WIKI secure remote access

[guantolento]

Goodmorning everyone,
I'm trying to use the guidance in question but I think make some errors. some of you have eseguti that installation, and found problems, or is it just me?
I installed nginx, openssl (even if not used), as described havaged.
xca created with the following items:
- Certificate "my personal ca"
- Certificate "domoticz server"
configured nginx
but from the internal network can not reach the server on port 80 it will on the 443, will continue to operate on the default 8080 and just.
Can someone help me ? Thank you and good day.

[guantolento]

Anyone can help me ????

Inviato dal mio GT-I9301I utilizzando Tapatalk

[guantolento]

when i tipe the command :

sudo openssl rsa -in /etc/ssl/private/server.key -out /etc/ssl/private/server.key

RPI2 response this:

unable to load Private Key
1995950176:error:0906D064:PEM routines:PEM_read_bio:bad base64 decode:pem_lib.c:813:

i don't so why ....

[guantolento]

Good morning, this is the Start LOG of my Domoticz:

2016-12-03 10:14:56.743 Domoticz V3.5985 (c)2012-2016 GizMoCuz
2016-12-03 10:14:56.744 Build Hash: bd7d309, Date: 2016-11-24 08:09:53
2016-12-03 10:14:56.744 System: Raspberry Pi
2016-12-03 10:14:56.744 Startup Path: /home/pi/domoticz/
2016-12-03 10:14:57.054 EventSystem: reset all events...
2016-12-03 10:14:57.228 WebServer(HTTP) started on address: :: with port 8080
2016-12-03 10:14:57.251 WebServer(SSL) started on address: :: with port 443
2016-12-03 10:14:57.257 Proxymanager started.
2016-12-03 10:14:57.262 TCPServer: shared server started...
2016-12-03 10:14:57.263 RxQueue: queue worker started...
2016-12-03 10:14:59.264 Hardware Monitor: Started
2016-12-03 10:14:59.331 Wunderground: Worker started...
2016-12-03 10:14:59.332 EventSystem: reset all events...
2016-12-03 10:14:59.334 EventSystem: reset all device statuses...
2016-12-03 10:14:59.339 EventSystem: Started

From the internal LAN I can view the web interface from the port 8080 and 443.
I want to force connection from 8080 to 443, so i use always https.
I think this is made from ngnix. But if i go to restart the service i have this response:

pi@raspberrypi:~$ sudo service nginx restart
Job for nginx.service failed. See 'systemctl status nginx.service' and 'journalctl -xn' for details.

This is what i look in the systemctl status nginx.service

nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled)
Active: failed (Result: exit-code) since Sat 2016-12-03 10:29:01 CET; 2min 13s ago
Process: 3330 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=1/FAILURE)

Dec 03 10:29:01 raspberrypi nginx[3330]: nginx: [emerg] SSL_CTX_use_PrivateKey_file("/etc/ssl/private/server.... lib)
Dec 03 10:29:01 raspberrypi nginx[3330]: nginx: configuration file /etc/nginx/nginx.conf test failed
Dec 03 10:29:01 raspberrypi systemd[1]: nginx.service: control process exited, code=exited status=1
Dec 03 10:29:01 raspberrypi systemd[1]: Failed to start A high performance web server and a reverse proxy server.
Dec 03 10:29:01 raspberrypi systemd[1]: Unit nginx.service entered failed state.

This is what i look in the journalctl -xn

Dec 03 10:30:01 raspberrypi CRON[3546]: pam_unix(cron:session): session opened for user pi by (uid=0)
Dec 03 10:30:01 raspberrypi CRON[3550]: (pi) CMD (/path/to/scrip/st2domo.shx)
Dec 03 10:30:01 raspberrypi CRON[3546]: (CRON) info (No MTA installed, discarding output)
Dec 03 10:30:01 raspberrypi CRON[3546]: pam_unix(cron:session): session closed for user pi
Dec 03 10:31:14 raspberrypi sudo[3806]: pi : TTY=pts/0 ; PWD=/home/pi ; USER=root ; COMMAND=/bin/systemctl status ngi
Dec 03 10:31:14 raspberrypi sudo[3806]: pam_unix(sudo:session): session opened for user root by pi(uid=0)
Dec 03 10:31:14 raspberrypi sudo[3806]: pam_unix(sudo:session): session closed for user root
Dec 03 10:32:46 raspberrypi dhcpcd[510]: wlan0: DHCPv6 REPLY: No Addresses Available
Dec 03 10:33:21 raspberrypi sudo[4321]: pi : TTY=pts/0 ; PWD=/home/pi ; USER=root ; COMMAND=/bin/journalctl -xn
Dec 03 10:33:21 raspberrypi sudo[4321]: pam_unix(sudo:session): session opened for user root by pi(uid=0)

Can someone help me?

[jvdz]

Looks like there is an error in your /etc/nginx/nginx.conf config file.
Try running command from the prompt to check for errors: sudo nginx -t

Jos

[guantolento]

Looks like there is an error in your /etc/nginx/nginx.conf config file.
Try running command from the prompt to check for errors: sudo nginx -t

Jos

This is the response:

nginx: [emerg] SSL_CTX_use_PrivateKey_file("/etc/ssl/private/server.key") failed (SSL: error:0906D064:PEM routines:PEM_read_bio:bad base64 decode error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib)
nginx: configuration file /etc/nginx/nginx.conf test failed

[jvdz]

Seems you have an SSL key error and Google is giving enough hits on that error to start the investigation on your issue.

Jos

[guantolento]

and so what do i do ????

i don't find a mistake in the wiki to secure remote access ....

[guantolento]

this afternoon i follow step by step the wiki guide:

https://www.domoticz.com/wiki/Secure_Nginx_Proxy_Setup

when i give this command:

sudo openssl rsa -in /etc/ssl/private/server.key -out /etc/ssl/private/server.key

i have this response

unable to load Private Key
1995524192:error:0906D064:PEM routines:PEM_read_bio:bad base64 decode:pem_lib.c:813:

but i don't know why this error.

[guantolento]

It's possible disinstall ngnix and openssl from rpi2? ????

Inviato dal mio GT-I9301I utilizzando Tapatalk

[guantolento]

today i change my router with one that have VPN. so i don't do anything in ngnix. for admin can close the topic.