NGINX config clarification

Configuration
1

Following https://home-assistant.io/docs/ecosystem/nginx/ to setup nginx.

Is step 4 only required if you’re using openssl? Initially I was going on this assumption because it states to cd to /etc/nginx/ssl and I don’t see this directory.

But then when editing the hass file created in step 5 the line below made me question if I do in fact need to do step 4. Should i just comment this out if using letsencrypt?

# Ensure this line points to your dhparams file
ssl_dhparam /etc/nginx/ssl/dhparams.pem;

Cheers,
Mike

2

I’m using let’s encrypt and don’t have this line. But this is not a OpenSSL-config exclusive thing. I DO recommend actually including it. If you for what ever reason don’t want to do that you also have to uncomment a few oder lines of your SSL config from that tutorial. I only have those two lines in mine and it works:

ssl_certificate /etc/letsencrypt/live/DOMAIN/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/DOMAIN/privkey.pem;

The reason for me not having those is I did not know about that as I established my reverse proxy before I knew about that tutorial and haven’t found time yet to integrate them :slight_smile:

~Cheers

3

Thanks @PhyberApex.

I did edit the two letsencrypt lines to reflect the location of my current certs.

But still a bit confused about the ssl_dhparam /etc/nginx/ssl/dhparams.pem; line. Should i just comment this out?

4

No create the file like explained in step 4 and leave it in. I just took my time to add it to my setup as well.

~Cheers

5

Ok. You created the ssl folder in /etc/nginx/ manually?

1 Like
6

I just created the folder and ran the command. We’ll see what happens. Thanks for your help.

7

Yes I did that.

~Cheers

8

Unable to start nginx. Not sure what I missed. It was running when i first installed it as I stopped it manually. Tried rebooting RPi, no luck.

pi@hassbian:~ $ sudo systemctl status nginx.service -l
● nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled)
   Active: failed (Result: exit-code) since Wed 2017-03-15 13:10:51 EDT; 45s ago
  Process: 706 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=1/FAILURE)

Mar 15 13:10:50 hassbian systemd[1]: Starting A high performance web server and a reverse proxy server...
Mar 15 13:10:51 hassbian nginx[706]: nginx: [emerg] "http" directive is not allowed here in /etc/nginx/sites-enabled/default:1
Mar 15 13:10:51 hassbian nginx[706]: nginx: configuration file /etc/nginx/nginx.conf test failed
Mar 15 13:10:51 hassbian systemd[1]: nginx.service: control process exited, code=exited status=1
Mar 15 13:10:51 hassbian systemd[1]: Failed to start A high performance web server and a reverse proxy server.
Mar 15 13:10:51 hassbian systemd[1]: Unit nginx.service entered failed state.
9

Not sure what to tell you here can’t really help you any more then the error message without having the config file…

~Cheers

10

This /etc/nginx/sites-available/hass file?

I can post that. Should that file have an extension?

11

You could try to remove this part:

http {
    map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;
    }

and also the very last “}” as I don’t have that in my nginx config.

~Cheers

12

pi@hassbian:~ $ sudo systemctl status nginx.service -l
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled)
Active: failed (Result: exit-code) since Wed 2017-03-15 13:22:46 EDT; 11s ago
Process: 1920 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=1/FAILURE)

Mar 15 13:22:46 hassbian nginx[1920]: nginx: [emerg] unknown directive “myserver.duckdns.org” in /etc/nginx/sites-enabled/default:4
Mar 15 13:22:46 hassbian nginx[1920]: nginx: configuration file /etc/nginx/nginx.conf test failed
Mar 15 13:22:46 hassbian systemd[1]: nginx.service: control process exited, code=exited status=1
Mar 15 13:22:46 hassbian systemd[1]: Failed to start A high performance web server and a reverse proxy server.
Mar 15 13:22:46 hassbian systemd[1]: Unit nginx.service entered failed state.

13

I just found a typo in my config. Will report back.

14

No luck. Still failing to start. My hass file is basically a copy and paste from the tutorial. Edited with my duckdns info. The items I edited below.

server {
        # Update this line to be your domain
        myhostname.duckdns.org;

        # These shouldn't need to be changed
        listen 80 default_server;
        listen [::]:80 default_server ipv6only=on;
        return 301 https://$host$request_uri;
    }

    server {
        # Update this line to be your domain
        myhostname.duckdns.org;

ssl_certificate /etc/letsencrypt/live/myhostname.duckdns.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/myhostname.duckdns.org/privkey.pem;
15

Think I figured it out.

should be

server {
        # Update this line to be your domain
        server_name myhostname.duckdns.org;

Same for the second server entry.

16

I quit. lol. Nothing seems to want to make this work. Very frustrating.

17

@Mike_D – I use this NGINX configuration. Works great, highly suggest!

18

Thanks @brianjking. I was just reading that thread. I uninstalled nginx and I’m going start again fresh.

19

Generate stronger Diffie Hellman Ephemeral parameter

cd /etc/ssl/certs
sudo openssl dhparam -out dhparam.pem 4096

I know this step says it will take a long time, but it’s been going for 3 hours! That can’t be right!?

Can I ctrl+c and run it again?

20

It’ll run for quite a while, I can’t recall how long it took on my Raspberry Pi 3. Yes, you could cancel, but honestly I’d just let it continue to run.