[plug] Help with nginx configuration file

Chris Caston chris at caston.id.au
Sun Aug 23 10:03:45 AWST 2020 

I made a backup of the nginx etc folder.

After I did the following gitlab completed the install:

sudo apt-get purge nginx nginx-common nginx-full

and
sudo apt-get install nginx

going to http://www.themarketplace.space takes me to:

https://gitlab.themarketplace.space/

with a set password screen. The first time I did this it didn't work
and I had to set the password through a command line console.

also going to https://ldap.themarketplace.space/phpldapadmin/ takes me
back to gitlab so as predicted my phpldapadmin setup is broken.

I should mention I am getting the invalid (self-signed cert) warnings
through all of this. I am looking at the sites-available default site
and to
be honest I don't even know it has been configured for gitlab.
/var/www/html still contains: index.nginx-debian.html

What am I missing?


Here is the nginx configuration:

```
cat /etc/nginx/sites-available/default
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Default server configuration
#
server {
	listen 80 default_server;
	listen [::]:80 default_server;

	# SSL configuration
	#
	# listen 443 ssl default_server;
	# listen [::]:443 ssl default_server;
	#
	# Note: You should disable gzip for SSL traffic.
	# See: https://bugs.debian.org/773332
	#
	# Read up on ssl_ciphers to ensure a secure configuration.
	# See: https://bugs.debian.org/765782
	#
	# Self signed certs generated by the ssl-cert package
	# Don't use them in a production server!
	#
	# include snippets/snakeoil.conf;

	root /var/www/html;

	# Add index.php to the list if you are using PHP
	index index.html index.htm index.nginx-debian.html;

	server_name _;

	location / {
		# First attempt to serve request as file, then
		# as directory, then fall back to displaying a 404.
		try_files $uri $uri/ =404;
	}

	# pass PHP scripts to FastCGI server
	#
	#location ~ \.php$ {
	#	include snippets/fastcgi-php.conf;
	#
	#	# With php-fpm (or other unix sockets):
	#	fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
	#	# With php-cgi (or other tcp sockets):
	#	fastcgi_pass 127.0.0.1:9000;
	#}

	# deny access to .htaccess files, if Apache's document root
	# concurs with nginx's one
	#
	#location ~ /\.ht {
	#	deny all;
	#}
}


# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
#	listen 80;
#	listen [::]:80;
#
#	server_name example.com;
#
#	root /var/www/example.com;
#	index index.html;
#
#	location / {
#		try_files $uri $uri/ =404;
#	}
#}
```




On Sun, Aug 23, 2020 at 9:16 AM Chris Caston <chris at caston.id.au> wrote:

> I am making a snapshot of the place my VPS it at now with the broken
> gitlab install.
> I am considering going back to a default gninx configuration and setting
> up gitlab again. I had it working on a previous build before I decided to
> start again and openldap for auth. Even though it will break the
> phpLDAPadmin setup I can compare the /etc/nginx/sites-available/default
> files to work out how to make a hybrid.
>
> On Sat, Aug 22, 2020 at 4:06 PM Chris Caston <chris at caston.id.au> wrote:
>
>> Hi everyone,
>>
>> I have installed Ubuntu 20.04 with openldap, nginx and phpLDAPadmin with
>> SSL and basic http auth. This part is working fine but next I want to
>> install gitlab.
>>
>> It errors out with:
>>
>> ```
>> There was an error running gitlab-ctl reconfigure:
>>
>> letsencrypt_certificate[gitlab.themarketplace.space]
>> ``` *snipped*
>>
>> I'm a bit uncertain as to how my nginx configuration should be set.
>>
>> ```
>> sudo nginx -t
>> nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
>> nginx: configuration file /etc/nginx/nginx.conf test is successful``````
>> certbot --nginx -d gitlab.themarketplace.space
>>
>> IMPORTANT NOTES:
>>  - Unable to install the certificate
>>  - Congratulations! Your certificate and chain have been saved at:
>>    /etc/letsencrypt/live/gitlab.themarketplace.space/fullchain.pem
>>    Your key file has been saved at:
>>    /etc/letsencrypt/live/gitlab.themarketplace.space/privkey.pem
>>    Your cert will expire on 2020-11-20. To obtain a new or tweaked
>>    version of this certificate in the future, simply run certbot again
>>    with the "certonly" option. To non-interactively renew *all* of
>>    your certificates, run "certbot renew"
>> ```
>> I assume that I need to get that working for gitlab will install.
>>
>>
>>
>> ```
>> cat /etc/nginx/sites-available/default
>> server {
>> server_name ldap.themarketplace.space;
>>
>> # document root
>> root /var/www/html;
>> index index.php index.html index.htm;
>>
>> # application: phpldapadmin
>> location /phpldapadmin {
>> auth_basic "Please authenticate:";
>> auth_basic_user_file /etc/apache2/htpasswd;
>> alias /usr/share/phpldapadmin/htdocs;
>> index index.php index.html index.htm;
>> }
>>
>>
>>
>>
>> location ~ ^/phpldapadmin/.*\.php$ {
>> root /usr/share;
>> if ($request_filename !~* htdocs) {
>> rewrite ^/phpldapadmin(/.*)?$ /phpldapadmin/htdocs$1;
>> }
>> fastcgi_pass unix:/run/php/php7.4-fpm.sock;
>> fastcgi_index index.php;
>> fastcgi_param SCRIPT_FILENAME $request_filename;
>> include fastcgi_params;
>> }
>>
>> # logging
>> error_log /var/log/nginx/phpldapadmin.error.log;
>> access_log /var/log/nginx/phpldapadmin.access.log;
>>
>>     listen 443 ssl; # managed by Certbot
>>     ssl_certificate /etc/letsencrypt/live/
>> ldap.themarketplace.space/fullchain.pem; # managed by Certbot
>>     ssl_certificate_key /etc/letsencrypt/live/
>> ldap.themarketplace.space/privkey.pem; # managed by Certbot
>>     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
>>     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
>>
>> }
>> server {
>>     if ($host = ldap.themarketplace.space) {
>>         return 301 https://$host$request_uri;
>>     } # managed by Certbot
>>
>>
>> server_name ldap.themarketplace.space;
>> listen 80;
>>     return 404; # managed by Certbot
>>
>> }```
>> I have four A resource records:
>> ```
>> themarketplace.space A 139.180.171.63
>> gitlab.themarketplace.space A 139.180.171.63
>> ldap.themarketplace.space A 139.180.171.63
>> www.themarketplace.space A 139.180.171.63
>> ```
>> So I'm not sure if my /etc/nginx/sites-available/default should have
>> multiple server blocks each with it's own server_name and exactly what
>> format it needs to be in for gitlab to work.
>>
>> Any help would be much appreciated.
>>
>> Thank you.
>>
>> Chris Caston
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20200823/d9979a73/attachment.html>

More information about the plug mailing list