The officially official Devuan Forum!

You are not logged in.

#151 2023-01-04 04:56:48

dcolburn
Member
Registered: 2022-11-02
Posts: 280  

Re: [SOLVED] Good nginx ssl instructions

This looks promising ...

root@devuan1:/var/www/realupnow.com# nft list ruleset | grep dport
		tcp dport 22 accept
		ct state new udp dport { 53, 67, 123, 547 } accept
		ct state new tcp dport { 53, 80, 443, 587 } accept
root@devuan1:/var/www/realupnow.com# 

Offline

#152 2023-01-04 04:59:01

dcolburn
Member
Registered: 2022-11-02
Posts: 280  

Re: [SOLVED] Good nginx ssl instructions

root@devuan1:/var/www/realupnow.com# netstat -anp : grep -w LISTEN
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
raw6       0      0 :::58                   :::*                    7           1527/NetworkManager 
root@devuan1:/var/www/realupnow.com# 

Last edited by dcolburn (2023-01-04 04:59:32)

Offline

#153 2023-01-04 05:01:20

dcolburn
Member
Registered: 2022-11-02
Posts: 280  

Re: [SOLVED] Good nginx ssl instructions

I stopped and started nginx but the output of netstat remained the same.

Might it be good for me to restart the server to clear out buffers, etc?

Last edited by dcolburn (2023-01-04 05:07:00)

Offline

#154 2023-01-04 05:15:41

dcolburn
Member
Registered: 2022-11-02
Posts: 280  

Re: [SOLVED] Good nginx ssl instructions

root@devuan1:/var/www/realupnow.com# wget -H -O/dev/null http://realupnow.com/
--2023-01-04 00:14:56--  http://realupnow.com/
Resolving realupnow.com (realupnow.com)... 127.0.0.1
Connecting to realupnow.com (realupnow.com)|127.0.0.1|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://realupnow.com/ [following]
--2023-01-04 00:14:56--  https://realupnow.com/
Connecting to realupnow.com (realupnow.com)|127.0.0.1|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1 [text/html]
Saving to: ‘/dev/null’

/dev/null                           100%[=================================================================>]       1  --.-KB/s    in 0s      

2023-01-04 00:14:56 (3.10 MB/s) - ‘/dev/null’ saved [1/1]

root@devuan1:/var/www/realupnow.com# 

Offline

#155 2023-01-04 05:19:51

dcolburn
Member
Registered: 2022-11-02
Posts: 280  

Re: [SOLVED] Good nginx ssl instructions

I guess I need to quit for the night.

I'll reboot and look at things in the morning - unless you recommend against that.

Or, I'll try whatever you recommend, instead.

This sure has proved a wild ride so far ...

Sigh.

Offline

#156 2023-01-04 05:27:01

ralph.ronnquist
Administrator
From: Clifton Hill, Victoria, AUS
Registered: 2016-11-30
Posts: 868  

Re: [SOLVED] Good nginx ssl instructions

That doesn't look ok. Not that I really know nft syntax but by the looks of it ports 80 and 443 are now blocked, and it no longer responds to ping either. Do you need all that...

I think you'll need

tcp dport {22, 80, 443} accept

in the input filtering..

and do you really need to filter output at all? though it looks like it wold work...

Offline

#157 2023-01-04 05:33:17

ralph.ronnquist
Administrator
From: Clifton Hill, Victoria, AUS
Registered: 2016-11-30
Posts: 868  

Re: [SOLVED] Good nginx ssl instructions

Or you may need something like

        ip protocol icmp accept
        ip6 nexthdr ipv6-icmp accept
        ip protocol igmp accept

in the output filtering as well for ping responses.

Offline

#158 2023-01-04 13:29:59

dcolburn
Member
Registered: 2022-11-02
Posts: 280  

Re: [SOLVED] Good nginx ssl instructions

root@devuan1:/var/www/realupnow.com# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
root@devuan1:/var/www/realupnow.com# wget -H -O/dev/null http://realupnow.com/
--2023-01-04 08:13:23--  http://realupnow.com/
Resolving realupnow.com (realupnow.com)... 127.0.0.1
Connecting to realupnow.com (realupnow.com)|127.0.0.1|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://realupnow.com/ [following]
--2023-01-04 08:13:23--  https://realupnow.com/
Connecting to realupnow.com (realupnow.com)|127.0.0.1|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1 [text/html]
Saving to: ‘/dev/null’

/dev/null                           100%[=================================================================>]       1  --.-KB/s    in 0s      

2023-01-04 08:13:23 (2.99 MB/s) - ‘/dev/null’ saved [1/1]

root@devuan1:/var/www/realupnow.com# netstat -anp : grep -w LISTEN
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
raw6       0      0 :::58                   :::*                    7           1527/NetworkManager 
root@devuan1:/var/www/realupnow.com# sudo service nginx stop
Stopping nginx: nginx.
root@devuan1:/var/www/realupnow.com# sudo service nginx start
Starting nginx: nginx.
root@devuan1:/var/www/realupnow.com# netstat -anp : grep -w LISTEN
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
raw6       0      0 :::58                   :::*                    7           1527/NetworkManager 
root@devuan1:/var/www/realupnow.com# 

Offline

#159 2023-01-04 13:32:06

dcolburn
Member
Registered: 2022-11-02
Posts: 280  

Re: [SOLVED] Good nginx ssl instructions

Question:

/etc/nginx/modules-available is empty but in /etc/nginx/modules-enabled are 21 symlinked modules.

