You are not logged in.
- Topics: Active | Unanswered
#101 Re: Hardware & System Configuration » [SOLVED] Good nginx ssl instructions » 2023-01-03 20:11:06
Should I include this after root /var/www/realupnow.com?
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html index.php;I'm grabbing at straws as I'm not sure it's even getting that far ... sigh.
In some of the nginx instructions the index line is included, in others it's not.
It's unclear, to me, why.
#102 Re: Hardware & System Configuration » [SOLVED] Good nginx ssl instructions » 2023-01-03 18:46:16
This is from error.log.1
Do I need to address these errors, somehow?
2023/01/02 12:35:29 [emerg] 25927#25927: no "ssl_certificate_key" is defined for certificate "/etc/letsencrypt/live/realupnow.com/fullchain.pem"
2023/01/02 20:24:10 [emerg] 27474#27474: open() "/etc/nginx/snippets/ssl-params.conf" failed (2: No such file or directory) in /etc/nginx/sites-enabled/realupnow.com.conf:20
2023/01/02 21:04:16 [info] 27598#27598: Using 131072KiB of shared memory for nchan in /etc/nginx/nginx.conf:65Second question: Should there be an error.log and an error.log.1 or did something hiccup and I should delete error.log.1 so everything goes to err.log?
#103 Re: Hardware & System Configuration » [SOLVED] Good nginx ssl instructions » 2023-01-03 18:36:54
This doesn't work echo "Just a test" > /var/www/webmail.example.org/test when changed to echo "Just a test" > /var/www/realupnow.com/test it also doesn't work when I do it as echo > /var/www/realupnow.com/index.html
BTW: I changed index.html to www-data:www-data from root:root - should I have done that? (It made no difference.)
#104 Re: Hardware & System Configuration » [SOLVED] Good nginx ssl instructions » 2023-01-03 17:12:33
Weird this is that I was, for a little while, able to see the http website, but never the https. Something happened when we started to address the ssl part that took out the http as well.
#105 Re: Hardware & System Configuration » [SOLVED] Good nginx ssl instructions » 2023-01-03 16:04:45
I have tried the guides but there's always that one exception ... sigh.
I'm wondering if the ports 8001 and 8002 port activity is left over from a nginx tutorial and they maybe should be closed?
Have you enabled the sites? i.e created links (http and https) in /etc/nginx/sites-enabled to the active website in site-available.
I'm not exactly sure that I'm understanding what you're asking here.
There is a symlink from /etc/nginx/sites-available to /etc/nginx/sites-enabled for realupnow.com.conf
Did you mean something in addition to that, please?
I sure appreciate the assist. Ralph, being in AUS, only becomes available in the evening here in Georgia, USA. I kinda run out of gas about 11 or 11:30PM. (Were I not 67, and didn't need to be up by 8AM or so in the morning, I might get more done - by interacting with him longer without the long interruption. But, sleep we must.)
#106 Re: Hardware & System Configuration » [SOLVED] Good nginx ssl instructions » 2023-01-03 15:18:21
From: https://www.techcoil.com/blog/understanding-the-default-nginx-virtual-host-or-server-configuration/
I was wondering if it were possible that this try_files $uri $uri/ =404; was redirecting to here /var/www/html where something in index.nginx-debian.html was messing things up - but that html file just contains a welcome message to nginx.
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
will get Nginx to look for a file inside /var/www/html directory to return as the HTTP response for the incoming HTTP request. In case there is nothing to return, Nginx will return a HTTP response with a 404 status.
