Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

I want to set up SSL for my site #84

Closed
infoabcd opened this issue Apr 8, 2020 · 10 comments
Closed

I want to set up SSL for my site #84

infoabcd opened this issue Apr 8, 2020 · 10 comments

Comments

@infoabcd
Copy link

infoabcd commented Apr 8, 2020

I tried to set nginx.conf but it didn't work. How do I set SSL correctly?
@DanWin
Copy link
Owner

DanWin commented Apr 10, 2020

Best way would be to copy the vhost configuration of the domain you want to setup SSL for to an extra file under /etc/nginx/sites-enabled/ and configure it with listen [::]:443 ssl http2;
Then point the ssl_certificate and ssl_certificate_key options to the respective key and certificate chain file.
To acquire those, you could for example use https://github.com/Neilpang/acme.sh

@infoabcd
Copy link
Author

So how do you set NGINX's pseudo-static?

@infoabcd
Copy link
Author

I changed hosted_sites but it didn't seem to work

@DanWin
Copy link
Owner

DanWin commented Apr 11, 2020

The hosted_sites file is regenerated every time a new site is registered. As of now SSL certificates are not yet integrated into the hosting script (issue #82), so you need to copy the relevant host into a new file, with the added options and reload nginx to get activated.

@infoabcd
Copy link
Author

Well, I did what you said. I copied a site's configuration file in sites-enabled and named it sites Nginx seems to be invalid after reloading? The following is my configuration file
server { listen [::]:80; listen [::]:443 ssl http2; ssl_certificate /etc/nginx/ssl/ca.crt; ssl_certificate_key /etc/nginx/ssl/key.pem; root /home/system/www; server_name i.ac.cn; access_log /var/log/nginx/access_system.log custom buffer=4k flush=1m; access_log /home/system/logs/access.log custom buffer=4k flush=1m; error_log /var/log/nginx/error_system.log notice; error_log /home/system/logs/error.log notice; autoindex on; location / { try_files $uri $uri/ =404; location ~ [^/]\.php(/|$) { include snippets/fastcgi-php.conf; fastcgi_pass unix:/run/php/system; } } }

@DanWin
Copy link
Owner

DanWin commented Apr 11, 2020

If you have the same server_name also in hosted_sites, try removing the listen [::]:80; part from it, because it will be duplicate otherwise. Also make sure the certificate and key files are readable to nginx.
If the issue persists, check journalctl -f or /var/log/nginx/error.log for any useful error messages.

@infoabcd
Copy link
Author

There were no errors reported, but when I looked up port 443 occupancy, I found that only ipv6 was being listened to

@infoabcd
Copy link
Author

@DanWin
Copy link
Owner

DanWin commented Apr 11, 2020

Add ipv6only=off as listening option then. Like listen [::]:443 ipv6only=off ssl http2;

@infoabcd
Copy link
Author

Thanks! I have solved it successfully

@infoabcd infoabcd mentioned this issue Oct 13, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@DanWin @infoabcd