eobie

got a new cert reissued and now all is well, lol! Thanks for your help. Not sure what happened before!

yep... blowing up my certs and getting a reissue. hoping that helps/works.

I knew it wasn't going to work because I verified my crt file was already in pem format. Did what you said anyway and had the same result. am i hosed? lol!!

The only thing I changed from the default install were the directory mapping. Changed them to this.. nextcloud lsiodev/nextcloud:latest up-to-date 443/tcp 172.17.0.XXX:8000 /data /mnt/user/Docker_Apps/NEXTCLOUD/data /config /mnt/user/Docker_Apps/NEXTCLOUD/config

both. neither are a no go. as soon as rename the self signed keys to match the conf file, the site works fine. when i rename the bought cert to match the conf file, it's completely unreachable by internal ip or domain. this certainly is odd. i blew up the container and did a reinstall twice. no dice

"cert" are the self signed "cert5" are my paid for cert/key.. -rw-r--r-- 1 nobody users 1.3K Aug 15 18:12 cert.crt -rw-r--r-- 1 nobody users 1.7K Aug 15 18:12 cert.key -rw-rw-rw- 1 nobody users 7.4K Aug 15 23:11 cert5.crt -rw-rw-rw- 1 nobody users 1.8K Aug 15 23:11 cert5.key

I have changed nothing in the conf file. i simple update the certs in the keys folder (giving them the same names as the self signed) restart and get nothing. i can send you the file but it's the default file that works with the self signed certs. nothing more, nothing less. upstream php-handler { server 127.0.0.1:9000; # server unix:/var/run/php/php7.0-fpm.sock; } server { listen 80; server_name _; # enforce https return 301 https://$server_name$request_uri; } server { listen 443 ssl; server_name _; ssl_certificate /config/keys/cert.crt; ssl_certificate_key /config/keys/cert.key; # Add headers to serve security related headers add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; # Path to the root of your installation root /config/www/nextcloud/; # set max upload size client_max_body_size 10G; fastcgi_buffers 64 4K; # Disable gzip to avoid the removal of the ETag header gzip off; # Uncomment if your server is build with the ngx_pagespeed module # This module is currently not supported. #pagespeed off; index index.php; error_page 403 /core/templates/403.php; error_page 404 /core/templates/404.php; rewrite ^/.well-known/carddav /remote.php/dav/ permanent; rewrite ^/.well-known/caldav /remote.php/dav/ permanent; # The following 2 rules are only needed for the user_webfinger app. # Uncomment it if you're planning to use this app. #rewrite ^/.well-known/host-meta /public.php?service=host-meta last; #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; location = /robots.txt { allow all; log_not_found off; access_log off; } location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ { deny all; } location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { deny all; } location / { rewrite ^/remote/(.*) /remote.php last; rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; try_files $uri $uri/ =404; } location ~ \.php(?|/) { fastcgi_split_path_info ^(.+\.php)(/.+)$; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param HTTPS on; fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice fastcgi_pass php-handler; fastcgi_intercept_errors on; } # Adding the cache control header for js and css files # Make sure it is BELOW the location ~ \.php(?|/) { block location ~* \.(?:css|js)$ { add_header Cache-Control "public, max-age=7200"; # Add headers to serve security related headers add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; # Optional: Don't log access to assets access_log off; } # Optional: Don't log access to other assets location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ { access_log off; } }

For the life of me I cannot get nginx to work with a cert I bought from ssls.com. I combine the crt and bundle and copy them to the "keys" directory. restart the docker app and my site is completely unreachable. No security errors or anything, just not reachable. Throw the self signed cert and key back on back works right away. What gives?