Guoyi
(Guoyi)
March 10, 2021, 2:50pm
1
My Nginx configure is
server {
listen 80;
server_name cloud.malacology.net;
return 301 https://$server_name$request_uri;
}
server {
listen 443;
server_name cloud.malacology.net;
ssl_certificate /etc/ssl/cloud/1_cloud.malacology.net_bundle.crt;
ssl_certificate_key /etc/ssl/cloud/2_cloud.malacology.net.key;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log;
location /syncthing/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://my_IP:8384;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
# proxy_redirect http://my_IP:8384 https://cloud.malacology.net;
}
}
I install via docker, the command is
docker run -p 8384:8384 -p 22000:22000 -v /home/admin/syncthing:/var/syncthing syncthing/syncthing:latest
I can visit it via IP:port, but when I visit domain, it doesn’t work and only know welcome to nginx or redirect too many
bt90
(Bt90)
March 10, 2021, 3:43pm
2
What’s up with the proxy_redirect line? Did you configure Syncthing to use TLS? You would need to use https:// in that case.
Btw: you’re missing the 22000/udp port forwarding
Guoyi
(Guoyi)
March 10, 2021, 3:47pm
3
I use HTTPS. you can see my docker command, there is 22000.
You mean this?
server {
listen 443;
server_name cloud.malacology.net;
ssl_certificate /etc/ssl/cloud/1_cloud.malacology.net_bundle.crt;
ssl_certificate_key /etc/ssl/cloud/2_cloud.malacology.net.key;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log;
location /syncthing/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass https://localhost:8384;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
proxy_redirect https://localhost:8384 https://cloud.malacology.net;
}
}
But it is not okay still.
Guoyi
(Guoyi)
March 10, 2021, 3:50pm
4
Sorry, I may not understand your meaning, could you give me an example?
bt90
(Bt90)
March 10, 2021, 4:15pm
5
proxy_redirect
is nowhere mentined in the docs. Delete this line.
But is syncthing(without your reverse proxy) configured to use HTTPS? You would have to use this then:
proxy_pass https://my_IP:8384;
To use docker with 22000 tcp+udp:
-p 22000:22000/tcp -p 22000:22000/udp
Guoyi
(Guoyi)
March 10, 2021, 4:49pm
6
Thanks. Now my nginx configure is
server {
listen 443;
server_name cloud.malacology.net;
ssl_certificate /etc/ssl/cloud/1_cloud.malacology.net_bundle.crt;
ssl_certificate_key /etc/ssl/cloud/2_cloud.malacology.net.key;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log;
location /syncthing/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass https://my_IP:8384;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
# proxy_redirect https://localhost:8384 https://cloud.malacology.net;
}
}
Then I remove the docker container and start with the command and error is reposrted
docker: Error response from daemon: driver failed programming external connectivity on endpoint sleepy_wu (2ac1b5eaa9072b26ee76f75483564e9d74d3e10b6426ebdcde450d3559770c07): Bind for 0.0.0.0:22000 failed: port is already allocated.
Then I remove all the container, and use the command
docker run -p 8384:8384 -p 22000:22000/tcp -p 22000:22000/udp -v /home/admin/syncthing:/var/syncthing syncthing/syncthing:latest
but the web still show
Welcome to nginx!
If you see this page, the nginx web server is successfully installed and working. Further configuration is required.
For online documentation and support please refer to nginx.org.
Commercial support is available at nginx.com.
Thank you for using nginx.
bt90
(Bt90)
March 10, 2021, 5:02pm
7
You’re using the wrong URL.
https://cloud.malacology.net/syncthing
The path is specified via location
Guoyi
(Guoyi)
March 10, 2021, 5:14pm
8
Thanks for your help, now it’s okay. Thanks for your nice and kind help again.
Best regards, Guoyi
1 Like
bt90
(Bt90)
March 10, 2021, 6:33pm
9
You should also update your SSL config. This is horribly outdated. No one should use TLS1.0 or TLS1.1 anymore.
Stick with the nginx defaults or apply these settings:
system
(system)
Closed
April 9, 2021, 6:34pm
10
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.