@yariplus said in How To: Let's Encrypt and NodeBB:
@01 You tell nginx where to look for the files.
server {
listen 80;
server_name yourdomainhere.com;
...
location "/.well-known/acme-challenge" {
root /usr/share/nginx/html;
}
}
This would mean the files you create are:
/usr/share/nginx/html/nOmtkseci4NqOwrx9OYnmtQaoNsPrqq7_JG3Kf4iVd8
/usr/share/nginx/html/NJpedX-UNHPAVRaur_ZNyiSjwpqrudSPuX2eL8PY010
Thank you @yariplus, I have tried to reverse proxy these files over but didn't work. So I found a very easy way to do it.
I downloaded Caddy which is a tiny open source server, and verified the files use the caddy server. Everyone use LE ssl on nodebb should do it this way, much easier.
Now I'm encountering a new problem, I tried to setup the certificates for my nodebb but it doesn't work.
This is my nginx config
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name mydomain.com;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:4567;
proxy_redirect off;
# Socket.IO Support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
server {
# listen on ssl, deliver with speedy if possible
listen 443 ssl http2;
server_name mydomain.com;
# change these paths!
ssl_certificate /cert/bundle.crt;
ssl_certificate_key /cert/mydomain.key;
# enables all versions of TLS, but not SSLv2 or 3 which are weak and now deprecated.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# disables all weak ciphers
ssl_ciphers 'AES128+EECDH:AES128+EDH';
ssl_prefer_server_ciphers on;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:4567/;
proxy_redirect off;
# Socket.IO Support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
}
nodebb config
{
"url": "https://mydomain.com",
"secret": "************************",
"database": "mongo",
"mongo": {
"host": "127.0.0.1",
"port": "*****",
"username": "****",
"password": "*****",
"database": "****",
"uri": ""
},
"port": "4567"
}
Any idea why it doesn't work?