Configuration of nginx reverse proxy

pakka

Dabbler
Joined
Jan 25, 2018
Messages
48
Hi there,
I have problems on setting up my nginx reverse proxy server.
To send all requests from port 80 to 443 I have set these following settings in my nginx.conf-file:

Code:
server {
        listen 80 default_server;
        listen [::]:80 default_server;

        server_name _;
        return 301 https://$host$request_uri;

        include /etc/nginx/snippets/letsencrypt.conf;
...}


But I got an error
socket() [::]:80 failed (43: Protocol not supported)
on reload.

Is there anything wrong? I found that sample multiple times so I guess it should be a usual thing?!
Further on I have problems to renew my certificates with letsencrypt because port 80 is blocked...

thanks for your help!
 

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,974
You're not listening on 443 in that configuration. Add it in and it should respond.
 

pakka

Dabbler
Joined
Jan 25, 2018
Messages
48
I added Port listening on 443 in an included file.
But nevertheless, it doesnt explain the error 43: Protocol not supported, does it?
 

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,974
Do you have an IPV6 address?
 

pakka

Dabbler
Joined
Jan 25, 2018
Messages
48
Hi Jailer,
no I haven´t IPv6. so I commented this line out and there is no further error on starting nginx.
But instead I got an error on "certbot renew --dry-run" test command:

Attempting to renew cert (xxx.yyyyyy.zz) from /usr/local/etc/letsencrypt/renewal/xxx.yyyyyy.zz.conf produced an unexpected error: Failed authorization procedure. xxx.yyyyyy.zz (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://xxx.yyyyyy.zz/.well-known/acme-challenge/vJEwYE..... [92.222.43.2]: "<html>\r\n<head><title>403 Forbidden</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>403 Forbidden</h1></center>\r\n<hr><center>". Skipping.

But the command "certbot certonly --rsa-key-size 4096 --webroot -w /var/www/letsencrypt -d xxx.yyyyyy.zz.conf" works...

Thanks for your patience!
 

pakka

Dabbler
Joined
Jan 25, 2018
Messages
48
I can imagine there is a problem with the ".well-known/acme-challenge" folder?

This is the included file /nginx/snippets/letsencrypt.conf:
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
root /var/www/letsencrypt;
}

The folder exists...
 
Top