pir8radio 1293 Posted August 30, 2018 Share Posted August 30, 2018 bill@XeonServer:/etc/nginx/sites-available$ sudo nginx -t nginx: [emerg] "ssl_certificate" directive is duplicate in /etc/nginx/sites-enabled/reverse:12 which makes sense. Is that what you were expecting? edit: so I commented out the dupe ssl_certificate line (public.pem), and commented out the strong-ssl.conf line, and now it works as expected. Also got rid of the ssl_stapling error, which was expected. Sadly, I'm fairly certain I tried this solution already, iteratively, but probably lost track? In any case, thank you so much for your help bro, I owe you a round or 4. lol.. well good... weird I don't get duplicate ssl cert errors in my nginx. i use the same certs for all of my server blocks. I use a wildcard cert. Well, good glad it worked for you! Yea it was one of the first things we tried, not sure why it didn't initially work.. But if you don't specify a "default" site nginx goes with the first server block and sets it as default, which is what I think was happening. 1 Link to comment Share on other sites More sharing options...
mastrmind11 717 Posted August 30, 2018 Author Share Posted August 30, 2018 (edited) lol.. well good... weird I don't get duplicate ssl cert errors in my nginx. i use the same certs for all of my server blocks. I use a wildcard cert. Well, good glad it worked for you! Yea it was one of the first things we tried, not sure why it didn't initially work.. But if you don't specify a "default" site nginx goes with the first server block and sets it as default, which is what I think was happening. thanks again dude. btw what was the site you posted a while back for sec testing your site? not the mozilla one, that's for a time when i have an uninterrupted weekend, but there was another that gave a grade, can't seem to find it on here. Edited August 30, 2018 by mastrmind11 Link to comment Share on other sites More sharing options...
pir8radio 1293 Posted August 30, 2018 Share Posted August 30, 2018 thanks again dude. btw what was the site you posted a while back for sec testing your site? not the mozilla one, that's for a time when i have an uninterrupted weekend, but there was another that gave a grade, can't seem to find it on here. Oh the tough one is https://observatory.mozilla.org/ but if you go to the "Third party tests" tab on the results page it shows you your results from some of the other web test sites all on one page... 1 Link to comment Share on other sites More sharing options...
pir8radio 1293 Posted August 30, 2018 Share Posted August 30, 2018 (edited) bill@XeonServer:/etc/nginx/sites-available$ sudo nginx -t nginx: [emerg] "ssl_certificate" directive is duplicate in /etc/nginx/sites-enabled/reverse:12 which makes sense. Is that what you were expecting? edit: so I commented out the dupe ssl_certificate line (public.pem), lol oops i just realized i left my "demo" line in there, I see what you were saying about duplicate ssl_cert line now.. oops that was a mistake, good catch! Edited August 30, 2018 by pir8radio 1 Link to comment Share on other sites More sharing options...
mastrmind11 717 Posted August 30, 2018 Author Share Posted August 30, 2018 Oh the tough one is https://observatory.mozilla.org/ but if you go to the "Third party tests" tab on the results page it shows you your results from some of the other web test sites all on one page... Thanks. Now that I've got CF sitting in front, would it make sense to turn on HSTS at that level as opposed to setting in nginx? Link to comment Share on other sites More sharing options...
pir8radio 1293 Posted August 30, 2018 Share Posted August 30, 2018 (edited) Thanks. Now that I've got CF sitting in front, would it make sense to turn on HSTS at that level as opposed to setting in nginx? you can do it in either, probably easier to manage in CF... I left CF off and left it in my nginx config. Just because i didn't initially trust CF, i was just toying with it. Didn't want to screw with my config if i had to change it back. Edited August 30, 2018 by pir8radio Link to comment Share on other sites More sharing options...
mastrmind11 717 Posted August 30, 2018 Author Share Posted August 30, 2018 you can do it in either, probably easier to manage in CF... I left CF off and left it in my nginx config. Just because i didn't initially trust CF, i was just toying with it. Didn't want to screw with my config if i had to change it back. got it, thanks! Link to comment Share on other sites More sharing options...
mastrmind11 717 Posted August 30, 2018 Author Share Posted August 30, 2018 you can do it in either, probably easier to manage in CF... I left CF off and left it in my nginx config. Just because i didn't initially trust CF, i was just toying with it. Didn't want to screw with my config if i had to change it back. what do you have set for feature-policy for emby? I don't plan to get into CSP just yet, at least while I'm away from my remote clients in case something f's up, but I dunno what features to set. Appreciate the suggestion. Link to comment Share on other sites More sharing options...
pir8radio 1293 Posted August 30, 2018 Share Posted August 30, 2018 what do you have set for feature-policy for emby? I don't plan to get into CSP just yet, at least while I'm away from my remote clients in case something f's up, but I dunno what features to set. Appreciate the suggestion. not sure what you are asking? how i have CF setup? Link to comment Share on other sites More sharing options...
mastrmind11 717 Posted August 30, 2018 Author Share Posted August 30, 2018 (edited) not sure what you are asking? how i have CF setup? no the nginx directive feature-policy. It's keeping me from an A grade on https://observatory.mozilla.org https://scotthelme.co.uk/a-new-security-header-feature-policy/ Edited August 30, 2018 by mastrmind11 Link to comment Share on other sites More sharing options...
pir8radio 1293 Posted August 30, 2018 Share Posted August 30, 2018 (edited) no the nginx directive feature-policy. It's keeping me from an A grade on https://observatory.mozilla.org https://scotthelme.co.uk/a-new-security-header-feature-policy/ I'm not setting it. I guess I'll have to look into it. lol Yea I just checked I don't set that header. Edited August 30, 2018 by pir8radio 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now