SSL certificate for Ubooquity
|
Posts: 215
Threads: 25
Joined: Aug 2015
Reputation:
26
[Solved]
May 06, 2016, 06:26 PM
So today I installed Ubooquity and forwarded it on my router so I can access it outside my network. BUT, because I enabled HSTS in my owncloud I can't access Ubooquity over http and only over https. For now I disabled HSTS in my owncloud but I was wondering if I couldn't set up a SSL certificate for Ubooquity.
Not sure how to do this. Do I need to generate a new SSL certificate? And where and how do I tell Ubooquity to use SSL?
Thanks.
That McNugget sauce. I want that Mulan McNugget sauce, Morty. That's my series arc, Morty! If it takes nine seasons!
Posts: 1,646
Threads: 2
Joined: Aug 2015
Reputation:
42
[Solved]
May 06, 2016, 06:44 PM
You could do this two ways. One is to use nginx as a reverse proxy with https to pass requests to Ubooquity. For the reverse proxy you will need to set a Reverse proxy prefix in the Ubooquity settings that will match the location block for nginx - you can use a separate virtual host file and port so you won't interfere with owncloud. I have several nginx reverse proxy guides (like this) that you can use as a base, the only difference will be the location name you use.
The other way is to generate a jks file from somewhere like here and add it in the Advanced settings in Ubooquity
Posts: 215
Threads: 25
Joined: Aug 2015
Reputation:
26
[Solved]
May 06, 2016, 07:57 PM
So for now I used option 2 which worked like a charm. If I have some time I probably look into the reverse proxy.
What I did for now is:
First make your SSL certificate:
Code:
keytool -genkey -keyalg RSA -alias selfsigned -keystore /var/certs/ubooquity.jks -storepass passwd -validity 36000 -keysize 2048
In first and last name you enter your domain name or dns name you will be using to connect to ubooquity.
Then go to your admin page and all the way down to the advanced settings and click edit. There fill in the 'KeyStore file path', in my case /var/certs/ubooquity.jks and the certificate's password in 'KeyStore password'.
Click apply and you will get to the 'Preferences edited successfully. Server has been restarted' page. Now you have to start using https.
Also added the certificate to my trusted certificates so I won't get any warning pages anymore, did this the same way as I did for owncloud.
Thanks for the help, Mike.
That McNugget sauce. I want that Mulan McNugget sauce, Morty. That's my series arc, Morty! If it takes nine seasons!
Posts: 215
Threads: 25
Joined: Aug 2015
Reputation:
26
[Solved]
May 15, 2016, 02:57 PM
(This post was last modified: May 15, 2016, 02:59 PM by Yveske.)
So now I have been trying to setting up nginx as a reverse proxy but the problem now is that the interface won't load. I tried it with ubooquity and sonarr and they both have the same problem, they give a bunch of 404 errors:
Code:
https://url.com/Content/bootstrap.css?h=B0dBgNG14KL2tMa7vXftmg Failed to load resource: the server responded with a status of 404 (Not Found)
https://url.com/Content/bootstrap.toggle-switch.css?h=zOaXXVYFa3wIaWmeJ2sr4g Failed to load resource: the server responded with a status of 404 (Not Found)
https://url.com/Content/Messenger/messenger.flat.css?h=uXfH5hwpPgS6GV/TDVEpRw Failed to load resource: the server responded with a status of 404 (Not Found)
https://url.com/Content/Messenger/messenger.css?h=qO6BkYDBjiMimxVChpoknA Failed to load resource: the server responded with a status of 404 (Not Found)
And a bunch more. I read here it has to do with permissions for nginx, so the www-data user. But I'm a bit afraid if start screwing with permission, I'm going to break my system
You have an idea how to or point me in the right direction?
Thanks.
Edit: the user www-data is already added to the pi group.
That McNugget sauce. I want that Mulan McNugget sauce, Morty. That's my series arc, Morty! If it takes nine seasons!
Posts: 215
Threads: 25
Joined: Aug 2015
Reputation:
26
[Solved]
May 15, 2016, 05:39 PM
So have been trying to give full 777 permissions to the entire /opt/ubooquity folder and made www-data the owner but no luck. Could it maybe have something to do with the map it's installed it? Just thinking because owncloud and wordpress are both installed in the /var/www folder. Or should this not have any influence?
That McNugget sauce. I want that Mulan McNugget sauce, Morty. That's my series arc, Morty! If it takes nine seasons!
Posts: 1,646
Threads: 2
Joined: Aug 2015
Reputation:
42
[Solved]
May 15, 2016, 05:58 PM
Reverse proxy does not need access to the /var/www folder so don't worry about that.
Post your nginx virtual host file for the reverse proxy.
For Sonarr did you set the custom web root to /sonarr?
Posts: 215
Threads: 25
Joined: Aug 2015
Reputation:
26
[Solved]
May 15, 2016, 07:12 PM
Nevermind, forgot a few lines.
Code:
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_session_cache shared:SSL:10m;
I was focusing too hard to have it work in the same file as owncloud, so I could use one port and doesn't had to add a port in my webadres. But for now it will do.
That McNugget sauce. I want that Mulan McNugget sauce, Morty. That's my series arc, Morty! If it takes nine seasons!
Posts: 1,646
Threads: 2
Joined: Aug 2015
Reputation:
42
[Solved]
May 15, 2016, 07:18 PM
Ah yes it is better to have a separate virtual host for reverse proxies only
Can we mark this as solved?
Posts: 215
Threads: 25
Joined: Aug 2015
Reputation:
26
[Solved]
May 15, 2016, 07:28 PM
Yes it's solved. Everything works fine.
Thanks a lot.
That McNugget sauce. I want that Mulan McNugget sauce, Morty. That's my series arc, Morty! If it takes nine seasons!
Posts: 215
Threads: 25
Joined: Aug 2015
Reputation:
26
[Solved]
May 15, 2016, 11:29 PM
(This post was last modified: May 15, 2016, 11:34 PM by Yveske.)
I just couldn't let it go so in a rare bright moment I came up with a way to get reverse proxy and owncloud through the same port. So you make your owncloud nginx file like it is but in your reverse proxy file you add:
Code:
location /owncloud {
proxy_pass https://127.0.0.1:1443;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
At proxy_pass make sure to use https because you have set up owncloud with https. And in my example the 1443 is owncloud's ssl port.
This how I got it to work. Now you can reach your owncloud with the port you set up in your reverse proxy file. Anybody any thoughts about?
That McNugget sauce. I want that Mulan McNugget sauce, Morty. That's my series arc, Morty! If it takes nine seasons!
|
|
Recent Posts
|
Running Plex over a Split Tunnel VPN
jonescelinaa Apr 27, 2024, 09:19 AM
|
About Swap
jonescelinaa Apr 10, 2024, 06:58 AM
|
Tracker Status: Error Connection Time Out
jonesPhedra Apr 04, 2024, 08:17 AM
|
Plex server not powerful enough, but only with s...
jonesPhedra Mar 27, 2024, 03:02 AM
|
game Geometry Dash Scratch
jonescelinaa Jan 31, 2024, 04:21 AM
|
Latest unread posts | Unanswered posts |
|