I am new to this create certificate and would like to seek some guide step by step. I have install acme.sh through putty and would create certificate for my nextcloud on my own private truenas server. I have some error as below is the details
My domain is: maskookt.duckdns.org
I ran this command:
acme.sh --issue -d maskookt.duckdns.org -w /usr/local/www/nextcloud/
It produced this output:
My web server is (include version):
nextcloud 12.1-RELEASE-p12
The operating system my web server runs on is (include version):
TrueNAS-12.0-U1
The version of my client License is GPLv3
I have share my nginx config file as below :
load_module /usr/local/libexec/nginx/ngx_http_uploadprogress_module.so;
user www www;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
# Types to enable gzip compression on
gzip_types
text/plain
text/css
text/js
text/xml
text/javascript
application/javascript
application/x-javascript
application/json
application/xml
application/rss+xml
image/svg+xml;
# reserve 1MB under the name 'proxied' to track uploads
upload_progress proxied 1m;
sendfile on;
#tcp_nopush on;
client_max_body_size 1000m;
#keepalive_timeout 0;
# Security Headers
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1";
location / {
rewrite ^.* $scheme://$http_host/ui/ redirect;
}
location /progress {
# report uploads tracked in the 'proxied' zone
report_uploads proxied;
}
location /api/docs {
proxy_pass http://127.0.0.1:6000/api/docs;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Script-Name /api/docs;
}
location /api/docs/restful/static {
alias /usr/local/www/swagger-ui/node_modules/swagger-ui-dist;
}
location /ui {
if ( $request_method ~ ^POST$ ) {
proxy_pass http://127.0.0.1:6000;
}
try_files $uri $uri/ /index.html =404;
alias /usr/local/www/webui;
add_header Cache-Control "must-revalidate";
add_header Etag "TrueNAS-12.0-U1";
}
location /websocket {
proxy_pass http://127.0.0.1:6000/websocket;
proxy_http_version 1.1;
proxy_set_header X-Real-Remote-Addr $remote_addr;
keepalive_timeout 65;
# Disable tokens for security (#23684)
server_tokens off;
gzip on;
#upload_store /var/tmp/firmware;
client_body_temp_path /var/tmp/firmware;
error_log syslog:server=unix:/var/run/log,nohostname;
access_log syslog:server=unix:/var/run/log,nohostname;
server {
server_name localhost;
listen 0.0.0.0:443 default_server ssl http2;
listen [::]:443 default_server ssl http2;
ssl_certificate "/etc/certificates/freenas_default.crt";
ssl_certificate_key "/etc/certificates/freenas_default.key";
ssl_dhparam "/data/dhparam.pem";
ssl_session_timeout 120m;
ssl_session_cache shared:ssl:16m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA:EDH+aRSA:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SHA1:!SHA256:!SH>
add_header Strict-Transport-Security max-age=0;
#ssl_stapling on;
#ssl_stapling_verify on;
#resolver ;
#ssl_trusted_certificate ;
listen 0.0.0.0:80;
listen [::]:80;
# Security Headers
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1";
location / {
rewrite ^.* $scheme://$http_host/ui/ redirect;
}
location /progress {
# report uploads tracked in the 'proxied' zone
report_uploads proxied;
}
location /api/docs {
proxy_pass http://127.0.0.1:6000/api/docs;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Script-Name /api/docs;
}
location /api/docs/restful/static {
alias /usr/local/www/swagger-ui/node_modules/swagger-ui-dist;
}
location /ui {
if ( $request_method ~ ^POST$ ) {
proxy_pass http://127.0.0.1:6000;
}
try_files $uri $uri/ /index.html =404;
alias /usr/local/www/webui;
add_header Cache-Control "must-revalidate";
add_header Etag "TrueNAS-12.0-U1";
}
location /websocket {
proxy_pass http://127.0.0.1:6000/websocket;
proxy_http_version 1.1;
proxy_set_header X-Real-Remote-Addr $remote_addr;
proxy_set_header X-Real-Remote-Port $remote_port;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /websocket/shell {
proxy_pass http://127.0.0.1:6000/_shell;
proxy_http_version 1.1;
proxy_set_header X-Real-Remote-Addr $remote_addr;
proxy_set_header X-Real-Remote-Port $remote_port;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_send_timeout 7d;
proxy_read_timeout 7d;
}
location /api/v2.0 {
# do not add the path to proxy_pass because of automatic url decoding
# e.g. /api/v2.0/pool/dataset/id/tank%2Ffoo/ would become
# /api/v2.0/pool/dataset/id/tank/foo/
proxy_pass http://127.0.0.1:6000;
proxy_http_version 1.1;
proxy_set_header X-Real-Remote-Addr $remote_addr;
proxy_set_header X-Real-Remote-Port $remote_port;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
location /_download {
proxy_pass http://127.0.0.1:6000;
proxy_http_version 1.1;
proxy_set_header X-Real-Remote-Addr $remote_addr;
proxy_set_header X-Real-Remote-Port $remote_port;
proxy_read_timeout 10m;
}
location /_upload {
# Allow uploads of any size. Its middlewared job to handle size.
client_max_body_size 0;
proxy_pass http://127.0.0.1:6000;
# make sure nginx does not buffer the upload and pass directly to middlewared
proxy_request_buffering off;
proxy_http_version 1.1;
proxy_set_header X-Real-Remote-Addr $remote_addr;
proxy_set_header X-Real-Remote-Port $remote_port;
}
location /images {
alias /var/db/system/webui/images;
}
location /_plugins {
proxy_pass http://127.0.0.1:6000/_plugins;
proxy_http_version 1.1;
proxy_set_header X-Real-Remote-Addr $remote_addr;
proxy_set_header X-Real-Remote-Port $remote_port;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/local/www/nginx-dist;
}
}
}
Hope someone able to help me out.
Thanks