Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


let's encrypt in vestacp domain behind nat
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

let's encrypt in vestacp domain behind nat

I am not familiar with ssl in complex situations. Although I installed a couple of LE certs in a vesta environment, I would appreciate any guidance in this scenario:

I have a vesta installation in a NAT LXC vps (the node is mine, with a proxmox installation and nat container, using nginx as reverse proxy for the domain).
I installed LE in the container for my domain.
I use cloudflare mostly for dns resolving/name servers.
I use nginx reverse proxy redirecting from the node to the container, using the domain, with this config:

server {
  listen 80;
  server_name xxxxxx.com *.xxxxxx.com;
  location / {
    proxy_pass              http://10.0.0.xx;
    proxy_set_header        Host $host;
    proxy_set_header        X-Real-IP $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_connect_timeout   150;
    proxy_send_timeout      100;
    proxy_read_timeout      100;
    proxy_buffers           4 32k;
    client_max_body_size    8m;
    client_body_buffer_size 128k;
  }
}

What are the steps to enable https to this domain in the container, using nginx reverse proxy? And how can I force https?

Thanks all!

Comments

  • HarambeHarambe Member, Host Rep

    You need to do the LetsEncrypt install on the host node (where nginx is), you can't proxy back over only port 80 and expect SSL to work. Need the SSL on the reverse proxy itself.

    If you're not running any other web servers on that node, I'd suggest doing port forwarding with IPTables and just push all port 80/443 traffic back to that container.

    Thanked by 2Falzo jvnadr
  • I haven't tried using NAT and LE for certificates but should be easy to follow what vestacp says about the CLI:
    v-add-letsencrypt-domain admin domain.tld

    Then to force SSL just edit to:
    /home/admin/conf/web/nginx.conf

    Search the domain that will contain be force to SSL and add:

    return 301 https://$server_name$request_uri;

    At the end should be something like this:

    server { listen 192.168.1.85:80; server_name domain.tld www.domain.tld; error_log /var/log/apache2/domains/domain.tld.error.log error; return 301 https://$server_name$request_uri; ....

    Thanked by 1jvnadr
  • Harambe said: You need to do the LetsEncrypt install on the host node (where nginx is), you can't proxy back over only port 80 and expect SSL to work. Need the SSL on the reverse proxy itself.

    If you're not running any other web servers on that node, I'd suggest doing port forwarding with IPTables and just push all port 80/443 traffic back to that container.

    this!

    Thanked by 2jvnadr netomx
  • i83i83 Member

    jvnadr said: I installed LE in the container for my domain.

    I use cloudflare mostly for dns resolving/name servers.
    I use nginx reverse proxy redirecting from the node to the container, using the domain, with this config:

    If you have dedicated IPv6 on the container then run it over :443 on IPv6 and use Cloudflare as a proxy for IPv4 traffic?

Sign In or Register to comment.