Are the files supposed to served on both domains?

[breachedvince]

Here is my config i will explain my problem below `module.exports = { / If set to true the user will need to specify the auto-generated token on each API call, meaning random strangers won't be able to use the service unless they have the token lolisafe provides you with. If it's set to false, then upload will be public for anyone to use. / private: true,

/ If set, only the specified group AND any groups higher than it will be allowed to upload new files. Any other groups, assuming registered, will still be able to manage their previously uploaded files. / privateUploadGroup: null, // Other group names in controllers/permissionController.js privateUploadCustomResponse: null,

/ If true, users will be able to create accounts and access their uploaded files. / enableUserAccounts: true,

/* Here you can decide if you want lolisafe to serve the files or if you prefer doing so via nginx. The main difference between the two is the ease of use and the chance of analytics in the future. If you set it to true, the uploaded files will be located after the host like: https://lolisafe.moe/yourFile.jpg

If you set it to `false`, you need to set nginx to directly serve whatever folder it is you are serving your
downloads in. This also gives you the ability to serve them, for example, like this:
  https://files.lolisafe.moe/yourFile.jpg

Both cases require you to type the domain where the files will be served on the `domain` key below.
Which one you use is ultimately up to you.

*/ serveFilesWithNode: true, domain: 'domain2',

/* If you serve files with node, you can optionally choose to set Content-Disposition header into their original file names. This allows users to save files into their original file names.

This will query the DB every time users access uploaded files as there's no caching mechanism.

*/ setContentDisposition: false,

/ If you serve files with node, you can optionally choose to override Content-Type header for certain extension names. / overrideContentTypes: { // 'text/plain': ['html', 'htm', 'shtml', 'xhtml'] },

/* If you are serving your files with a different domain than your lolisafe homepage, then fill this option with the actual domain for your lolisafe homepage. This will be used for Open Graph tags and wherever lolisafe need to link to internal pages. If any falsy value, it will inherit "domain" option.

NOTE: If this, or the inherited "domain" option, is not set to an explicit domain,
Open Graph tags may fail in websites that do not support relative URLs.

*/ homeDomain: 'domain1',

/ Port on which to run the server. / port: 8830,

/ Pages to process for the frontend. / pages: ['home', 'auth', 'dashboard', 'faq'],

/ This will load public/libs/cookieconsent/cookieconsent.min.{css,js} on homepage (configured from home.js). You may use this if you have some specific needs, since lolisafe by itself will not use Cookies at all. Instead it will use Local Storage for both authentication and preferences/states in Dashboard. I'm not sure if Cookies Laws apply to Local Storage as well, although I suppose it makes sense if they do. NOTE: Enabling this will automatically push 'cookiepolicy' to pages array above. / cookiePolicy: true,

/*`

I am trying to host my files on domain2 and my homepage on domain1 it is working kind of but the files can be downloaded from both domains? Is there something different i have to do with my nginx configs for both domains they are currently the same configs for both of them. If you can maybe make an example nginx config for both domains ( the one im serving files on and homepage domain ) it would be greatly appreciated.

[BobbyWibowo]

Turn off serveFilesWithNode

Then for the nginx config of domain2, just change its root to the exact physical path of your lolisafe uploads directory, and remove everything about proxy_pass and the likes

Do the opposite with nginx config of domain1, which is only keeping the proxy_pass bits

[breachedvince]

Should i keep the client_max_body_size 20000M; in both nginx configs or just the domain1?

[BobbyWibowo]

Only on your homepage domain

[breachedvince]

Last question then you can close this. Are the ports on both of the nginx configs supposed to be the same in order to serve files correctly? ex.

domain1 upstream backend { server 127.0.0.1:3333; # Change to the port you specified on lolisafe }

domain 2 upstream backend { server 127.0.0.1:3333; # Change to the port you specified on lolisafe }

[BobbyWibowo]

You can remove the upstream directive from domain2 config, as it basically does nothing It only serves as an alias for what proxy_pass references So if there's no proxy_pass in the config, then it's not used at all

[breachedvince]

Here is the config's right now tell me if anything is wrong .

domain2:

map $sent_http_content_type $charset { ~^text/ utf-8; }

server { listen 80; server_name domain2.xyz www.domain2.xyz; server_tokens off;

ssl_certificate /etc/letsencrypt/live/domain2.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain2.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

charset $charset;
charset_types *;

location / {
    add_header Access-Control-Allow-Origin *;
    root /lolisafestore;
    try_files $uri @proxy;
}

}

domain1:

upstream backend { server 127.0.0.1:9999; # Change to the port you specified on lolisafe }

map $sent_http_content_type $charset { ~^text/ utf-8; }

server { listen 80 default_server; servername ;

server_name domain1.cc www.domain1.cc;

server_tokens off;

client_max_body_size 20000M; # Change this to the max file size you want to allow

ssl_certificate /etc/letsencrypt/live/domain1.cc/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain1.cc/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

charset $charset;
charset_types *;

location @proxy {
    proxy_pass http://backend;
    proxy_redirect off;
    proxy_http_version 1.1;

    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Port $server_port;
    proxy_set_header X-Forwarded-Protocol $scheme;
    proxy_set_header X-NginX-Proxy true;

    # Enabling these may help with clients with slow upload speeds.
    #proxy_connect_timeout 300s;
    #proxy_send_timeout 300s;
    #proxy_read_timeout 600s;
    #send_timeout 300s;
}

} I think some stuff is a little messed up but please correct me on them if you can

[BobbyWibowo]

Ssl certificates should not be defined in the server block that listens on port 80 That port is for unencrypted http

If you use ssl, then the server block should specifically listen on port 443, which is for https So you'll make a new server block that listens on port 80, to add redirect to https Try to consult this example: https://github.com/BobbyWibowo/lolisafe/blob/safe.fiery.me/docker/nginx/lolisafe.tld.https.example.conf (but don't follow it exactly, since that config is for serving both lolisafe homepage and the files in the same domain, and has some docker-specific things)

Aside from that, everything else looks good

[breachedvince]

All done with that but now it is only displaying the welcome page for the default nginx configuration. Is there any basic issues or problems that i could search for to fix this?

