[plug] Help with nginx configuration file
Chris Caston
chris at caston.id.au
Sun Aug 23 10:43:08 AWST 2020
I have run
sudo apt install certbot python3-certbot-nginx
then
certbot --nginx -d gitlab.themarketplace.space
nginx: [error] invalid PID number "" in "/run/nginx.pid"
the pid file was empty
I rebooted the vps and now I have a healthy pid.
I ran certbot --nginx -d gitlab.themarketplace.space again and
selected option 1. (reinstall existing certificate)
and then option 2 ( Redirect all requests to https)
>" - Congratulations! Your certificate and chain have been saved"
going to http://www.themarketplace.space takes me to
https://gitlab.themarketplace.space which only shows the default nginx
page.
I have now done:
certbot --nginx -d gitlab.themarketplace.space -d
www.themarketplace.space -d ldap.themarketplace.space
then I did option E (expand and replace existing certificate)
then option 2 (redirect to HTTPS)
Now http://ldap.themarketplace.space/ seems to hold it's own and go to
https://ldap.themarketplace.space/
but http://www.themarketplace.space/ goes to
https://gitlab.themarketplace.space/
Is there some way to fix this or should I just start again in a different order?
>"This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8."
Is this salvageable or should I start again with a clean Ubuntu install?
```
cat /etc/nginx/sites-available/default
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
server {
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name gitlab.themarketplace.space; # managed by Certbot
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate
/etc/letsencrypt/live/www.themarketplace.space/fullchain.pem; #
managed by Certbot
ssl_certificate_key
/etc/letsencrypt/live/www.themarketplace.space/privkey.pem; # managed
by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = gitlab.themarketplace.space) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name gitlab.themarketplace.space;
return 404; # managed by Certbot
}
server {
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name ldap.themarketplace.space www.themarketplace.space; #
managed by Certbot
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate
/etc/letsencrypt/live/www.themarketplace.space/fullchain.pem; #
managed by Certbot
ssl_certificate_key
/etc/letsencrypt/live/www.themarketplace.space/privkey.pem; # managed
by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = ldap.themarketplace.space) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = www.themarketplace.space) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name ldap.themarketplace.space www.themarketplace.space;
return 404; # managed by Certbot
```
On Sun, Aug 23, 2020 at 10:03 AM Chris Caston <chris at caston.id.au> wrote:
>
> I made a backup of the nginx etc folder.
>
> After I did the following gitlab completed the install:
>
> sudo apt-get purge nginx nginx-common nginx-full
>
> and
> sudo apt-get install nginx
>
> going to http://www.themarketplace.space takes me to:
>
> https://gitlab.themarketplace.space/
>
> with a set password screen. The first time I did this it didn't work and I had to set the password through a command line console.
>
> also going to https://ldap.themarketplace.space/phpldapadmin/ takes me back to gitlab so as predicted my phpldapadmin setup is broken.
>
> I should mention I am getting the invalid (self-signed cert) warnings through all of this. I am looking at the sites-available default site and to
> be honest I don't even know it has been configured for gitlab. /var/www/html still contains: index.nginx-debian.html
>
> What am I missing?
>
>
> Here is the nginx configuration:
>
> ```
> cat /etc/nginx/sites-available/default
> ##
> # You should look at the following URL's in order to grasp a solid understanding
> # of Nginx configuration files in order to fully unleash the power of Nginx.
> # https://www.nginx.com/resources/wiki/start/
> # https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
> # https://wiki.debian.org/Nginx/DirectoryStructure
> #
> # In most cases, administrators will remove this file from sites-enabled/ and
> # leave it as reference inside of sites-available where it will continue to be
> # updated by the nginx packaging team.
> #
> # This file will automatically load configuration files provided by other
> # applications, such as Drupal or Wordpress. These applications will be made
> # available underneath a path with that package name, such as /drupal8.
> #
> # Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
> ##
>
> # Default server configuration
> #
> server {
> listen 80 default_server;
> listen [::]:80 default_server;
>
> # SSL configuration
> #
> # listen 443 ssl default_server;
> # listen [::]:443 ssl default_server;
> #
> # Note: You should disable gzip for SSL traffic.
> # See: https://bugs.debian.org/773332
> #
> # Read up on ssl_ciphers to ensure a secure configuration.
> # See: https://bugs.debian.org/765782
> #
> # Self signed certs generated by the ssl-cert package
> # Don't use them in a production server!
> #
> # include snippets/snakeoil.conf;
>
> root /var/www/html;
>
> # Add index.php to the list if you are using PHP
> index index.html index.htm index.nginx-debian.html;
>
> server_name _;
>
> location / {
> # First attempt to serve request as file, then
> # as directory, then fall back to displaying a 404.
> try_files $uri $uri/ =404;
> }
>
> # pass PHP scripts to FastCGI server
> #
> #location ~ \.php$ {
> # include snippets/fastcgi-php.conf;
> #
> # # With php-fpm (or other unix sockets):
> # fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
> # # With php-cgi (or other tcp sockets):
> # fastcgi_pass 127.0.0.1:9000;
> #}
>
> # deny access to .htaccess files, if Apache's document root
> # concurs with nginx's one
> #
> #location ~ /\.ht {
> # deny all;
> #}
> }
>
>
> # Virtual Host configuration for example.com
> #
> # You can move that to a different file under sites-available/ and symlink that
> # to sites-enabled/ to enable it.
