CentOS https is now working - local installation (private IP) and NAT over public IP

slr · January 22, 2020, 4:53pm

Checklist
[X] I have read intro post: About the Installation Issues category
[X] I have read the tutorials, help and searched for similar issues
[X] I provide relevant information about my server (component names and versions, etc.)
[ ] I provide a copy of my logs and healthcheck
[ ] I describe the steps I have taken to trouble shoot the problem
[ ] I describe the steps on how to reproduce the issue

Hello,

after I got the webserver running in CentOS I now have a problem to get https working.
I use virtual machine with a private IP address (example 10.155.1.25). It works fine but without https. I configured NAT on one of our public IP addresses and pointed it to this IP.

In the configuration script I put the local IP address 10.155.1.25 but https is not workig. I also tried the registered DNS Name (example passbolt.mydomain.de) but then I can not access the webserver. I read something about the /etc/hosts but I am very unsure what to do?

I think https fails because of the local domain so the script and letsencrypt cannot configure it correctly.

Any advice for a local hosted virtual machine? I want to get passbolt running correctly with https because I want to try the Pro version then.

Regards
Johannes

diego · January 23, 2020, 11:46am

Could you provide some logs or relevant information from /var/log/nginx/error.log or access.log as well as information on how you set up the machine and what have steps you followed to setup SSL?

slr · January 23, 2020, 9:51pm

This is my /var/log/nginx/error.log:
2020/01/23 08:23:49 [error] 5658#0: *79 open() “/usr/share/nginx/html/vtigercrm/vtigerservice.php” failed (2: No such file or directory), client: 77.247.108.240, server: _, request: “GET //vtigercrm/vtigerservice.php HTTP/1.1”, host: “62.153.224.178:80”
2020/01/23 11:59:59 [error] 5659#0: *84 open() “/usr/share/nginx/html/robots.txt” failed (2: No such file or directory), client: 69.162.126.238, server: _, request: “HEAD /robots.txt HTTP/1.0”
2020/01/23 13:10:55 [error] 5658#0: *87 open() “/usr/share/nginx/html/robots.txt” failed (2: No such file or directory), client: 42.200.79.135, server: _, request: “GET /robots.txt HTTP/1.1”, host: “62.153.224.178”
2020/01/23 13:10:56 [error] 5658#0: *88 open() “/usr/share/nginx/html/Adminb2e0993e/Login.php” failed (2: No such file or directory), client: 42.200.79.135, server: _, request: “POST /Adminb2e0993e/Login.php HTTP/1.1”, host: “62.153.224.178”
2020/01/23 13:18:37 [error] 5659#0: *90 open() “/usr/share/nginx/html/robots.txt” failed (2: No such file or directory), client: 74.63.227.26, server: _, request: “HEAD /robots.txt HTTP/1.0”
2020/01/23 13:59:06 [error] 5659#0: *95 open() “/usr/share/nginx/html/robots.txt” failed (2: No such file or directory), client: 216.245.212.178, server: _, request: “HEAD /robots.txt HTTP/1.0”
2020/01/23 15:30:22 [error] 5659#0: *100 open() “/usr/share/nginx/html/robots.txt” failed (2: No such file or directory), client: 74.63.227.26, server: _, request: “HEAD /robots.txt HTTP/1.0”
2020/01/23 16:06:03 [error] 5659#0: *109 “/usr/share/nginx/html/english/index.html” is not found (2: No such file or directory), client: 221.213.75.194, server: _, request: “GET http://www.rfa.org/english/ HTTP/1.1”, host: “www.rfa.org”
2020/01/23 16:13:16 [error] 5658#0: *113 open() “/usr/share/nginx/html/echo.php” failed (2: No such file or directory), client: 5.188.210.101, server: _, request: “GET http://5.188.210.101/echo.php HTTP/1.1”, host: “5.188.210.101”, referrer: “https://www.google.com/”
2020/01/23 16:13:28 [error] 5658#0: *115 open() “/usr/share/nginx/html/robots.txt” failed (2: No such file or directory), client: 69.162.126.238, server: _, request: “HEAD /robots.txt HTTP/1.0”
2020/01/23 21:29:17 [error] 5658#0: *127 open() “/usr/share/nginx/html/robots.txt” failed (2: No such file or directory), client: 74.63.227.26, server: _, request: “HEAD /robots.txt HTTP/1.0”

Steps for SSL setup:
Hostname = local IP 10.155.1.25
SSL setup = auto

Configuration on Sophos Firewall for NAT
public IP routed to 10.155.1.25

Configuration for DNS
passbolt.MYDOMAIN.de --> public IP used above

I masked my local IP address an changed my domain on this forum.

I can access passbolt on my LAN over http with IP address 10.155.1.25
When I want to access passbolt over web via http (of course outside my organisation) I only reach a CentOS page. Over https passbolt is of course not reachable.

Does this help?

Regards
Johannes

garrett · January 26, 2020, 8:42pm

There are a few items related to SSL when stepping over from using an IP address first, and then a domain.

the passbolt.php file with configurations - need to change the app url, and force SSL (true).
You need to have an SSL certficate in place that the webserver is directed to access
Your new domain may/may not be reachable by itself, and so /etc/hosts file might need to note the new domain 127.0.0.1 localhost yournewdomain.com

system · January 31, 2020, 8:42pm

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.