<div dir="ltr"><div><div>I have set up a basic wireframe for a place-holder site and css, js and images folder under /var/www/html so this comes up instead of the default nginx site.<br><br></div>In case anyone wonders what this is for it's a combination of TAFE and my own projects. It isn't for a client. The gitlab is for Javascript apps. <br><br>Yes I understand I should try to keep things in different servers or at least docker images and I will as the infrastructure grows. <br><br></div><div>Part of the problem is that phpldapadmin uses apache2 but default and I had to look for extra instructions to get it working with nginx. <br></div><div>Is there an alternative graphical interface for openldap that works nicely with nginx?</div><div><br></div><div>best regards,</div><div><br></div><div>Chris<br></div><div><br></div><div><br></div><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sun, Aug 23, 2020 at 10:43 AM Chris Caston <<a href="mailto:chris@caston.id.au">chris@caston.id.au</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr">I have run<br><pre><code>sudo apt install certbot python3-certbot-nginx<br></code></pre><pre><code>then<br><code>certbot --nginx -d <a href="http://gitlab.themarketplace.space" target="_blank">gitlab.themarketplace.space</a><br><br>nginx: [error] invalid PID number "" in "/run/nginx.pid"<br></code></code></pre><pre><code>the pid file was empty <br><br></code></pre><pre><code>I rebooted the vps and now I have a healthy pid.<br></code></pre><pre><code>I ran certbot --nginx -d <a href="http://gitlab.themarketplace.space" target="_blank">gitlab.themarketplace.space</a> again and selected option 1. (reinstall existing certificate)<br></code></pre><pre><code>and then option 2 ( Redirect all requests to https)<br>>" - Congratulations! Your certificate and chain have been saved"<br><br></code></pre><pre><code>going to <a href="http://www.themarketplace.space" target="_blank">http://www.themarketplace.space</a> takes me to <a href="https://gitlab.themarketplace.space" target="_blank">https://gitlab.themarketplace.space</a> which only shows the default nginx page.<br><br></code></pre><pre><code>I have now done:<br></code></pre><pre><code><br>certbot --nginx -d <a href="http://gitlab.themarketplace.space" target="_blank">gitlab.themarketplace.space</a> -d <a href="http://www.themarketplace.space" target="_blank">www.themarketplace.space</a> -d <a href="http://ldap.themarketplace.space" target="_blank">ldap.themarketplace.space</a></code></pre><pre><code>then I did option E (expand and replace existing certificate)<br></code></pre><pre><code>then option 2 (redirect to HTTPS)<br><br></code></pre><pre><code>Now <a href="http://ldap.themarketplace.space/" target="_blank">http://ldap.themarketplace.space/</a> seems to hold it's own and go to <a href="https://ldap.themarketplace.space/" target="_blank">https://ldap.themarketplace.space/</a><br></code></pre><pre><code>but <a href="http://www.themarketplace.space/" target="_blank">http://www.themarketplace.space/</a> goes to <a href="https://gitlab.themarketplace.space/" target="_blank">https://gitlab.themarketplace.space/</a><br><br></code></pre><pre><code>Is there some way to fix this or should I just start again in a different order?<br>>"This file will automatically load configuration files provided by other<br># applications, such as Drupal or Wordpress. These applications will be made<br># available underneath a path with that package name, such as /drupal8."<br><br></code></pre><br><pre><code>Is this salvageable or should I start again with a clean Ubuntu install?<br></code></pre><pre><code><br><br></code></pre><pre><code>```<br>cat /etc/nginx/sites-available/default<br>##<br># You should look at the following URL's in order to grasp a solid understanding<br># of Nginx configuration files in order to fully unleash the power of Nginx.<br># <a href="https://www.nginx.com/resources/wiki/start/" target="_blank">https://www.nginx.com/resources/wiki/start/</a><br># <a href="https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/" target="_blank">https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/</a><br># <a href="https://wiki.debian.org/Nginx/DirectoryStructure" target="_blank">https://wiki.debian.org/Nginx/DirectoryStructure</a><br>#<br># In most cases, administrators will remove this file from sites-enabled/ and<br># leave it as reference inside of sites-available where it will continue to be<br># updated by the nginx packaging team.