/ Register

Get the most out of your Centmin Mod LEMP stack
Become a Member

SSL Where do you suggest getting a SSL Certificate

Discussion in 'Domains, DNS, Email & SSL Certificates' started by Itworx4me, Oct 15, 2018.

Previous Thread Next Thread
Loading...
Page 2 of 2
  1. Oct 22, 2018 #21
    eva2000

    eva2000 Administrator Staff Member

    58,893
    12,490
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,122
    Local Time:
    9:56 AM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
    looks all correct but see you have cloudflare in front. Cloudflare flexible SSL talks to non-https origin nginx but if you do move SSL - Where do you suggest getting a SSL Certificate non-https vhost to disable it, Cloudflare flexible SSL can not talk to non-https version of your site. So you need to switch Cloudflare from flexible SSL to full ssl in CF dashboard's crypto tab to tell CF to talk with https nginx origin instead.
     
  2. Oct 22, 2018 #22
    Itworx4me

    Itworx4me Premium Member Premium Member

    339
    35
    28
    Mar 14, 2017
    Ratings:
    +65
    Local Time:
    4:56 PM
    Nginx 1.27.4
    MariaDB 10.6.21
    Thanks I have swithched to full and it seems to be working. I do have another question though. I am not seeing the lock in the address bar. I get a circle with an i in the middle. How do I fix it so everyone sees a lock?

    Thanks,
    Itworx4me
     
  3. Oct 22, 2018 #23
    eva2000

    eva2000 Administrator Staff Member

    58,893
    12,490
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,122
    Local Time:
    9:56 AM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
  4. Oct 28, 2018 #24
    Itworx4me

    Itworx4me Premium Member Premium Member

    339
    35
    28
    Mar 14, 2017
    Ratings:
    +65
    Local Time:
    4:56 PM
    Nginx 1.27.4
    MariaDB 10.6.21
    @eva2000 I somehow locked myself out of the xF admin control using instruction given here:
    Create auth_basic_user_file /usr/local/nginx/conf/htpasswd_admin_php and set your own USERNAME and PASSWORD for htaccess password protection using below command in SSH session as root user.
    Code (Text):
    /usr/local/nginx/conf/htpasswd.sh create /usr/local/nginx/conf/htpasswd_admin_php USERNAME PASSWORD

    Uncomment by removing the hash # from allow lines for YOURIPADDRESS and replace YOURIPADDRESS with your static IP address

    Below vhost config is for Xenforo installed at web root / location only and NOT for Xenforo installed in subdirectory folder.

    Code (Text):
    location /admin.php {
     auth_basic "Private";
     auth_basic_user_file /usr/local/nginx/conf/htpasswd_admin_php;
        include /usr/local/nginx/conf/php.conf;
        allow 127.0.0.1;
        #allow YOURIPADDRESS;
        deny all;
}


    I get a 403 forbidden error when going to the admin panel now. I doubled checked my ip address and its correct. Any ideas where I went wrong?

    Thanks,
    Itworx4me
     
  5. Oct 28, 2018 #25
    eva2000

    eva2000 Administrator Staff Member

    58,893
    12,490
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,122
    Local Time:
    9:56 AM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
    Are you using cloudflare ? did you correctly configure site nginx vhost for cloudflare detecting real ip

    Sounds like you haven't properly setup on your server real ip forwarding so that your web server and web apps see the visitor real ip instead of Cloudflare's reverse proxy IP and setting up /usr/local/src/centminmod/tools/csfcf.sh for 123.09beta01 and new users

    see

    so follow the appropriate guide for your web server.

    For my Centmin Mod Nginx users I wrote a specific guide for them including a script to auto generate the latest Cloudflare IPs for the configuration at Nginx Cloudflare & Incapsula (reverse proxy HttpRealIpModule) - CentminMod.com LEMP Nginx web stack for CentOS

    If using Centmin Mod 123.09beta01 or newer branches, the generated Nginx vhost already have setup automated script to pull latest Cloudflare IPs for CSF Firewall whitelisting outlined here. The generated Nginx vhost will have an include file /usr/local/nginx/conf/cloudflare.conf that is prepopulated with Cloudflare IPs pulled in via a cronjob you manually setup as outlined here.
    Code (Text):
      # uncomment cloudflare.conf include if using cloudflare for
  # server and/or vhost site
  include /usr/local/nginx/conf/cloudflare.conf;

    cronjob you manually setup once only
    Code (Text):
    23 */36 * * * /usr/local/src/centminmod/tools/csfcf.sh auto >/dev/null 2>&1
     
Previous Thread Next Thread
Loading...
Page 2 of 2

.