You are not logged in.
- Topics: Active | Unanswered
#726 Re: Hardware & System Configuration » [SOLVED] Good nginx ssl instructions » 2023-01-02 01:08:32
You will need a certificate that includes both realupnow.com and www.realupnow.com so that's a new certificate; you don't want to keep the existing.
You still need to update your nginx configuration both so that it also services www.realupnow.com, and that it offers https access as well (to both domain names).
You may do the first by adding www.realupnow.com to the server_name directive (space separated).
The second, adding ssl, has a number of bits to it; perhaps the easiest is to search for that techrepublic howto ("setup ssl for nginx" might find it?) and pick knowledge from it.
#727 Re: Hardware & System Configuration » [SOLVED] Good nginx ssl instructions » 2023-01-02 00:01:44
Nope. It only declares the resolution for the domain itself, without local host.
If their web gui allows, you could declare a resolution for "*" to mean "any local domain" and that would include "ralph" as well as "www" as well as "thisisagoodplacetobe" etc. Usually though "*" does not include local domain names with "." in (which is fine here I guess).
#728 Re: Hardware & System Configuration » [SOLVED] Good nginx ssl instructions » 2023-01-01 23:04:04
Yes, or edit it so it says "www" instead of "realupnow.com" and then it will define the resolution for "www.realupnow.com" 
#729 Re: Hardware & System Configuration » [SOLVED] Good nginx ssl instructions » 2023-01-01 22:51:37
You reported the setting
A Record realupnow.com 66.172.90.106 AutomaticThat setting is for a host with local name realupnow.com within your domain realupnow.com and it therefore defines the FQDN realupnow.com.realupnow.com.
Maybe you get confused by the fact that the local name looks the same as the domain name?
#730 Re: Hardware & System Configuration » [SOLVED] Good nginx ssl instructions » 2023-01-01 22:38:36
Or possibly a caching issue. Check the authoritative service with
dig realupnow.com @dns1.registrar-servers.com#731 Re: Hardware & System Configuration » [SOLVED] Good nginx ssl instructions » 2023-01-01 22:16:49
Great.
Your dns setup defines 2 FQDN, namely realupnow.com (by the @ line), and realupnow.com.realupnow.com (by the other line).
As I understand it, you want to provide several services:
1. http://realupnow.com
2. http://www.realupnow.com
3. https://realupnow.com
4. https://www.realupnow.com
but don't really care for http://realupnow.com.realupnow.com, which is serviced now.
That means firstly that your DNS setup must define the resolution for www.realupnow.com
(and rather not for realupnow.com.realupnow.com)
Secondly nginx needs to accept two alternative server names, and it also should use both plain http on port 80 and http over ssl on port 443.
For the latter, you need to locate where certbot has put the ssl credentials (as I mentioned before) and add that to the nginx configuration. (I think www.techrepublic.com has a good article for that).
(Also, keep in mind that by convention, nginx runs as user www-data)
#732 Re: Hardware & System Configuration » [SOLVED] Good nginx ssl instructions » 2023-01-01 06:38:14
Yes, the http service is not accessible (from outside).
If you are sure there shouldn't be any blocking, then you could run
# tcpdump -n -i eth0on the service host to see connection attempts for port 80.
But maybe best to get some sleep too
#733 Re: Hardware & System Configuration » [SOLVED] Good nginx ssl instructions » 2023-01-01 06:15:48
I think it's better to change the "-w" argument to /var/www/realupnow.com since your nginx is already set up to serve from that root path.
#734 Re: Hardware & System Configuration » [SOLVED] Good nginx ssl instructions » 2023-01-01 05:35:28
If webroot is /var/www/html is it expecting /realupnow.com/index.html to be there?
Because I have it at /var/www/realupnow.com/index.html
No, but the "webroot path" needs to coincide with the served "root path".
certbot will put its file at $webroot/.well-known/acme-challenge/BLAH (i.e. using its $webroot), and
the "external" host will get it from http://realupnow.com/.well-known/acme-challenge/BLAH
which nginx will want to find at $root/.well-known/acme-challenge/BLAH (i.e., using its $root).
Re firewall, I'm not totally clear about your setup. With the Internet to the left, and your service host to the right, I currently understand it as:
Internet --- 66.172.90.106 = router ---- 192.168.50.4 = host
If that is the case, you'd make 2 rules:
1 http blank 192.168.50.4 80 tcp
2 https blank 192.168.50.4 443 tcp
("blank" means to leave the field blank)
Doing so will open those two ports for connection from the Internet.
#735 Re: Hardware & System Configuration » [SOLVED] Good nginx ssl instructions » 2023-01-01 05:03:05
Yes the DNS is all fine.
Now there seems to be some firewall to penetrate; you'll need to allow incoming TCP connections for ports 80 (http) and 443 (https).
It might also be good if it responds to ICMP requests (aka ping).
#736 Re: Hardware & System Configuration » [SOLVED] Good nginx ssl instructions » 2023-01-01 04:49:37
If your host ("the static IP") is directly on the Internet then that should do.
It needs to be an IP address that an "external" host can use for accessing your HTTP service.
Assuming you can suffer an amount of ads, you could check your externally visible IP address at https://whatismyipaddress.com/
#737 Re: Hardware & System Configuration » [SOLVED] Good nginx ssl instructions » 2023-01-01 04:14:53
Looks better. Though that IP address is a s.c. private address that is not usable across the Internet. I.e., only hosts on your network can use that IP address.
It will not be something that Let's Encrypt's server can use.
