I did setup a nginx webserver serving php using the Arch wiki on nginx.
It was relatively easy.
Nginx is working here. But Certbot didn’t go well this time either!
- The following errors were reported by the server:
Domain: det-sovande-folket.org
Type: unauthorized
Detail: Invalid response from
http://det-sovande-folket.org/.well-known/acme-challenge/TH9aibB9I7-PF9jJxjlBsLxOuv5PzTbhkxmC6U99uPQ
[46.59.56.27]: 404
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
I am not absolute sure that I understand how to fix it.
brandent
did you use the certbot nginx plugin?
As root
# pacman -Syu certbot-nginx
Then run
# certbot --nginx
Yes I did use certbot --nginx.
I tried several times and the first times I just got errors.
I looked through all config files (nginx, php-fpm, nextcloud) and read in nextcloud forum that I had to give dedicated server and domain in config.php.
I did that and then I got certbot --nginx going. I could only install for “det-sovande-folket.org”. “www.det-sovande-folket.org” got errors.
I thought that that was it but when i tried to log in to my nextcloud server I got an nginx-page-404.
I am at work and I tried (just of curiosity) to log from here and then I got a message that I have to config ssl on my laptop!
I think I have configured “my head off” and I do not have enough knowledge to see whats wrong. It is not such a big effort to start over and maybe I even learn something in the process!?
Small update!
When I use webbrowser and “det-sovande-folket.org” I get to http://det-sovande-folket.org/apps/dashboard but it is just a “white” page with nothing!
brandent
In the configuration file in the section server the server_name should include both.
server {
...
listen 80;
server_name det-sovande-folket.org www.det-sovande-folket.org;
...
}
then restart nginx
# nginx -s reloadI will look into this when I come home! It could be that I only have the first name there or I have given “Alias” to www.det-…
brandent
I am puzzled.
I did use your server config hint and systemctl restart nginx. After that certbot --nginx went thru with “gratulations”.
After this https://det-sovande-folket.org/ gets me to nginx page.(welcome to nginx).
https://www.det-sovande-folket.org gets me to “unable to load page”. det-sovande-folket.org gets me to nextcloud (but the page looks broken).
Then I realized that nginx -s reload does not mean the same as systemctl restart nginx so I did nginx -s reload. The answer is this
sudo nginx -s reload
2020/10/06 20:22:25 [warn] 8701#8701: conflicting server name "www.det-sovande-folket.org" on 0.0.0.0:80, ignored
2020/10/06 20:22:25 [warn] 8701#8701: conflicting server name "det-sovande-folket.org" on 0.0.0.0:80, ignored
2020/10/06 20:22:25 [notice] 8701#8701: signal process started
I find this strange.
Update 2 hours later.
I changed nextcloud.conf and added wan ip adress, reload nginx php-fpm and then certbot --nginx and it worked!
But still I can only use “det-sovande-folket.org” (www gets me nowhere) and I still get to “welcome to nginx”.
Anyhow, this could be a step forward!
brandent
Here again!
I took a couple of days break and then I reinstalled.
This time everything has gone thru so far.
certbot --nginx - both det-sovande-folket.org and www.det-sovande-folket.org OK!
Now I will dive in to Nextcloud.
brandent
1 Like
Well I didn’t have the chance to dive in to Nextcloud this time!
No matter what I did I couldnt reach my nextcloud server. I got to “welcome to nginx” and then I got totally lost.
I had to start over again and this time I did configure nginx a bit different. I edited the nextcloud.conf with my domain and did an “include” in nginx.conf to read nextcloud.conf. Now it got thru and I get to nextcloud using my domain.
I have never gotten this far before so now I will check (and try to configure) nextcloud server for what works. I think I did learn a few things about this!
brandent
Well here again!
I have one major problem. My Nextcloud-site has been blocked due to security threat!?
Cisco-Umbrella? What is this?
brandent
Hej @brandent läst igenom tråden lite. Tar det på svenska. Vad är det du försöker göra? Ha en Nextcloud-server med domännamn på eget IP hemifrån?
Japp!
Det fungerade under ca 2 dagar. Idag så har min domän blivit blockad av Cisco-Umbrella (vad det nu är för något!?)
Jag har lyckats hitta en mail adress som kanske går till dem men det har inte hänt något på ca 4 timmar. Grunden till mitt intresse för Nextcloud är att jag vill kontrollera mina uppgifter själv, utan inblandning av tex Microsoft (jag kör därför inte snap, utan har gjort all konfig. själv. En jäkla massa misstag och jag har börjat om från början 6 ggr!)
brandent
Jag har ingen aning om vad Cisco-Umbrella är. Sökte på det och verkar vara något skydd från Cisco. Är det något du har?
Cisco Umbrella uses the Internet’s infrastructure to enforce security and block malicious activity before a connection is ever established. By delivering security from the cloud, there is no hardware to install and no software to manually update. - Cisco web
As I read this - you ISP use a service which detect malicious activity and blocks it.
The security of the network is of utmost importance to an ISP. If their network was used to run illegal servers - torrents come to mind - or open relay servers - the ISP’s trustworthy will descend faster than a high speed lift in 50 storage building.
One of the things I mentioned previously is the fact that bots are constantly scanning the internet for vulnerable software - as such it is important keep your software up-to-date and employ server side security measures.
Even if your ISP allows it - as per your mentions of contact with their support - incoming traffic on port 80 and 443 is highly unusual for most ISPs and the mentioned blocking mechanism is an AI. Even if your system is not vulnerable exposing http(s) services attract 
like 
to a 
- that unusual traffic triggers the AI and blocks access - even legitimate access.
With this new events I would use a self-signed certificate and change ports to other ports not in common use e.g. 34080 and 34443. This will move your service out of sight and the AI may unblock your service. But that is pure guess work on my side - just some thoughts on your experience.
1 Like
Det vet jag inte men det är troligen så som @ROOT säger att det är min ISP som blockar. (eller mer troligt mitt jobbs ISP)
brandent
1 Like
It must be my works ISP!
It is not enough to just change ports?
brandent
I would think it is enough if you change ports.
An interesting topic showed when checking Cisco-Umbrella
If my memory serves - I vaguely recall OpenDNS as once one of those shady DNS networks - maybe among the first to monetize lookup for non-existing domains - but my memory may fail me in this instance.
Det er troligen inte din arbetsplats ISP da jag inte kan forbinna åt dit domæn - svenska er inta mit daglige sprog - men jeg forstår mer end jeg skriver 
Du är nog bättre på svenska än jag är på danska!!
So another probably sleesy, dirty company.
Do I change the ports in router or?
Port range?
brandent
At work now.
After port change (34080:34443) in router I can get to my server using my www adress. (without www I get a warning but I got in by ignoring the warning).
@Root your help has been crucial!!
Nextcloud is not easy and there are a lot to learn there. I am trying.
brandent
2 Likes