Problem with https, ufw status and /sites-available/default files i think

frescainsalata · February 26, 2017, 3:37pm

Hi guys, i am having some troubles with https. I got the certificated, followed this guide

until the step 6, cause of it didn’t work for me.

This is my /etc/nginx/sites-available/default file

server {
        listen 80 default_server;
        listen [::]:80 default_server
        server_name tophub.it www.tophub.it;
        return 301 https://$server_name$request_uri;
}

server {

    # SSL configuration

    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;
    include snippets/ssl-example.com.conf;
    include snippets/ssl-params.conf;

        # SSL configuration
        #
        # listen 443 ssl default_server;
        # listen [::]:443 ssl default_server;
        #
        # Note: You should disable gzip for SSL traffic.
        # See: https://bugs.debian.org/773332
        #
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See: https://bugs.debian.org/765782
        #
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        #
        # include snippets/snakeoil.conf;

        root /var/www/html;

        # Add index.php to the list if you are using PHP
        index index.html index.htm index.nginx-debian.html;

        server_name _;

        location ~ /.well-known {
                allow all;
        }

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;


        }

and this is my ufw status

Status: active

To                         Action      From
--                         ------      ----
22                         LIMIT       Anywhere
443                        ALLOW       Anywhere
80                         ALLOW       Anywhere
Nginx Full                 ALLOW       Anywhere
22 (v6)                    LIMIT       Anywhere (v6)
443 (v6)                   ALLOW       Anywhere (v6)
80 (v6)                    ALLOW       Anywhere (v6)
Nginx Full (v6)            ALLOW       Anywhere (v6)

Where do you think is the problem?

serverco · February 26, 2017, 3:50pm

In what way did step 6 not work ? what error did you get when running sudo letsencrypt renew ?

At the moment it doesn’t look as if you have completed the earlier steps.

frescainsalata · February 26, 2017, 3:56pm

serverco, i didnt continue with step 6 cause of step 5 didn’t work for me.

maybe i wrote bad, sorry.

Osiris · February 26, 2017, 3:59pm

But WHAT didn't work for you? What was the output? What was the error message? We don't have crystal balls, you know..

I see you actually used example.com from the Digital Ocean guide literally when specifying /etc/nginx/snippets/ssl-example.com.conf. Did you, in that file, also point ssl_certificate and ssl_certificate_key to files /etc/letsencrypt/live/example.com/ literally, as the guide told you? Or did you change example.com to your actual domain name?

frescainsalata · February 26, 2017, 4:01pm

You are right, sorry guys.

No error message, just https://tophub.it don’t work as it should be (following the guide)

serverco · February 26, 2017, 4:01pm

so in step 5, what did

sudo nginx -t

give as a result ?

and what did

sudo systemctl restart nginx

give as a result ?

Also, in step 3 you needed to include in the

ssl_certificate /etc/letsencrypt/live/tophub.it/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/tophub.it/privkey.pem;

did you complete that ? can you provide that file.

Osiris · February 26, 2017, 4:02pm

Is nginx running? Did you try starting it? If it isn't running, even when you tried starting it, what do the log files tell you?

frescainsalata · February 26, 2017, 4:06pm

All works.

it just restart nginx, no messages.

In the file sudo nano /etc/nginx/snippets/ssl-tophub.it.conf i have

ssl_certificate /etc/letsencrypt/live/tophub.it/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/tophub.it/privkey.pem;

Yes, it works (in fact, access with http works http://tophub.it/)

serverco · February 26, 2017, 4:09pm

Please provide the file
/etc/nginx/snippets/ssl-tophub.it.conf

And, in your /etc/nginx/sites-available/default file above you have “include snippets/ssl-example.com.conf;” Is that what you really have ? or do you have “include snippets/ssl-tophub.it.conf;” ?

frescainsalata · February 26, 2017, 4:13pm

Please provide the file

I did sir

In the file sudo nano /etc/nginx/snippets/ssl-tophub.it.conf i have

ssl_certificate /etc/letsencrypt/live/tophub.it/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/tophub.it/privkey.pem;

i have just this in the file.

Do you want me to upload the file?

serverco · February 26, 2017, 4:14pm

Yes please.

And, in your /etc/nginx/sites-available/default file above you have “include snippets/ssl-example.com.conf;” Is that what you really have ? or do you have “include snippets/ssl-tophub.it.conf;” ?

frescainsalata · February 26, 2017, 4:22pm

I cant upload here as attachment, no valid extension, so i changed .conf in .txtssl-tophub.it.txt (128 Bytes)

Is that what you really have ?

Yes, asd, i changed it in include snippets/ssl-tophub.it.conf;

serverco · February 26, 2017, 4:25pm

Thanks - please provide a copy of /etc/nginx/sites-available/default as it is now (the one above still shows “example…com”

Also check that you have restarted nginx since making the changes to /etc/nginx/sites-available/default

frescainsalata · February 26, 2017, 4:30pm

default.txt (2.4 KB)

Here it is.

lso check that you have restarted nginx since making the changes to /etc/nginx/sites-available/default

Yes i did.

frescainsalata · February 26, 2017, 7:26pm

I was wondering if ghost settings can be the problem?

Should i edit site-enabled too?

serverco · February 26, 2017, 7:56pm

the files in sites-enabled should be a symlink to those in sites-available

sudo ln -s /etc/nginx/sites-available/default /etc/nginx/sites-enabled/

frescainsalata · February 26, 2017, 8:01pm

Should i run this command?

serverco · February 26, 2017, 8:02pm

That would be the standard linux command to create a symlink, yes. if /etc/nginx/sites-enabled/default already exists you will need to delete it first.

frescainsalata · February 26, 2017, 8:05pm

The file contain this, do i proceed with deleting?

server {
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;


    server_name tophub.it; # Replace with your domain;


    root /usr/share/nginx/html;
    index index.html index.htm;

    client_max_body_size 10G;

    location ~ /.well-known {
        allow all;
        root /var/www/html;
    }

    location / {
 proxy_pass http://localhost:2368;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_buffering off;
    }
}

serverco · February 26, 2017, 8:08pm

Yes (take a backup first). Do you want a proxy configured ?