Hello,
I m not getting past a 403 error on my server setup and I would be grateful for some help.
Centos 7.2 VPS (Contabo)
Nginx 1.10.2
Certbot 0.9.2
I have the following working Nginx config:
server {
listen 80;
server_name seafile.example.com;
rewrite ^ https://$http_host$request_uri? permanent; # force redirect http to https
}
server {
listen 443;
ssl on;
ssl_certificate /home/ck/ssl/seafile-example-com.crt; # path to your cacert.pem
ssl_certificate_key /home/ck/ssl/seafile-exmaple-com.key; # path to your privkey.pem
server_name seafile.example.com;
proxy_set_header X-Forwarded-For $remote_addr;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
server_tokens off;
location / {
fastcgi_pass 127.0.0.1:8000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
access_log /var/log/nginx/seahub.access.log;
error_log /var/log/nginx/seahub.error.log;
fastcgi_read_timeout 36000;
}
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
send_timeout 36000s;
proxy_request_buffering off;
}
location /seafdav {
fastcgi_pass 127.0.0.1:8080;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
send_timeout 36000s;
# This option is only available for Nginx >= 1.8.0. See more details below.
proxy_request_buffering off;
access_log /var/log/nginx/seafdav.access.log;
error_log /var/log/nginx/seafdav.error.log;
}
location '/.well-known/acme-challenge' {
default_type "text/plain";
root /home/user/certbot-webroot;
}
}
The last location should allow a webroot access for letsencrypt.
But I always get a 403 error.
I placed a test.txt file into /home/user/certbot-webroot/.well-known/acme-challenge
But when I access the https://seafile.example.com/.well-known/acme-challenge/test.txt
then I get the 403 error.
I gave the /home/user/certbot-webroot/ a chown -R 0755 nginx:nginx
But I can't get past the 403.
Can someone help me with this issue?
Could it be a self signed certificate, that I am still using?
Help would be appreciated,
Chris
I m not getting past a 403 error on my server setup and I would be grateful for some help.
Centos 7.2 VPS (Contabo)
Nginx 1.10.2
Certbot 0.9.2
I have the following working Nginx config:
server {
listen 80;
server_name seafile.example.com;
rewrite ^ https://$http_host$request_uri? permanent; # force redirect http to https
}
server {
listen 443;
ssl on;
ssl_certificate /home/ck/ssl/seafile-example-com.crt; # path to your cacert.pem
ssl_certificate_key /home/ck/ssl/seafile-exmaple-com.key; # path to your privkey.pem
server_name seafile.example.com;
proxy_set_header X-Forwarded-For $remote_addr;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
server_tokens off;
location / {
fastcgi_pass 127.0.0.1:8000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
access_log /var/log/nginx/seahub.access.log;
error_log /var/log/nginx/seahub.error.log;
fastcgi_read_timeout 36000;
}
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
send_timeout 36000s;
proxy_request_buffering off;
}
location /seafdav {
fastcgi_pass 127.0.0.1:8080;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
send_timeout 36000s;
# This option is only available for Nginx >= 1.8.0. See more details below.
proxy_request_buffering off;
access_log /var/log/nginx/seafdav.access.log;
error_log /var/log/nginx/seafdav.error.log;
}
location '/.well-known/acme-challenge' {
default_type "text/plain";
root /home/user/certbot-webroot;
}
}
The last location should allow a webroot access for letsencrypt.
But I always get a 403 error.
I placed a test.txt file into /home/user/certbot-webroot/.well-known/acme-challenge
But when I access the https://seafile.example.com/.well-known/acme-challenge/test.txt
then I get the 403 error.
I gave the /home/user/certbot-webroot/ a chown -R 0755 nginx:nginx
But I can't get past the 403.
Can someone help me with this issue?
Could it be a self signed certificate, that I am still using?
Help would be appreciated,
Chris