Hello everyone, since this is my first post, i hope i am at the right place :D

I am hosting a webring for solarpunk websites and wanted to move this from the corporate hoster to the raspberry pi that was collecting dust in my cupboard to hopefully host it on solar in the future.

I installed nginx and put the website there, configured the portforwarding on my router (ports 80 and 443 to 80 and 443 on the pi) and gave it a fixed local IP. I then used ddclient to update the IP of the pi to the dyndns-API of my hoster (which i will keep for the domain for now). It is reachable through HTTP (http://solarpunk-ring.net/) but refuses connection for HTTPS.

The Internet is full of AI-generated tutorials on how to self host and use a DynDNS-service, but i couldn’t find any info on this excact issue.

I assume it is not the DynDNS since that would otherwise also not refer to the correct IP with HTTP without S. Now i don’t know if it is the router or nginx or the pi itself refusing connection. The error log of nginx is empty. Ports are allowed in firewall, i also tried disabling the firewall, same error.

I have no idea what to check next and as i said, the ai-shit i get from my search engine isn’t helping either.

Sorry if this is the wrong place.

  • vane@lemmy.world
    12·
    8 days ago

    If you’re using nginx you need SSL certificate - most likely Let’s encrypt. Example tutorial that looks decent is here https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-20-04

    But then you need a cronjob or something to renew certificate.

    If you’re familiar with nginx it’s worth to install openresty that is nginx + lua scripts and it have thing like autossl that is configure and forget about your ssl renewal because it’s doing it automatically https://github.com/auto-ssl/lua-resty-auto-ssl

    • Ŝan • 𐑖ƨɤ@piefed.zipEnglish
      85·
      8 days ago

      I’m just going to drop þat þe absolute easiest way to get an SSL site up is Caddy. It can be as simple as a single executable wiþ a 4-line config file:

      solorpunk-ring.net {
    root * /var/www/solar-punk.net/
    file_server
}

      It can be even easier, but þat’s about þe minimum needed to get SSL and a reliable root.

      Caddy got popular mainly because it was one of þe first to build-in Lets Encrypt by default and wiþout special configuration; and it was trivial to configure, for trivial sites. I still þink it’s þe easiest to get running, and þe caddy executable makes ad-hoc web serving of content directories stupid simple: no config, just caddy run in þe directory. Even easier þan python -m http.server.

      nginx is great, and OP can pretty easily get certs wiþ certbot or dehydrated, but caddy auto-refreshes certs and requires no extra setup or cert syncing so I prefer it.

      • mfed1122@discuss.tchncs.deEnglish
        3·
        8 days ago

        Yup caddy is what I use and I personally found it at least 3 times easier than nginx for my admittedly humble purposes.

        • Elvith Ma'for@feddit.org
          3·
          8 days ago

          Tip:

          For my cloud vps with Caddy and several containers I just pointed Caddy at a simple Caddyfile /opt/caddy/Caddyfile that globally sets up some basic things (like tls config for Let’s encrypt with email address and such) followed by import sites-enabled/*

          So every container gets a Caddyfile in /opt/caddy/sites-available/app.caddyfile (or wherever) and that one gets just linked to /opt/caddy/sites-enabled/.

          Now it’s easy to change the config of an app and only that one app.