Topic: Help to setup nginx to work with Cloudflare DNS and LNBits (Read 217 times)

Hey I just wanted to say , if your having difficulty with this,
aside from ssl certs this is pretty standard stuff, You have a long road ahead of you my friend.
deploying sql libs, securing them, and running from home too.... on a crypto based site.
reconsider a test page on a cheap web server and ask people to pentest and report.
my 2 satoshi fwiw.I'm editing this because after seeing you post for a while I think you may have just overthought this process and are more then capable of doing it alone.

Keep in mind by default with the letsencrypt certificates they are only for 1 domain at a time.
You can get as many as you want.
So you can have site1.darkv0rt3x.com and site2.darkv0rt3x.com and site3.darkv0rt3x.com but they all need to have separate requests and separate key files and so on.
That's just the way it is.

You can get wildcard certs for *.darkv0rt3x.com but you have to request them in a slightly different way:

https://community.letsencrypt.org/t/acme-v2-production-environment-wildcards/55578

-Dave

Same here. I just forgot to come back to this thread.

I'm using almost everything 3rd party. Only the modem needs to be from my provider. Router is a Netgear R7800.



The goal was/is to do things by hand for the sake of learning what is going in the background. So, I'm using acme.sh script and obviously, there is some configuration that I need to do by hand. That's the "fun" part. Of course that this brings me to places I have no knowledge in and that creates problems and etc, but this is the learning process I want to go through!

As of now, part of things are working. I have an lnbits site running with a valid Let'sEncrypt signed certificate. However, I have one other site (front-end, RTL) that is still complaining about this same certificate, but in this case, I think it's due to the fact that I didn't include this one in the certificate.

If you're using LetsEncrypt certs (and not self-signed certs that will make all browsers ring alarm bells), you can simply configure SSL verification directly through Cloudflare using the certbot-plugin-cloudflare package or whatever it's called in Ubuntu. You don't have to configure Nginx yourself in this case.

You make an INI file like this:


and then when you run certbot, just enter the path to the INI file when prompted to.

Sorry missed your reply the other day.

The same way you set your router to forward the ports on the public IP to the private IP on the IPv4 network you have to do on the IPv6 network.
Some routers do this automatically when you forward, others you have to do separately.

What router are you using / did your ISP provide?

-Dave

I need to make sure exactly what you are saying.
I mean, LNBits is running on a device different from my laptop. Both my laptop and device are on IPv6 but also on IPv4!
So I need to see where I have to have those ports mapped, etc! If you can give me some tips, I would appreciate!

That will have nginx listen. If you have IP6 configured and running on the PC and the IP6 IPs on the router pointed to it then you are good.
It's probably not worth putting in a lot of time at the moment getting it working, IP6 is not that big in the world at the moment despite many ISPs pushing it.

-Dave

Holly crap... This is just so weird... Well, at least to me because I had no idea that could be a problem...

Ok, I'll try to setup ports accordingly. Hope I can do it. And I'll give feedback here in case I'm still not successful.



So, if you suggest not using Clouflare's DNSs, which ones should I use?

And about the IPv6 matter, I have provided nginx confi files in my thread. I have this there:

Is this what you mean when you say:


Anyway, I'll remove IPv6 registers from DNS configuration!


Edited;
Anyway, I removed IPv6 registers both from my domain site DNS records and also from Cloudflare. And I was trying to setup IPv4 in Cloudflare to see if it would work, by also changing the port in my nginx config file to 8443. I'm not sure it is not working because it needs time for the DNS configs to spread through the internet or if I still have things misconfigured! But as we speak, I have Cloudflare DNSs setup in my domain site, the IPv4 A registers in Cloudflare site and port 8443 setup in my nginx config file for this site.

I'll wait until tomorrow morning to check if it's working by then.



Edited 2;
Ok, I think it's working but I want to make sure tomorrow it will still be working.
I forgot to open port 8443 in my router firewall config! Now that I did it, seems to be working!

100% what vv181 said. Cloudflare will not work with "non standard" ports.
Not sure why, but it's what they do. You probably should not use them anyway for this kind of stuff. Do you really want a 3rd party reading all your LN transactions?
Also, unless you have the IP6 ports mapped back to your PC through the router AND have IP6 on the PC AND have nginx responding on IP6 do not give the IP6 info in DNS.

Because, if someone who does have IP6 tries to connect it will not work. If a network that is using IP6 to IP4 tunneling that you don't even see (a lot of cell phone companies do this) then it will not work.

-Dave

How do things exactly "breaks"? the site is unreachable?

I don't have much experience with Cloudflare, but I think it may be related to this ​Network ports compatible with Cloudflare's proxy. And the reason why it breaks after a couple of hours may be related to the time of the DNS nameserver being propagated.

You can wait for other answers regarding the issue, or you can also try to match the ports with what Cloudflare compatible with, see if that somehow works.

Hello.

Following this thread, I have decided to purchase a domain to try to make things a bit easier and normal.
So, I bought a domain in ahnames.com (they accept Bitcoin as payment, ). The domain site provides DNSs and if I use them, things seems to work.



Then, in the DNS records I have the following:
IMAGE REMOVED

Those IPv6 addresses are there because I'm not sure which ones I should use, therefore I used all that are not temporary.

So, if anyone tries to access those 2 sites, rtl.bitcoin.... and lnbits.bitcoin...., I think they work, on ports 3002 and 5001, respectively.
So, I presume my nginx configuration is correct. I leave it here too:


This is the /etc/nginx/sites-available/default file. This is the only file here and there is the symlink inside /etc/nginx/sites-enable/default as shown below:

So, the above setup seems to work.

However, if I try to setup Cloudflare's DNSs in my domain site, like the picture below:


and setup a few A and AAAA registers in Cloudflare site, like the picture below:
IMAGE REMOVED

things just break after a couple of hours. Anything works anymore.
Nore: the IPv6 addresses in Cloudflare screenshot don't match my domain site just because I updated the ones in my domain site right before I start writting this thread. But the idea remains. I created those registers to make them to point to my public IP (v4 and v6).

So, what am I doing wrong, after all?
I just hope not being disclosing any security info... :|


EDITED;
Some images removed due to possible security risks... Sorry for that.