Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
B
B
bozuriciyu2019-08-29 01:38:20
Nginx
bozuriciyu, 2019-08-29 01:38:20

LetsEncrypt Sertbot break config?

There was a simple config

upstream public-content-api {
  server 127.0.0.1:9999;
}

server {
  listen 80;
  server_name api.example.com;

  location / {
    proxy_pass http://public-content-api;
    include proxy_params;
  }
}

After installing the sertbot, I tried how it would generate a config for ssl, chose a redirect from https to http. As a result, he broke everything for me, and now an endless redirect
upstream public-content-api {
  server 127.0.0.1:9999;
}

server {
  server_name api.example.com;

  location / {
    proxy_pass http://public-content-api;
    include proxy_params;
  }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = api.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

  listen 80;
  server_name api.example.com;
    return 404; # managed by Certbot
}

1. Why is the redirect my config of the curve first or is this sertbot generating shit?
2. How to fix it in this example?
3. Is it worth it to use this generator at all or to somehow verify certificates in another way? I wish it was all automatic...

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
C
chupasaurus, 2019-08-29
@chupasaurus

1.3. The generator should not be used from the word at all.
2. Throw out if, instead of return 404sticking return 301 https://$server_name$request_uri
For beauty, HTTP and HTTPS can be combined into one location and wrap the redirect in if ($scheme = http).
3. To pass the test, it is enough to forward the directory with challenges. https://toster.ru/answer?answer_id=1326513

Report
A
Arthur, 2019-08-29
@ar2rsoft

Sertbot at the end asks whether to add a redirect, just refuse, and the second block with the redirect will not be added

Similar questions
A
Archakov Dennis2016-08-24 11:10:17
Error when accessing php: No input file specified? 1Reply
N
Nurlan2014-08-11 12:59:44
Nginx+PHP-FPM: how to upload files larger than a gigabyte? 2Reply
S
sandrain2014-08-11 14:15:25
how to do nginx mobile rewrite 0Reply
M
maxtrelle2014-08-13 14:43:02
How to open access to a localhost site on a local network through nginx? 1Reply
A
alexxzhuravlev2016-08-26 22:07:55
How to disable caching for logged in users in nginx? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question