Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.

Configuration of nginx reverse proxy

Western Digital Drives - The Preferred Drives of FreeNAS and TrueNAS CORE

pakka

Member
Joined
Jan 25, 2018
Messages
45
Hi there,
I have problems on setting up my nginx reverse proxy server.
To send all requests from port 80 to 443 I have set these following settings in my nginx.conf-file:

Code:
server {
        listen 80 default_server;
        listen [::]:80 default_server;

        server_name _;
        return 301 https://$host$request_uri;

        include /etc/nginx/snippets/letsencrypt.conf;
...}


But I got an error
socket() [::]:80 failed (43: Protocol not supported)
on reload.

Is there anything wrong? I found that sample multiple times so I guess it should be a usual thing?!
Further on I have problems to renew my certificates with letsencrypt because port 80 is blocked...

thanks for your help!
 

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,688
You're not listening on 443 in that configuration. Add it in and it should respond.
 

pakka

Member
Joined
Jan 25, 2018
Messages
45
I added Port listening on 443 in an included file.
But nevertheless, it doesnt explain the error 43: Protocol not supported, does it?
 

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,688
Do you have an IPV6 address?
 

pakka

Member
Joined
Jan 25, 2018
Messages
45
Hi Jailer,
no I haven´t IPv6. so I commented this line out and there is no further error on starting nginx.
But instead I got an error on "certbot renew --dry-run" test command:

Attempting to renew cert (xxx.yyyyyy.zz) from /usr/local/etc/letsencrypt/renewal/xxx.yyyyyy.zz.conf produced an unexpected error: Failed authorization procedure. xxx.yyyyyy.zz (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://xxx.yyyyyy.zz/.well-known/acme-challenge/vJEwYE..... [92.222.43.2]: "<html>\r\n<head><title>403 Forbidden</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>403 Forbidden</h1></center>\r\n<hr><center>". Skipping.

But the command "certbot certonly --rsa-key-size 4096 --webroot -w /var/www/letsencrypt -d xxx.yyyyyy.zz.conf" works...

Thanks for your patience!
 

pakka

Member
Joined
Jan 25, 2018
Messages
45
I can imagine there is a problem with the ".well-known/acme-challenge" folder?

This is the included file /nginx/snippets/letsencrypt.conf:
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
root /var/www/letsencrypt;
}

The folder exists...
 
Top