CHBMB Posted July 4, 2018 Share Posted July 4, 2018 I'd refer you to my earlier reply in January to your same question. Link to comment
deadnote Posted July 5, 2018 Share Posted July 5, 2018 (edited) 20 hours ago, CHBMB said: I'd refer you to my earlier reply in January to your same question. I created a ttrss file in letsencrypt/nginx/site-confs with this configuration. I only have an 502 error server { server_name rss.domain.fr; # sub1 config listen 80; listen 443 ssl; root /config/www/tt-rss; index index.html index.htm index.php; ###Set certificates #### ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ### Add Diffie–Hellman key exchange ### # ssl_dhparam /config/keys/server.com/dhparam.pem; ### Disable SSL by enforcing TLS ### ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ###Extra Settings### ssl_prefer_server_ciphers on; ### Add HTTP Strict Transport Security ### add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; add_header Front-End-Https on; location / { proxy_pass http://192.168.1.16:788/; } } Edited July 5, 2018 by deadnote Link to comment
deadnote Posted July 5, 2018 Share Posted July 5, 2018 (edited) Also tried to add location ^~ /rss { #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; include /config/nginx/proxy.conf; proxy_pass http://192.168.1.16:788/rss; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location ^~ /rss { #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; include /config/nginx/proxy.conf; proxy_pass http://192.168.1.16:788/rss; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } to the default letsencrypt file but same result : 502 error Can someone tell me where to put the configuration ? in letsencrypt or ttrss ? Thanks ! Edited July 5, 2018 by deadnote Link to comment
deadnote Posted July 8, 2018 Share Posted July 8, 2018 Finally it works ! Here is the config for my rss file in letsencrypt config if it can help someone server { listen 443 ssl; server_name rss.domain.com; root /config/www/tt-rss; index index.html index.htm index.php; ###SSL Certificates ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ###Diffie–Hellman key exchange ### ssl_dhparam /config/nginx/dhparams.pem; ###SSL Ciphers ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ###Extra Settings### ssl_prefer_server_ciphers on; #ssl_session_cache shared:SSL:10m; ### Add HTTP Strict Transport Security ### add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; add_header Front-End-Https on; client_max_body_size 0; location / { proxy_pass http://192.168.1.16:788/; proxy_max_temp_file_size 2048m; include /config/nginx/proxy.conf; } } Link to comment
CHBMB Posted December 5, 2019 Share Posted December 5, 2019 This container had been deprecated. @trurl could you lock this thread please? @Squid Could we blacklist it in CA as well? Thanks Link to comment
Squid Posted December 30, 2019 Share Posted December 30, 2019 On 12/5/2019 at 1:36 PM, CHBMB said: This container had been deprecated. @trurl could you lock this thread please? @Squid Could we blacklist it in CA as well? Thanks Hmm... Somehow I missed that Link to comment
Recommended Posts