Dev1 Galaxy Forum / [SOLVED] Good nginx ssl instructions

Re: [SOLVED] Good nginx ssl instructions

dummy@example.com (dcolburn) — Wed, 04 Jan 2023 21:34:58 +0000

golinux wrote:

CONGRATS . . . and you figured it out while rrq was ZZZZzzzzz!!

I'm sure that he'll be relieved to awaken and not have it still out there.

I'm grateful that he encouraged me not to wipe everything and start clean ...

I'll ask a couple of people to White Hat it and suggest security adjustments.

Next, maybe, I may as well go ahead and get mail working.

Re: [SOLVED] Good nginx ssl instructions

dummy@example.com (golinux) — Wed, 04 Jan 2023 20:30:42 +0000

CONGRATS . . . and you figured it out while rrq was ZZZZzzzzz!!

Re: [SOLVED] Good nginx ssl instructions

dummy@example.com (dcolburn) — Wed, 04 Jan 2023 20:10:54 +0000

It's working, it's working, it's working!

Something had wiped the contents of index.html

BOTH http and https are responding and displaying.

Can someone check the security of the site - any obvious gaps that need to be addressed, please?

If so I'll start a new thread for that but this one seems to ... finally ... be SOLVED! :-)

Re: [SOLVED] Good nginx ssl instructions

dummy@example.com (dcolburn) — Wed, 04 Jan 2023 19:24:26 +0000

OK, it's now appearing to permit access to both https://realupnow.com and http://realupnow.com but it displays nothing.

It still doesn't appear to be listening ...

root@devuan1:/etc/nginx# netstat -anp : grep -w LISTEN
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
raw6       0      0 :::58                   :::*                    7           1472/NetworkManager 
root@devuan1:/etc/nginx# chown www-data:www-data /etc/nginx/sites-available/realupnow.com.conf

Well ... maybe it is?

root@devuan1:/etc/nginx# wget -H -O/dev/null http://realupnow.com/
--2023-01-04 14:22:52--  http://realupnow.com/
Resolving realupnow.com (realupnow.com)... 127.0.0.1
Connecting to realupnow.com (realupnow.com)|127.0.0.1|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://realupnow.com/ [following]
--2023-01-04 14:22:52--  https://realupnow.com/
Connecting to realupnow.com (realupnow.com)|127.0.0.1|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1 [text/html]
Saving to: ‘/dev/null’

/dev/null                           100%[=================================================================>]       1  --.-KB/s    in 0s      

2023-01-04 14:22:52 (3.11 MB/s) - ‘/dev/null’ saved [1/1]

root@devuan1:/etc/nginx#

Re: [SOLVED] Good nginx ssl instructions

dummy@example.com (dcolburn) — Wed, 04 Jan 2023 17:53:05 +0000

So, now I see that the purpose of "location" is to call a "module". (Source: https://www.educba.com/nginx-modules/)

Code:

git clone https://github.com/module_name.git

Output:

git clone https://github.com/perusio/nginx-hello-world-module.git

Code:

./configure --with-compat --add-dynamic-module=../module_name
make modules

Code:

load_module modules/module_name.so;

Code:

server {
 listen 80;
 location / {
  module_name;
 }
}

Output:

server {
	listen 80;
	
	location / {
		hello_world
	}
}

Re: [SOLVED] Good nginx ssl instructions

dummy@example.com (dcolburn) — Wed, 04 Jan 2023 15:57:11 +0000

root@devuan1:/var/www/realupnow.com# nginx -V 2>&1 | tr -- - '\n' | grep _module
http_ssl_module 
http_stub_status_module 
http_realip_module 
http_auth_request_module 
http_v2_module 
http_dav_module 
http_slice_module 
http_addition_module 
http_flv_module 
http_geoip_module=dynamic 
http_gunzip_module 
http_gzip_static_module 
http_image_filter_module=dynamic 
http_mp4_module 
http_perl_module=dynamic 
http_random_index_module 
http_secure_link_module 
http_sub_module 
http_xslt_module=dynamic 
mail_ssl_module 
stream_geoip_module=dynamic 
stream_ssl_module 
stream_ssl_preread_module 
root@devuan1:/var/www/realupnow.com#

Re: [SOLVED] Good nginx ssl instructions

dummy@example.com (dcolburn) — Wed, 04 Jan 2023 13:46:25 +0000

Shouldn't the privileges here -rw-r--r-- 1 root root 953 Jan 4 08:40 realupnow.com.conf

... be the same here? lrwxrwxrwx 1 root root 45 Jan 1 21:47 realupnow.com.conf -> /etc/nginx/sites-available/realupnow.com.conf

Re: [SOLVED] Good nginx ssl instructions

dummy@example.com (dcolburn) — Wed, 04 Jan 2023 13:32:06 +0000

Question:

/etc/nginx/modules-available is empty but in /etc/nginx/modules-enabled are 21 symlinked modules.

