Need help setting up OwnCloud with SSL

[rodofrn]

well, when I did cyberjock's part 5,

5. Go to SSL!

Attached is my nginx.conf(I had to make it a .txt file for the forum software filters). You can either use mine, or read through mine and adapt it for your server. The main lines to eyeball are:

ssl_certificate /usr/local/etc/nginx/server.crt;
ssl_certificate_key /usr/local/etc/nginx/server.key;
listen 443 ssl;

I changed "listen" to 80...is that correct?

 

[danb35]

No, that should have been left at 443.

 

[rodofrn]

ohhh, ok...lemme see.

 

[rodofrn]

No, that should have been left at 443.

now they all give me "REDUSED TO CONNECT" what ports do i have to setup in the ruter? 80 and 443?

EDIT: I setup both 80 and 443 to point to my jail ip, now I see blank pages!!! WHY?? i have no idea.!!

 

[danb35]

Ports 80 and 443 will need to be forwarded to the jail.

 

[rodofrn]

Ports 80 and 443 will need to be forwarded to the jail.

I setup both 80 and 443 to point to my jail ip, now I see blank pages!!! WHY?? i have no idea.!!

 

[rodofrn]

Ports 80 and 443 will need to be forwarded to the jail.

I setup both 80 and 443 to point to my jail ip, now I see blank pages!!! WHY?? i have no idea.!!

i guess it has to do with Joshua's installation process, like change a port somewhere or something like that...whatcha think?

 

[rodofrn]

Ports 80 and 443 will need to be forwarded to the jail.

dan, please help me...

I setup both 80 and 443 to point to my jail ip, now I see blank pages!!! WHY?? i have no idea.!!

i guess it has to do with Joshua's installation process, like change a port somewhere or something like that...whatcha think?

 

[adrianwi]

What port is NGINX listening on in your nginx.conf file (/usr/local/etc/nginx)

I suspect your issues are with this file in some way or another given you've set it up simply following various guides with little understanding of what each component is doing ;)

From my experience, small steps are the best way to learn this stuff with regular snapshots before you change anything so you can always roll back to a previously working version. I would have got SSL configured using one guide (cyberjock's self-signed method) and then looked at way of changing the type of certificate once you'd got that working.

 

[danb35]

I would have got SSL configured using one guide (cyberjock's self-signed method) and then looked at way of changing the type of certificate once you'd got that working.

...which is what I think I suggested initially.

@rodofrn, this is moving from an area that I know a bit about (Let's Encrypt configuration) to an area I don't know much about (nginx configuration), so I'm not sure how much more help I can give. You got a TLS cert from Let's Encrypt, and you had nginx configured to use that cert, but it's not serving your content as desired. The best I can suggest is (1) check the log files in your jail for errors, and/or (2) post your nginx.conf file and see if someone here can spot the problem.

 

[rodofrn]

What port is NGINX listening on in your nginx.conf file (/usr/local/etc/nginx)

I suspect your issues are with this file in some way or another given you've set it up simply following various guides with little understanding of what each component is doing ;)

From my experience, small steps are the best way to learn this stuff with regular snapshots before you change anything so you can always roll back to a previously working version. I would have got SSL configured using one guide (cyberjock's self-signed method) and then looked at way of changing the type of certificate once you'd got that working.

...which is what I think I suggested initially.

@rodofrn, this is moving from an area that I know a bit about (Let's Encrypt configuration) to an area I don't know much about (nginx configuration), so I'm not sure how much more help I can give. You got a TLS cert from Let's Encrypt, and you had nginx configured to use that cert, but it's not serving your content as desired. The best I can suggest is (1) check the log files in your jail for errors, and/or (2) post your nginx.conf file and see if someone here can spot the problem.

Hi guys, thank you for your support, I really appreaciate it. I am really new to all this, you are right, I should have done it that way. but i thought a "real" certificate was better?

Attached you can find the nginx.conf file: Let me know if there is something wrong, I have forwarded port 443 and 80 on to the jail's ip. The problem is that I get a blank page instead of the owncloud WEBGUI

 

[danb35]

i thought a "real" certificate was better?

It is, in general. But the more you change at one time, the harder it is to troubleshoot when something goes wrong. I'll take a look at your nginx config and see if anything jumps out at me.

 

[rodofrn]

It is, in general. But the more you change at one time, the harder it is to troubleshoot when something goes wrong. I'll take a look at your nginx config and see if anything jumps out at me.

ohhh ok ok, thanks mate.

 

[danb35]

Your nginx.conf still has it listening for SSL connections on port 80, which is wrong, and isn't what's in cyberjock's example. I can't tell if the long lines otherwise match his, as they're cut off in what you posted (I'm guessing you copied and pasted from nano), but the remainder looks correct. Change the line that says 'listen 80 ssl;' to say 'listen 443 ssl;', restart nginx, and see what that does.

 

[depasseg]

I have forwarded port 443 and 80 on to the jail's ip. The problem is that I get a blank page instead of the owncloud WEBGUI

You are going to https://website/owncloud , right? (make sure you have the owncloud part)

 

[rodofrn]

Your nginx.conf still has it listening for SSL connections on port 80, which is wrong, and isn't what's in cyberjock's example. I can't tell if the long lines otherwise match his, as they're cut off in what you posted (I'm guessing you copied and pasted from nano), but the remainder looks correct. Change the line that says 'listen 80 ssl;' to say 'listen 443 ssl;', restart nginx, and see what that does.

nothing, blank pages again....if i do this https://<HOSTNAME>/owncloud/.well-known/acme-challenge/test.txt it shows
403 Forbidden
nginx/1.8.1

 

[rodofrn]

You are going to https://website/owncloud , right? (make sure you have the owncloud part)

yeah, that is how i get to the blank pages :(

 

[danb35]

nothing, blank pages again....if i do this https://freenasowncloud.info/owncloud/.well-known/acme-challenge/test.txt it shows
403 Forbidden
nginx/1.8.1

Your nginx config is denying access to anything in the owncloud directory that begins with a dot. That's probably as it should be. Note that https://freenasowncloud.info/.well-known/acme-challenge/test.txt works just fine--it's doing https, it's doing it on port 443, and it's doing it with the proper, trusted Let's Encrypt certificate. The SSLLabs check shows some problems, but it's running.

So the question remains, why are you getting a blank page when you go to https://freenasowncloud.info/owncloud? I don't know. Your configuration doesn't look at all different from @cyberjock's, and not remarkably different from what was originally posted in the how-to. Are there any error messages in your log files?

 

[rodofrn]

Your nginx config is denying access to anything in the owncloud directory that begins with a dot. That's probably as it should be. Note that https://<HOSTNAME>/.well-known/acme-challenge/test.txt works just fine--it's doing https, it's doing it on port 443, and it's doing it with the proper, trusted Let's Encrypt certificate. The SSLLabs check shows some problems, but it's running.

So the question remains, why are you getting a blank page when you go to https://<HOSTNAME>/owncloud? I don't know. Your configuration doesn't look at all different from @cyberjock's, and not remarkably different from what was originally posted in the how-to. Are there any error messages in your log files?

https://<HOSTNAME>/.well-known/acme-challenge/test.txt
actually works just fine..! the SSLLabs check gave me a C.
how do i check the logs, what logs?

EDIT: also, could there be something i need to change in php-fpm.conf or php.ini?

 

[adrianwi]

Did it work before you configured with SSL? Does it work with https://<jailip>/owncloud?

Don't recall having to change anything in PHP, although probably worth restarting nginx and php-fpm services, or just restart the jail.