<br>#<br># This file will automatically load configuration files provided by other<br># applications, such as Drupal or Wordpress. These applications will be made<br># available underneath a path with that package name, such as /drupal8.<br>#<br># Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.<br>##<br><br># Default server configuration<br>#<br>server {<br> listen 80 default_server;<br> listen [::]:80 default_server;<br><br> # SSL configuration<br> #<br> # listen 443 ssl default_server;<br> # listen [::]:443 ssl default_server;<br> #<br> # Note: You should disable gzip for SSL traffic.<br> # See: <a href="https://bugs.debian.org/773332" target="_blank">https://bugs.debian.org/773332</a><br> #<br> # Read up on ssl_ciphers to ensure a secure configuration.<br> # See: <a href="https://bugs.debian.org/765782" target="_blank">https://bugs.debian.org/765782</a><br> #<br> # Self signed certs generated by the ssl-cert package<br> # Don't use them in a production server!<br> #<br> # include snippets/snakeoil.conf;<br><br> root /var/www/html;<br><br> # Add index.php to the list if you are using PHP<br> index index.html index.htm index.nginx-debian.html;<br><br> server_name _;<br><br> location / {<br> # First attempt to serve request as file, then<br> # as directory, then fall back to displaying a 404.<br> try_files $uri $uri/ =404;<br> }<br><br> # pass PHP scripts to FastCGI server<br> #<br> #location ~ \.php$ {<br> # include snippets/fastcgi-php.conf;<br> #<br> # # With php-fpm (or other unix sockets):<br> # fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;<br> # # With php-cgi (or other tcp sockets):<br> # fastcgi_pass <a href="http://127.0.0.1:9000" target="_blank">127.0.0.1:9000</a>;<br> #}<br><br> # deny access to .htaccess files, if Apache's document root<br> # concurs with nginx's one<br> #<br> #location ~ /\.ht {<br> # deny all;<br> #}<br>}<br><br><br># Virtual Host configuration for <a href="http://example.com" target="_blank">example.com</a><br>#<br># You can move that to a different file under sites-available/ and symlink that<br># to sites-enabled/ to enable it.<br>#<br>#server {<br># listen 80;<br># listen [::]:80;<br>#<br># server_name <a href="http://example.com" target="_blank">example.com</a>;<br>#<br># root /var/www/<a href="http://example.com" target="_blank">example.com</a>;<br># index index.html;<br>#<br># location / {<br># try_files $uri $uri/ =404;<br># }<br>#}<br><br>server {<br><br> # SSL configuration<br> #<br> # listen 443 ssl default_server;<br> # listen [::]:443 ssl default_server;<br> #<br> # Note: You should disable gzip for SSL traffic.<br> # See: <a href="https://bugs.debian.org/773332" target="_blank">https://bugs.debian.org/773332</a><br> #<br> # Read up on ssl_ciphers to ensure a secure configuration.<br> # See: <a href="https://bugs.debian.org/765782" target="_blank">https://bugs.debian.org/765782</a><br> #<br> # Self signed certs generated by the ssl-cert package<br> # Don't use them in a production server!<br> #<br> # include snippets/snakeoil.conf;<br><br> root /var/www/html;<br><br> # Add index.php to the list if you are using PHP<br> index index.html index.htm index.nginx-debian.html;<br> server_name <a href="http://gitlab.themarketplace.space" target="_blank">gitlab.themarketplace.space</a>; # managed by Certbot<br><br><br> location / {<br> # First attempt to serve request as file, then<br> # as directory, then fall back to displaying a 404.<br> try_files $uri $uri/ =404;<br> }<br><br> # pass PHP scripts to FastCGI server<br> #<br> #location ~ \.php$ {<br> # include snippets/fastcgi-php.conf;<br> #<br> # # With php-fpm (or other unix sockets):<br> # fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;<br> # # With php-cgi (or other tcp sockets):<br> # fastcgi_pass <a href="http://127.0.0.1:9000" target="_blank">127.0.0.1:9000</a>;<br> #}<br><br> # deny access to .htaccess files, if Apache's document root<br> # concurs with nginx's one<br> #<br> #location ~ /\.ht {<br> # deny all;<br> #}<br><br><br> listen [::]:443 ssl ipv6only=on; # managed by Certbot<br> listen 443 ssl; # managed by Certbot<br> ssl_certificate /etc/letsencrypt/live/<a href="http://www.themarketplace.space/fullchain.pem" target="_blank">www.themarketplace.space/fullchain.pem</a>; # managed by Certbot<br> ssl_certificate_key /etc/letsencrypt/live/<a href="http://www.themarketplace.space/privkey.pem" target="_blank">www.themarketplace.space/privkey.pem</a>; # managed by Certbot<br> include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot<br> ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot<br><br><br>}<br>server {<br> if ($host = <a href="http://gitlab.themarketplace.space" target="_blank">gitlab.themarketplace.space</a>) {<br> return 301 https://$host$request_uri;<br> } # managed by Certbot<br><br><br> listen 80 ;<br> listen [::]:80 ;<br> server_name <a href="http://gitlab.themarketplace.space" target="_blank">gitlab.themarketplace.space</a>;<br> return 404; # managed by Certbot<br><br><br>}<br>server {<br><br> # SSL configuration<br> #<br> # listen 443 ssl default_server;<br> # listen [::]:443 ssl default_server;<br> #<br> # Note: You should disable gzip for SSL traffic.