But how does the Nginx welcome page gets returned when we try to access the root url? If you trace the configurations from the main file, then you will see the following configuration:
1
index index.html index.htm index.nginx-debian.html;
This will cause Nginx to return one of the following files inside the root directory, if available:
index.html
index.htm
index.nginx-debian.html
Since there is a file named as index.nginx-debian.html inside /var/www/html, the contents of the file will be returned when we try to access the root url.#107 Re: Hardware & System Configuration » [SOLVED] Good nginx ssl instructions » 2023-01-03 14:59:57
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 1430 root 3u IPv4 15019 0t0 TCP *:22 (LISTEN)
sshd 1430 root 4u IPv6 15021 0t0 TCP *:22 (LISTEN)
avahi-dae 1466 avahi 13u IPv4 15033 0t0 UDP *:5353
avahi-dae 1466 avahi 14u IPv6 15034 0t0 UDP *:5353
avahi-dae 1466 avahi 15u IPv4 15035 0t0 UDP *:42925
avahi-dae 1466 avahi 16u IPv6 15036 0t0 UDP *:51083
cups-brow 1492 root 3u IPv6 119293 0t0 TCP [::1]:60702->[::1]:631 (CLOSE_WAIT)
cups-brow 1492 root 4u IPv6 96897 0t0 TCP [::1]:50384->[::1]:631 (CLOSE_WAIT)
cups-brow 1492 root 7u IPv4 15123 0t0 UDP *:631
saned 1500 root 4u IPv6 976 0t0 TCP *:6566 (LISTEN)
NetworkMa 1527 root 23u IPv4 96009 0t0 UDP 192.168.50.4:68->192.168.50.1:67
firefox-e 1792 root 35u IPv4 127766 0t0 TCP 192.168.50.4:52534->162.247.241.14:443 (ESTABLISHED)
firefox-e 1792 root 61u IPv4 95169 0t0 TCP 192.168.50.4:56298->52.40.68.141:443 (ESTABLISHED)
firefox-e 1792 root 83u IPv4 129079 0t0 TCP 192.168.50.4:47766->104.16.248.249:443 (ESTABLISHED)
nginx 28312 root 7u IPv4 123635 0t0 TCP *:8080 (LISTEN)
nginx 28312 root 8u IPv4 123636 0t0 TCP *:8001 (LISTEN)
nginx 28312 root 9u IPv4 123637 0t0 TCP *:8002 (LISTEN)
nginx 28312 root 10u IPv4 123638 0t0 TCP *:80 (LISTEN)
nginx 28312 root 11u IPv4 123639 0t0 TCP *:443 (LISTEN)
nginx 28313 www-data 7u IPv4 123635 0t0 TCP *:8080 (LISTEN)
nginx 28313 www-data 8u IPv4 123636 0t0 TCP *:8001 (LISTEN)
nginx 28313 www-data 9u IPv4 123637 0t0 TCP *:8002 (LISTEN)
nginx 28313 www-data 10u IPv4 123638 0t0 TCP *:80 (LISTEN)
nginx 28313 www-data 11u IPv4 123639 0t0 TCP *:443 (LISTEN)
nginx 28314 www-data 7u IPv4 123635 0t0 TCP *:8080 (LISTEN)
nginx 28314 www-data 8u IPv4 123636 0t0 TCP *:8001 (LISTEN)
nginx 28314 www-data 9u IPv4 123637 0t0 TCP *:8002 (LISTEN)
nginx 28314 www-data 10u IPv4 123638 0t0 TCP *:80 (LISTEN)
nginx 28314 www-data 11u IPv4 123639 0t0 TCP *:443 (LISTEN)
nginx 28315 www-data 7u IPv4 123635 0t0 TCP *:8080 (LISTEN)
nginx 28315 www-data 8u IPv4 123636 0t0 TCP *:8001 (LISTEN)
nginx 28315 www-data 9u IPv4 123637 0t0 TCP *:8002 (LISTEN)
nginx 28315 www-data 10u IPv4 123638 0t0 TCP *:80 (LISTEN)
nginx 28315 www-data 11u IPv4 123639 0t0 TCP *:443 (LISTEN)
nginx 28317 www-data 7u IPv4 123635 0t0 TCP *:8080 (LISTEN)
nginx 28317 www-data 8u IPv4 123636 0t0 TCP *:8001 (LISTEN)
nginx 28317 www-data 9u IPv4 123637 0t0 TCP *:8002 (LISTEN)
nginx 28317 www-data 10u IPv4 123638 0t0 TCP *:80 (LISTEN)
nginx 28317 www-data 11u IPv4 123639 0t0 TCP *:443 (LISTEN)
cupsd 29991 root 5u IPv6 127922 0t0 TCP [::1]:631 (LISTEN)
cupsd 29991 root 6u IPv4 127923 0t0 TCP 127.0.0.1:631 (LISTEN)#108 Re: Hardware & System Configuration » [SOLVED] Good nginx ssl instructions » 2023-01-03 14:52:39
root@devuan1:/etc/nginx/sites-available# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
root@devuan1:/etc/nginx/sites-available# sudo service nginx restart
Restarting nginx: nginx.
