after ssl installation restya is not working anymore

51 views
Skip to first unread message

Alfredo Ensigno

unread,
Oct 29, 2019, 12:01:14 AM10/29/19
to Restya
We have been using a restyaboard installation on aws using the restyaboard one-click installation script. We now installed an ssl certifcate using certbot but after installation we can reach the board using https but we can't see any of the existing board nor does any of the links work.

below is the config file


server {
        server_name board.plixxia.com;

        root /usr/share/nginx/html/restyaboard;
        index  index.html index.php;

        gzip on;
        gzip_disable "msie6";

        gzip_comp_level 6;
        # gzip_comp_level 9;
        gzip_min_length  1100;
        gzip_buffers 16 8k;
        gzip_proxied any;
        # gzip_http_version 1.1;
        gzip_types       text/plain application/xml text/css text/js text/xml application/x-javascript text/javascript application/json application/xml+rss;

        client_max_body_size 300M;

        rewrite ^/oauth/authorize$ /server/php/authorize.php last;
        rewrite ^/oauth_callback/([a-zA-Z0-9_\.]*)/([a-zA-Z0-9_\.]*)$ /server/php/oauth_callback.php?plugin=$1&code=$2 last;
        rewrite ^/download/([0-9]*)/([a-zA-Z0-9_\.]*)$ /server/php/download.php?id=$1&hash=$2 last;
        rewrite ^/ical/([0-9]*)/([0-9]*)/([a-z0-9]*).ics$ /server/php/ical.php?board_id=$1&user_id=$2&hash=$3 last;
        rewrite ^/api/(.*)$ /server/php/R/r.php?_url=$1&$args last;
        rewrite ^/api_explorer/api-docs/$ /client/api_explorer/api-docs/index.php last;

        location / {
                root /usr/share/nginx/html/restyaboard/client;
        }

        location ~ \.php$ {
                try_files $uri =404;
                include fastcgi_params;
                fastcgi_pass    unix:/run/php/php7.2-fpm.sock;
                fastcgi_index   index.php;
                fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_param PHP_VALUE "upload_max_filesize=9G \n post_max_size=9G \n max_execution_time=200 \n max_input_time=200 \n memory_limit=256M";
        }

        location ~* \.(css|js|less|html|ttf|woff|jpg|jpeg|gif|png|bmp|ico) {
                root /usr/share/nginx/html/restyaboard/client;
                if (-f $request_filename) {
                        break;
                }
                rewrite ^/img/([a-zA-Z_]*)/([a-zA-Z_]*)/([a-zA-Z0-9_\.]*)$ /server/php/image.php?size=$1&model=$2&filename=$3 last;
                add_header        Cache-Control public;
                add_header        Cache-Control must-revalidate;
                expires           7d;
        }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/board.plixxia.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/board.plixxia.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = board.plixxia.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        listen 80;
        server_name board.plixxia.com;
    return 404; # managed by Certbot


}


        location ~* \.(css|js|less|html|ttf|woff|jpg|jpeg|gif|png|bmp|ico) {
                root /usr/share/nginx/html/restyaboard/client;
                if (-f $request_filename) {
                        break;
                }
                rewrite ^/img/([a-zA-Z_]*)/([a-zA-Z_]*)/([a-zA-Z0-9_\.]*)$ /server/php/image.php?size=$1&model=$2&filename=$3 last;
                add_header        Cache-Control public;
                add_header        Cache-Control must-revalidate;
                expires           7d;
        }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/board.plixxia.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/board.plixxia.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


}
server {
    if ($host = board.plixxia.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        listen 80;
        server_name board.plixxia.com;
    return 404; # managed by Certbot


}



Restya

unread,
Oct 29, 2019, 1:48:09 AM10/29/19
to Restya

Can you please send us the error.log file in the '/var/log/nginx' path to understand and solve the problem.

Ensigno

unread,
Oct 30, 2019, 2:34:44 AM10/30/19
to Restya

these are the only 2 entire in the log:

2019/10/29 07:04:53 [error] 1179#1179: *390 open() "/usr/share/nginx/html/restyaboard/client/fullchain.pem" fail$

2019/10/29 07:04:54 [error] 1179#1179: *391 open() "/usr/share/nginx/html/restyaboard/client/privkey.pem" failed$

--
You received this message because you are subscribed to the Google Groups "Restya" group.
To unsubscribe from this group and stop receiving emails from it, send an email to restya+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/restya/60114287-92d8-4736-b57a-a788588eb723%40googlegroups.com.

R. Rajesh Jeba Anbiah

unread,
Oct 30, 2019, 2:58:07 AM10/30/19
to Restya


On Wednesday, 30 October 2019 12:04:44 UTC+5:30, Ensigno wrote:

these are the only 2 entire in the log:

2019/10/29 07:04:53 [error] 1179#1179: *390 open() "/usr/share/nginx/html/restyaboard/client/fullchain.pem" fail$

2019/10/29 07:04:54 [error] 1179#1179: *391 open() "/usr/share/nginx/html/restyaboard/client/privkey.pem" failed$


It could be that above files are not available in the path or not having the correct permission & ownership. Kindly double check that 
Reply all
Reply to author
Forward
0 new messages