July 5, 20187 yr 20 hours ago, CHBMB said: I'd refer you to my earlier reply in January to your same question. I created a ttrss file in letsencrypt/nginx/site-confs with this configuration. I only have an 502 error server { server_name rss.domain.fr; # sub1 config listen 80; listen 443 ssl; root /config/www/tt-rss; index index.html index.htm index.php; ###Set certificates #### ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ### Add Diffie–Hellman key exchange ### # ssl_dhparam /config/keys/server.com/dhparam.pem; ### Disable SSL by enforcing TLS ### ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ###Extra Settings### ssl_prefer_server_ciphers on; ### Add HTTP Strict Transport Security ### add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; add_header Front-End-Https on; location / { proxy_pass http://192.168.1.16:788/; } } Edited July 5, 20187 yr by deadnote
July 5, 20187 yr Also tried to add location ^~ /rss { #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; include /config/nginx/proxy.conf; proxy_pass http://192.168.1.16:788/rss; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location ^~ /rss { #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; include /config/nginx/proxy.conf; proxy_pass http://192.168.1.16:788/rss; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } to the default letsencrypt file but same result : 502 error Can someone tell me where to put the configuration ? in letsencrypt or ttrss ? Thanks ! Edited July 5, 20187 yr by deadnote
July 8, 20187 yr Finally it works ! Here is the config for my rss file in letsencrypt config if it can help someone server { listen 443 ssl; server_name rss.domain.com; root /config/www/tt-rss; index index.html index.htm index.php; ###SSL Certificates ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ###Diffie–Hellman key exchange ### ssl_dhparam /config/nginx/dhparams.pem; ###SSL Ciphers ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ###Extra Settings### ssl_prefer_server_ciphers on; #ssl_session_cache shared:SSL:10m; ### Add HTTP Strict Transport Security ### add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; add_header Front-End-Https on; client_max_body_size 0; location / { proxy_pass http://192.168.1.16:788/; proxy_max_temp_file_size 2048m; include /config/nginx/proxy.conf; } }
December 5, 20196 yr This container had been deprecated. @trurl could you lock this thread please? @Squid Could we blacklist it in CA as well? Thanks
December 30, 20196 yr On 12/5/2019 at 1:36 PM, CHBMB said: This container had been deprecated. @trurl could you lock this thread please? @Squid Could we blacklist it in CA as well? Thanks Hmm... Somehow I missed that
Archived
This topic is now archived and is closed to further replies.