Web is not my field but i thought i could handle it.
The purpose is quite simple:
Got 3 services i want to serve from the same Virtual Machine on the same network.
elastic:8881 > ssl > :8881
kibana:5601 > ssl > :8882
webserver:80 > ssl < :443
I managed to serve elastic and kibana without any problems following the documentation with this configuration on nginx :
/etc/nginx/conf.d/servestuff.conf
ssl_certificate /etc/ssl/certs/nginx-autosigne.crt;
ssl_certificate_key /etc/ssl/private/nginx-autosigne.key;
upstream elasticsearch {
server 127.0.0.1:9200;
keepalive 15;
}
upstream kibana {
server 127.0.0.1:5601;
keepalive 15;
}
server {
listen 8881 ssl;
location / {
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/htpasswd.users;
proxy_pass http://elasticsearch;
proxy_redirect off;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Connection "Keep-Alive";
proxy_set_header Proxy-Connection "Keep-Alive";
}
}
server {
listen 8882 ssl;
location / {
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/htpasswd.users;
proxy_pass http://kibana;
proxy_redirect off;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Connection "Keep-Alive";
proxy_set_header Proxy-Connection "Keep-Alive";
}
}
As i feel lazy, naive and lack some skills i thought i could serve the web with this block :
upstream thewebthing {
server 127.0.0.1:443;
keepalive 15;
}
server {
listen 443 ssl;
server_name thewebthing;
large_client_header_buffers 4 16k;
location / {
error_log /var/log/nginx/thewebthing.log info;
root /var/www/thewebthing/public;
index index.html index.htm index.php;
proxy_pass http://thewebthing;
proxy_redirect off;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Connection "Keep-Alive";
proxy_set_header Proxy-Connection "Keep-Alive";
}
}
I knew it couldn't be that easy. I tried to troubleshoot ny reading logs giving me :
==> /var/log/nginx/access.log <==
127.0.0.1 - - [25/Mar/2022:16:45:29 +0100] "GET /var/www/thewebthing/public/index.php HTTP/1.1" 400 271 "-" "curl/7.64.0"
192.168.2.249 - - [25/Mar/2022:16:45:29 +0100] "GET /var/www/thewebthing/public/index.php HTTP/1.1" 400 271 "-" "curl/7.64.0"
==> /var/log/nginx/thewebthing.log <==
2022/03/25 16:45:29 [info] 863#863: *4531 client 192.168.2.249 closed keepalive connection
curl giving me this :
curl -k https://192.168.2.249/var/www/thewebthing/public/index.php
<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>nginx/1.14.2</center>
</body>
</html>
I guess it has something to do with nginx considering i'm giving http request to https.
443 is openned but not the 80 :
ss -lapunte | grep -E '443|80'
tcp LISTEN 0 128 0.0.0.0:443 0.0.0.0:* ino:66759 sk:1d <->
I got no firewall, no apparmor or Selinux, permissions are www-data i tried to increase logging.
As you can notice i'm not confortable with the web thing. That is why i'm looking for some hints, clue to drive me on the right track.
Thank you kind stranger.
