NginX config with Jessie


#1

New user here. I’m having a problem getting a response from my server when I enable SSL. I downloaded and installed certbot-auto, which completes successfully. So perhaps there is a problem with my NGINX config im not entirely sure.

My domain is: strahdwiki.com

My web server is (include version): NginX, Debian 8 (Raspberry Pi)

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

Here are my NginX configuration settings:
server {

        # SSL configuration
        # listen 443 ssl default_server;
        # listen [::]:443 ssl default_server;
        #
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        #
        # include snippets/snakeoil.conf;

        root /var/www/dokuwiki;

        # Add index.php to the list if you are using PHP
        index index.php index.html index.htm index.nginx-debian.html;

        server_name strahdwiki.com;

        # Max upload size
        client_max_body_size 25M;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ @dokuwiki;
        }

        location ~ /(data|conf|bin|inc)/ {
            deny all;
        }
        
        # tidy URIs
        location @dokuwiki {
        rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
        rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
        rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
        rewrite ^/(?!lib/)(.*) /doku.php?id=$1&$args last;
        }

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
        #
        #       # With php5-cgi alone:
        #       fastcgi_pass 127.0.0.1:9000;
                # With php5-fpm:
                fastcgi_pass unix:/var/run/php5-fpm.sock;
        }

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        location ~ /\.ht {
                deny all;
        }

        listen 80; # managed by Certbot

        listen 443 ssl; # managed by Certbot
        ssl_certificate /etc/letsencrypt/live/strahdwiki.com-0001/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/strahdwiki.com-0001/privkey.pem; # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

#2

Hi @whatevermike

there are problems. But what’s your problem?

D:\temp>nslookup strahdwiki.com.
Name: strahdwiki.com
Address: 162.255.119.111

D:\temp>nslookup www.strahdwiki.com.
Name: mikeandbecca.duckdns.org
Address: 86.143.9.113
Aliases: www.strahdwiki.com

have different ip addresses. https://www.strahdwiki.com/ has a certificate with one name strahdwiki.com - so it’s wrong. strahdwiki.com doesn’t answer.


#3

Thank you @JuergenAuer

I resolved my problem by changing the server name to www.strahdwiki.com

My issue was related to my use of duckdns forwarding. I’m using a dynamic address so I am making use of their service to keep my domain pointed to the same server ip. I’m not sure if I can use duckdns service with an apex domain so I forgot the www. was required.

Once more thank you for your help.


#4

You can use it. But:

https://www.strahdwiki.com/

works now, with a correct certificate.

https://mikeandbecca.duckdns.org/

doesn’t work, because the certificate has only www.strahdwiki.com as domain name.

So create one certificate with two domain names:

www.strahdwiki.com
mikeandbecca.duckdns.org

Then you can use both domain names.


#5

Wow: Now you have the complete solution:

DNS-Name: mikeandbecca.duckdns.org
DNS-Name: strahdwiki.com
DNS-Name: www.strahdwiki.com

One certificate, three domain names, three domains with the same certificate.


#6

Absolutely yeah :smile:

Learning a lot as I do this, after your suggestion I read more about multi-domain certificates as I was wondering about potential drawbacks. However it seems a very robust solution.

I still have a small issue of my server failing to respond when I visit the apex address with https (https://strahdwiki.com). I think it’s not a certificate problem so I will test my brain and read more docs to find the solution.


#7

One thing is bad.

https://check-your-website.server-daten.de/?q=strahdwiki.com

http://strahdwiki.com/ 302 https://www.strahdwiki.com 0.387 D
http://www.strahdwiki.com/ 301 https://_/ 0.336 D
https://_/ -1 2.343 U

Your first redirect isn’t perfect, but ok. But your http://www.strahdwiki.com/ redirects to https://_/ - which isn’t a valide domain name.