<br> # See: <a href="https://bugs.debian.org/773332" target="_blank">https://bugs.debian.org/773332</a><br> #<br> # Read up on ssl_ciphers to ensure a secure configuration.<br> # See: <a href="https://bugs.debian.org/765782" target="_blank">https://bugs.debian.org/765782</a><br> #<br> # Self signed certs generated by the ssl-cert package<br> # Don't use them in a production server!<br> #<br> # include snippets/snakeoil.conf;<br><br> root /var/www/html;<br><br> # Add index.php to the list if you are using PHP<br> index index.html index.htm index.nginx-debian.html;<br> server_name <a href="http://ldap.themarketplace.space" target="_blank">ldap.themarketplace.space</a> <a href="http://www.themarketplace.space" target="_blank">www.themarketplace.space</a>; # managed by Certbot<br><br><br> location / {<br> # First attempt to serve request as file, then<br> # as directory, then fall back to displaying a 404.<br> try_files $uri $uri/ =404;<br> }<br><br> # pass PHP scripts to FastCGI server<br> #<br> #location ~ \.php$ {<br> # include snippets/fastcgi-php.conf;<br> #<br> # # With php-fpm (or other unix sockets):<br> # fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;<br> # # With php-cgi (or other tcp sockets):<br> # fastcgi_pass <a href="http://127.0.0.1:9000" target="_blank">127.0.0.1:9000</a>;<br> #}<br><br> # deny access to .htaccess files, if Apache's document root<br> # concurs with nginx's one<br> #<br> #location ~ /\.ht {<br> # deny all;<br> #}<br><br><br> listen [::]:443 ssl; # managed by Certbot<br> listen 443 ssl; # managed by Certbot<br> ssl_certificate /etc/letsencrypt/live/<a href="http://www.themarketplace.space/fullchain.pem" target="_blank">www.themarketplace.space/fullchain.pem</a>; # managed by Certbot<br> ssl_certificate_key /etc/letsencrypt/live/<a href="http://www.themarketplace.space/privkey.pem" target="_blank">www.themarketplace.space/privkey.pem</a>; # managed by Certbot<br> include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot<br> ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot<br><br><br><br>}<br>server {<br> if ($host = <a href="http://ldap.themarketplace.space" target="_blank">ldap.themarketplace.space</a>) {<br> return 301 https://$host$request_uri;<br> } # managed by Certbot<br><br><br> if ($host = <a href="http://www.themarketplace.space" target="_blank">www.themarketplace.space</a>) {<br> return 301 https://$host$request_uri;<br> } # managed by Certbot<br><br><br> listen 80 ;<br> listen [::]:80 ;<br> server_name <a href="http://ldap.themarketplace.space" target="_blank">ldap.themarketplace.space</a> <a href="http://www.themarketplace.space" target="_blank">www.themarketplace.space</a>;<br> return 404; # managed by Certbot<br>```<br></code></pre></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sun, Aug 23, 2020 at 10:03 AM Chris Caston <<a href="mailto:chris@caston.id.au" target="_blank">chris@caston.id.au</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><br></div><div>I made a backup of the nginx etc folder.</div><div><br></div><div>After I did the following gitlab completed the install:<br></div><div><br></div><div><pre><code>sudo apt-get purge nginx nginx-common nginx-full<br></code></pre><pre><code>and<br><code>sudo apt-get install nginx<br><br></code></code></pre><pre><code><code>going to <a href="http://www.themarketplace.space" target="_blank">http://www.themarketplace.space</a> takes me to:<br><br><a href="https://gitlab.themarketplace.space/" target="_blank">https://gitlab.themarketplace.space/</a><br></code></code></pre><pre><code><code>with a set password screen. The first time I did this it didn't work and I had to set the password through a command line console.<br><br></code></code></pre><pre><code><code>also going to <a href="https://ldap.themarketplace.space/phpldapadmin/" target="_blank">https://ldap.themarketplace.space/phpldapadmin/</a> takes me back to gitlab so as predicted my phpldapadmin setup is broken.