skip to Main Content

i’m having some difficulties getting a site of mine online. despite me having a similar site up on port 447 (nicer.app), this zoned.at site just won’t get past it’s ERR_CONNECTION_REFUSED status in the browser.

i’m using nginx and apache2 on ubuntu 20.04.

"netstat -tulpn | grep 448"
returns nothing, but "service apache2 restart" and "service nginx restart" also return nothing, indicating no error, and there’s nothing in the logs either (/var/logs/apache2/error.448.log and /var/logs/nginx/error.log)

here’s my apache config section :

    <VirtualHost *:448>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com
        ServerName zoned.at

        ServerAdmin [email protected]
        DocumentRoot /home/rene/data1/htdocs/zoned.at

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn
        #LogLevel info ssl:warn
        LogLevel debug ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.448.log
        CustomLog ${APACHE_LOG_DIR}/access.448.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
        <Directory /home/rene/data1/htdocs/zoned.at>
                Options -Indexes +FollowSymLinks
                AllowOverride All
                Require all granted
        </Directory>

        SSLEngine on
        SSLProtocol all -SSLv2 -SSLv3
        SSLHonorCipherOrder on
        SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS +RC4 RC4"

        SSLCertificateFile /etc/letsencrypt/live/zoned.at/cert.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/zoned.at/privkey.pem
        SSLCertificateChainFile /etc/letsencrypt/live/zoned.at/fullchain.pem
</VirtualHost>

and here’s my nginx config section :

    server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name zoned.at;
    root /home/rene/data1/htdocs/zoned.at;

large_client_header_buffers 4 32k;

ssl_certificate /etc/letsencrypt/live/zoned.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/zoned.at/privkey.pem;

ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_ciphers 'kEECDH+ECDSA+AES128 kEECDH+ECDSA+AES256 kEECDH+AES128 kEECDH+AES256 kEDH+AES128 kEDH+AES256 DES-CBC3-SHA +SHA !aNULL !eNULL !LOW !kECDH !DSS !MD5 !RC4 !EXP !PSK !SRP !CAMELLIA !SEED';
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparam.pem;

location / {
    proxy_pass https://192.168.178.21:448/;
    proxy_redirect off;
    proxy_buffering off;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Ssl on;

    proxy_connect_timeout 159s;
    proxy_send_timeout   60;
    proxy_read_timeout   60;
    send_timeout 60;
    resolver_timeout 60;
}
}

2

Answers


  1. Chosen as BEST ANSWER

    okay, following the comments to my original question led to the fix for this problem..


  2. i also had to do :

    certbot certonly --nginx -d zoned.at
    

    instead of

    certbot --test-cert certonly --nginx -d zoned.at
    

    or

    certbot --dry-run certonly --nginx -d zoned.at
    

    and i had to add the following to /etc/nginx/sites-enabled/00-default-ssl.conf :

    server {
        listen 80;
        server_name zoned.at, www.zoned.at;
        return 301 https://zoned.at$request_uri;
    }
    

    which does unfortunately mean that you can have port http to https forwarded for only 1 site.. but in my case, that’s all i need (for now).

    EDIT : instead of editing the nginx config file to host a site on port 80, you can use do a2enmod rewrite and restart apache2 with service apache2 restart to get the job done with the following entry into a .htaccess file in your web folder’s relative root (/var/www/html for a default apache2 setup)..

        #Stage 0 : initialization of rewrite engine; do not touch without a clue.
    RewriteEngine on
    RewriteBase /
    #site operator must keep these in order:
    # must start and end with /
    
    # redirect www.example.com to example.com
    RewriteCond %{HTTP_HOST} ^www.(.*)$ [NC]
    # redirect http to https
    RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search