Jump to content

DDNS domain randomly stopped

mastrmind11

By mastrmind11
in Non-Emby General Discussion

 Share

Recommended Posts

pir8radio

pir8radio   1293

Posted
Posted 
bill@XeonServer:/etc/nginx/sites-available$ sudo nginx -t
nginx: [emerg] "ssl_certificate" directive is duplicate in /etc/nginx/sites-enabled/reverse:12

which makes sense.  Is that what you were expecting?

 

 

edit: so I commented out the dupe ssl_certificate line (public.pem), and commented out the strong-ssl.conf line, and now it works as expected.  Also got rid of the ssl_stapling error, which was expected.  Sadly, I'm fairly certain I tried this solution already, iteratively, but probably lost track?  In any case, thank you so much for your help bro, I owe you a round or 4.

 

 

lol..    well good...   weird I don't get duplicate ssl cert errors in my nginx.  i use the same certs for all of my server blocks.   I use a wildcard cert.   Well, good glad it worked for you!  Yea it was one of the first things we tried, not sure why it didn't initially work..   But if you don't specify a "default" site nginx goes with the first server block and sets it as default, which is what I think was happening. 

  • Like 1
Link to comment
Share on other sites
mastrmind11

mastrmind11   717

Posted
  • Author
Posted (edited)

lol..    well good...   weird I don't get duplicate ssl cert errors in my nginx.  i use the same certs for all of my server blocks.   I use a wildcard cert.   Well, good glad it worked for you!  Yea it was one of the first things we tried, not sure why it didn't initially work..   But if you don't specify a "default" site nginx goes with the first server block and sets it as default, which is what I think was happening. 

thanks again dude.  btw what was the site you posted a while back for sec testing your site?  not the mozilla one, that's for a time when i have an uninterrupted weekend, but there was another that gave a grade, can't seem to find it on here.  

Edited by mastrmind11
Link to comment
Share on other sites
pir8radio

pir8radio   1293

Posted
Posted

thanks again dude.  btw what was the site you posted a while back for sec testing your site?  not the mozilla one, that's for a time when i have an uninterrupted weekend, but there was another that gave a grade, can't seem to find it on here.  

 

Oh the tough one is https://observatory.mozilla.org/  but if you go to the "Third party tests" tab on the results page it shows you your results from some of the other web test sites all on one page...  

  • Like 1
Link to comment
Share on other sites
pir8radio

pir8radio   1293

Posted
Posted (edited) 
bill@XeonServer:/etc/nginx/sites-available$ sudo nginx -t
nginx: [emerg] "ssl_certificate" directive is duplicate in /etc/nginx/sites-enabled/reverse:12

which makes sense.  Is that what you were expecting?

 

 

edit: so I commented out the dupe ssl_certificate line (public.pem), 

 

 

 

lol oops i just realized i left my "demo" line in there, I see what you were saying about duplicate ssl_cert line now.. oops that was a mistake, good catch!

Edited by pir8radio
  • Like 1
Link to comment
Share on other sites
mastrmind11

mastrmind11   717

Posted
  • Author
Posted

Oh the tough one is https://observatory.mozilla.org/  but if you go to the "Third party tests" tab on the results page it shows you your results from some of the other web test sites all on one page...  

Thanks.  Now that I've got CF sitting in front, would it make sense to turn on HSTS at that level as opposed to setting in nginx?

Link to comment
Share on other sites
pir8radio

pir8radio   1293

Posted
Posted (edited)

Thanks.  Now that I've got CF sitting in front, would it make sense to turn on HSTS at that level as opposed to setting in nginx?

 

you can do it in either, probably easier to manage in CF...  I left CF off and left it in my nginx config.   Just because i didn't initially trust CF, i was just toying with it.  Didn't want to screw with my config if i had to change it back.

Edited by pir8radio
Link to comment
Share on other sites
mastrmind11

mastrmind11   717

Posted
  • Author
Posted

you can do it in either, probably easier to manage in CF...  I left CF off and left it in my nginx config.   Just because i didn't initially trust CF, i was just toying with it.  Didn't want to screw with my config if i had to change it back.

got it, thanks!

Link to comment
Share on other sites
mastrmind11

mastrmind11   717

Posted
  • Author
Posted

you can do it in either, probably easier to manage in CF...  I left CF off and left it in my nginx config.   Just because i didn't initially trust CF, i was just toying with it.  Didn't want to screw with my config if i had to change it back.

what do you have set for feature-policy for emby?  I don't plan to get into CSP just yet, at least while I'm away from my remote clients in case something f's up, but I dunno what features to set.  Appreciate the suggestion.

Link to comment
Share on other sites
pir8radio

pir8radio   1293

Posted
Posted

what do you have set for feature-policy for emby?  I don't plan to get into CSP just yet, at least while I'm away from my remote clients in case something f's up, but I dunno what features to set.  Appreciate the suggestion.

 

not sure what you are asking? how i have CF setup?

Link to comment
Share on other sites
pir8radio

pir8radio   1293

Posted
Posted (edited)

no the nginx directive feature-policy.  It's keeping me from an A grade on https://observatory.mozilla.org :)

 

https://scotthelme.co.uk/a-new-security-header-feature-policy/

 

I'm not setting it.    I guess I'll have to look into it. lol   Yea I just checked I don't set that header.

 

5b874fff43bfb_Capture.png

Edited by pir8radio
  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...