Comments (10)
oscarsmx
commented on June 12, 2024
1
I see in
nginx -Voutput--add-dynamic-module=../headers-more-nginx-module-0.33is there so themore_set_headers "Content-Type: text/plain";is working at leastI see the discussion at has settled on
location ^~ /.well-known/acme-challenge/ { allow all; default_type "text/plain"; }Interesting will have to test this as I've been using Centmin Mod for years with letsencrypt and never had issues with validation.
I'm one of your firsts users from WHT so I know a bit of the stack. (Big fan!) and this was hunting me hard. Hope this help others as I did a big research in the forum every now and then without any luck until today. (This happen to me with laravel and custom php stacks ie non wordpress apps)
from centminmod.
centminmod
commented on June 12, 2024
1
Wow very long time user if from WHT!!
On you end if you want to test both old location context in drop.conf versus new one against HTTP-01 validation test at https://letsdebug.net/ and let me know the links to the hyperlinked test on results page for Show verbose information link or just let me know if the verbose results differ or the same
from centminmod.
centminmod
commented on June 12, 2024
Did you remove the default include file /usr/local/nginx/conf/staticfiles.conf that is created and added to your Nginx vhost config file for
include /usr/local/nginx/conf/staticfiles.conf;
include /usr/local/nginx/conf/drop.conf;
?
As that is where the /.well-known allowance location context is added by default - see code at https://github.com/centminmod/centminmod/blob/master/config/nginx/staticfiles.conf#L3
can you provide a sanitized (replace domain name with = domain.com) version of both your original problematic Nginx vhost and your corrected one so I can compare.
from centminmod.
oscarsmx
commented on June 12, 2024
Did you remove the default include file
/usr/local/nginx/conf/staticfiles.confthat is created and added to your Nginx vhost config file forinclude /usr/local/nginx/conf/staticfiles.conf; include /usr/local/nginx/conf/drop.conf;?
As that is where the /.well-known allowance location context is added by default - see code at https://github.com/centminmod/centminmod/blob/master/config/nginx/staticfiles.conf#L3
can you provide a sanitized (replace domain name with = domain.com) version of both your original problematic Nginx vhost and your corrected one so I can compare.
Sure, but the only thing I did was replace the line of well-known of drop.conf to the one I quote here. Everything else was the same (I didn't remove static or touch anything else) this problem hunted my for a few months maybe a year or so
Here is the vhost:
#x# HTTPS-DEFAULT
server {
server_name domain.com www.domain.com;
return 302 https://domain.com$request_uri;
include /usr/local/nginx/conf/staticfiles.conf;
}
server {
listen 443 ssl http2;
server_name domain.com www.domain.com;
include /usr/local/nginx/conf/ssl/domain.com/domain.com.crt.key.conf;
include /usr/local/nginx/conf/ssl_include.conf;
# cloudflare authenticated origin pull cert community.centminmod.com/threads/13847/
#ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/domain.com/origin.crt;
#ssl_verify_client on;
http2_max_field_size 16k;
http2_max_header_size 32k;
# mozilla recommended
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
ssl_prefer_server_ciphers on;
#add_header Alternate-Protocol 443:npn-spdy/3;
# before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
#add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
#add_header X-Frame-Options SAMEORIGIN;
add_header X-Xss-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
#add_header Referrer-Policy "strict-origin-when-cross-origin";
#spdy_headers_comp 5;
ssl_buffer_size 1369;
ssl_session_tickets on;
# enable ocsp stapling
resolver 8.8.8.8 8.8.4.4 1.1.1.1 1.0.0.1 valid=10m;
resolver_timeout 10s;
ssl_stapling on;
ssl_stapling_verify on;
# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;
# limit_conn limit_per_ip 16;
# ssi on;
access_log /home/nginx/domains/domain.com/log/access.log combined buffer=256k flush=5m;
error_log /home/nginx/domains/domain.com/log/error.log;
include /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf;
root /home/nginx/domains/domain.com/public/public;
# uncomment cloudflare.conf include if using cloudflare for
# server and/or vhost site
#include /usr/local/nginx/conf/cloudflare.conf;
include /usr/local/nginx/conf/503include-main.conf;
#location ~* ^/.well-known/acme-challenge {
# root /home/nginx/domains/domain.com/public;
# allow all;
#}
location / {
include /usr/local/nginx/conf/503include-only.conf;
# block common exploits, sql injections etc
#include /usr/local/nginx/conf/block.conf;
# Enables directory listings when index file not found
#autoindex on;
# Shows file listing times as local time
#autoindex_localtime on;
# Wordpress Permalinks example
#try_files $uri $uri/ /index.php?q=$uri&$args;
try_files $uri $uri/ /index.php?$query_string;
}
include /usr/local/nginx/conf/pre-staticfiles-local-domain.com.conf;
include /usr/local/nginx/conf/pre-staticfiles-global.conf;
include /usr/local/nginx/conf/staticfiles.conf;
include /usr/local/nginx/conf/php.conf;
include /usr/local/nginx/conf/drop.conf;
#include /usr/local/nginx/conf/errorpage.conf;
include /usr/local/nginx/conf/vts_server.conf;
}
from centminmod.
centminmod
commented on June 12, 2024
can you post output for command
nginx -V
from centminmod.
oscarsmx
commented on June 12, 2024
can you post output for command
nginx -V
Sure
nginx version: nginx/1.19.6 (040121-205818-centos7-ecdbf64-br-9aec15e)
Just to let you know I did everything I read on the forum, with several versions of nginx only today I was able to do it right out the box with that line (of drop.conf because I tried hardcoding other solutions directly in the vhost) which if you take a look it only adds a ^ in the line you have now it's recommended in the letsencrypt github url quoted.
I was hating laravel with centminmod for that reason. I'm a happy user now.
