search

RangerMauve / dat-store

A CLI tool for backing up hyperdrive datasets
GNU Affero General Public License v3.0
59 stars 14 forks source link

SSL config with NGINX #32

Closed DougAnderson444 closed 5 years ago

DougAnderson444 commented 5 years ago

Trying not to reinvent the wheel here while working on following the dat-share NGINX setup advice. First time with NGINX :100:

Once I added the SSL with Letsencrypt via CertBot of course it broke everything that was working with http :unamused:

To set this up right, @RangerMauve how do you set up the SSL on port 3472 ?

... I'm also trying hard to locate where the files are to point that root folder to them, but haven't figured that out yet.

Suggestions appreciated :) I'll gladly PR the README again once I figure this out :dancer:

DougAnderson444 commented 5 years ago

Oh, I had to go to SSL since the SDK looks for the PSA doc at https://.../.well-known/psa So I'm stuck until I figure out how to get the SSL on port 3472

RangerMauve commented 5 years ago

So, I used certbot for setting up the SSL stuff, too.

I used the regular HTTPS port 443 and let certbot configure that, and then I had nginx proxy to the local dat-store instance.

Here's what my config looks like:

root@datgateway:/etc/nginx/sites-enabled# cat store.mauve.moe
server {
  server_name store.mauve.moe;

  location / {
    proxy_pass http://localhost:3472;
    proxy_set_header    Host            $host;
    proxy_set_header    X-Real-IP       $remote_addr;
    proxy_set_header    X-Forwarded-for $remote_addr;
    port_in_redirect    off;
    proxy_http_version  1.1;
    proxy_set_header    Upgrade         $http_upgrade;
    proxy_set_header    Connection      "Upgrade";
  }

    listen 80;
    listen [::]:80;

    listen [::]:443 ssl; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/gateway.mauve.moe-0001/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/gateway.mauve.moe-0001/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

Then I have store.mauve.moe pointing to my server and it kinda handles the rest. Note that the certbot section might be different for you.

Try getting the redirection to work on port 80 first and then get certbot to generate the SSL portions for you.

DougAnderson444 commented 5 years ago

Genius! What you had works like a charm (thanks for saving me hours of frustration) :+1:
Certbot set me up with something totally different, I'm sure I fed it sub-optimal inputs though :sheep:

RangerMauve commented 5 years ago

Sweeeet. Glad to hear it's working out for you! :D 💜💜💜