#738 Re: Hardware & System Configuration » [SOLVED] Good nginx ssl instructions » 2023-01-01 04:07:45
Yes, it should be just @
that means realupnow.com for that configuration
#739 Re: Hardware & System Configuration » [SOLVED] Good nginx ssl instructions » 2023-01-01 03:46:21
ralph.ronnquist wrote:
Did you configure your domain registration to point at namecheap nameserver(s)?Is this a third thing - or does it summarize the above?
That was my mistake, before I realized that dns[12].registrar-servers.com are namecheap's nameservers.
edit.. the above post had another actual third which might have criss-crossed our postings
#740 Re: Hardware & System Configuration » [SOLVED] Good nginx ssl instructions » 2023-01-01 03:07:52
Did you configure your domain registration to point at namecheap nameserver(s)?
EDIT: also check on their "Domain" tab that the domain is active.
EDIT 2: the "nameservers" slot should be fine with "Namecheap BasicDNS".
EDIT 3: The A record entry should be for host "@" to indicate the basic domain name (realupnow.com), with other host names like "www" and "mail" for "www.realupnow.com" and "mail.realupnow.com".
#741 Re: Hardware & System Configuration » [SOLVED] Good nginx ssl instructions » 2023-01-01 02:59:09
No that shouldn't be needed.
#742 Re: Installation » [SOLVED] What's the minimum disk space does the most minimalist setup take? » 2023-01-01 02:51:14
Installing "daedalus preview" without network seems to clock in at 860M.
#743 Re: Hardware & System Configuration » [SOLVED] Good nginx ssl instructions » 2023-01-01 02:33:03
I tend to prefer the command variant
certbot certonly --webroot -w /var/www/html -d my.domain.namewhere then the file will be placed in the directory
/var/www/html/.well-known/acme-challenge/which thus my HTTP service needs to serve.
This starts with
my domain name registration being configured so that the nameserver(s) for my.domain.name point out my authoritative DNS service, and then
I configure that with A and/or AAAA records for my.domain.name point to the external IP for my server.
Thereafter I configure SSL for nginx to use the public certificate and private key under /etc/letsencrypt/live/my.domain.name/ (sometimes with a version code added into that pathname).
#744 Re: Hardware & System Configuration » [SOLVED] Good nginx ssl instructions » 2022-12-31 23:54:22
Note that the SSL credentials system is built upon "domain name control"; i.e., that you are the current renter of the proposed domain name, and in control of the DNS resolution for it.
The "http" validation done by Let's Encrypt via certbot involves them, at an external host, looking up the domain name (realupnow.com) so as to access a file via HTTP that certbot has prepared. This is only possible if you have control of the domain resolution to make that name resolve for that external host to your host and then also run an HTTP service for offering that file.
#745 Re: Hardware & System Configuration » [SOLVED] HP envy 360 with ryzen and radeon multiple issues Q » 2022-12-31 13:36:48
For the display you could try adding your own mode line with something like the following
# xrandr --newmode 1920x1080 173.00 1920 2048 2248 2576 1080 1083 1088 1120 -hsync +vsync
# xrandr --addmode LVDS 1920x1080
# xrandr --output LVDS --mode 1920x1080You obtain the details for the "newmode" line with cvt, and I guessed on "LVDS" as your output name, but xrandr tells you what that is. The command sequence is 1) define the mode line, 2) attach it as an option for an output, and 3) select that mode line for the output.
hth
#746 Re: Hardware & System Configuration » [SOLVED] php-fpm line missing from /var/run/php/ » 2022-12-30 23:52:13
Firstly, the configuration does not include SSL setup so the service is http and not https.
Next, you will need to convince your browser that the FQDN (fully qualified domain name) realupnow.com resolves to the IP address 127.0.0.1 (or the other one if you prefer, since nginx listens on all interfaces, i.e. both lo and eth0).
Traditionally a browser would end up using the standard libc function gethostbyname to determine the IP adddress to use, and this is technically configured via /etc/nsswitch.conf and /etc/hosts. If all is per traditionally normal, then it is enough to add a line to /etc/hosts:
127.0.0.1 realupnow.com(with a terminating newline). That would declare the DNS resolution for realupnow.com to be 127.0.0.1.
More recently browser developers have introduced new and interesting ways of resolving domain names, so it's possible that this won't work for you. In that case, you should install surf and trial this via the command line start:
$ surf http://realupnow.com/info.phpUnless of course, you rather enjoy some browser wrestling
Note that it's http without a trailing s.
#747 Re: Hardware & System Configuration » [SOLVED] php-fpm line missing from /var/run/php/ » 2022-12-30 23:14:14
Right; remove all links from /etc/nginx/sites-enabled/ except the one for your service configuration.
And: nginx needs to be restarted after any changes to its configuration files. (Sometimes "reload" is enough, but that's really only a consideration for a busy live site).
#748 Re: Hardware & System Configuration » [SOLVED] php-fpm line missing from /var/run/php/ » 2022-12-30 22:48:51
Look at end of /var/log/nginx/error.log.
Directory /var/www/realupnow.com exists and is readable by www-data ?
php7.4-fpm is started?
btw, code things (like configuration files) are best displayed with code tagging rather than quote tagging since that will avoid word-wrap linebreaks that otherwise might cause confusion.
#749 Re: Hardware & System Configuration » [SOLVED] php-fpm line missing from /var/run/php/ » 2022-12-30 22:18:09
Ah, with "configuration file" I meant the service configuration, which presumably is /etc/nginx/sites-available/realupnow.com.
And to make it easier for you to debug, you should remove the other links in /etc/nginx/sites-enabled (and restore them later). ... and restart nginx
#750 Re: Hardware & System Configuration » [SOLVED] php-fpm line missing from /var/run/php/ » 2022-12-30 21:40:07
No.
Rather, please show the content (with ls -l) of /etc/ngiginx/sites-enabled/, and your nginx configuration file.
Board footer
