Let's Encrypt SSL on specific port(s) & for docker ports

nu01 · November 14, 2024, 10:04am

Host: example1.domain.tld / example2.domain.tld / dockercotainer.domain.tld
Port: 81 & 83 / 2978 & 2283 / docker_port1 & 2

So for my host which is under a separate port, the SSL got generated via /usr/local/bin/hestia/v-add-letsencrypt-host, however, I am not sure how I can get the rest done. I searched long, and being non-technical, I could not get this done for any of my ports.

Any help will be appreciated please.

My current sys-config, if that is required:

**/usr/local/hestia/bin# v-list-sys-config**
Web Server:                       apache2:8080 (www-data)
SSL Support:                      mod_ssl:8443
Web Backend:                      php-fpm
Proxy Server:                     nginx:80
Proxy SSL:                        nginx:443
Version:                          1.8.12
Release Branch:                   release

eris · November 14, 2024, 10:07am

You can’t Lets encrypt only works on port 80 and 443

That is why you can use Hestia to create a template to forward traffic to your docker host

nu01 · November 14, 2024, 10:12am

Thanks @eris for the quick response. It is not just for docker, but also for other ports. Example: 81, 83, 2897, etc., etc.,

Also, how can I use hestia to create this template? Apologies, I am fairly new to these stuffs, and love hestia for being almost very good for newbies like me.

Edit: I can see it here - Web Templates and FastCGI/Proxy Cache | Hestia Control Panel, but as I mentioned, I am not sure.

nu01 · November 17, 2024, 1:26pm

I did not get the above docker done, but I was finally able to get forgejo (port 3000) (specific port) redirect to https with let’s encrypt ssl.

I created a normal subdomain at normal 80/443 ports with LE SSL generated.
Then in the forgejo app.ini (/etc/forgejo/app.in) file, added this under [server]

[server]
ENABLE_ACME = enable
HTTPS_PORT = 3000 ssl
ROOT_URL = https://git.domain.tld

Then under nginx.conf ($HESTIADATA\conf\web\git.domain.tld\nginx.conf) I added

location / {
    client_max_body_size 4096M;
    proxy_pass http://localhost:3000;
    proxy_set_header Connection $http_connection;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;

Then under apache2.conf ($HESTIADATA\conf\web\git.domain.tld\apache2.conf) I added

ProxyPreserveHost On
ProxyRequests off
AllowEncodedSlashes NoDecode
ProxyPass / http://localhost:3000/ nocanon

Then under apache2.ssl.conf ($HESTIADATA\conf\web\git.domain.tld\apache2.ssl.conf) I added

< VirtualHost git.domain.tld:8443 https >

ProxyPreserveHost On
ProxyRequests off
AllowEncodedSlashes NoDecode
ProxyPass / http://localhost:3000/ nocanon

I also enabled the following to ensure the proxy works:

a2enmod proxy
a2enmod proxy_http
a2enmod proxy_balancer
a2enmod proxy_wstunnel
systemctl restart apache2

systemctl restart apache2
systemctl restart nginx
systemctl start forgejo.service

I got the help from these:
APache SSL Long Record Error
Let’s Encrypt SSL Certificate
Gitea Reverse Proxy - Apache HTTPD
Gitea Reverse Proxy - General Conf
Gitea Reverse Proxy - NGINX