So I have looked at the configs and templates again.
Please correct me if I’m wrong, lol.
**The Virtual Hosts are at:
NGINX
/home/admin/conf/web/gldn.page/nginx.conf – listening on port 80
for server_name gldn.page *.gldn.page
ARE WE NOT FORCING HTTPS - SO IS THIS NEEDED ??
( includes nginx.forcessl.conf* – which doesn’t exist )
( includes nginx.conf_* – which doesn’t exist )
proxies the data to http://78.110.163.102:8080 — to be picked up by apache2
THE BELOW IS NEEDED TO RECEIVE FROM NGINX SSL ( I THINK )
APACHE2
/home/dave/conf/web/gldn.page/apache2.conf – this is for port 8080
( IncludeOptional … gldn.page/apache2.forcessl.conf* – which doesn’t exist )
<VirtualHost 78.110.163.102:8080>
ServerName gldn.page
ServerAlias *.gldn.page
ServerAdmin [email protected]
DocumentRoot /home/dave/web/gldn.page/public_html
ScriptAlias /cgi-bin/ /home/dave/web/gldn.page/cgi-bin/
Alias /vstats/ /home/dave/web/gldn.page/stats/
Alias /error/ /home/dave/web/gldn.page/document_errors/
#SuexecUserGroup dave dave
CustomLog /var/log/apache2/domains/gldn.page.bytes bytes
CustomLog /var/log/apache2/domains/gldn.page.log combined
ErrorLog /var/log/apache2/domains/gldn.page.error.log
IncludeOptional /home/dave/conf/web/gldn.page/apache2.forcessl.conf*
<Directory /home/dave/web/gldn.page/stats>
AllowOverride All
</Directory>
<Directory /home/dave/web/gldn.page/public_html>
AllowOverride All
Options +Includes -Indexes +ExecCGI
</Directory>
<FilesMatch \.php$>
SetHandler "proxy:unix:/run/php/php8.0-fpm-gldn.page.sock|fcgi://localhost"
</FilesMatch>
SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
IncludeOptional /home/dave/conf/web/gldn.page/apache2.conf_*
IncludeOptional /etc/apache2/conf.d/*.inc
</VirtualHost>
Now to the TEMPLATES
/usr/local/hestia/data/templates/web/nginx/
Custom: ngx-wild-tmp.tpl — ARE WE NOT FORCING HTTPS ?
SO BELOW CAN BE DELETED ?
server {
listen %ip%:%proxy_port%;
server_name %domain_idn% %alias_idn%;
include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*;
location / {
proxy_pass http://%ip%:%web_port%;
location ~* ^.+\.(%proxy_extensions%)$ {
root %docroot%;
access_log /var/log/%web_system%/domains/%domain%.log combined;
access_log /var/log/%web_system%/domains/%domain%.bytes bytes;
expires max;
try_files $uri @fallback;
}
}
location /error/ {
alias %home%/%user%/web/%domain%/document_errors/;
}
location @fallback {
proxy_pass http://%ip%:%web_port%;
}
location ~ /\.(?!well-known\/|file) {
deny all;
return 404;
}
include %home%/%user%/conf/web/%domain%/nginx.conf_*;
}
ALSO AT:
/usr/local/hestia/data/templates/web/nginx/
CUSTOM ngx-wild-tmp.stpl - scrap this
HAD A THOUGHT.
Since I am assigning a template for each domain,
why don’t I just hard code the template instead of using these variables ?
then it will be easier to see what is happening.
WE WANT TO TERMINATE SSL HERE, AND THEN PROXY TO 8080 ON APACHE2
( is that correct ? )
EG
CUSTOM: ngx-Gldn.stpl
server {
server {
listen 78.110.163.102:443;
server_name gldn.page *.gldn.page;
ssl_certificate /etc/letsencrypt/live/gldn.page/fullchain.pem; OR SHOULD BE .CRT ?
ssl_certificate_key /etc/letsencrypt/live/gldn.page/privkey.pem;
ssl_stapling on;
ssl_stapling_verify on;
error_log /var/log/nginx/domains/gldn.page.error.log
// include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*; // This doesn't exist
location / {
proxy_pass https://78.110.163.102:8080 --- to be picked up by apache2
location ~* ^.+\.(%proxy_extensions%)$ { // WHAT IS THIS SECTION FOR ?
root %sdocroot%;
access_log /var/log/%web_system%/domains/%domain%.log combined;
access_log /var/log/%web_system%/domains/%domain%.bytes bytes;
expires max;
try_files $uri @fallback;
}
}
location /error/ {
alias %home%/%user%/web/%domain%/document_errors/;
}
location @fallback {
proxy_pass https://%ip%:%web_ssl_port%; WHAT IS THIS FOR ?
}
location ~ /\.(?!well-known\/|file) {
deny all;
return 404;
}
proxy_hide_header Upgrade;
include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*; // Doesn't exist
}
Would this work ?
What is the v-rebuild-web-domains dave gldn.page for?
If I have the correct templates and certificate paths - why do I need to rebuild anything?
Thanks