Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


HTTPS/ SSL Question
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

HTTPS/ SSL Question

plumbergplumberg Veteran

I have cockpit project (for basic admin) and emby server running.
Cockpit project runs on 9091, emby runs on 8096

I am able to access both via http over the internet. I am trying to see whats the best way to access them via HTTPS/SSL using letsencrypt?

I came across https://github.com/jwilder/nginx-proxy but I feel it will be helpful only if I had the apps running docker.. or can I use it to still do the HTTPS part?

Any suggestions? Thanks

Comments

  • NeoonNeoon Community Contributor, Veteran

    Use nginx or haproxy for that.

  • @Neoon said:
    Use nginx or haproxy for that.

    Any script/ example please?

  • imokimok Member
    edited June 2018
    server {
        listen              *:80;
        server_name         example.com;
        return              301 https://$server_name$request_uri;
    }
    
    server {
        listen              *:443 ssl;
        server_name         example.com;
        ssl_certificate     /etc/letsencrypt/live/example.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    
        ssl_session_timeout 5m;
    
        ssl_protocols       SSLv2 SSLv3 TLSv1;
        ssl_ciphers         HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers   on;
    
        location / {
            client_max_body_size 100m;
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-Server $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_pass http://localhost:8096;
        }
    }
  • deankdeank Member, Troll

    Change 443 to 666 and you will be golden.

  • NeoonNeoon Community Contributor, Veteran

    For TLS configuration:

    https://mozilla.github.io/server-side-tls/ssl-config-generator/

    You may want to use that, for more secure cyphers.

  • @imok said:

    server {
    >     listen              *:80;
    >     server_name         example.com;
    >     return              301 https://$server_name$request_uri;
    > }
    > 
    > server {
    >     listen              *:443 ssl;
    >     server_name         example.com;
    >     ssl_certificate     /etc/letsencrypt/live/example.com/fullchain.pem;
    >     ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    > 
    >     ssl_session_timeout 5m;
    > 
    >     ssl_protocols       SSLv2 SSLv3 TLSv1;
    >     ssl_ciphers         HIGH:!aNULL:!MD5;
    >     ssl_prefer_server_ciphers   on;
    > 
    >     location / {
    >         client_max_body_size 100m;
    >         proxy_set_header X-Forwarded-Host $host;
    >         proxy_set_header X-Forwarded-Server $host;
    >         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    >         proxy_pass http://localhost:8096;
    >     }
    > }

    Thanks. It works for one app/ port. How can I configure it for my second port?

  • imokimok Member
    edited June 2018

    plumberg said: How can I configure it for my second port?

    You can use multiple location directives. Just put the correct path.

    Also take a look at https://nginxconfig.io/ for more help (it doesn't include proxy stuff though).

  • @imok said:

    plumberg said: How can I configure it for my second port?

    You can use multiple location directives. Just put the correct path.

    Also take a look at https://nginxconfig.io/ for more help (it doesn't include proxy stuff though).

    Thanks, will check

Sign In or Register to comment.