> #
> #server {
> # listen 80;
> # listen [::]:80;
> #
> # server_name example.com;
> #
> # root /var/www/example.com;
> # index index.html;
> #
> # location / {
> # try_files $uri $uri/ =404;
> # }
> #}
> ```
>
>
>
>
> On Sun, Aug 23, 2020 at 9:16 AM Chris Caston <chris at caston.id.au> wrote:
>
>> I am making a snapshot of the place my VPS it at now with the broken
>> gitlab install.
>> I am considering going back to a default gninx configuration and setting
>> up gitlab again. I had it working on a previous build before I decided to
>> start again and openldap for auth. Even though it will break the
>> phpLDAPadmin setup I can compare the /etc/nginx/sites-available/default
>> files to work out how to make a hybrid.
>>
>> On Sat, Aug 22, 2020 at 4:06 PM Chris Caston <chris at caston.id.au> wrote:
>>
>>> Hi everyone,
>>>
>>> I have installed Ubuntu 20.04 with openldap, nginx and phpLDAPadmin with
>>> SSL and basic http auth. This part is working fine but next I want to
>>> install gitlab.
>>>
>>> It errors out with:
>>>
>>> ```
>>> There was an error running gitlab-ctl reconfigure:
>>>
>>> letsencrypt_certificate[gitlab.themarketplace.space]
>>> ``` *snipped*
>>>
>>> I'm a bit uncertain as to how my nginx configuration should be set.
>>>
>>> ```
>>> sudo nginx -t
>>> nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
>>> nginx: configuration file /etc/nginx/nginx.conf test is successful``````
>>> certbot --nginx -d gitlab.themarketplace.space
>>>
>>> IMPORTANT NOTES:
>>> - Unable to install the certificate
>>> - Congratulations! Your certificate and chain have been saved at:
>>> /etc/letsencrypt/live/gitlab.themarketplace.space/fullchain.pem
>>> Your key file has been saved at:
>>> /etc/letsencrypt/live/gitlab.themarketplace.space/privkey.pem
>>> Your cert will expire on 2020-11-20. To obtain a new or tweaked
>>> version of this certificate in the future, simply run certbot again
>>> with the "certonly" option. To non-interactively renew *all* of
>>> your certificates, run "certbot renew"
>>> ```
>>> I assume that I need to get that working for gitlab will install.
>>>
>>>
>>>
>>> ```
>>> cat /etc/nginx/sites-available/default
>>> server {
>>> server_name ldap.themarketplace.space;
>>>
>>> # document root
>>> root /var/www/html;
>>> index index.php index.html index.htm;
>>>
>>> # application: phpldapadmin
>>> location /phpldapadmin {
>>> auth_basic "Please authenticate:";
>>> auth_basic_user_file /etc/apache2/htpasswd;
>>> alias /usr/share/phpldapadmin/htdocs;
>>> index index.php index.html index.htm;
>>> }
>>>
>>>
>>>
>>>
>>> location ~ ^/phpldapadmin/.*\.php$ {
>>> root /usr/share;
>>> if ($request_filename !~* htdocs) {
>>> rewrite ^/phpldapadmin(/.*)?$ /phpldapadmin/htdocs$1;
>>> }
>>> fastcgi_pass unix:/run/php/php7.4-fpm.sock;
>>> fastcgi_index index.php;
>>> fastcgi_param SCRIPT_FILENAME $request_filename;
>>> include fastcgi_params;
>>> }
>>>
>>> # logging
>>> error_log /var/log/nginx/phpldapadmin.error.log;
>>> access_log /var/log/nginx/phpldapadmin.access.log;
>>>
>>> listen 443 ssl; # managed by Certbot
>>> ssl_certificate /etc/letsencrypt/live/
>>> ldap.themarketplace.space/fullchain.pem; # managed by Certbot
>>> ssl_certificate_key /etc/letsencrypt/live/
>>> ldap.themarketplace.space/privkey.pem; # managed by Certbot
>>> include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
>>> ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
>>>
>>> }
>>> server {
>>> if ($host = ldap.themarketplace.space) {
>>> return 301 https://$host$request_uri;
>>> } # managed by Certbot
>>>
>>>
>>> server_name ldap.themarketplace.space;
>>> listen 80;
>>> return 404; # managed by Certbot
>>>
>>> }```
>>> I have four A resource records:
>>> ```
>>> themarketplace.space A 139.180.171.63
>>> gitlab.themarketplace.space A 139.180.171.63
>>> ldap.themarketplace.space A 139.180.171.63
>>> www.themarketplace.space A 139.180.171.63
>>> ```
>>> So I'm not sure if my /etc/nginx/sites-available/default should have
>>> multiple server blocks each with it's own server_name and exactly what
>>> format it needs to be in for gitlab to work.
>>>
>>> Any help would be much appreciated.
>>>
>>> Thank you.
>>>
>>> Chris Caston
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20200823/fc3cd939/attachment.html>
More information about the plug
mailing list