Nginx questions
-
I didn't want to muddy up @JaredBusch's nice how to on Nginx for questions that I have. I am installing it now that I have NC up and going, because I believe that I will have more services at some point and from what I understand, a reverse proxy is just the thing I need for that, if they needed to share the same ports.
At the moment, I am still waiting on my DNS provider so I cannot fully test everything. For the time being, I am looking for a way to see if my firewall ports are actually open, and possibly that they are making it to Nginx. How do I test each hop in the process?
-
I can tell port 80 is forwarding, If I put in my external ip, I hit the Nginx test page. Can I test https without a cert, or do I have to just wait?
-
Added a tag.
-
To test if ports are open....
-
Query the OS and ask it if you are listening...
netstat -tulpn
-
Query your firewall and ask it if the ports are open.
-
Use telnet from another system to see if the port responds.
-
-
@Donahue said in Nginx questions:
I can tell port 80 is forwarding, If I put in my external ip, I hit the Nginx test page. Can I test https without a cert, or do I have to just wait?
Same way.
-
Can you put an entry in your hosts file awhile to test instead of waiting on your DNS provider?
-
@Obsolesce said in Nginx questions:
Can you put an entry in your hosts file awhile to test instead of waiting on your DNS provider?
But to test the port you don't need that, only need the IP address.
-
@scottalanmiller said in Nginx questions:
@Obsolesce said in Nginx questions:
Can you put an entry in your hosts file awhile to test instead of waiting on your DNS provider?
But to test the port you don't need that, only need the IP address.
Right, I wasn't addressing the port part of the OP, the second part. Quote fail on my part.
-
telnet cannot connect via 443, but the firewall says it is enabled. I am trying the internal IP first.
-
also, Who is a good DNS provider? I am getting tired of waiting for them to respond.
-
@Donahue said in Nginx questions:
also, Who is a good DNS provider? I am getting tired of waiting for them to respond.
Cloudflare and it’s free
-
@Donahue said in Nginx questions:
telnet cannot connect via 443, but the firewall says it is enabled. I am trying the internal IP first.
If you are trying internally what firewall is blocking you?
Also why are you trying 443? SMTP is port 25.
-
@Dashrender said in Nginx questions:
@Donahue said in Nginx questions:
telnet cannot connect via 443, but the firewall says it is enabled. I am trying the internal IP first.
If you are trying internally what firewall is blocking you?
Also why are you trying 443? SMTP is port 25.
Aww I see you’re testing https, not smtp
-
@Dashrender said in Nginx questions:
@Donahue said in Nginx questions:
telnet cannot connect via 443, but the firewall says it is enabled. I am trying the internal IP first.
If you are trying internally what firewall is blocking you?
Also why are you trying 443? SMTP is port 25.
I turned off windows firewall and still cannot get through. I am trying to telnet 443 into my Nginx VM. The Nginx firewall says 443 is open.
-
- Use nmap to scan ports to see what is open/closed/blocked.
-
Its working. My DNS updated and externally, its going to https. I am not sure why telnet was not working.
-
I've still got a few loose ends though. I want to set my cert to auto renew, but I dont know quite what to do on this step:
@JaredBusch said in Install Nginx as a Reverse Proxy on Fedora 27:
Don't forget to automate the cert renew
Create a cron job to run the renew everyday. Certbot will not actually do anything if it does not see any certs needing renew within 30 days. So you can run this as often as you want. Cerbot themselves recommends running it twice a day with this.
Usecrontab -eto edit your crontab.0 0,12 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renewIf I try and run
crontab -e, it says:[root@nginx ~]# crontab -e -bash: crontab: command not found -
I am also getting the following error on NC on my iPhone
-
@Donahue any chance you forget the https ?
-
