Trying to get NGINX to work

[Sanctimonious 0]

I know that there are a million threads on this, but I've been banging my head against this for a few months now so please don't flame me. I am about to give up.

I followed the directions in this thread:

I was able to get NGINX installed, but I think it is failing because I don't have the SSL files (ssl/pub.pem and ssl/pvt.pem). I have no idea how to get those or where to put them.

The log only says:

"A start job for unit nginx.service has finished with a failure.

The job identifier is 69240 and the job result is failed."

On the domain management page, there is a button that says "Get EAB key" which pops up a window with an "EAB Key ID" and a "EAB HMAC Key". Are these the values I put into pub.pem and pvt.pem? Do I just make a file with the value in this popup?

Edited May 7, 2023 by Sanctimonious

[Luke 37067]

Hi, what does your nginx config look like? 

@pir8radiohave you seen this message before?

[Sanctimonious 0]

Thank you for the quick reply, Luke!

It is identical to the one in that how-to thread. I just copied and pasted it in with no changes except my domain (line 70). 

[pir8radio 1292]

On 5/7/2023 at 5:25 PM, Sanctimonious said:

Thank you for the quick reply, Luke!

It is identical to the one in that how-to thread. I just copied and pasted it in with no changes except my domain (line 70). 

yea you have to generate ssl certs and put their paths into that config..    there are tons of how to get a free ssl on the web i didnt add that to my how to.. 

 

here is one.   https://www.nginx.com/blog/using-free-ssltls-certificates-from-lets-encrypt-with-nginx/

Edited May 9, 2023 by pir8radio

[Sanctimonious 0]

On 5/8/2023 at 7:20 PM, pir8radio said:

yea you have to generate ssl certs and put their paths into that config..    there are tons of how to get a free ssl on the web i didnt add that to my how to.. 

 

here is one.   https://www.nginx.com/blog/using-free-ssltls-certificates-from-lets-encrypt-with-nginx/

Hello,

I followed the instructions at that link, and got stuck at this step:

sudo certbot --nginx -d example.com -d www.example.com

I got this error:

Error while running nginx -c /etc/nginx/nginx.conf -t.

nginx: [emerg] cannot load certificate "/etc/nginx/ssl/pub.pem": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/nginx/ssl/pub.pem, r) error:10000080:BIO routines::no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed

The nginx plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError('Error while running nginx -c /etc/nginx/nginx.conf -t.\n\nnginx: [emerg] cannot load certificate "/etc/nginx/ssl/pub.pem": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/nginx/ssl/pub.pem, r) error:10000080:BIO routines::no such file)\nnginx: configuration file /etc/nginx/nginx.conf test failed\n')

I assume that's because the pub.pem file still doesn't exist...again, not sure how to get that or where to put it.

[Sanctimonious 0]

Also, I tried to use Google, but they require ACME. Is your nginx example compatible with ACME? If so, how? @pir8radio

[rbjtech 4265]

Is there any reason you are trying to use a reverse proxy over the standard emby web server ?  (ie just port forwarding required)

With respect, reverse proxies are moving into the move advanced side of https and web services and you should really know the networks and security concepts behind them.    Following a 'guide' is potentially dangerous (leaving your system vulnerable) as that guide will have made a level of assumptions.

Maybe try Caddy, I hear it is a lot easier to setup than NGINX.

[kikinjo 162]

Like rbjtech said, use Caddy, much simpler.

[Sanctimonious 0]

Well I currently access it remotely by typing my IP in, and it's all unsecured. I don't know much about running a web server, but I thought this may be a good way to learn. Apparently not. Everything is just so opaque. If I could get an SSL certificate, it would work, but Google will issue them through ACME. I wouldn't know how to get pir8radio's config file to work with acme (right now, I can't get it to work at all). Is there any way to make a version of the config file that just...doesn't use SSL? I know that the problem with certbot is something extremely simple, but I just have no way to troubleshoot it. I spent hours last night googling it, uninstalling and reinstalling, etc.

I bought a domain, but there's no way for an A entry to point to port 8096. I was hoping to get my domain name working, and add HTTPS. It can't be any less secure than it already is. As you suggested though, I'm right on the verge of giving up and just running it all unsecured.

I will look into Caddy. Thank you.

Edited May 13, 2023 by Sanctimonious

[justinrh 174]

Domain names don't point to ports, they point to IP addresses.  You supply the port in the URL.

If you can get a cert, you can plug it into Emby and have an HTTPS connection w/o another layer of applications.

Caddy is indeed easier (and it maintains the certs for you).