NginX config with Jessie

whatevermike · November 8, 2018, 9:59pm

New user here. I’m having a problem getting a response from my server when I enable SSL. I downloaded and installed certbot-auto, which completes successfully. So perhaps there is a problem with my NGINX config im not entirely sure.

My domain is: strahdwiki.com

My web server is (include version): NginX, Debian 8 (Raspberry Pi)

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

Here are my NginX configuration settings:
server {

        # SSL configuration
        # listen 443 ssl default_server;
        # listen [::]:443 ssl default_server;
        #
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        #
        # include snippets/snakeoil.conf;

        root /var/www/dokuwiki;

        # Add index.php to the list if you are using PHP
        index index.php index.html index.htm index.nginx-debian.html;

        server_name strahdwiki.com;

        # Max upload size
        client_max_body_size 25M;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ @dokuwiki;
        }

        location ~ /(data|conf|bin|inc)/ {
            deny all;
        }
        
        # tidy URIs
        location @dokuwiki {
        rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
        rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
        rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
        rewrite ^/(?!lib/)(.*) /doku.php?id=$1&$args last;
        }

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
        #
        #       # With php5-cgi alone:
        #       fastcgi_pass 127.0.0.1:9000;
                # With php5-fpm:
                fastcgi_pass unix:/var/run/php5-fpm.sock;
        }

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        location ~ /\.ht {
                deny all;
        }

        listen 80; # managed by Certbot

        listen 443 ssl; # managed by Certbot
        ssl_certificate /etc/letsencrypt/live/strahdwiki.com-0001/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/strahdwiki.com-0001/privkey.pem; # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

JuergenAuer · November 8, 2018, 10:13pm

Hi @whatevermike

there are problems. But what's your problem?

D:\temp>nslookup strahdwiki.com.
Name: strahdwiki.com
Address: 162.255.119.111

D:\temp>nslookup www.strahdwiki.com.
Name: mikeandbecca.duckdns.org
Address: 86.143.9.113
Aliases: www.strahdwiki.com

have different ip addresses. https://www.strahdwiki.com/ has a certificate with one name strahdwiki.com - so it's wrong. strahdwiki.com doesn't answer.

whatevermike · November 8, 2018, 10:33pm

Thank you @JuergenAuer

I resolved my problem by changing the server name to www.strahdwiki.com

My issue was related to my use of duckdns forwarding. I’m using a dynamic address so I am making use of their service to keep my domain pointed to the same server ip. I’m not sure if I can use duckdns service with an apex domain so I forgot the www. was required.

Once more thank you for your help.

JuergenAuer · November 8, 2018, 10:36pm

You can use it. But:

https://www.strahdwiki.com/

works now, with a correct certificate.

https://mikeandbecca.duckdns.org/

doesn't work, because the certificate has only www.strahdwiki.com as domain name.

So create one certificate with two domain names:

www.strahdwiki.com
mikeandbecca.duckdns.org

Then you can use both domain names.

JuergenAuer · November 8, 2018, 11:43pm

Wow: Now you have the complete solution:

DNS-Name: mikeandbecca.duckdns.org
DNS-Name: strahdwiki.com
DNS-Name: www.strahdwiki.com

One certificate, three domain names, three domains with the same certificate.

whatevermike · November 9, 2018, 12:30am

Absolutely yeah

Learning a lot as I do this, after your suggestion I read more about multi-domain certificates as I was wondering about potential drawbacks. However it seems a very robust solution.

I still have a small issue of my server failing to respond when I visit the apex address with https (https://strahdwiki.com). I think it’s not a certificate problem so I will test my brain and read more docs to find the solution.

JuergenAuer · November 9, 2018, 9:51pm

One thing is bad.

https://check-your-website.server-daten.de/?q=strahdwiki.com

http://strahdwiki.com/	302	https://www.strahdwiki.com	0.387	D

http://www.strahdwiki.com/	301	https://_/	0.336	D

https://_/	-1		2.343	U

Your first redirect isn’t perfect, but ok. But your http://www.strahdwiki.com/ redirects to https://_/ - which isn’t a valide domain name.

system · December 9, 2018, 10:07pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Certbot Nginx/Ubuntu16.04 timeout on AWS - Port 443 Rule Missing Help	4	2879	August 19, 2017
Nginx something wrong with my config, need help Help	7	381	November 18, 2022
Nginx Configuration Issues - Certificate Obtained but not used by NGINX Server	7	3677	May 2, 2017
Https doesn't show my website Server	4	1739	February 11, 2017
Newbie: Cannot get https to work, connection refused Help	10	414	February 3, 2024

NginX config with Jessie

Related topics