New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
HTTPS/ SSL Question
I have cockpit project (for basic admin) and emby server running.
Cockpit project runs on 9091, emby runs on 8096
I am able to access both via http over the internet. I am trying to see whats the best way to access them via HTTPS/SSL using letsencrypt?
I came across https://github.com/jwilder/nginx-proxy but I feel it will be helpful only if I had the apps running docker.. or can I use it to still do the HTTPS part?
Any suggestions? Thanks


Comments
Use nginx or haproxy for that.
Any script/ example please?
server { listen *:80; server_name example.com; return 301 https://$server_name$request_uri; } server { listen *:443 ssl; server_name example.com; ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; ssl_session_timeout 5m; ssl_protocols SSLv2 SSLv3 TLSv1; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { client_max_body_size 100m; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://localhost:8096; } }Change 443 to 666 and you will be golden.
For TLS configuration:
https://mozilla.github.io/server-side-tls/ssl-config-generator/
You may want to use that, for more secure cyphers.
server { > listen *:80; > server_name example.com; > return 301 https://$server_name$request_uri; > } > > server { > listen *:443 ssl; > server_name example.com; > ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; > ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; > > ssl_session_timeout 5m; > > ssl_protocols SSLv2 SSLv3 TLSv1; > ssl_ciphers HIGH:!aNULL:!MD5; > ssl_prefer_server_ciphers on; > > location / { > client_max_body_size 100m; > proxy_set_header X-Forwarded-Host $host; > proxy_set_header X-Forwarded-Server $host; > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > proxy_pass http://localhost:8096; > } > }Thanks. It works for one app/ port. How can I configure it for my second port?
You can use multiple location directives. Just put the correct path.
Also take a look at https://nginxconfig.io/ for more help (it doesn't include proxy stuff though).
Thanks, will check