<br><br></code></code></pre><pre><code><code>I should mention I am getting the invalid (self-signed cert) warnings through all of this. I am looking at the sites-available default site and to<br>be honest I don't even know it has been configured for gitlab. /var/www/html still contains: index.nginx-debian.html<br><br></code></code></pre><pre><code><code>What am I missing?<br></code></code></pre><pre><code><code><br>Here is the nginx configuration:<br><br>```<br>cat /etc/nginx/sites-available/default<br>##<br># You should look at the following URL's in order to grasp a solid understanding<br># of Nginx configuration files in order to fully unleash the power of Nginx.<br># <a href="https://www.nginx.com/resources/wiki/start/" target="_blank">https://www.nginx.com/resources/wiki/start/</a><br># <a href="https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/" target="_blank">https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/</a><br># <a href="https://wiki.debian.org/Nginx/DirectoryStructure" target="_blank">https://wiki.debian.org/Nginx/DirectoryStructure</a><br>#<br># In most cases, administrators will remove this file from sites-enabled/ and<br># leave it as reference inside of sites-available where it will continue to be<br># updated by the nginx packaging team.<br>#<br># This file will automatically load configuration files provided by other<br># applications, such as Drupal or Wordpress. These applications will be made<br># available underneath a path with that package name, such as /drupal8.<br>#<br># Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.<br>##<br><br># Default server configuration<br>#<br>server {<br> listen 80 default_server;<br> listen [::]:80 default_server;<br><br> # SSL configuration<br> #<br> # listen 443 ssl default_server;<br> # listen [::]:443 ssl default_server;<br> #<br> # Note: You should disable gzip for SSL traffic.<br> # See: <a href="https://bugs.debian.org/773332" target="_blank">https://bugs.debian.org/773332</a><br> #<br> # Read up on ssl_ciphers to ensure a secure configuration.<br> # See: <a href="https://bugs.debian.org/765782" target="_blank">https://bugs.debian.org/765782</a><br> #<br> # Self signed certs generated by the ssl-cert package<br> # Don't use them in a production server!<br> #<br> # include snippets/snakeoil.conf;<br><br> root /var/www/html;<br><br> # Add index.php to the list if you are using PHP<br> index index.html index.htm index.nginx-debian.html;<br><br> server_name _;<br><br> location / {<br> # First attempt to serve request as file, then<br> # as directory, then fall back to displaying a 404.<br> try_files $uri $uri/ =404;<br> }<br><br> # pass PHP scripts to FastCGI server<br> #<br> #location ~ \.php$ {<br> # include snippets/fastcgi-php.conf;<br> #<br> # # With php-fpm (or other unix sockets):<br> # fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;<br> # # With php-cgi (or other tcp sockets):<br> # fastcgi_pass <a href="http://127.0.0.1:9000" target="_blank">127.0.0.1:9000</a>;<br> #}<br><br> # deny access to .htaccess files, if Apache's document root<br> # concurs with nginx's one<br> #<br> #location ~ /\.ht {<br> # deny all;<br> #}<br>}<br><br><br># Virtual Host configuration for <a href="http://example.com" target="_blank">example.com</a><br>#<br># You can move that to a different file under sites-available/ and symlink that<br># to sites-enabled/ to enable it.<br>#<br>#server {<br># listen 80;<br># listen [::]:80;<br>#<br># server_name <a href="http://example.com" target="_blank">example.com</a>;<br>#<br># root /var/www/<a href="http://example.com" target="_blank">example.com</a>;<br># index index.html;<br>#<br># location / {<br># try_files $uri $uri/ =404;<br># }<br>#}<br>```<br><br><br></code></code></pre><pre><code><code><br></code></code></pre></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sun, Aug 23, 2020 at 9:16 AM Chris Caston <<a href="mailto:chris@caston.id.au" target="_blank">chris@caston.id.au</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>I am making a snapshot of the place my VPS it at now with the broken gitlab install.</div><div>I am considering going back to a default gninx configuration and setting up gitlab again. I had it working on a previous build before I decided to start again and openldap for auth. Even though it will break the phpLDAPadmin setup I can compare the /etc/nginx/sites-available/default files to work out how to make a hybrid.