Note:
Why are there two lines of well-know in two files? drop and static.
from centminmod.
centminmod
commented on June 12, 2024
Need the full output for nginx -V including configuration.
Why are there two lines of well-know in two files? drop and static.
It's there as some folks remove one of them i.e. staticfiles.conf and loose the letsencrypt validation support
from centminmod.
oscarsmx
commented on June 12, 2024
Need the full output for
nginx -Vincluding configuration.Why are there two lines of well-know in two files? drop and static.
It's there as some folks remove one of them i.e. staticfiles.conf and loose the letsencrypt validation support
Weird folks.
[21:00][root@ded html]# nginx -V
nginx version: nginx/1.19.6 (040121-205818-centos7-ecdbf64-br-9aec15e)
built by gcc 8.3.1 20190311 (Red Hat 8.3.1-3) (GCC)
built with OpenSSL 1.1.1i 8 Dec 2020
TLS SNI support enabled
configure arguments: --with-ld-opt='-Wl,-E -L/usr/local/zlib-cf/lib -L/usr/local/lib -ljemalloc -Wl,-z,relro -Wl,-rpath,/usr/local/zlib-cf/lib:/usr/local/lib -flto=8 -fuse-ld=gold' --with-cc-opt='-I/usr/local/zlib-cf/include -I/usr/local/include -m64 -march=native -DTCP_FASTOPEN=23 -g -O3 -fstack-protector-strong -flto=8 -fuse-ld=gold --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wno-error=pointer-sign -Wimplicit-fallthrough=0 -fcode-hoisting -Wno-cast-function-type -Wno-format-extra-args -Wp,-D_FORTIFY_SOURCE=2 -Wno-deprecated-declarations' --sbin-path=/usr/local/sbin/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --build=040121-205818-centos7-ecdbf64-br-9aec15e --with-compat --with-http_stub_status_module --with-http_secure_link_module --with-libatomic --with-http_gzip_static_module --add-dynamic-module=../ngx_brotli --add-dynamic-module=../ngx_http_geoip2_module --with-http_sub_module --with-http_addition_module --with-http_image_filter_module=dynamic --with-http_geoip_module --with-stream_geoip_module --with-stream_realip_module --with-stream_ssl_preread_module --with-threads --with-stream --with-stream_ssl_module --with-http_realip_module --add-dynamic-module=../ngx-fancyindex-0.4.2 --add-module=../ngx_cache_purge-2.5.1 --add-dynamic-module=../ngx_devel_kit-0.3.0 --add-dynamic-module=../set-misc-nginx-module-0.32 --add-dynamic-module=../echo-nginx-module-0.62 --add-module=../redis2-nginx-module-0.15 --add-module=../ngx_http_redis-0.3.7 --add-module=../memc-nginx-module-0.19 --add-module=../srcache-nginx-module-0.32 --add-dynamic-module=../headers-more-nginx-module-0.33 --with-pcre-jit --with-zlib=../zlib-cloudflare-1.3.0 --with-http_ssl_module --with-http_v2_module --with-openssl=../openssl-1.1.1i --with-openssl-opt='enable-ec_nistp_64_gcc_128 enable-tls1_3 -fuse-ld=gold'
This happen to me with a non-custom nginx (just with the one installed from bash command) I did touch too much this config after months with the problem
from centminmod.
centminmod
commented on June 12, 2024
I see in nginx -V output --add-dynamic-module=../headers-more-nginx-module-0.33 is there so the more_set_headers "Content-Type: text/plain"; is working at least
I see the discussion at has settled on
location ^~ /.well-known/acme-challenge/ {
allow all;
default_type "text/plain";
}
Interesting will have to test this as I've been using Centmin Mod for years with letsencrypt and never had issues with validation.
from centminmod.
oscarsmx
commented on June 12, 2024
Wow very long time user if from WHT!!
On you end if you want to test both old location context in drop.conf versus new one against HTTP-01 validation test at https://letsdebug.net/ and let me know the links to the hyperlinked test on results page for
Show verbose informationlink or just let me know if the verbose results differ or the same
Yep, few years now you weren't that popular in that time haha (Actually I was the one that requested the custom nginx server-name-header waaaay back when you need to edit the bash file).
I can't link because of the domain but they are the same.
Note: I didn't knew that the link of the letsencrypt was you LOL what a tiny world.
from centminmod.
Related Issues (20)
- Be docker compatible with centos HOT 2
- Support Centos 8 ? HOT 3
- 405 error for /?wc-ajax=get_refreshed_fragments ajax callbacks with Cache enabler method HOT 10
- README licence badge reads 'AGPL' HOT 1
- Feedback and suggestions HOT 3
- OPcache on shared hosting HOT 1
- From acme.sh v3.0.0, acme.sh is using Zerossl as default ca, instead of LetsEncrypt and this breaks the vhost add functionality with LetsEncrypt HOT 3
- Custom SSL SELFSIGNEDSSL_O (Organization (O)) and SELFSIGNEDSSL_OU (Organizational Unit (OU)) variables ignored when requesting ssl certificate
- -bash: grepย -rnw: command not found HOT 1
- Option to Add Nginx vhost fails to generate LetsEncrypt certificate if domain has AAAA ipv6 address configured HOT 3
- Dual-core CPU cannot open php PGO extension HOT 2
- How to strip tracking parameters via nginx? HOT 1
- installer broken it doesn't install everything HOT 12
- CSS / readability issue on "Quick Curl Installer" HOT 2
- broken INDEX.HTML PLACE HOLDER page HOT 1
- Problem with WP-CLI after fresh installation HOT 5
- phpswoole option not bundling swoole PHP extension
- phpmyadmin install error (node, npm) HOT 4
- Forum registration API problem HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from centminmod.