Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

HTTPS/ SSL Question
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

HTTPS/ SSL Question

plumbergplumberg Veteran
in Help

I have cockpit project (for basic admin) and emby server running.
Cockpit project runs on 9091, emby runs on 8096

I am able to access both via http over the internet. I am trying to see whats the best way to access them via HTTPS/SSL using letsencrypt?

I came across https://github.com/jwilder/nginx-proxy but I feel it will be helpful only if I had the apps running docker.. or can I use it to still do the HTTPS part?

Any suggestions? Thanks

Comments

  • NeoonNeoon Community Contributor, Veteran

    Use nginx or haproxy for that.

  • plumbergplumberg Veteran

    @Neoon said:
    Use nginx or haproxy for that.

    Any script/ example please?

  • imokimok Member
    edited June 2018 
    server {
    listen              *:80;
    server_name         example.com;
    return              301 https://$server_name$request_uri;
}

server {
    listen              *:443 ssl;
    server_name         example.com;
    ssl_certificate     /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

    ssl_session_timeout 5m;

    ssl_protocols       SSLv2 SSLv3 TLSv1;
    ssl_ciphers         HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers   on;

    location / {
        client_max_body_size 100m;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://localhost:8096;
    }
}
  • deankdeank Member, Troll

    Change 443 to 666 and you will be golden.

  • NeoonNeoon Community Contributor, Veteran

    For TLS configuration:

    https://mozilla.github.io/server-side-tls/ssl-config-generator/

    You may want to use that, for more secure cyphers.

  • plumbergplumberg Veteran

    @imok said:

    server {
>     listen              *:80;
>     server_name         example.com;
>     return              301 https://$server_name$request_uri;
> }
> 
> server {
>     listen              *:443 ssl;
>     server_name         example.com;
>     ssl_certificate     /etc/letsencrypt/live/example.com/fullchain.pem;
>     ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
> 
>     ssl_session_timeout 5m;
> 
>     ssl_protocols       SSLv2 SSLv3 TLSv1;
>     ssl_ciphers         HIGH:!aNULL:!MD5;
>     ssl_prefer_server_ciphers   on;
> 
>     location / {
>         client_max_body_size 100m;
>         proxy_set_header X-Forwarded-Host $host;
>         proxy_set_header X-Forwarded-Server $host;
>         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>         proxy_pass http://localhost:8096;
>     }
> }

    Thanks. It works for one app/ port. How can I configure it for my second port?

  • imokimok Member
    edited June 2018

    plumberg said: How can I configure it for my second port?

    You can use multiple location directives. Just put the correct path.

    Also take a look at https://nginxconfig.io/ for more help (it doesn't include proxy stuff though).

  • plumbergplumberg Veteran

    @imok said:

    plumberg said: How can I configure it for my second port?

    You can use multiple location directives. Just put the correct path.

    Also take a look at https://nginxconfig.io/ for more help (it doesn't include proxy stuff though).

    Thanks, will check

Sign In or Register to comment.