No change. I am curious though, would it matter that much:
The tutorial I watched wanted me to put Let’s Encrypt on port 81 and 444, and set the port forwarding to point to those locations. Should it matter that they were moved there or should I move either of them? I don’t understand networking very well but I’m basically trying to understand if the website needs to be set to port 80 with the encryption being still on 443/444 or if I need to set the site to run off port 443?
Here ya go! Just to clarify, I censored my actual domain/subdomain just in case that would come back and bite me in the ass. I didn't include the dhparams.pem just because it doesn't look relevant. Also it won't let me attach as a file because I'm a new user, so here's the info in the reply.
UPDATE: I went in, cleared out that install of Let's Encrypt and reinstalled it. I did some minor tweaking to the point that I'm actually getting the default "this server is under construction" page to load only on HTTPS, but HTTP is still not responding (Ideally, I want it to automatically switch to HTTPS). The code below are the new files, as of 7:20 PM EST. Ports 81 and 444 are the ports that I forwarded within the router so I could get Let's Encrypt running.
#---------------------------------------------------------------------- #/Nginx/ssl.conf #---------------------------------------------------------------------- # session settings ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; # Diffie-Hellman parameter for DHE cipher suites ssl_dhparam /config/nginx/dhparams.pem; # ssl certs ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; # protocols ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; # HSTS, remove # from the line below to enable HSTS #add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; # OCSP Stapling ssl_stapling on; ssl_stapling_verify on; # Optional additional headers #add_header Content-Security-Policy "upgrade-insecure-requests"; #add_header X-Frame-Options "SAMEORIGIN" always; #add_header X-XSS-Protection "1; mode=block" always; #add_header X-Content-Type-Options "nosniff" always; #add_header X-UA-Compatible "IE=Edge" always; #add_header Cache-Control "no-transform" always; #---------------------------------------------------------------------- #/Nginx/proxy.conf #---------------------------------------------------------------------- client_max_body_size 10m; client_body_buffer_size 128k; #Timeout if the real server is dead proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; # Advanced Proxy Config send_timeout 5m; proxy_read_timeout 240; proxy_send_timeout 240; proxy_connect_timeout 240; # Basic Proxy Config proxy_set_header Host $host:$server_port; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; #proxy_redirect http:// $scheme://; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_cache_bypass $cookie_session; proxy_no_cache $cookie_session; proxy_buffers 32 4k; #---------------------------------------------------------------------- #/Nginx/nginx.conf #---------------------------------------------------------------------- ## Version 2018/01/29 - Changelog: https://github.com/linuxserver/docker-letsencrypt/commits/master/root/defaults/nginx.conf user abc; worker_processes 4; pid /run/nginx.pid; include /etc/nginx/modules/*.conf; events { worker_connections 768; # multi_accept on; } http { ## # Basic Settings ## sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; # server_tokens off; # server_names_hash_bucket_size 64; # server_name_in_redirect off; client_max_body_size 0; include /etc/nginx/mime.types; default_type application/octet-stream; ## # Logging Settings ## access_log /config/log/nginx/access.log; error_log /config/log/nginx/error.log; ## # Gzip Settings ## gzip on; gzip_disable "msie6"; # gzip_vary on; # gzip_proxied any; # gzip_comp_level 6; # gzip_buffers 16 8k; # gzip_http_version 1.1; # gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; ## # nginx-naxsi config ## # Uncomment it if you installed nginx-naxsi ## #include /etc/nginx/naxsi_core.rules; ## # nginx-passenger config ## # Uncomment it if you installed nginx-passenger ## #passenger_root /usr; #passenger_ruby /usr/bin/ruby; ## # Virtual Host Configs ## include /etc/nginx/conf.d/*.conf; include /config/nginx/site-confs/*; } #mail { # # See sample authentication script at: # # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript # # # auth_http localhost/auth.php; # # pop3_capabilities "TOP" "USER"; # # imap_capabilities "IMAP4rev1" "UIDPLUS"; # # server { # listen localhost:110; # protocol pop3; # proxy on; # } # # server { # listen localhost:143; # protocol imap; # proxy on; # } #} daemon off; #---------------------------------------------------------------------- #/Nginx/site-confs/default.conf #---------------------------------------------------------------------- ## Version 2018/04/20 - Changelog: https://github.com/linuxserver/docker-letsencrypt/commits/master/root/defaults/default # listening on port 80 disabled by default, remove the "#" signs to enable # redirect all traffic to https server { listen 81; server_name mycloud.MySubdomain; return 301 https://$host$request_uri; } # main server block server { listen 444 ssl default_server; root /config/www; index index.html index.htm index.php; server_name mycloud.MySubdomain; # enable subfolder method reverse proxy confs include /config/nginx/proxy-confs/owncloud.subfolder.conf; # all ssl related config moved to ssl.conf include /config/nginx/ssl.conf; client_max_body_size 0; location / { try_files $uri $uri/ /index.html /index.php?$args =404; } location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; # With php7-cgi alone: fastcgi_pass 127.0.0.1:9000; # With php7-fpm: #fastcgi_pass unix:/var/run/php7-fpm.sock; fastcgi_index index.php; include /etc/nginx/fastcgi_params; } # sample reverse proxy config for password protected couchpotato running at IP 192.168.1.50 port 5050 with base url "cp" # notice this is within the same server block as the base # don't forget to generate the .htpasswd file as described on docker hub # location ^~ /cp { # auth_basic "Restricted"; # auth_basic_user_file /config/nginx/.htpasswd; # include /config/nginx/proxy.conf; # proxy_pass http://192.168.1.50:5050/cp; # } } # sample reverse proxy config without url base, but as a subdomain "cp", ip and port same as above # notice this is a new server block, you need a new server block for each subdomain #server { # listen 443 ssl; # # root /config/www; # index index.html index.htm index.php; # # server_name cp.*; # # include /config/nginx/ssl.conf; # # client_max_body_size 0; # # location / { # auth_basic "Restricted"; # auth_basic_user_file /config/nginx/.htpasswd; # include /config/nginx/proxy.conf; # proxy_pass http://192.168.1.50:5050; # } #} # enable subdomain method reverse proxy confs include /config/nginx/proxy-confs/owncloud.subdomain.conf; #---------------------------------------------------------------------- #/Nginx/proxy-confs/owncloud.subfolder.conf #---------------------------------------------------------------------- # replace HOSTIP below with the IP address of your emby server # to enable password access, uncomment the two auth_basic lines location /owncloud { # auth_basic "Restricted"; # auth_basic_user_file /config/nginx/.htpasswd; include /config/nginx/proxy.conf; # rewrite /emby/(.*) /$1 break; proxy_pass http://192.168.1.29:8000; proxy_set_header Range $http_range; proxy_set_header If-Range $http_if_range; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; } #---------------------------------------------------------------------- #/Nginx/proxy-confs/owncloud.subdomain.conf #---------------------------------------------------------------------- # make sure that your dns has a cname set for emby, replace HOSTIP below with the IP address of your emby server # to enable password access, uncomment the two auth_basic lines server { listen 444 ssl; server_name mycloud.MySubdomain; include /config/nginx/ssl.conf; client_max_body_size 0; location / { # auth_basic "Restricted"; # auth_basic_user_file /config/nginx/.htpasswd; include /config/nginx/proxy.conf; proxy_pass http://192.168.1.29:8000; proxy_set_header Range $http_range; proxy_set_header If-Range $http_if_range; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } }
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.