root@devuan1:/etc/nginx/sites-available# wget -H -O/dev/null http://realupnow.com/
--2023-01-03 09:51:34-- http://realupnow.com/
Resolving realupnow.com (realupnow.com)... 127.0.0.1
Connecting to realupnow.com (realupnow.com)|127.0.0.1|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://realupnow.com/ [following]
--2023-01-03 09:51:34-- https://realupnow.com/
Connecting to realupnow.com (realupnow.com)|127.0.0.1|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 180 [text/html]
Saving to: ‘/dev/null’
/dev/null 100%[=================================================================>] 180 --.-KB/s in 0s
2023-01-03 09:51:34 (492 MB/s) - ‘/dev/null’ saved [180/180]
root@devuan1:/etc/nginx/sites-available# #109 Re: Hardware & System Configuration » [SOLVED] Good nginx ssl instructions » 2023-01-03 14:43:28
This ...
root@devuan1:/etc/nginx/sites-available# lsof -i -P -n | grep LISTEN... shows that the Dell-Devuan box is listening to 6 different ports on IPv4 (plus a couple of additional ones on IPv6) including 22, 8080, 8001, 8002, 80, 443 - with multiple repetitions.
#110 Re: Hardware & System Configuration » [SOLVED] Good nginx ssl instructions » 2023-01-03 14:30:12
This is on the router ...
Source IP Port Range Protocol
192.168.50.4 80 TCP
192.168.50.4 443 TCP#111 Re: Hardware & System Configuration » [SOLVED] Good nginx ssl instructions » 2023-01-03 14:25:09
root@devuan1:/etc/nginx/sites-available# openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
........................+...............................................+...........................................................................................................................................................+....................................................................................................................................................................................................................................................................................................+.......................................................................................+.....+.......+..............................+.........................................................................................................................................................................................................................................................................................................................+......................+................................................................................................................................++*++*++*++*
root@devuan1:/etc/nginx/sites-available# sudo service nginx restart
Restarting nginx: nginx failed!
root@devuan1:/etc/nginx/sites-available# nginx -t
nginx: [emerg] unknown directive "ssh_dhparam" in /etc/nginx/sites-enabled/realupnow.com.conf:26
nginx: configuration file /etc/nginx/nginx.conf test failed
root@devuan1:/etc/nginx/sites-available# There was a typo "ssh" rather than "ssl"
I corrected that ... see three posts down ...
#112 Re: Hardware & System Configuration » [SOLVED] Good nginx ssl instructions » 2023-01-03 04:36:22
I need to crash. Eyes getting bleary and starting to sneeze.
I'll check here in the morning for any additional guidance you can offer.
Thanks again.
#113 Re: Hardware & System Configuration » [SOLVED] Good nginx ssl instructions » 2023-01-03 04:25:08
Is there any chance at all that something is insisting on looking at root /var/www/html rather than /var/www?
Or, can you really use about any location e.g. /home/david1/html ?
#114 Re: Hardware & System Configuration » [SOLVED] Good nginx ssl instructions » 2023-01-03 04:21:33
nginx stopped and restarted. This is all that showed up in error.log
2023/01/02 23:18:01 [info] 28307#28307: Using 131072KiB of shared memory for nchan in /etc/nginx/nginx.conf:65#115 Re: Hardware & System Configuration » [SOLVED] Good nginx ssl instructions » 2023-01-03 04:20:01
Does that host have any local firewall?
Are you speaking of namecheap, my router, or the Dell-Devuan server, please?
#116 Re: Hardware & System Configuration » [SOLVED] Good nginx ssl instructions » 2023-01-03 03:56:57
/var/www/realupnow.com/index.html is root:root#117 Re: Hardware & System Configuration » [SOLVED] Good nginx ssl instructions » 2023-01-03 03:38:56
Is there a recent /var/log/php7.4-fpm.log and how does that look, if so?
Nothing today and yesterday it just says error log reopened.
The folder/file permissions I posted all look OK?
#118 Re: Hardware & System Configuration » [SOLVED] Good nginx ssl instructions » 2023-01-03 03:17:44
root@devuan1:/etc/nginx/sites-available# ls -al
total 16
drwxr-xr-x 3 root root 4096 Jan 2 22:14 .
drwxr-xr-x 9 root root 4096 Dec 31 16:32 ..
