Control Web Panel
WebPanel => Installation => Topic started by: xjlin0 on February 23, 2017, 03:28:40 PM
-
Hi there,
Trying CentOS7 with the latest CWP, successfully installed the let's encrypt, so https://my.domain works. Then installed Nginx+Apache in Apache Setting -> Select Web servers. Here I got a question: Nginx only listen to port 80, the http port, NOT 443, the https port. Thus https is still served by Apache, not Nginx.
When configured CWP to use Apache+Nginx, How to make Nginx to listen to https port 443 for all future clients? Should I change apache template? Will the auto-renewal of let's encrypt and rebuilt vHost overwrite the settings as well?
ps. I am within AWS VPC so I am using NAT'ed mode.
Thanks!
http://imgur.com/a/cg9dY (http://imgur.com/a/cg9dY)
-
it takes manual configuration, its not automated in the gui yet.
So u need to tell nginx to listen to that port and to use this and that certs (u can use the certs u used for setting it up
/etc/letsencrypt/live/domainname/xxx.pem and so on
http://nginx.org/en/docs/http/configuring_https_servers.html
-
Cwp uses Apache as the main server and nginx as a reverse proxy
-
Thanks, so in my NAT'ed case using cwp-el7-latest, under /etc/nginx/conf.d/, there are two Nginx config files: one with domain name and the other is ip address number. Which one or how should I change?
1. Public_IP_number.conf pointing to local IP address, such as 172.217.6.46.conf
server {
listen 192.168.0.1:80;
....
server_name 172.217.6.46;
root /usr/local/apache/htdocs;
.....
proxy_pass http://192.168.0.1:8181;
include proxy.inc;
...
}
2. my.domain.name.conf, such as google.com.conf
server {
listen 192.168.0.1:80;
..
server_name google.com www.google.com;
root /home/user/public_html;
...
proxy_pass http://192.168.0.1:8181;
include proxy.inc;
}
I need to add the following lines to Nginx config, but what is my IP? the local one or the public one?
source: http://forum.centos-webpanel.com/ssl/if-i-force-ssl-across-my-domain-will-i-loose-the-benfits-of-varnishnginx
listen YOUR_IP:443 ssl;
ssl_certificate path_to/cert.pem;
ssl_certificate_key path_to/privkey.pem;
Will the Nginx change above alter mod_security? Really appreciate your comments and have a great weekend!
-
Thanks, so in my NAT'ed case using cwp-el7-latest, under /etc/nginx/conf.d, there are two Nginx config files: one with domain name and the other is ip address number. Which one or how should I change?
1. Public_IP_number.conf pointing to local IP address, such as 172.217.6.46.conf:
server {
listen 192.168.0.1:80;
....
server_name 172.217.6.46;
root /usr/local/apache/htdocs;
.....
proxy_pass http://192.168.0.1:8181;
include proxy.inc;
...
}
2. my.domain.name.conf, such as google.com.conf
server {
listen 192.168.0.1:80;
..
server_name google.com www.google.com;
root /home/user/public_html;
...
proxy_pass http://192.168.0.1:8181;
include proxy.inc;
}
I need to add the following lines to Nginx config, but what is my IP? the local one or the public one?
source: http://forum.centos-webpanel.com/ssl/if-i-force-ssl-across-my-domain-will-i-loose-the-benfits-of-varnishnginx
listen YOUR_IP:443 ssl;
ssl_certificate path_to/cert.pem;
ssl_certificate_key path_to/privkey.pem;
Will the Nginx change above alter mod_security? Really appreciate your comments and have a great weekend!
In the ip and my domain conf change the port to 443 so that that server listens to that port
listen YOUR_IP:443 ssl;
public ip
wha u just did (more for my brains then yours)
u came from nginx on port 80 passing to proxy apache port8181
Now u changed nginx to listen to port 443
only need to rewrite requests from port 80 to 443
server {
listen 80;
server_name my.domain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name my.domain.com;
# add Strict-Transport-Security to prevent man in the middle attacks
add_header Strict-Transport-Security "max-age=31536000";
[....]
}