Can’t seem to make it the last stretch of the NGINX SSL Proxy setup.
I have DuckDNS/LetsEncrypt all working properly - can access locally and through https://domain.duckdns.org (where “domain” is my DuckDNS domain name of course)
Next I have installed NGINX SSL Proxy add-on and set it up as follows:
domain: domain.duckdns.org
hsts: max-age=31536000; includeSubDomains
certfile: fullchain.pem
keyfile: privkey.pem
cloudfare: false
customize:
active: false
default: nginx_proxy_default*.conf
servers: nginx_proxy/*.conf
config.yaml:
http:
# ssl_certificate: /ssl/fullchain.pem
# ssl_key: /ssl/privkey.pem
use_x_forwarded_for: true
trusted_proxies:
- 172.30.33.0/24
ip_ban_enabled: true
login_attempts_threshold: 5
I have port forwarded 443 to 443 on my router
My problem is that I cannot connect through most channels:
Local
-
http://192.168.1.x:8123
403 Forbidden -
https://192.168.1.x:8123
Secure Connection Failed: Error code: SSL_ERROR_RX_RECORD_TOO_LONG -
http://domain.duckdns.org
403 Forbidden -
https://domain.duckdns.org
403 Forbidden -
http://homeassistant.local:8123/
Unable to connect to Home Assistant; Retrying in …
External
-
https://domain.duckdns.org
Works fine!
NGINX Log:
s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
s6-rc: info: service legacy-services successfully started
[00:06:05] INFO: Running nginx...
2022/11/27 05:15:00 [crit] 122#122: *173 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 192.241.206.46, server: [0.0.0.0:443](http://0.0.0.0:443)
2022/11/27 16:48:22 [crit] 122#122: *233 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 142.93.38.133, server: [0.0.0.0:443](http://0.0.0.0:443)