Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Perfect Configuration in Nginx for Sandstorm *.Wildcard Setup #3694

Open
sathishksingh opened this issue Mar 21, 2023 · 3 comments
Open

Perfect Configuration in Nginx for Sandstorm *.Wildcard Setup #3694

sathishksingh opened this issue Mar 21, 2023 · 3 comments
Labels
install-config Installation/configuration issues

Comments

@sathishksingh
Copy link

Hello Guys

i have Installed Sandstorm Successfully. Centos 7
Now i am looking for Wildcard Setup.
I would like to know. in Sandstorm Server itself need to be install *.Wildcard Certificate
Can you please share me the Correct file to do Configure
This my Current Configfile:- After installed Nginx

For more information on configuration, see:

* Official English Documentation: http://nginx.org/en/docs/

* Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.

include /usr/share/nginx/modules/*.conf;

events {
worker_connections 1024;
}

http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log  /var/log/nginx/access.log  main;

sendfile            on;
tcp_nopush          on;
tcp_nodelay         on;
keepalive_timeout   65;
types_hash_max_size 4096;

include             /etc/nginx/mime.types;
default_type        application/octet-stream;

# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;

server {
    listen       80;
    listen       [::]:80;
    server_name  _;
    root         /usr/share/nginx/html;

    # Load configuration files for the default server block.
    include /etc/nginx/default.d/*.conf;

    error_page 404 /404.html;
    location = /404.html {
    }

    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
    }
}

Settings for a TLS enabled server.

server {

listen 443 ssl http2;

listen [::]:443 ssl http2;

server_name _;

root /usr/share/nginx/html;

ssl_certificate "/etc/pki/nginx/server.crt";

ssl_certificate_key "/etc/pki/nginx/private/server.key";

ssl_session_cache shared:SSL:1m;

ssl_session_timeout 10m;

ssl_ciphers HIGH:!aNULL:!MD5;

ssl_prefer_server_ciphers on;

# Load configuration files for the default server block.

include /etc/nginx/default.d/*.conf;

error_page 404 /404.html;

location = /40x.html {

}

error_page 500 502 503 504 /50x.html;

location = /50x.html {

}

}

}

Guide me how to link with Sandstorm Service ?
image
above which one to be used for WildCard Certificate
@ocdtrekkie ocdtrekkie added the install-config Installation/configuration issues label Mar 21, 2023
@ocdtrekkie
Copy link
Collaborator

I guess the question is, is there a specific reason you are putting a reverse proxy in front of Sandstorm? While we have an Nginx config example in the Sandstorm docs, if you are solely using the proxy to connect to Sandstorm, you can allow Sandstorm to handle HTTPS directly. In that scenario, you would set HTTPS_PORT to 443 in your sandstorm.conf file, and use the "SSL/TLS Certificates" section of the admin panel to connect to your Gandi DNS API, so it can set up an automatically-renewing Let's Encrypt certificate.

https://docs.sandstorm.io/en/latest/administering/ssl/ <- about using Sandstorm's built-in HTTPS/Let's Encrypt

https://docs.sandstorm.io/en/latest/administering/reverse-proxy/ <- talks about setting up Nginx and links to an example config.

If you do use the Nginx reverse proxy setup, you do not need to install the certificate in Sandstorm, as Sandstorm is serving HTTP, and your reverse proxy is implementing HTTPS.

@sathishksingh
Copy link
Author

I guess the question is, is there a specific reason you are putting a reverse proxy in front of Sandstorm? While we have an Nginx config example in the Sandstorm docs, if you are solely using the proxy to connect to Sandstorm, you can allow Sandstorm to handle HTTPS directly. In that scenario, you would set HTTPS_PORT to 443 in your sandstorm.conf file, and use the "SSL/TLS Certificates" section of the admin panel to connect to your Gandi DNS API, so it can set up an automatically-renewing Let's Encrypt certificate.

https://docs.sandstorm.io/en/latest/administering/ssl/ <- about using Sandstorm's built-in HTTPS/Let's Encrypt

https://docs.sandstorm.io/en/latest/administering/reverse-proxy/ <- talks about setting up Nginx and links to an example config.

If you do use the Nginx reverse proxy setup, you do not need to install the certificate in Sandstorm, as Sandstorm is serving HTTP, and your reverse proxy is implementing HTTPS.

So Perfect Setup of Sandstorm 2 Servers

  1. Server 1:- Installing Sandstorm App only with
    http://test-sandstorm-01.local:6080/admin

Can you guide me anything missing? in Sandstorm Server?
Can you please advise me what will be sandstrom.config file to be change

  1. Server 2:- Installing Apache Sever for reverse proxy DMZ Zone for Security reason
    image
    image
    is it Configuration is fine?

@ocdtrekkie
Copy link
Collaborator

I don't know enough about proxy configs to help you much there, unfortunately.

@sathishksingh sathishksingh mentioned this issue Mar 22, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
install-config Installation/configuration issues
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ocdtrekkie @sathishksingh