1 Like
I thought OpenHAB was using port 8443?
Please show:
netstat -pant | grep -i listen
1 Like
tcp 0 0 0.0.0.0:46023 0.0.0.0:* LISTEN 1196/rpc.mountd
tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN 1054/mongod
tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 1201/redis-server 1
tcp 0 0 0.0.0.0:35757 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1184/rpcbind
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1371/nginx -g daemo
tcp 0 0 127.0.0.1:5939 0.0.0.0:* LISTEN 1777/teamviewerd
tcp 0 0 127.0.1.1:53 0.0.0.0:* LISTEN 1393/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1210/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 7949/cupsd
tcp 0 0 127.0.0.1:8088 0.0.0.0:* LISTEN 1610/influxd
tcp 0 0 0.0.0.0:42074 0.0.0.0:* LISTEN 1196/rpc.mountd
tcp 0 0 0.0.0.0:41790 0.0.0.0:* LISTEN 1196/rpc.mountd
tcp 0 0 0.0.0.0:2049 0.0.0.0:* LISTEN -
tcp6 0 0 :::43945 :::* LISTEN -
tcp6 0 0 127.0.0.1:40235 :::* LISTEN 1608/java
tcp6 0 0 :::44494 :::* LISTEN 1196/rpc.mountd
tcp6 0 0 :::5007 :::* LISTEN 1608/java
tcp6 0 0 :::111 :::* LISTEN 1184/rpcbind
tcp6 0 0 :::8080 :::* LISTEN 1941/java
tcp6 0 0 :::80 :::* LISTEN 1371/nginx -g daemo
tcp6 0 0 :::8086 :::* LISTEN 1610/influxd
tcp6 0 0 :::22 :::* LISTEN 1210/sshd
tcp6 0 0 ::1:631 :::* LISTEN 7949/cupsd
tcp6 0 0 :::47546 :::* LISTEN 1196/rpc.mountd
tcp6 0 0 :::8443 :::* LISTEN 1608/java
tcp6 0 0 :::2049 :::* LISTEN -
tcp6 0 0 :::51363 :::* LISTEN 1196/rpc.mountd
tcp6 0 0 127.0.0.1:8101 :::* LISTEN 1608/java
1 Like
tcp6 0 0 :::8443 :::* LISTEN 1608/java
We can’t use 8443 in nginx
It is still being used by Java
But we can use another port.
Pick one (unused) port:
how about 4443?
or 6543?
or 9843?
1 Like
We can use 4443 port.
OK here is what I have so far (let’s try this):
server {
listen 4443 ssl;
server_name veplopenhab.ga;
ssl_certificate /etc/letsencrypt/live/veplopenhab.ga-0001/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/veplopenhab.ga-0001/privkey.pem;
# error_log /location/to/error.log.file
location / {
proxy_pass https://localhost:8443/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
satisfy any;
allow 10.0.0.0/8; # ONLY Internal network has access
allow 127.0.0.1;
deny all;
}
}
1 Like
I have added above code in https.conf in /etc/apache2/site-available
Still I am seeing “Not secure error” when I access https://10.xx.xx.xx:8443
1 Like
[updated]
not all code is showing on post:
<VirtualHost *:4443>
server {
listen 4443 ssl;
server_name veplopenhab.ga;
ssl_certificate /etc/letsencrypt/live/veplopenhab.ga-0001/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/veplopenhab.ga-0001/privkey.pem;
# error_log /location/to/error.log.file
location / {
proxy_pass https://localhost:8443/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
satisfy any;
allow 10.0.0.0/8; # ONLY Internal network has access
allow 127.0.0.1;
deny all;
}
}
</VirtualHost>
1 Like
You will need to access it by name - the certificate doesn't contain an IP.
And the port has been changed - you need to connect to the proxy:
https://veplopenhab.ga:4443/
4443 will connect you to 8443
1 Like
I have modified my https.conf like this,
<VirtualHost *:4443>
server {
listen 4443 ssl;
server_name veplopenhab.ga;
ssl_certificate /etc/letsencrypt/live/veplopenhab.ga-0001/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/veplopenhab.ga-0001/privkey.pem;
# error_log /location/to/error.log.file
location / {
proxy_pass https://localhost:8443/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
satisfy any;
allow 10.0.0.0/8; # ONLY Internal network has access
allow 127.0.0.1;
deny all;
}
}
</VirtualHost>
I am getting this error, when access 4442 port,
1 Like
Please show:
netstat -pant | grep -i nginx
and
nginx -t
1 Like
Does your IP start with 10.?
When you
ping veplopenhab.ga
does it show an IP that starts with 10.?
1 Like
We failed to get 4443 started.
Please show:
ls -l /etc/nginx/sites-enabled/
1 Like
FYI, I have created https.conf in /etc/apache2/sites-available.
ls -l /etc/nginx/sites-enabled/
total 0
lrwxrwxrwx 1 root root 34 Dec 7 11:45 default -> /etc/nginx/sites-available/defaul
1 Like
We need a symbolic link in /sites-enabled/ to point to the /sites-available/ file:
Try:
ln -s /etc/nginx/sites-available/https.conf /etc/nginx/sites-enabled/https.conf
Then show again:
ls -l /etc/nginx/sites-enabled/
If there, restart nginx.
and recheck:
netstat -pant | grep -i nginx
1 Like
1 Like
Please show:
more /etc/nginx/sites-enabled/https.conf
1 Like