN)
nginx     28315 www-data    8u  IPv4 123636      0t0  TCP *:8001 (LISTEN)
nginx     28315 www-data    9u  IPv4 123637      0t0  TCP *:8002 (LISTEN)
nginx     28315 www-data   10u  IPv4 123638      0t0  TCP *:80 (LISTEN)
nginx     28315 www-data   11u  IPv4 123639      0t0  TCP *:443 (LISTEN)
nginx     28317 www-data    7u  IPv4 123635      0t0  TCP *:8080 (LISTEN)
nginx     28317 www-data    8u  IPv4 123636      0t0  TCP *:8001 (LISTEN)
nginx     28317 www-data    9u  IPv4 123637      0t0  TCP *:8002 (LISTEN)
nginx     28317 www-data   10u  IPv4 123638      0t0  TCP *:80 (LISTEN)
nginx     28317 www-data   11u  IPv4 123639      0t0  TCP *:443 (LISTEN)
cupsd     29991     root    5u  IPv6 127922      0t0  TCP [::1]:631 (LISTEN)
cupsd     29991     root    6u  IPv4 127923      0t0  TCP 127.0.0.1:631 (LISTEN)

dcolburn · 2023-01-03 15:18:21

From: https://www.techcoil.com/blog/understanding-the-default-nginx-virtual-host-or-server-configuration/

I was wondering if it were possible that this try_files $uri $uri/ =404; was redirecting to here /var/www/html where something in index.nginx-debian.html was messing things up - but that html file just contains a welcome message to nginx.

location / {
    # First attempt to serve request as file, then
    # as directory, then fall back to displaying a 404.
    try_files $uri $uri/ =404;
}

will get Nginx to look for a file inside /var/www/html directory to return as the HTTP response for the incoming HTTP request. In case there is nothing to return, Nginx will return a HTTP response with a 404 status.

But how does the Nginx welcome page gets returned when we try to access the root url? If you trace the configurations from the main file, then you will see the following configuration:
1
	
index index.html index.htm index.nginx-debian.html;

This will cause Nginx to return one of the following files inside the root directory, if available:

    index.html
    index.htm
    index.nginx-debian.html

Since there is a file named as index.nginx-debian.html inside /var/www/html, the contents of the file will be returned when we try to access the root url.

The officially official Devuan Forum!

#101 2023-01-03 02:24:38

Re: [SOLVED] Good nginx ssl instructions

#102 2023-01-03 02:36:27

Re: [SOLVED] Good nginx ssl instructions

#103 2023-01-03 02:40:23

Re: [SOLVED] Good nginx ssl instructions

#104 2023-01-03 02:46:36

Re: [SOLVED] Good nginx ssl instructions

#105 2023-01-03 02:47:53

Re: [SOLVED] Good nginx ssl instructions

#106 2023-01-03 02:49:37

Re: [SOLVED] Good nginx ssl instructions

#107 2023-01-03 03:14:09

Re: [SOLVED] Good nginx ssl instructions

#108 2023-01-03 03:16:41

Re: [SOLVED] Good nginx ssl instructions

#109 2023-01-03 03:17:44

Re: [SOLVED] Good nginx ssl instructions

#110 2023-01-03 03:18:12

Re: [SOLVED] Good nginx ssl instructions

#111 2023-01-03 03:21:36

Re: [SOLVED] Good nginx ssl instructions

#112 2023-01-03 03:38:56

Re: [SOLVED] Good nginx ssl instructions

#113 2023-01-03 03:56:57

Re: [SOLVED] Good nginx ssl instructions

#114 2023-01-03 04:12:28

Re: [SOLVED] Good nginx ssl instructions

#115 2023-01-03 04:20:01

Re: [SOLVED] Good nginx ssl instructions

#116 2023-01-03 04:21:33

Re: [SOLVED] Good nginx ssl instructions

#117 2023-01-03 04:25:08

Re: [SOLVED] Good nginx ssl instructions

#118 2023-01-03 04:36:22

Re: [SOLVED] Good nginx ssl instructions

#119 2023-01-03 04:38:00

Re: [SOLVED] Good nginx ssl instructions

#120 2023-01-03 14:25:09

Re: [SOLVED] Good nginx ssl instructions

#121 2023-01-03 14:30:12

Re: [SOLVED] Good nginx ssl instructions

#122 2023-01-03 14:43:28

Re: [SOLVED] Good nginx ssl instructions

#123 2023-01-03 14:52:39

Re: [SOLVED] Good nginx ssl instructions

#124 2023-01-03 14:59:57

Re: [SOLVED] Good nginx ssl instructions

#125 2023-01-03 15:18:21

Re: [SOLVED] Good nginx ssl instructions

Board footer