-rw-r--r-- 1 root root 838 Jan 2 22:14 realupnow.com.conf
drwxr-xr-x 2 root root 4096 Dec 30 17:24 sitesavailableunusedfiles
root@devuan1:/etc/nginx/sites-available# #119 Re: Hardware & System Configuration » [SOLVED] Good nginx ssl instructions » 2023-01-03 03:16:41
root@devuan1:/etc/nginx/sites-enabled# ls -al
total 8
drwxr-xr-x 2 root root 4096 Jan 1 21:47 .
drwxr-xr-x 9 root root 4096 Dec 31 16:32 ..
lrwxrwxrwx 1 root root 45 Jan 1 21:47 realupnow.com.conf -> /etc/nginx/sites-available/realupnow.com.conf
root@devuan1:/etc/nginx/sites-enabled# #120 Re: Hardware & System Configuration » [SOLVED] Good nginx ssl instructions » 2023-01-03 03:14:09
root@devuan1:/var/www# ls -al
total 16
drwxr-xr-x 4 root root 4096 Jan 1 22:12 .
drwxr-xr-x 12 root root 4096 Dec 24 21:35 ..
drwxr-xr-x 2 root root 4096 Jan 1 01:03 html
drwxr-xr-x 2 www-data www-data 4096 Jan 1 16:25 realupnow.com
root@devuan1:/var/www# #121 Re: Hardware & System Configuration » [SOLVED] Good nginx ssl instructions » 2023-01-03 02:49:37
access.log (I think I posted access.log.1 before.)
94.102.61.10 - - [02/Jan/2023:21:02:18 -0500] "GET / HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36"
192.168.50.1 - - [02/Jan/2023:21:05:09 -0500] "GET / HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Mobile Safari/537.36"
203.220.142.95 - - [02/Jan/2023:21:19:08 -0500] "GET / HTTP/1.1" 301 169 "-" "Wget/1.21"
103.149.192.59 - - [02/Jan/2023:21:30:23 -0500] "GET / HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36"
168.196.124.13 - - [02/Jan/2023:21:48:23 -0500] "GET / HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"#122 Re: Hardware & System Configuration » [SOLVED] Good nginx ssl instructions » 2023-01-03 02:47:53
error.log.1
2023/01/01 14:46:03 [info] 19798#19798: Using 131072KiB of shared memory for nchan in /etc/nginx/nginx.conf:65
2023/01/01 14:46:16 [info] 19810#19810: Using 131072KiB of shared memory for nchan in /etc/nginx/nginx.conf:65
2023/01/01 20:28:19 [emerg] 21905#21905: invalid parameter "realupnow.com" in /etc/nginx/sites-enabled/realupnow.com:24
2023/01/01 20:58:50 [info] 22144#22144: Using 131072KiB of shared memory for nchan in /etc/nginx/nginx.conf:65
2023/01/01 21:49:38 [info] 22479#22479: Using 131072KiB of shared memory for nchan in /etc/nginx/nginx.conf:65
2023/01/01 21:49:49 [info] 22493#22493: Using 131072KiB of shared memory for nchan in /etc/nginx/nginx.conf:65
2023/01/01 21:57:58 [emerg] 22559#22559: invalid parameter "realupnow.com" in /etc/nginx/sites-enabled/realupnow.com.conf:24#123 Re: Hardware & System Configuration » [SOLVED] Good nginx ssl instructions » 2023-01-03 02:46:36
The error.log I just posted is the most recent
Did you confirm that? I accessed your server more recent than that and before I made my post.
I hit Reload - just did it, again.
Wait, I recall noticing that there's an access1.log and an error1.log ...
I'm not sure why there is a second version but I'll check there and post in a minute.
#124 Re: Hardware & System Configuration » [SOLVED] Good nginx ssl instructions » 2023-01-03 02:36:27
access.log
205.185.118.237 - - [02/Jan/2023:07:43:15 -0500] "POST /boaform/admin/formLogin HTTP/1.1" 404 125 "http://66.172.90.106:80/admin/login.asp" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0"
205.185.118.237 - - [02/Jan/2023:07:43:15 -0500] "" 400 0 "-" "-"The error.log I just posted is the most recent.
#125 Re: Hardware & System Configuration » [SOLVED] Good nginx ssl instructions » 2023-01-03 02:11:57
##
# Virtual Host configuration for realupnow.com
#
# Be sure to symlink this to sites-enabled/ to enable it.
# sudo ln -s /etc/nginx/sites-available/realupnow.com /etc/nginx/sites-enabled/realupnow.com
#
server {
listen 80;
listen 443 ssl;
root /var/www/realupnow.com;
server_name realupnow.com www.realupnow.com;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
}
# RSA certificate
ssl_certificate /etc/letsencrypt/live/realupnow.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/realupnow.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
# Redirect non-https traffic to https
if ($scheme != "https") {
return 301 https://$host$request_uri;
}
}Board footer
