Welcome! Log In Create A New Profile

Advanced

Re: Nginx only serves 1 App

Moshe Katz
May 16, 2018 09:16AM
Somehow we all missed that - of course you can't run `http2` on port 80 and
have it work since `http2` requires SSL.
With that configuration, you would have been able to get to the chat
subdomain only by going to `https:// chat.mydomain .com:80/` - notice that
it is https but is forced back to port 80. (I purposely added spaces to
prevent that from being a link in many mail clients.)

To answer the question about LetsEncrypt renewal, you need to leave nginx
running in order for it to work since it still relies on nginx to serve the
`.well-known` files that make the domain verification work. If you would
stop nginx, you would be unable to run the validation.

The one thing that you do need to do is make sure that LetsEncrypt knows to
reload nginx when a certificate changes so that nginx can see the new
certificate file.
If you are on a system that uses SystemD, this is what you need to do:

Create a shell script in `/etc/letsencrypt/renewal-hooks/deploy` with the
following contents:

#!/bin/bash
/bin/systemctl reload nginx.service

Make sure to set it as executable, and then Certbot will run it
automatically for every renewal.

Alternatively, you can go into each file in `/etc/letsencrypt/renewal/*`
and add the following line in the `[renewalparams]` section:

deploy_hook = /bin/systemctl reload nginx

Of course, that means you need to modify the renewal file for each domain
separately.

Moshe
--
Moshe Katz
-- kohenkatz@gmail.com
-- +1(301)867-3732


On Wed, May 16, 2018 at 1:42 AM Nginx-Chris <nginx-forum@forum.nginx.org>
wrote:

> Here is what makes everything work ok:
>
> In the cloud.conf (Seafile) I deleted the "http2" in the server part that
> listens on port 80 and redirects.
>
> It looks like this now:
>
> server {
>
> listen 80;
> listen [::]:80;
> server_name cloud.mydomain.com;
>
> rewrite ^ https://$http_host$request_uri? permanent; # force
> redirect
> http to https
>
> # Enables or disables emitting nginx version on error pages and in the
> "Server" response header field.
> server_tokens off;
>
> }
>
> Noe everything works fine.
>
> I am not sure what advantage / disadvantage http2 had, to be honest.
>
> Maybe the http2 part should only be inside the config part that configures
> the 443 access?
>
> Well, this did the trick at least.
>
> I am still interested in the config that you posted on gist though.
> It looks really tidy and well organised.
>
> So I would still like to know if I can leave Nginx running for letsencrypt
> bot to work ;-))
>
> Greetings, Chris
>
> Posted at Nginx Forum:
> https://forum.nginx.org/read.php?2,279794,279811#msg-279811
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Nginx only serves 1 App

Nginx-Chris May 15, 2018 04:35AM

Re: Nginx only serves 1 App

wickedhangover May 15, 2018 07:30AM

Re: Nginx only serves 1 App

Moshe Katz May 15, 2018 09:18AM

Re: Nginx only serves 1 App

Nginx-Chris May 15, 2018 04:32PM

Re: Nginx only serves 1 App

Moshe Katz May 15, 2018 11:46PM

Re: Nginx only serves 1 App

Nginx-Chris May 16, 2018 01:08AM

Re: Nginx only serves 1 App

Nginx-Chris May 16, 2018 01:12AM

Re: Nginx only serves 1 App

Nginx-Chris May 16, 2018 01:41AM

Re: Nginx only serves 1 App

Moshe Katz May 16, 2018 09:16AM

Re: Nginx only serves 1 App

Nginx-Chris May 23, 2018 04:14PM

Re: Nginx only serves 1 App

Nginx-Chris May 23, 2018 04:14PM

Re: Nginx only serves 1 App

Moshe Katz May 23, 2018 09:30PM

Re: Nginx only serves 1 App

Nginx-Chris May 23, 2018 11:50PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 120
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready