Do find a way to turn RPNow off via a scriptable method, right?
Does that mean I need the code for RPNow?
All I can do right now is stop the server when I run the RPNow admin program - according to the guide.
1 Like
Can that start stop be scripted?
OR maybe something like:
systemctl stop rpnow
systemctl start rpnow
4 Likes
This was pointed out to me:
[thanks @JimPas]
4 Likes
When I run that, I get either
Failed to stop rpnow.service: Unit rpnow.service not loaded.
or:
Failed to start rpnow.service: Unit rpnow.service not found.
(I did the second just to see what happens.)
I'm just gonna ask: What exactly does scriptable method mean? Or, where can I figure that out?
1 Like
I took care of that a few days ago, I noticed it too!
1 Like
That implies being able to write down complete instructions that a computer can follow [at any given time - and without any human intervention] to complete a given task.
5 Likes
Sorry I was gone for a bit, I actually started school. Don't worry, nothing computer related 
I don't know if I'm able to! When I look for information I get so much, and I don't know which applies here.
It sound like I need to write code, but... where?
Honestly I'd just pay you at this point... You're helping a lot and consistently. Thank you.
2 Likes
Glad to hear that you are at school.
We can help you with basic coding.
But the problem here is that RPNow doesn't really have much information to work with.
I haven't found a way to change the HTTP port from 80 to any other number.
I haven't found a way to have it handle the HTTP challenge requests itself.
I haven't even found how to have it use an LE cert - if/when we are able to get one.
Without any of that information, there is nothing to code - no steps to take.
4 Likes
So I've skimmed through the linked GitHub repo for rpnow and I've skimmed through this thread and I'm not sure what's the goal here?
crt.sh indicates that there is a cert for crt.sh | loveinthedark.net that isn't yet expired. However latest renewal was irregular, maybe ACMEv1?. The latest certificate was issued on 2021-08-20 though, which was after ACMEv1 EOL.
The source code of rpnow indicates that it is perfectly capable of doing it's own TLS and has embedded support for Let's Encrypt (the ACME client used internally is autocert). One might want to look into getting that working (again), instead of doing the full reverse-proxy hassle?
A potential issue I've seen is that you need rpnow v3.0-beta11 or higher for ACMEv2 support. If @Sam_Enby installation is older than that, this might just be the issue why certs are not renewing.
Another issue why Golang might return TLS errors could be because sslDomain might have been set incorrectly in /etc/rpnow.ini.
If the reverse proxy is still the desired way to go:
Looking at the source code, this requires adding port=8080 (or any other desired port number) to /etc/rpnow.ini. If SSL/TLS is off, this should affect the plain HTTP port.
This is hopefully done internally using autocert if ssl=true, sslDomain=loveinthedark.net and letsencryptAcceptTOS=true is set in /etc/rpnow.ini. Again, only beta 11 and up do ACMEv2.
I haven't seen an option to manually specify a certificate. It either uses certificates returned by autocert, or doesn't use any certificate at all (e.g TLS is turned off).
7 Likes
The goal is to access the website. Right now I can't access it because it refuses the connection. At first it seemed I couldn't access it because there wasn't a renewed certificate, but now I apparently got one and it still doesn't work.
I tried to update it as the guide suggested and I get this:
export RPINSTALL=$(mktemp -d) && tar -zxvf <(wget -qOhttps://
> github.com/rpnow/rpnow/releases/latest/download/rpnow-linux.tar.gz) -C
tar: option requires an argument -- 'C'
Try 'tar --help' or 'tar --usage' for more information.
akaspirin@smol-rpnow:~$ $RPINSTALL && $RPINSTALL/install.sh && rm -r $RPINSTALLwget: missing URL
Usage: wget [OPTION]... [URL]...
Try `wget --help' for more options.
-bash: github.com/rpnow/rpnow/releases/latest/download/rpnow-linux.tar.gz: No such file or directory
I don't know what's wrong here 
We should try this.
Please modify the /etc/rpnow.ini as follows:
ssl=false
port=8000
Then restart RPNow.
Then show the output of:
sudo netstat -pant | grep -i listen
3 Likes
You are missing the destination path after the -C argument.
6 Likes
Here is the output:
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 31696/nginx: master
tcp 0 0 127.0.0.1:12789 0.0.0.0:* LISTEN 31788/rpnow
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 859/sshd
tcp6 0 0 :::80 :::* LISTEN 31696/nginx: master
tcp6 0 0 :::22 :::* LISTEN 859/sshd
tcp6 0 0 :::8000 :::* LISTEN 31788/rpnow
2 Likes
I gave it a destination path, but now it says there's no such file or directory on github? It IS there though, I think.
1 Like
Looks good, rpnow is listening on port 8000 and nginx is now using port 80.
What you could do now is secure nginx with a certificate and then reverse-proxy the requests to rpnow.
8 Likes
Wait, I thought my domain already had a valid certificate? Would I need two?
1 Like
The cert would only need to be used by the reverse proxy.
RPNow could remain HTTP on port 8000 (behind the secure proxy).
4 Likes
It did get one:
crt.sh | loveinthedark.net
And it might be able to be used by the reverse proxy.
Please show the output of:
certbot certificates
3 Likes
Hello,
I apologize for my late replies - school is demanding.
Here is the output of sudo certbot certificates:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name: loveinthedark.net
Serial Number: 31375d6de7ebec00a61700131a0682c1883
Key Type: RSA
Domains: loveinthedark.net
Expiry Date: 2021-11-18 00:25:08+00:00 (VALID: 55 days)
Certificate Path: /etc/letsencrypt/live/loveinthedark.net/fullchain.pem
Private Key Path: /etc/letsencrypt/live/loveinthedark.net/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 Like
Perfect, you have a valid cert.
All we need is for nginx to use it while connecting via proxy to the RPNow service on port 8000.
Dare I ask: Do you know how to handle an nginx web server as a proxy?
4 Likes