0
Need a little help. I had Nginx up and running for about 2 years. I am not sure what I did when trying to update a certificate but now my sites are not accessible.
I went to my website:
I noticed the certificate expired so I went about renewing it and ran:
sudo certbot --nginx -d ttrss.shiromar.com
and I got an error about Certbot not being able to access the website for verification. I checked networking and forwarding rules and everything seemed fine so I decided to start the certificate process anew and ran:
sudo certbot delete --cert-name ttrss.shiromar.com
This was when my site became inaccessible. Certbot can't reach my site so it can't issue a certificate. I commented out the SSL lines in the server block and restarted Nginx and PHP and still couldn't reach it.
Here is the server block for ttrss:
server {
listen 80;
listen [::]:80;
server_name ttrss.shiromar.com www.ttrss.shiromar.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ttrss.shiromar.com www.ttrss.shiromar.com;
root /var/www/ttrss;
index index.php;
access_log /var/log/nginx/ttrss_access.log;
error_log /var/log/nginx/ttrss_error.log info;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
index index.php;
}
#ssl_certificate /etc/letsencrypt/live/ttrss.shiromar.com/fullchain.pem;
#ssl_certificate_key /etc/letsencrypt/live/ttrss.shiromar.com/privkey.pem;
#ssl_trusted_certificate /etc/letsencrypt/live/ttrss.shiromar.com/chain.pem;
location ~ \.php$ {
try_files $uri = 404; #Prevents autofixing of path which could be used for exploit
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_index index.php;
include /etc/nginx/fastcgi.conf;
}
}
here is a netstat showing ports open
sudo netstat -tanpl|grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 2052/nginx: master
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 2052/nginx: master
tcp6 0 0 :::80 :::* LISTEN 2052/nginx: master
tcp6 0 0 :::443 :::* LISTEN 2052/nginx: master
This server is running in a VM on Hyper-V. I did have a checkpoint from early last year. I tested it and that does work but it's a bit too old.
I have triple checked IP addresses and port forwarding rules and I keep coming back to an issue with Nginx or a setting in Ubuntu that's blocking all 443/80 traffic. Oh and this is Ubuntu 18.04 and Nginx version: nginx/1.14.0 (Ubuntu)
Here is a status of ufw:
sudo ufw status
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
8181/tcp ALLOW Anywhere
Nginx Full ALLOW Anywhere
443/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
3000 ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
8181/tcp (v6) ALLOW Anywhere (v6)
Nginx Full (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
3000 (v6) ALLOW Anywhere (v6)