PIXILAB Wiki

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
blocks:server:nginx [2025-09-15 11:18] – [HTTPS, Domain name and Certificate] mattiasblocks:server:nginx [2025-09-17 06:41] (current) – [Using Local Wifi] mattias
Line 51: Line 51:
 Make sure to keep the space  after //server_name// as well as the semicolon after the domain name. Save the result by pressing ctrl-O followed by the Enter key, then exit the //nano// editor by ctrl-X.  Make sure to keep the space  after //server_name// as well as the semicolon after the domain name. Save the result by pressing ctrl-O followed by the Enter key, then exit the //nano// editor by ctrl-X. 
  
-Make sure you've set good, strong passwords on all your Blocks users. Finally, while still as the //root// user, run the following commands, pressing enter after each. The first of these commands checks your new nginx configuration for errors. Pay close attention to any error messages that may appear. +Make sure you've set good, strong passwords on all your Blocks users
 +Before thenext step, test if certbot has the potential to work by visiting [[https://letsdebug.net/]]. This is a pretest/debugger to make sure everything seem to work with the certbot HTTP-01 challenge. Finally, while still as the //root// user, run the following commands, pressing enter after each. The first of these commands checks your new nginx configuration for errors. Pay close attention to any error messages that may appear. 
  
 <code> <code>
Line 99: Line 100:
   - You must provide internet access to your visitors through your local wifi. This is required both to expedite the wifi connection (many phones will hesitate to connect to a wifi that doesn't have internet access) and to access the DNS.   - You must provide internet access to your visitors through your local wifi. This is required both to expedite the wifi connection (many phones will hesitate to connect to a wifi that doesn't have internet access) and to access the DNS.
   - Your DNS entry must point to the IP address of your intranet Blocks server, now (hopefully) accessible through your wifi. That means that any attempts to access it from the internet will fail (since it's only available while on the in-house wifi). An "official" DNS entry is required since many smartphones and browsers use some form of "secure DNS", such as [[https://en.wikipedia.org/wiki/DNS_over_HTTPS|DNS over HTTPS]], and will ignore any in-house DNS.   - Your DNS entry must point to the IP address of your intranet Blocks server, now (hopefully) accessible through your wifi. That means that any attempts to access it from the internet will fail (since it's only available while on the in-house wifi). An "official" DNS entry is required since many smartphones and browsers use some form of "secure DNS", such as [[https://en.wikipedia.org/wiki/DNS_over_HTTPS|DNS over HTTPS]], and will ignore any in-house DNS.
-  - You can't use the automatic "certbot" method mentioned above to obtain a certificate. You must instead use a more complicated DNS-based method. +  - You can't use the automatic "certbot" method mentioned above to obtain a certificate. [[blocks:server:nginx:dns01_challenge|You must instead use a more complicated DNS-based method]] 
 + 
 + 
 + 
 + 
  
-====Acquire Let's Encypt certificates using DNS-01 challenge==== 
  
-This outlines the principle steps to set up automatic certificate renewals on an internal server. 
-For this to work the server must have internet access. Digital ocean will be used as example here but the same principles apply to many major dns providers.. 
-Make sure you have a blocks system that works over http before attempting to att secure content over https.