Is that expected?

Offline

#160 2023-01-04 13:46:25

dcolburn
Member
Registered: 2022-11-02
Posts: 280  

Re: [SOLVED] Good nginx ssl instructions

Shouldn't the privileges here -rw-r--r-- 1 root root  953 Jan  4 08:40 realupnow.com.conf

... be the same here? lrwxrwxrwx 1 root root 45 Jan  1 21:47 realupnow.com.conf -> /etc/nginx/sites-available/realupnow.com.conf

Offline

#161 2023-01-04 15:57:11

dcolburn
Member
Registered: 2022-11-02
Posts: 280  

Re: [SOLVED] Good nginx ssl instructions

root@devuan1:/var/www/realupnow.com# nginx -V 2>&1 | tr -- - '\n' | grep _module
http_ssl_module 
http_stub_status_module 
http_realip_module 
http_auth_request_module 
http_v2_module 
http_dav_module 
http_slice_module 
http_addition_module 
http_flv_module 
http_geoip_module=dynamic 
http_gunzip_module 
http_gzip_static_module 
http_image_filter_module=dynamic 
http_mp4_module 
http_perl_module=dynamic 
http_random_index_module 
http_secure_link_module 
http_sub_module 
http_xslt_module=dynamic 
mail_ssl_module 
stream_geoip_module=dynamic 
stream_ssl_module 
stream_ssl_preread_module 
root@devuan1:/var/www/realupnow.com# 

Offline

#162 2023-01-04 17:53:05

dcolburn
Member
Registered: 2022-11-02
Posts: 280  

Re: [SOLVED] Good nginx ssl instructions

So, now I see that the purpose of "location" is to call a "module". (Source: https://www.educba.com/nginx-modules/)

Code:

git clone https://github.com/module_name.git

Output:

git clone https://github.com/perusio/nginx-hello-world-module.git

Code:

./configure --with-compat --add-dynamic-module=../module_name
make modules

Code:

load_module modules/module_name.so;

Code:

server {
 listen 80;
 location / {
  module_name;
 }
}

Output:

server {
	listen 80;
	
	location / {
		hello_world
	}
}

Offline

#163 2023-01-04 19:24:26

dcolburn
Member
Registered: 2022-11-02
Posts: 280  

Re: [SOLVED] Good nginx ssl instructions

OK, it's now appearing to permit access to both https://realupnow.com and http://realupnow.com but it displays nothing.

It still doesn't appear to be listening ...

root@devuan1:/etc/nginx# netstat -anp : grep -w LISTEN
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
raw6       0      0 :::58                   :::*                    7           1472/NetworkManager 
root@devuan1:/etc/nginx# chown www-data:www-data /etc/nginx/sites-available/realupnow.com.conf

Well ... maybe it is?

root@devuan1:/etc/nginx# wget -H -O/dev/null http://realupnow.com/
--2023-01-04 14:22:52--  http://realupnow.com/
Resolving realupnow.com (realupnow.com)... 127.0.0.1
Connecting to realupnow.com (realupnow.com)|127.0.0.1|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://realupnow.com/ [following]
--2023-01-04 14:22:52--  https://realupnow.com/
Connecting to realupnow.com (realupnow.com)|127.0.0.1|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1 [text/html]
Saving to: ‘/dev/null’

/dev/null                           100%[=================================================================>]       1  --.-KB/s    in 0s      

2023-01-04 14:22:52 (3.11 MB/s) - ‘/dev/null’ saved [1/1]

root@devuan1:/etc/nginx# 

Offline

#164 2023-01-04 20:10:54

dcolburn
Member
Registered: 2022-11-02
Posts: 280  

Re: [SOLVED] Good nginx ssl instructions

It's working, it's working, it's working!

Something had wiped the contents of index.html

BOTH http and https are responding and displaying.

Can someone check the security of the site - any obvious gaps that need to be addressed, please?

If so I'll start a new thread for that but this one seems to ... finally ... be SOLVED!  :-)

Offline

#165 2023-01-04 20:30:42

golinux
Administrator
Registered: 2016-11-25
Posts: 2,726  

Re: [SOLVED] Good nginx ssl instructions

CONGRATS . . . and you figured it out while rrq was ZZZZzzzzz!! big_smile

Offline

#166 2023-01-04 21:34:58

dcolburn
Member
Registered: 2022-11-02
Posts: 280  

Re: [SOLVED] Good nginx ssl instructions

golinux wrote:

CONGRATS . . . and you figured it out while rrq was ZZZZzzzzz!! big_smile

I'm sure that he'll be relieved to awaken and not have it still out there.

I'm grateful that he encouraged me not to wipe everything and start clean ...

I'll ask a couple of people to White Hat it and suggest security adjustments.

Next, maybe, I may as well go ahead and get mail working.

Offline

Board footer