My domain is: jlab.infops.co.uk
I ran this command: certbot --nginx -d jlab.infops.co.uk
It produced this output: Sorry, I don't have that information but the certs were installed into /etc/letsencrypt/live/jlab.infops.co.uk
My web server is (include version): **nginx/1.18.0 (Ubuntu) - nginx reverse proxy setup version **
The operating system my web server runs on is (include version): Ubuntu 20.04
My hosting provider, if applicable, is: Fasthosts
I can login to a root shell on my machine (yes or no, or I don't know): *Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Mo
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.27.0
Hi I am trying to get SSL to work on my jlab.infops.co.uk jupyterhub site. This is a new site and the first time I have tried to use Letsencrypt with nginx
I also have apache running on my my system configured for ports 80 and 443.
Nginx is configured for port 81 and 4443. I am trying to ruin jlab out on port 4443. I can see traffic hitting my site if I run tcpdump - I eth0 port 442
16:33:57.343354 IP My-Network.26012 > DA2E67C.online-server.cloud.4443: Flags [S], seq 2597879636, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:33:57.343423 IP DA2E67C.online-server.cloud.4443 > My-Network.26012: Flags [S.], seq 2918581266, ack 2597879637, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
16:33:57.348001 IP My-Network.26013 > DA2E67C.online-server.cloud.4443: Flags [S], seq 2705667315, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:33:57.348086 IP DA2E67C.online-server.cloud.4443 > My-Network.26013: Flags [S.], seq 3898086795, ack 2705667316, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
16:33:57.372226 IP My-Network.26012 > DA2E67C.online-server.cloud.4443: Flags [.], ack 1, win 513, length 0
When I run the server I am now getting a 400 Bad request error and 'My-Network' Error
my nginx config is as follows
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 81;
server_name jlab.infops.co.uk;
return 301 https://$server_name$request_uri;
}
server {
listen 4443 ssl http2;
server_name jlab.infops.co.uk;
client_max_body_size 100m;
client_body_timeout 120s;
sendfile off;
ssl_certificate /etc/letsencrypt/live/jlab.infops.co.uk/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/jlab.infops.co.uk/privkey.pem;
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
ssl_prefer_server_ciphers on;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header Content-Security-Policy "frame-ancestors 'self'";
add_header X-Frame-Options DENY;
add_header Referrer-Policy same-origin;
location / {
proxy_pass http://localhost:4443;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
Can someone validate my lets encrypt parts. I cant see how I am not getting SSL as Lets encrypt is working fine on my other sites.
Thanks