Page 1 of 1
WIKI secure remote access
Posted: Saturday 22 October 2016 10:49
by guantolento
Goodmorning everyone,
I'm trying to use the guidance in question but I think make some errors. some of you have eseguti that installation, and found problems, or is it just me?
I installed nginx, openssl (even if not used), as described havaged.
xca created with the following items:
- Certificate "my personal ca"
- Certificate "domoticz server"
configured nginx
but from the internal network can not reach the server on port 80 it will on the 443, will continue to operate on the default 8080 and just.
Can someone help me ? Thank you and good day.
Re: WIKI secure remote access
Posted: Wednesday 09 November 2016 0:31
by guantolento
Anyone can help me ????
Inviato dal mio GT-I9301I utilizzando Tapatalk
Re: WIKI secure remote access
Posted: Monday 28 November 2016 0:29
by guantolento
when i tipe the command :
sudo openssl rsa -in /etc/ssl/private/server.key -out /etc/ssl/private/server.key
RPI2 response this:
unable to load Private Key
1995950176:error:0906D064:PEM routines:PEM_read_bio:bad base64 decode:pem_lib.c:813:
i don't so why ....
Re: WIKI secure remote access
Posted: Saturday 03 December 2016 10:38
by guantolento
Good morning, this is the Start LOG of my Domoticz:
2016-12-03 10:14:56.743 Domoticz V3.5985 (c)2012-2016 GizMoCuz
2016-12-03 10:14:56.744 Build Hash: bd7d309, Date: 2016-11-24 08:09:53
2016-12-03 10:14:56.744 System: Raspberry Pi
2016-12-03 10:14:56.744 Startup Path: /home/pi/domoticz/
2016-12-03 10:14:57.054 EventSystem: reset all events...
2016-12-03 10:14:57.228 WebServer(HTTP) started on address: :: with port 8080
2016-12-03 10:14:57.251 WebServer(SSL) started on address: :: with port 443
2016-12-03 10:14:57.257 Proxymanager started.
2016-12-03 10:14:57.262 TCPServer: shared server started...
2016-12-03 10:14:57.263 RxQueue: queue worker started...
2016-12-03 10:14:59.264 Hardware Monitor: Started
2016-12-03 10:14:59.331 Wunderground: Worker started...
2016-12-03 10:14:59.332 EventSystem: reset all events...
2016-12-03 10:14:59.334 EventSystem: reset all device statuses...
2016-12-03 10:14:59.339 EventSystem: Started
From the internal LAN I can view the web interface from the port 8080 and 443.
I want to force connection from 8080 to 443, so i use always https.
I think this is made from ngnix. But if i go to restart the service i have this response:
pi@raspberrypi:~$ sudo service nginx restart
Job for nginx.service failed. See 'systemctl status nginx.service' and 'journalctl -xn' for details.
This is what i look in the systemctl status nginx.service
nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled)
Active: failed (Result: exit-code) since Sat 2016-12-03 10:29:01 CET; 2min 13s ago
Process: 3330 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=1/FAILURE)
Dec 03 10:29:01 raspberrypi nginx[3330]: nginx: [emerg] SSL_CTX_use_PrivateKey_file("/etc/ssl/private/server.... lib)
Dec 03 10:29:01 raspberrypi nginx[3330]: nginx: configuration file /etc/nginx/nginx.conf test failed
Dec 03 10:29:01 raspberrypi systemd[1]: nginx.service: control process exited, code=exited status=1
Dec 03 10:29:01 raspberrypi systemd[1]: Failed to start A high performance web server and a reverse proxy server.
Dec 03 10:29:01 raspberrypi systemd[1]: Unit nginx.service entered failed state.
This is what i look in the journalctl -xn
Dec 03 10:30:01 raspberrypi CRON[3546]: pam_unix(cron:session): session opened for user pi by (uid=0)
Dec 03 10:30:01 raspberrypi CRON[3550]: (pi) CMD (/path/to/scrip/st2domo.shx)
Dec 03 10:30:01 raspberrypi CRON[3546]: (CRON) info (No MTA installed, discarding output)
Dec 03 10:30:01 raspberrypi CRON[3546]: pam_unix(cron:session): session closed for user pi
Dec 03 10:31:14 raspberrypi sudo[3806]: pi : TTY=pts/0 ; PWD=/home/pi ; USER=root ; COMMAND=/bin/systemctl status ngi
Dec 03 10:31:14 raspberrypi sudo[3806]: pam_unix(sudo:session): session opened for user root by pi(uid=0)
Dec 03 10:31:14 raspberrypi sudo[3806]: pam_unix(sudo:session): session closed for user root
Dec 03 10:32:46 raspberrypi dhcpcd[510]: wlan0: DHCPv6 REPLY: No Addresses Available
Dec 03 10:33:21 raspberrypi sudo[4321]: pi : TTY=pts/0 ; PWD=/home/pi ; USER=root ; COMMAND=/bin/journalctl -xn
Dec 03 10:33:21 raspberrypi sudo[4321]: pam_unix(sudo:session): session opened for user root by pi(uid=0)
Can someone help me?
Re: WIKI secure remote access
Posted: Saturday 03 December 2016 10:54
by jvdz
Looks like there is an error in your /etc/nginx/nginx.conf config file.
Try running command from the prompt to check for errors: sudo nginx -t
Jos
Re: WIKI secure remote access
Posted: Saturday 03 December 2016 10:56
by guantolento
jvdz wrote:Looks like there is an error in your /etc/nginx/nginx.conf config file.
Try running command from the prompt to check for errors: sudo nginx -t
Jos
This is the response:
nginx: [emerg] SSL_CTX_use_PrivateKey_file("/etc/ssl/private/server.key") failed (SSL: error:0906D064:PEM routines:PEM_read_bio:bad base64 decode error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib)
nginx: configuration file /etc/nginx/nginx.conf test failed
Re: WIKI secure remote access
Posted: Saturday 03 December 2016 11:22
by jvdz
Seems you have an SSL key error and Google is giving enough hits on that error to start the investigation on your issue.
Jos
Re: WIKI secure remote access
Posted: Saturday 03 December 2016 12:11
by guantolento
and so what do i do ????
i don't find a mistake in the wiki to secure remote access ....
Re: WIKI secure remote access
Posted: Saturday 03 December 2016 19:15
by guantolento
this afternoon i follow step by step the wiki guide:
https://www.domoticz.com/wiki/Secure_Nginx_Proxy_Setup
when i give this command:
sudo openssl rsa -in /etc/ssl/private/server.key -out /etc/ssl/private/server.key
i have this response
unable to load Private Key
1995524192:error:0906D064:PEM routines:PEM_read_bio:bad base64 decode:pem_lib.c:813:
but i don't know why this error.
Re: WIKI secure remote access
Posted: Monday 05 December 2016 13:30
by guantolento
It's possible disinstall ngnix and openssl from rpi2? ????
Inviato dal mio GT-I9301I utilizzando Tapatalk
Re: WIKI secure remote access
Posted: Saturday 10 December 2016 18:16
by guantolento
today i change my router with one that have VPN. so i don't do anything in ngnix. for admin can close the topic.