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sat, Aug 22, 2020 at 4:06 PM Chris Caston <<a href="mailto:chris@caston.id.au" target="_blank">chris@caston.id.au</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><div>Hi everyone,</div><div><br></div>I have installed Ubuntu 20.04 with openldap, nginx and phpLDAPadmin with SSL and basic http auth. This part is working fine but next I want to install gitlab. <br><div><br></div><div>It errors out with:</div><div><br></div><div>```</div><div>There was an error running gitlab-ctl reconfigure:<br><br>letsencrypt_certificate[<a href="http://gitlab.themarketplace.space" target="_blank">gitlab.themarketplace.space</a>]</div><div>``` *snipped*<br></div><div><br></div>I'm a bit uncertain as to how my nginx configuration should be set.<br><br>```<br>sudo nginx -t<br>nginx: the configuration file /etc/nginx/nginx.conf syntax is ok<br>nginx: configuration file /etc/nginx/nginx.conf test is successful``````<br>certbot --nginx -d <a href="http://gitlab.themarketplace.space" target="_blank">gitlab.themarketplace.space</a><br><br>IMPORTANT NOTES:<br> - Unable to install the certificate<br> - Congratulations! Your certificate and chain have been saved at:<br> /etc/letsencrypt/live/<a href="http://gitlab.themarketplace.space/fullchain.pem" target="_blank">gitlab.themarketplace.space/fullchain.pem</a><br> Your key file has been saved at:<br> /etc/letsencrypt/live/<a href="http://gitlab.themarketplace.space/privkey.pem" target="_blank">gitlab.themarketplace.space/privkey.pem</a><br> Your cert will expire on 2020-11-20. To obtain a new or tweaked<br> version of this certificate in the future, simply run certbot again<br> with the "certonly" option. To non-interactively renew *all* of<br> your certificates, run "certbot renew"<br>```<br>I assume that I need to get that working for gitlab will install.<br><br><br><br>```<br>cat /etc/nginx/sites-available/default<br>server {<br>server_name <a href="http://ldap.themarketplace.space" target="_blank">ldap.themarketplace.space</a>;<br><br># document root<br>root /var/www/html;<br>index index.php index.html index.htm;<br><br># application: phpldapadmin<br>location /phpldapadmin {<br>auth_basic "Please authenticate:";<br>auth_basic_user_file /etc/apache2/htpasswd;<br>alias /usr/share/phpldapadmin/htdocs;<br>index index.php index.html index.htm;<br>}<br><br><br><br><br>location ~ ^/phpldapadmin/.*\.php$ {<br>root /usr/share;<br>if ($request_filename !~* htdocs) {<br>rewrite ^/phpldapadmin(/.*)?$ /phpldapadmin/htdocs$1;<br>}<br>fastcgi_pass unix:/run/php/php7.4-fpm.sock;<br>fastcgi_index index.php;<br>fastcgi_param SCRIPT_FILENAME $request_filename;<br>include fastcgi_params;<br>}<br><br># logging<br>error_log /var/log/nginx/phpldapadmin.error.log;<br>access_log /var/log/nginx/phpldapadmin.access.log;<br><br> listen 443 ssl; # managed by Certbot<br> ssl_certificate /etc/letsencrypt/live/<a href="http://ldap.themarketplace.space/fullchain.pem" target="_blank">ldap.themarketplace.space/fullchain.pem</a>; # managed by Certbot<br> ssl_certificate_key /etc/letsencrypt/live/<a href="http://ldap.themarketplace.space/privkey.pem" target="_blank">ldap.themarketplace.space/privkey.pem</a>; # managed by Certbot<br> include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot<br> ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot<br><br>}<br>server {<br> if ($host = <a href="http://ldap.themarketplace.space" target="_blank">ldap.themarketplace.space</a>) {<br> return 301 https://$host$request_uri;<br> } # managed by Certbot<br><br><br>server_name <a href="http://ldap.themarketplace.space" target="_blank">ldap.themarketplace.space</a>;<br>listen 80;<br> return 404; # managed by Certbot<br><br>}```<br>I have four A resource records:</div><div>```<br><a href="http://themarketplace.space" target="_blank">themarketplace.space</a> A 139.180.171.63<br><a href="http://gitlab.themarketplace.space" target="_blank">gitlab.themarketplace.space</a> A 139.180.171.63<br><a href="http://ldap.themarketplace.space" target="_blank">ldap.themarketplace.space</a> A 139.180.171.63<br><a href="http://www.themarketplace.space" target="_blank">www.themarketplace.space</a> A 139.180.171.63</div><div>```<br></div><div>So I'm not sure if my /etc/nginx/sites-available/default should have multiple server blocks each with it's own server_name and exactly what format it needs to be in for gitlab to work.</div><div><br></div><div>Any help would be much appreciated.</div><div><br></div><div>Thank you.</div><div><br></div><div>Chris Caston<br></div></div>
</blockquote></div>
</blockquote></div>
</blockquote></div>
</blockquote></div>