Actually in the PC hosting the Web Server I have Ubuntu 18.04.01 Server Edition.
For browsing in internet and for connecting via ssh to the PC I use a Windows 10 laptop. But does it affect the PC hosting the web page? It shouldn’t.
But unfortunately again, refreshing or connecting with https://check-your-website.server-daten.de/?q=ggc.world it says:
“ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 37.116.214.189:80”
and doing :
sudo certbot certonly --webroot -w /home/marco/go/src/MyPage/ -d ggc.world -d www.ggc.world
I got the same error message as above
even if I do not understand what it could interfere with the Internet Service Provider’s Security Configurations
Changing in the configuration file of the web page the port into httpport = 80
when running the web server it says:
marco@pc01:~/go/src/MyPage$ bee run
| ___
| |/ / ___ ___
| ___ \ / _ \ / _
| |/ /| /| /
_/ _| __| v1.10.0
2019/04/11 09:00:56 INFO 0001 Using ‘MyPage’ as ‘appname’
2019/04/11 09:00:56 INFO 0002 Initializing watcher…
2019/04/11 09:00:57 SUCCESS 0003 Built Successfully!
2019/04/11 09:00:57 INFO 0004 Restarting ‘MyPage’…
2019/04/11 09:00:57 SUCCESS 0005 ‘./MyPage’ is running…
2019/04/11 09:00:57.225 [I] [asm_amd64.s:2361] http server Running on http://192.168.1.7:80
2019/04/11 09:00:57.225 [C] [asm_amd64.s:2361] ListenAndServe: listen tcp 192.168.1.7:80: bind: permission denied
I thought I could use any, almost any, ports for my web server, even if for Beego the listening port is set to 8080 by default.
So…should I use the Certbot’s standalone plugin, which temporarily runs an additional webserver, or should be better to run only Beego web server and find the way to modify the port to 80 instead of the 8080 ?
I don’t know if Beego is designed to run on ports below 1024. Doing that securely is a bit complicated. I glanced at their documentation and didn’t see anything.
Beego’s intention might be that you run it on a high port, and then configure another server to reverse proxy to it. I don’t know.
@JuergenAuer After clicking the check botton while keeping port 8080 for the webserver, even if Matt @mnordhoff explained me that Certbot requires a webserver on port 80, the same result happens: “ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 37.116.214.189:80”.
So I guess I need to have a webserver in port 80.
Since I didn’t succeed in changing the Beego webserver http port from 8080 to 80, can I run two webserver at the same time, the Beego webserver in port 8080 and the Certbot’s webserver in port 80? or two webservers in two different ports in the same PC might generate undesirable side effects?
I installed the latest NGINX 1.155 version. Following the indications found in the Go Web Development Cookbook regarding the deployment of Beego with Nginx : DeployingBeegoAppWithNginx and the indications in here: https://beego.me/docs/deploy/nginx.md, I modified the /etc/nginx/conf.d/default.conf in this way :
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
See “systemctl status nginx.service” and “journalctl -xe” for details.
failed!
@mnordhoff I’m trying to understand the rationale behing proxy_pass: http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass
“Sets the protocol and address of a proxied server and an optional URI to which a location should be mapped. As a protocol, “http” or “https” can be specified. The address can be specified as a domain name or IP address, and an optional port”
Is it correct to say that the proxy_pass, if properly set, establishes a connection between ngnix and beego?
I would like to use Beego as MVC Golang framework, but if there are potential problems and pitfalls in using Beego in conjunction with Nginx, I’m open to check other viable options.
marco@pc01:/etc/nginx/conf.d$ sudo ufw status
Status: inactive
After disabling the Kasperky Firewall of the Windows laptop I’m using to connect via ssh to the Ubuntu PC hosting the web server and the web page, I modified the /etc/nginx/conf.d/default.conf as follows:
server {
listen 80;
server_name ggc.world www.ggc.world;
location / {
proxy_pass http://ggc.world:8080/home/marco/go/src/MyPage/.well-known/acme-
challenge;
}
}
server {
listen 80;
server_name www.ggc.world;
location / {
proxy_pass http://www.ggc.world:8080/home/marco/go/src/MyPage/.well-
known/acme-challenge;
}
}
marco@pc01:~/go/src/MyPage$ sudo certbot certonly --webroot -w /home/marco/go/src
/MyPage -d ggc.world -d www.ggc.world
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for ggc.world
http-01 challenge for www.ggc.world
Using the webroot path /home/marco/go/src/MyPage for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. www.ggc.world (http-01): urn:ietf:params:acme:error:connection :: The
server could not connect to the client to verify the domain :: Fetching http://www.ggc.world/.well-
known/acme-challenge/WYmLKi8OczjZFsWPklkxR52FUFKsn830-6B0W54-IVo: Timeout during
connect (likely firewall problem)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: www.ggc.world
Type: connection
Detail: Fetching
http://www.ggc.world/.well-known/acme-challenge
/WYmLKi8OczjZFsWPklkxR52FUFKsn830-6B0W54-IVo:
Timeout during connect (likely firewall problem)
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
@JuergenAuer in order to eliminate the windows firewall, I tried also using an ubuntu desktop laptop as client, connecting via ssh to the Ubuntu Server :
marco@pc01:~/go/src/MyPage$ sudo certbot certonly --webroot -w /home/marco/go/src
/MyPage/ -d ggc.world -d www.ggc.world
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for ggc.world
http-01 challenge for www.ggc.world
Using the webroot path /home/marco/go/src/MyPage for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. ggc.world (http-01):
urn:ietf:params:acme:error:connection :: The server could not connect to the client to
verify the domain :: Fetching http://ggc.world/.well-known/acme-challenge
/fgJOh0VJIfvF8WCXX2nJiB2kOPL7zitWh-gxU_wYeMc: Timeout during connect (likely
firewall problem), www.ggc.world (http-01): urn:ietf:params:acme:error:connection :: The
server could not connect to the client to verify the domain :: Fetching
http://www.ggc.world/.well-known/acme-challenge/
PquYA5Ijly92gc1SrpYZFQFsYUjP7XxvCDD2BEWr-BY: Timeout during connect (likely
firewall problem)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: ggc.world
Type: connection
Detail: Fetching
http://ggc.world/.well-known/acme-challenge
/fgJOh0VJIfvF8WCXX2nJiB2kOPL7zitWh-gxU_wYeMc:
Timeout during connect (likely firewall problem)
Domain: www.ggc.world
Type: connection
Detail: Fetching
http://www.ggc.world/.well-known/acme-challenge
/PquYA5Ijly92gc1SrpYZFQFsYUjP7XxvCDD2BEWr-BY:
Timeout during connect (likely firewall problem)
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
marco@pc01:~/go/src/MyPage$ sudo ufw status
Status: inactive