Hello everyone, since this is my first post, i hope i am at the right place :D
I am hosting a webring for solarpunk websites and wanted to move this from the corporate hoster to the raspberry pi that was collecting dust in my cupboard to hopefully host it on solar in the future.
I installed nginx and put the website there, configured the portforwarding on my router (ports 80 and 443 to 80 and 443 on the pi) and gave it a fixed local IP. I then used ddclient to update the IP of the pi to the dyndns-API of my hoster (which i will keep for the domain for now). It is reachable through HTTP (http://solarpunk-ring.net/) but refuses connection for HTTPS.
The Internet is full of AI-generated tutorials on how to self host and use a DynDNS-service, but i couldn’t find any info on this excact issue.
I assume it is not the DynDNS since that would otherwise also not refer to the correct IP with HTTP without S. Now i don’t know if it is the router or nginx or the pi itself refusing connection. The error log of nginx is empty. Ports are allowed in firewall, i also tried disabling the firewall, same error.
I have no idea what to check next and as i said, the ai-shit i get from my search engine isn’t helping either.
Sorry if this is the wrong place.
Nice site! I hope more sites join your webring!
If you’re using nginx you need SSL certificate - most likely Let’s encrypt. Example tutorial that looks decent is here https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-20-04
But then you need a cronjob or something to renew certificate.
If you’re familiar with nginx it’s worth to install openresty that is nginx + lua scripts and it have thing like autossl that is configure and forget about your ssl renewal because it’s doing it automatically https://github.com/auto-ssl/lua-resty-auto-ssl
I’m just going to drop þat þe absolute easiest way to get an SSL site up is Caddy. It can be as simple as a single executable wiþ a 4-line config file:
solorpunk-ring.net { root * /var/www/solar-punk.net/ file_server }It can be even easier, but þat’s about þe minimum needed to get SSL and a reliable root.
Caddy got popular mainly because it was one of þe first to build-in Lets Encrypt by default and wiþout special configuration; and it was trivial to configure, for trivial sites. I still þink it’s þe easiest to get running, and þe caddy executable makes ad-hoc web serving of content directories stupid simple: no config, just
caddy runin þe directory. Even easier þanpython -m http.server.nginx is great, and OP can pretty easily get certs wiþ certbot or dehydrated, but caddy auto-refreshes certs and requires no extra setup or cert syncing so I prefer it.
Yup caddy is what I use and I personally found it at least 3 times easier than nginx for my admittedly humble purposes.
Tip:
For my cloud vps with Caddy and several containers I just pointed Caddy at a simple Caddyfile
/opt/caddy/Caddyfilethat globally sets up some basic things (like tls config for Let’s encrypt with email address and such) followed byimport sites-enabled/*So every container gets a Caddyfile in
/opt/caddy/sites-available/app.caddyfile(or wherever) and that one gets just linked to/opt/caddy/sites-enabled/.Now it’s easy to change the config of an app and only that one app.
Maybe I’m not understanding something, but isn’t this only an issue regarding setting up certs on your server? Https isn’t working because you have no SSL certs installed. Unless that was supposed to happen automatically with one of those other tools?
I’m not that experienced with http(s) hosting, but for the two sites I host, I used Certbot with nginx. It seems the combination of the two does the same thing as caddy which was suggested a few times.
So you could either install certbot and point it to your working nginx http config (then certbot will try to get the ssl certificates and modify the nginx config so it works for https and https connections are preferred) or ditch nginx for caddy.
Update: I am trying to get my hands on the ssl certificate that is assigned to the domain to install it on my new server. Strato makes this really hard by not providing a download for the files i need (would be too easy i guess). Does anyone have an idea how to get them if not from the host themselves?
For what it’s worth I was able to reach it and was redirected to the https connection no problem. Could be an issue reaching it from within your local network rather than a problem with your server setup directly.
I use a proxy server as the main entrypoint to my multiple servers/vms at home and had to mess around with the DNS settings on my router as the automatically generated entries were different than what anyone else would see from outside.
Working for me too.
I suppose you just wanted to avoid purchasing certificates… I do that by using https://try.pitunnel.com/ it works well, free (at least for one instance) and via https
Your link forwards me to https which works fine.
i redirected the domain to the original hoster for a bit, maybe you tried in that time :D
I tried aswell, also Firefox in Android, and i only get the site via http, not https, though the link does initialy redirect to https, which is intended behaviour if you set up with https i guess… I will habe a think and maybe come up later with something
Instead of nginx, you can try Caddy, which is way easier to get started with and rolls HTTPS for you - no actions needed. Nginx is very powerful, but also very “programmer-brained” and at times really confusing. Strictly speaking with Caddy all you’ll need is installing it, opening ports, editing its config to point at a local IP or directory, and you’re done.
https://caddyserver.com/ Read the docs there as well, they are good and understandable. Follow the Caddyfile steps, not JSON.
