|
OpenBSD Packages and Ports Installation and upgrading of packages and ports on OpenBSD. |
|
Thread Tools | Display Modes |
|
|||
nginx configuration issues
Hello,
I have not used nginx in a very long time. I had to set up a quick and dirty email server. I used iredmail.org for the setup. OpenBSD 7.1 AMD64 Everything works fine. However, I have to setup ssl certs for web access (not for email) because some of my users browsers do not simply allow them to proceed to webmail with self signed certificates. I am done trying to troubleshoot this over the phone. In short - letsencrypt required. I did not use acme-client and /etc/acme.conf because there were some readymade step by step directions (sigh). So I ended up useing certbot from packages. Code:
$doas certbot certonly --webroot --dry-run -w /opt/www/ -d mail.mydomain.com Domain: mail.mydomain.com Type: unauthorized Detail: My.IP.V4.Add: Invalid response from https://mail.mydomain.com/.well-know...WDdv-QWCctwug: 404 Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet. Some challenges have failed. Where do I start looking? |
|
|||
I have never used certbot. I have used the OpenBSD native acme-client with the native httpd server.
But OpenBSD developer Solene has a nginx configuration file for acme. See https://dataswamp.org/~solene/2019-0...ginx-acme.html Maybe that helps
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
An "offical Nginx document" describes how to use certbot : https://www.nginx.com/blog/using-fre...pt-with-nginx/
Did you check the package readme of the OpenBSD certbot package for any clues? See /usr/local/share/doc/pkg-readmes
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
Thank you!
Quote:
$doas certbot --nginx requires nginx plugin for certbot which is not installed on OpenBSD Quote:
Quote:
Not OpenBSD specific, but I'll post my nginx.conf hoping for a heads up. |
|
|||
Whenever I got to ns1.mydomain.com or to mail.mydomain.com the webpage redirects to https://{ns1|mail}.mydomain.com/mail/
Hence I believe this more to be of an nginx related problem rather than certbot. I do not know how to serve a particular folder using nginx. relevant bits of my config files: $cat /etc/nginx/nginx.conf http { include /etc/nginx/conf-enabled/*.conf; include /etc/nginx/sites-enabled/*.conf; } $cat /etc/nginx/sites-available/00-default-ssl.conf (00-default.conf redirects to https) listen 443 ssl http2; server_name _; root /var/www/htdocs; include /etc/nginx/templates/misc.tmpl; include /etc/nginx/templates/ssl.tmpl; include /etc/nginx/templates/iredadmin.tmpl; include /etc/nginx/templates/roundcube.tmpl; include /etc/nginx/templates/sogo.tmpl; include /etc/nginx/templates/netdata.tmpl; include /etc/nginx/templates/php-catchall.tmpl; include /etc/nginx/templates/stub_status.tmpl; $cat /etc/nginx/templates/misc.tmpl location ~ ^/.well-known/ { allow all; access_log off; log_not_found off; autoindex off; #root /var/www/html; } location ~ /\. { deny all; } $cat /etc/nginx/templates/roundcube.tmpl location = /mail { return 301 /mail/; } location ~ ^/mail/(.*\.php)$ { include /etc/nginx/templates/hsts.tmpl; include /etc/nginx/templates/fastcgi_php.tmpl; fastcgi_param SCRIPT_FILENAME /opt/www/roundcubemail/$1; } location ~ ^/mail/(.*) { alias /opt/www/roundcubemail/$1; index index.php; } |
|
|||
Done! Thank you J65nko.
For some strange reason nginx is not chrooted to /var/www on my system and that is what made me go all over the place. Your reply and Solene's post helped. Instead of /acme in nginx.conf, it had to be /var/www/acme (because no chroot) |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
[6.8] nginx + TLSv1.3 | CiotBSD | OpenBSD Packages and Ports | 1 | 18th October 2020 07:22 PM |
Nginx news | frcc | News | 2 | 19th December 2019 02:04 PM |
snmpd vs. net-snmp configuration issues | MatthiasKoch | OpenBSD General | 3 | 28th April 2016 07:01 AM |
non-chroot nginx/php-fpm | Oko | OpenBSD Packages and Ports | 1 | 25th December 2015 12:06 PM |
openbsd 5.1 and nginx | barti | OpenBSD General | 2 | 1st October 2012 05:51 PM |