Hi, How do I enable the following for nginx for domain.vhost: http2 on; include letsencrypt-webroot; I am getting the following error: open() "/etc/nginx/letsencrypt-webroot" failed (2: No such file or directory) Thank you!
What exactly do you want to achieve, since you asked your question under ISPConfig 3 -> Installation/Configuration? If you want to enable HTTP/2 for a Vhost created and managed by ISPConfig, you only need to enable SSL/Let's Encrypt for the Vhost in the interface.
I am trying to setup cryptpad, the following is not working: server { listen 80; listen [::]:80; server_name domain.com subdomain.domain.com; access_log /dev/null; error_log /dev/null emerg; # Let's Encrypt webroot include letsencrypt-webroot; # Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response. return 301 https://$host$request_uri; } server { listen 443 ssl; listen [::]:443 ssl; http2 on; # Let's Encrypt webroot include letsencrypt-webroot; server_name domain.com subdomain.domain.com; ssl_certificate /var/www/clients/client0/web1/ssl/domain.com-le.crt ssl_certificate_key /var/www/clients/client0/web1/ssl/domain.com-le.key; # diffie-hellman parameters are used to negotiate keys for your session # generate strong parameters using the following command ssl_dhparam /etc/nginx/dhparam.pem; # openssl dhparam -out /etc/nginx/dhparam.pem 4096 # Speeds things up a little bit when resuming a session ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; ssl_session_tickets off; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA- CHACHA20-POLY1305HE-RSA-AES128-GCM-SHA256HE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; # HSTS (ngx_http_headers_module is required) (63072000 seconds) add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always; # OCSP stapling ssl_stapling on; ssl_stapling_verify on; # verify chain of trust of OCSP response using Root CA and Intermediate certs ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt; # replace with the IP address of your resolver resolver 8.8.8.8 8.8.4.4 1.1.1.1 1.0.0.1 9.9.9.9 149.112.112.112 208.67.222.222 208.67.220.220; location / { proxy_pass http://localhost:3000; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 150m; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection upgrade; } location ^~ /cryptpad_websocket { proxy_pass http://localhost:3003; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection upgrade; } }
To enable SSL with LeT's encrypt, just enable the SSL and let's Encrypt checkboxes of the website. You neither add: http2 on; nor: include letsencrypt-webroot; for that. Adding it must cause you issues and is not required to enable SSL, so just don't add it.
What should be the resolver IP address, I have it set to: resolver 127.0.1.1; I am getting the following error in the browser when trying to access https://domain.com:3000: NS_ERROR_CONNECTION_REFUSED Log file is not showing errors. Thank you!
Ok, so ISPConfig is working fine but the other software that you try to install is not working? As port 3000 is not related to ISPConfig but you posted this originally in ISPConfig forum. You might want to contact the support of that other software and ask them how to install and configure it. After you've done that and verified it is working, then you can continue configuring a proxy in front of it e.g. by doing this in ISPConfig, if you use ISPConfig on that system. Upon reviewing the configuration you posted in #3 again, it appears that this is not an ISPConfig website at all. Therefore, you must be using a different control panel, as ISPConfig did not generate that configuration. I have moved your post to the non-ISPConfig questions section now in case you need more help.
