Problem with https, ufw status and /sites-available/default files i think


#1

Hi guys, i am having some troubles with https. I got the certificated, followed this guide

until the step 6, cause of it didn’t work for me.

This is my /etc/nginx/sites-available/default file

server {
        listen 80 default_server;
        listen [::]:80 default_server
        server_name tophub.it www.tophub.it;
        return 301 https://$server_name$request_uri;
}

server {

    # SSL configuration

    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;
    include snippets/ssl-example.com.conf;
    include snippets/ssl-params.conf;

        # SSL configuration
        #
        # listen 443 ssl default_server;
        # listen [::]:443 ssl default_server;
        #
        # Note: You should disable gzip for SSL traffic.
        # See: https://bugs.debian.org/773332
        #
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See: https://bugs.debian.org/765782
        #
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        #
        # include snippets/snakeoil.conf;

        root /var/www/html;

        # Add index.php to the list if you are using PHP
        index index.html index.htm index.nginx-debian.html;

        server_name _;

        location ~ /.well-known {
                allow all;
        }

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;


        }

and this is my ufw status

Status: active

To                         Action      From
--                         ------      ----
22                         LIMIT       Anywhere
443                        ALLOW       Anywhere
80                         ALLOW       Anywhere
Nginx Full                 ALLOW       Anywhere
22 (v6)                    LIMIT       Anywhere (v6)
443 (v6)                   ALLOW       Anywhere (v6)
80 (v6)                    ALLOW       Anywhere (v6)
Nginx Full (v6)            ALLOW       Anywhere (v6)

Where do you think is the problem?


#2

In what way did step 6 not work ? what error did you get when running sudo letsencrypt renew ?

At the moment it doesn’t look as if you have completed the earlier steps.


#3

serverco, i didnt continue with step 6 cause of step 5 didn’t work for me.

maybe i wrote bad, sorry.


#4

But WHAT didn’t work for you? What was the output? What was the error message? We don’t have crystal balls, you know…

I see you actually used example.com from the Digital Ocean guide literally when specifying /etc/nginx/snippets/ssl-example.com.conf. Did you, in that file, also point ssl_certificate and ssl_certificate_key to files /etc/letsencrypt/live/example.com/ literally, as the guide told you? Or did you change example.com to your actual domain name?


#5

You are right, sorry guys.

No error message, just https://tophub.it don’t work as it should be (following the guide)


#6

so in step 5, what did

sudo nginx -t

give as a result ?

and what did

sudo systemctl restart nginx

give as a result ?

Also, in step 3 you needed to include in the

ssl_certificate /etc/letsencrypt/live/tophub.it/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/tophub.it/privkey.pem;

did you complete that ? can you provide that file.


#7

Is nginx running? Did you try starting it? If it isn’t running, even when you tried starting it, what do the log files tell you?


#8

All works.

it just restart nginx, no messages.

In the file sudo nano /etc/nginx/snippets/ssl-tophub.it.conf i have

ssl_certificate /etc/letsencrypt/live/tophub.it/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/tophub.it/privkey.pem;

Yes, it works (in fact, access with http works http://tophub.it/)


#9

Please provide the file
/etc/nginx/snippets/ssl-tophub.it.conf

And, in your /etc/nginx/sites-available/default file above you have “include snippets/ssl-example.com.conf;” Is that what you really have ? or do you have “include snippets/ssl-tophub.it.conf;” ?


#10

Please provide the file

I did sir

In the file sudo nano /etc/nginx/snippets/ssl-tophub.it.conf i have

ssl_certificate /etc/letsencrypt/live/tophub.it/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/tophub.it/privkey.pem;

i have just this in the file.

Do you want me to upload the file?


#11

Yes please.

And, in your /etc/nginx/sites-available/default file above you have “include snippets/ssl-example.com.conf;” Is that what you really have ? or do you have “include snippets/ssl-tophub.it.conf;” ?


#12

I cant upload here as attachment, no valid extension, so i changed .conf in .txtssl-tophub.it.txt (128 Bytes)

Is that what you really have ?

Yes, asd, i changed it in include snippets/ssl-tophub.it.conf;


#13

Thanks - please provide a copy of /etc/nginx/sites-available/default as it is now (the one above still shows “example…com”

Also check that you have restarted nginx since making the changes to /etc/nginx/sites-available/default


#14

default.txt (2.4 KB)

Here it is.

lso check that you have restarted nginx since making the changes to /etc/nginx/sites-available/default

Yes i did.


#15

I was wondering if ghost settings can be the problem?

Should i edit site-enabled too?


#16

the files in sites-enabled should be a symlink to those in sites-available

sudo ln -s /etc/nginx/sites-available/default /etc/nginx/sites-enabled/


#17

Should i run this command?


#18

That would be the standard linux command to create a symlink, yes. if /etc/nginx/sites-enabled/default already exists you will need to delete it first.


#19

The file contain this, do i proceed with deleting?

server {
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;


    server_name tophub.it; # Replace with your domain;


    root /usr/share/nginx/html;
    index index.html index.htm;

    client_max_body_size 10G;

    location ~ /.well-known {
        allow all;
        root /var/www/html;
    }

    location / {
 proxy_pass http://localhost:2368;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_buffering off;
    }
}

#20

Yes (take a backup first). Do you want a proxy configured ?