Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
Z
Z
ZoomLS2016-01-10 06:40:14
Nginx
ZoomLS, 2016-01-10 06:40:14

How to pass Let's Encrypt verification or serve file with nginx using nodejs?

I'm trying to get a certificate from Let's Encrypt, but the verification fails.

./letsencrypt-auto certonly --webroot -w /home/user/www/domane.ru/  -d domain.ru

The fact is that nginx is used as a proxy to the node.js application:
server {
    listen 80;
    listen [::]:80;

    server_name domane.ru;

 location  / {

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
        proxy_pass http://127.0.0.1:4567/;
        proxy_redirect off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

    }

Tried adding things like this to the config:
root /home/user/www/domane.ru;

location ~ /.well-known/acme-challenge/(.*)
    {
            default_type "text/plain";
            root /home/user/www/domane.ru;
    }

Nothing helps. Node.js app returns 404
. Let's Encrypt creates /.well-known /.well-known directory in /home/user/www/domane.ru/, where it puts the file for verification. But this file is not given.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
P
pomeo, 2016-01-10
@ZoomLS

I do so
it can be put in cron at once. Only if you have many domains, keep in mind that they have limits. And the limits are quite small.

letsencrypt.conf 
location /.well-known/acme-challenge {
    root /home/ubuntu/.lets;
}

/etc/nginx/sites-enabled/domain.com 
server {
        listen 80;
        server_name domain.com;
        include letsencrypt.conf;
        include redirect.conf;
}

Here immediately redirect to 443
redirect.conf 
if ($host ~* ^www\.(.*)$) {
  return 301 https://$1$request_uri;
}
return 301 https://$host$request_uri;

Those. I have a global folder /home/ubuntu/.lets for all domains, it creates a file there, checks for its existence and deletes it. Therefore, I see no reason to create a separate folder for each domain.
Node.js is not involved in any way here, here is the config with the node, which also has the lets encrypt check connected
server {
        listen 443 ssl http2;
        server_name domain.com;

        ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;

        include sslplus.conf;

        location / {
                include nodejs.conf;
                proxy_pass http://10.3.100.1:3000/;
        }
        include letsencrypt.conf;
}

Similar questions
A
Alexey Tutubalin2015-12-21 21:52:49
How to deny access to the site by server ip? 2Reply
C
Castle5402015-12-23 23:42:01
OpenServer won't start? 4Reply
S
Stepan2012-11-22 10:57:42
Load balancing? 5Reply
S
Semyon2020-06-01 15:34:20
Iredmail took over the main domain along with the mail. How to fix? 1Reply
I
Ilya2015-12-24 20:11:56
What is the problem with nginx+uwsgi? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question