I've created a web server on my Raspberry Pi 4 and using it for a web project that I'm currently working on as well as future website projects. Currently, I'm running on Pop OS Linux distro on my main laptop and SSH to the Raspberry Pi running as a web server. I'd like to install the letsencrypt SSL on the webserver. I've found some tutorials on a Google search and have had no luck with the installation of certbot. I'm currently running the Nginx web server on the Raspberry Pi.
I have changed some of the settings on the /etc/Nginx/sites-available & sites-enabled and still no luck with the SSL running on the webserver. Are there any other suggestions or tips that anyone can throw my way to get this web server installed with a secure socket layer of encryption? I'm currently running the web server on my Raspberry Pi's IP Address. Maybe I need to change it to an actual domain name beforehand and see if that works?
When I run:
sudo systemctl status nginx
It returns as active. Which is good. Any suggestions?
You should go for following the steps, serially:
You need to register a domain name with a official DNS (Domain Name System) Register, e.g. NameCheap, Google Domains, Go Daddy.
Install certbot following instructions on Let's Encrypt tutorials all SSL/TLS certificates will be installed automatically, (assuming that you're not requesting a wildcard certificate, I too recommend not doing so as it's a hassle in getting a wildcard certificate).
Make sure all ports are correctly forwarded to the Raspberry Pi and that there is no firewall interfering with the ports 443 and 80 and make sure that your ISP is not blocking them whatsoever, since Let's Encrypt needs to verify that your domain name and website exists and is accessible.
Related
I have a little server in my local network running some web services, pihole and a nextcloud instance. All services are available via http only and it would be nice if I could switch to https instead, i.e. add encryption.
All the instructions I found in the internet assume that the server is available through the internet and that one wants to encrypt this connection. But I definitely don't want to have the server exposed to the internet.
Could someone maybe share a tutorial or so on how to do this? Thanks in advance!
You would have to create a self-signed SSL certificate and install that on your devices to achieve HTTPS
Steps would be:
create a self-signed certificate, you may follow this guide
Install the certificate on your devices
Configure your webserver to use this certificate, (it will vary depending on what web server you use)
Not able to access nginx from outside the server
I have used ansible role written by me to download nginx on linux machines. But i'm not bale to access that nginx service outside of the server (the one on which it is installed)
https://github.com/kishanagarwal/ansible_poc/tree/master/roles/nginx
You can access the code from above url
I am able to get a welcome page of nginx service running on Centos machines, but can't get anything when i tried to access ip address of machine running on ubuntu 14.04 and having nginx installed on it.
Its simply means nginx port is not opened.
steps to follows:
login to your machine which is trying to access nginx.
if it is windows ,open DOS prompt OR if it is linux, open terminal.
run following command :
telnet
Based on output , if port is not open, you can refer following guide to open port:
https://www.cyberciti.biz/faq/howto-rhel-linux-open-port-using-iptables/
I am looking for some assistance configuring BIND to host a DNS server on my web server.
I recently acquired a dedicated server running Ubuntu 14.04 LTS and I already have Nginx, PHP-FPM, MariaDB installed and working perfectly. My knowledge of postfix & dovecot are slim, so I followed this guide: A Mailserver on Ubuntu 14.04: Postfix, Dovecot, MySQL. The good news is that I've got mail coming in and going out as expected, but have come across another issue, which is some ISP and providers are denying the mail since there is no PTR records used.
So, I'm assuming I need to install and configure BIND to set up DNS and to set up a PTR record so that my mail will reach its destinations. I've tried Google with some tutorials but none of them seem clear for my purpose.
Installing a control panel, or one of those all-in-one scripts is out of the question since I already have the web server configured. Another issue is that some of them don't work with Nginx or use a different configuration of PHP. Plus, I want to learn how to do this on my own.
You don't have to install bind. Who ever has reverse DNS authority for your IP block will typically create a reverse name for you. Just request a reverse pointer record with the mail domain name for your IP.
I'm running a ASP.NET on my pc and I would like to access to that app from another pc on the same network. I've tried to reach the app writing the URI of my pc on the network followed by the port number as below:
"192.168.X.X:49223/"
But it shows me an 400 error saying that it's an invalid hostname...
Is there something to do with my windows firewall or in IIS to allow access from another PC ?
Thanks for your help.
You may need to an exception in Windows Firewall.
Control Panel > Windows Firewall > Advanced Settings > Inbound/Outbound rules.
Add a new rule to both, specifying your port number and a generic name to identify its purpose.
Install IIS server on your machine, then deploy your application on that IIS server.
Refer this for Deployment assistance
To run the application on IIS instead of ASP.Net dev server you need to
Right click on solution in VS
Click on Start Options..
In Server section, Select "Use Custom Server" and then provide the URL of the application you have added earlier on IIS
Then you can easily access your website from any other machine on the same network.
Is it hosted in iis, or are you running it through Visual Studio. The funny port number (49223) tells me it's the latter.
When you run a VS project, the dev server is designd to only allow local conconnections. If you connect from a network it gets blocked by design. Their is no config around it.
What I do as a hack is run a reverse proxy like Nginx. It's a free download. Run it on your dev machine. You can tell it to listen on a port (eg 88) and then redirect tge traffic to port 49223. Give your mate the same url as before but replace the port with 88
Nb make sure your port 88 is open as per codemans answer
An example of the nginx config would be https://gist.github.com/ekinertac/5524389
This then tricks VS into thinking it came from your local machine.
I installed on my server, a Bug tracker which is accessible through port 3000 (http://myserver:3000).
Every thing is ok on my server, i can access to my web application any time, but in my job's computer, i cannot even connect to this application and no other web application which run on different port other than 80.
I have added a role on the windows Firewall settings by letting connection to and from port 3000. But same result.
If some one have a solution to this, i'll be thankful.
Best Regards
Is it possible that your work network is blocking your home machine. Can you ping your home machine or access it with its ip address? When you type
http://myserver:3000
are you doing this from the local intranet? If you have your bug server on your home machine then you won't be able to access
http://myserver:3000
from your work machine without a fully qualified domain nae or ip address?
If the above answers are all resolved then whenever I have such difficulties on windows, I do the following. If you don't have admin rights you might not be able to do this.
temporarily disable all firewall/antivirus programs.
Start web server listening on port 80 (on your home machine)
Access from a different machine if this works then
Start web server on 3000
Access from a different machine.
If it works then it is a matter of finding whether the problem was that the web request was being blocked by the firewall or antivirus. In your case it appears it might be the antivirus. To confirm disable all antivirus for a moment.
Make sure you turn your antivirus/firewall back on once the problem is diagnosed!