[BobbyWibowo]

It's typically caused by having other server block that contains listen ... default_server; somewhere A default one is usually shipped with nginx upon first install You'll have to figure out where it is yourself since it's different from distro to distro and/or install source

[breachedvince]

I only have 1 config my other one for serving files is empty im working on that last so where could there be another server block?

[breachedvince]

Actually i got it working the thing thats breaking it is listening on port 443 maybe some unkown cloudflare setting but thanks for your help.

[BobbyWibowo]

👍

[breachedvince]

Thanks for your help again and the thing that is causing the default welcome page is removing

location / { add_header Access-Control-Allow-Origin *; root /lolisafestore; try_files $uri @proxy; }

from the homepage domain. Just putting this here as someone else may run into this problem in the future.

[BobbyWibowo]

Ah yeah, that location block is not needed in homepage domain, if you're serving the files on a separate domain I was certain on your previous message you only had it on domain2's server block

[breachedvince]

The lolisafe page will not work if i do not have the location block on the homepage.

[BobbyWibowo]

Oh right, if according to your previous message, you actually had to replace location @proxy with location / too

[breachedvince]

Yes, thank you for your help tho is there any cloudflare tweaks i have to do to get ssl working?

[BobbyWibowo]

Lolisafe in itself does not require different steps from other websites when it comes to enabling SSL/TLS, so there isn't much I can tell you aside from just try to follow any Cloudflare SSL/TLS guides on the internet

I guess make sure your encryption setting in Cloudflare is set to Full or Full (Strict), since it appears you already use your own certificates in the Nginx layer

[breachedvince]

Are you sure there is nothing else i need to do for domain 2? The homepage works but the domain the files are being served on pops up as a 500 Internal Server Error my config is the same as before ~

map $sent_http_content_type $charset { ~^text/ utf-8; }

server { listen 80; listen [::]:80;

server_name domain2.xyz;
server_tokens off;

charset $charset;
charset_types *;

location / {
    add_header Access-Control-Allow-Origin *;
    root /lolisafestore;
    try_files $uri @proxy;
}

}`

[BobbyWibowo]

Remove try_files directive

[breachedvince]

Now its a 403 Forbidden Error.

[BobbyWibowo]

Read your nginx error logs

[breachedvince]

Forgot those were a thing oops.

[breachedvince]

I think it thinks it is an .html site or something in that nature as the last 10 or so logs say

2022/06/28 06:02:57 [error] 9987#9987: *4 "/lolisafestore/index.html" is forbidden (13: Permission denied), client: **.***.**.***, server: domain2, request: "GET / HTTP/1.1", host: "domain2" 2022/06/28 06:02:58 [error] 9987#9987: *4 "/lolisafestore/index.html" is forbidden (13: Permission denied), client: **.***.**.***, server: domain2, request: "GET / HTTP/1.1", host: "domain2" 2022/06/28 06:02:59 [error] 9987#9987: *4 open() "/lolisafestore/VQ9VjVIaD66ve66s.txt" failed (13: Permission denied), client: **.***.**.***, server: domain2, request: "GET /VQ9VjVIaD66ve66s.txt HTTP/1.1", host: "domain2" 2022/06/28 06:03:01 [error] 9987#9987: *5 open() "/lolisafestore/vYFXcnW0nkP4mTrj.png" failed (13: Permission denied), client: **.***.**.***, server: domain2, request: "GET /vYFXcnW0nkP4mTrj.png HTTP/1.1", host: "domain2" 2022/06/28 06:03:03 [error] 9987#9987: *6 open() "/lolisafestore/jJiKTnyGIQTVQlVV.jpeg" failed (13: Permission denied), client: **.***.**.***, server: domain2, request: "GET /jJiKTnyGIQTVQlVV.jpeg HTTP/1.1", host: "domain2"2022/06/28 06:04:12 [error] 9987#9987: *7 "/lolisafestore/index.html" is forbidden (13: Permission denied), client: **.***.**.***, server: domain2, request: "GET / HTTP/1.1", host: "domain2" 2022/06/28 06:04:13 [error] 9987#9987: *7 "/lolisafestore/index.html" is forbidden (13: Permission denied), client: **.***.**.***, server: domain2, request: "GET / HTTP/1.1", host: "domain2" 2022/06/28 06:08:32 [error] 9987#9987: *8 "/lolisafestore/index.html" is forbidden (13: Permission denied), client: **.***.**.***, server: domain2, request: "GET / HTTP/1.1", host: "domain2" 2022/06/28 06:08:32 [error] 9987#9987: *8 "/lolisafestore/index.html" is forbidden (13: Permission denied), client: **.***.**.***, server: domain2, request: "GET / HTTP/1.1", host: "domain2" 2022/06/28 06:08:32 [error] 9987#9987: *9 open() "/lolisafestore/favicon.ico" failed (13: Permission denied), client: **.***.**.***, server: domain2, request: "GET /favicon.ico HTTP/1.1", host: "domain2", referrer: "https:>2022/06/28 06:08:33 [error] 9987#9987: *8 "/lolisafestore/index.html" is forbidden (13: Permission denied), client: **.***.**.***, server: domain2, request: "GET / HTTP/1.1", host: "domain2"

[BobbyWibowo]

Move root /lolisafestore; before location /, also it seems Nginx does not have permission to that directory anyways, otherwise it'd have said file not found