Is that expected?

Re: [SOLVED] Good nginx ssl instructions

dummy@example.com (dcolburn) — Wed, 04 Jan 2023 13:29:59 +0000

root@devuan1:/var/www/realupnow.com# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
root@devuan1:/var/www/realupnow.com# wget -H -O/dev/null http://realupnow.com/
--2023-01-04 08:13:23--  http://realupnow.com/
Resolving realupnow.com (realupnow.com)... 127.0.0.1
Connecting to realupnow.com (realupnow.com)|127.0.0.1|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://realupnow.com/ [following]
--2023-01-04 08:13:23--  https://realupnow.com/
Connecting to realupnow.com (realupnow.com)|127.0.0.1|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1 [text/html]
Saving to: ‘/dev/null’

/dev/null                           100%[=================================================================>]       1  --.-KB/s    in 0s      

2023-01-04 08:13:23 (2.99 MB/s) - ‘/dev/null’ saved [1/1]

root@devuan1:/var/www/realupnow.com# netstat -anp : grep -w LISTEN
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
raw6       0      0 :::58                   :::*                    7           1527/NetworkManager 
root@devuan1:/var/www/realupnow.com# sudo service nginx stop
Stopping nginx: nginx.
root@devuan1:/var/www/realupnow.com# sudo service nginx start
Starting nginx: nginx.
root@devuan1:/var/www/realupnow.com# netstat -anp : grep -w LISTEN
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
raw6       0      0 :::58                   :::*                    7           1527/NetworkManager 
root@devuan1:/var/www/realupnow.com#

Re: [SOLVED] Good nginx ssl instructions

dummy@example.com (ralph.ronnquist) — Wed, 04 Jan 2023 05:33:17 +0000

Or you may need something like

        ip protocol icmp accept
        ip6 nexthdr ipv6-icmp accept
        ip protocol igmp accept

in the output filtering as well for ping responses.

Re: [SOLVED] Good nginx ssl instructions

dummy@example.com (ralph.ronnquist) — Wed, 04 Jan 2023 05:27:01 +0000

That doesn't look ok. Not that I really know nft syntax but by the looks of it ports 80 and 443 are now blocked, and it no longer responds to ping either. Do you need all that...

I think you'll need

tcp dport {22, 80, 443} accept

in the input filtering..

and do you really need to filter output at all? though it looks like it wold work...

Re: [SOLVED] Good nginx ssl instructions

dummy@example.com (dcolburn) — Wed, 04 Jan 2023 05:19:51 +0000

I guess I need to quit for the night.

I'll reboot and look at things in the morning - unless you recommend against that.

Or, I'll try whatever you recommend, instead.

This sure has proved a wild ride so far ...

Sigh.

Re: [SOLVED] Good nginx ssl instructions

dummy@example.com (dcolburn) — Wed, 04 Jan 2023 05:15:41 +0000

root@devuan1:/var/www/realupnow.com# wget -H -O/dev/null http://realupnow.com/
--2023-01-04 00:14:56--  http://realupnow.com/
Resolving realupnow.com (realupnow.com)... 127.0.0.1
Connecting to realupnow.com (realupnow.com)|127.0.0.1|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://realupnow.com/ [following]
--2023-01-04 00:14:56--  https://realupnow.com/
Connecting to realupnow.com (realupnow.com)|127.0.0.1|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1 [text/html]
Saving to: ‘/dev/null’

/dev/null                           100%[=================================================================>]       1  --.-KB/s    in 0s      

2023-01-04 00:14:56 (3.10 MB/s) - ‘/dev/null’ saved [1/1]

root@devuan1:/var/www/realupnow.com#

Re: [SOLVED] Good nginx ssl instructions

dummy@example.com (dcolburn) — Wed, 04 Jan 2023 05:01:20 +0000

I stopped and started nginx but the output of netstat remained the same.

Might it be good for me to restart the server to clear out buffers, etc?

Re: [SOLVED] Good nginx ssl instructions

dummy@example.com (dcolburn) — Wed, 04 Jan 2023 04:59:01 +0000

root@devuan1:/var/www/realupnow.com# netstat -anp : grep -w LISTEN
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
raw6       0      0 :::58                   :::*                    7           1527/NetworkManager 
root@devuan1:/var/www/realupnow.com#