8000 nginx proxy path · Issue #218 · mjl-/mox · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
nginx proxy path #218
New issue
New issue
Open
Open
nginx proxy path#218
@mgkirs

Description

@mgkirs
mgkirs
opened on Sep 28, 2024

i am try to start with nginx, i am do not understand haw to work with ACME, MTA-STS
i am don`t find mta-sts.txt


		# Automatic TLS configuration with ACME, e.g. through Let's Encrypt. The key is a
		# name referenced in TLS configs, e.g. letsencrypt. (optional)
ACME:
	letsencrypt:
		Port: 10444
		# For letsencrypt, use https://acme-v02.api.letsencrypt.org/directory.
		DirectoryURL: https://acme-v02.api.letsencrypt.org/directory
		# Email address to register at ACME provider. The provider can email you when
		# certificates are about to expire. If you configure an address for which email is
		# delivered by this server, keep in mind that TLS misconfigurations could result
		# in such notification emails not arriving.
		ContactEmail: host

		# If set, used for suggested CAA DNS records, for restricting TLS certificate
		# issuance to a Certificate Authority. If empty and DirectyURL is for Let's
		# Encrypt, this value is set automatically to letsencrypt.org. (optional)
		IssuerDomainName: letsencrypt.org
		# File containing hash of admin password, for authentication in the web admin
		# pages (if enabled). (optional)

That config server not for 127.0.0.1
i am try to listen whith nginx but i am do not haw to slow proxy

server {
    server_name autoconfig.host; 
    # Проксирование запросов на локальный Mox
    location / {
        proxy_pass http://$server_address:10444;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    # Для ACME вызовов
    location /.well-known/acme-challenge/ {
        proxy_pass http://$server_address:10444;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/neveru.me/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/neveru.me/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

That give error 400 or 502
if i am connect to $server_addreess:10433 i am look ERR_CONNECTION_TIMED_OUT or SSL_ERROR

OS:

NAME="Rocky Linux"
VERSION="9.4 (Blue Onyx)"
ID="rocky"
ID_LIKE="rhel centos fedora"
VERSION_ID="9.4"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Rocky Linux 9.4 (Blue Onyx)"
ANSI_COLOR="0;32"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:rocky:rocky:9::baseos"
HOME_URL="https://rockylinux.org/"
BUG_REPORT_URL="https://bugs.rockylinux.org/"
SUPPORT_END="2032-05-31"
ROCKY_SUPPORT_PRODUCT="Rocky-Linux-9"
ROCKY_SUPPORT_PRODUCT_VERSION="9.4"
REDHAT_SUPPORT_PRODUCT="Rocky Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.4"
Rocky Linux release 9.4 (Blue Onyx)
Rocky Linux release 9.4 (Blue Onyx)
Rocky Linux release 9.4 (Blue Onyx)

may be its ssl redirects cloudflsare...
some times i am look:

mox[39660]: l=debug m="autotls hostpolicy result" err="autotls: host not in allowlist: \"mx.host\"" pkg=autotls host=host

where is allow list configurations?

mox[73422]: l=print m="starting as unprivileged user" pkg=serve user=mox pid=73422
mox[73422]: l=debug m="checking ips of hosts configured for acme tls cert validation" pkg=mox
mox[73422]: l=debug m="dns lookup result" pkg=mox pkg=autotls type=ip network=ip host=mx.hostcom resp=[ffff;ff] authentic=true duration=3.142491ms
mox[73422]: l=debug m="dns lookup result" pkg=mox pkg=autotls type=ip network=ip host=autoconfig.neveru.me. resp=[ffff;ff] authentic=true duration="954.344µs"
mox[73422]: l=debug m="dns lookup result" pkg=mox pkg=autotls type=ip network=ip host=mta-sts.host resp=[ffff;ff] authentic=true duration=2.578024ms
mox[73422]: l=debug m="dns lookup result" pkg=mox pkg=autotls type=ip network=ip host=mail.host resp=[ffff;ff] authentic=true duration="478.275µs"
mox[73422]: l=debug m="dns lookup result" pkg=mox pkg=autotls type=ip network=ip host=autoconfig.host resp=[ffff ff] authentic=true duration="379.888µs"
mox[73422]: l=debug m="dns lookup result" pkg=mox pkg=autotls type=ip network=ip host=mta-sts.host resp=[ffff,ff] authentic=true duration=1.068899ms
mox[73422]: l=debug m="dns lookup result" pkg=mox pkg=autotls type=ip network=ip host=mail.host resp=[ffff;ff] authentic=true duration="564.612µs"
mox[73422]: l=print m="ready to serve" pkg=serve
mox[73422]: l=info m="sending tls reports" pkg=tlsrptsend day=20240929 cid=19241227017
mox[73422]: l=info m="determining own version before checking for updates, trying again in 24h" err="parsing version: open data/lastknownversion: no such file or directory" pkg=serve
mox[73422]: l=info m="finished sending tls reports" pkg=tlsrptsend cid=19241227017
mox[73422]: l=debug m="dns lookup result" err="lookup spamhaus.org. on 127.0.0.1:53: no such host" pkg=dnsblmonitor type=ip network=ip4 host= spamhaus.o>
mox[73422]: l=debug m="dnsbl lookup result" pkg=serve pkg=dnsbl zone=sbl.spamhaus.org ip=ff status=pass explanation= duration=1.550482ms
mox[73422]: l=info m="getting cert from dir cache" err="acme/autocert: certificate cache miss" pkg=autotls name=mx.host
mox[73422]: l=debug m="dircache get result" err="acme/autocert: certificate cache miss" pkg=autotls name=mx.host
mox[73422]: l=print m="ensuring certificate availability" pkg=http hostname=mx.host
mox[73422]: l=info m="getting cert from dir cache" err="acme/autocert: certificate cache miss" pkg=autotls name=mx.host
mox[73422]: l=debug m="dircache get result" err="acme/autocert: certificate cache miss" pkg=autotls name=mx.nhost
mox[73422]: l=debug m="autotls hostpolicy result" pkg=autotls host=mx.host mox[73422]: l=debug m="found existing private key for certificate for host" pkg=mox acmename=letsencrypt host=mx.host keytype=ecdsa-p256
mox[73422]: l=debug m="dns lookup result" err="lookup spamcop.net. on 127.0.0.1:53: no such host" pkg=dnsblmonitor type=ip network=ip4 host=.bl.spamcop.net. >
mox[73422]: l=debug m="dnsbl lookup result" pkg=serve pkg=dnsbl zone=bl.spamcop.net ip=ff status=pass explanation= duration=23.132401ms
mox[73422]: l=debug m="dns lookup result" err="lookup .spamhaus.org. on 127.0.0.1:53: no such host" pkg=dnsblmonitor typ>
mox[73422]: l=debug m="dnsbl lookup result" pkg=serve pkg=dnsbl zone=sbl.spamhaus.org ip=ffff status=pass explanation= duration=1.672654ms
mox[73422]: l=debug m="dircache put result" pkg=autotls name=mx.host+token
mox[73422]: l=debug m="dns lookup result" err="lookup .spamcop.net. on 127.0.0.1:53: no such host" pkg=dnsblmonitor type=>
mox[73422]: l=debug m="dnsbl lookup result" pkg=serve pkg=dnsbl zone=bl.spamcop.net ip=ffff status=pass explanation= duration=23.980872ms

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0