Compile the latest nginx release from source with EasyEngine


#83

Hello @nschopra, about TLS 1.3 Draft 23, I will probably wait for the next openssl release, because draft 28 was already published and there are breaking changes with draft 23. So at the moment, it’s not possible to use TLS 1.3 with the most part of web browser because there are too many drafts.

I’m already working on the Cloudflare Headers Compression Patch.


#84

Hi Virtubox,

I have followed the instructions on your github, everthing is working except that when I write “ee info” I get the below message ; ‘Error while getting parameter.’

I think it happened after running that script

TLSv1.2 TLSv1.3 only

wget -O /etc/nginx/nginx.conf https://raw.githubusercontent.com/VirtuBox/ubuntu-nginx-web-server/master/etc/nginx/nginx.conf on instructions page.

Do u have any idea how to fix it? Pls keep ee updated and thanks for your all work.


#85

It doesn’t seems to be related to TLS v1.3 nginx.conf, because I’m still able to use it on some servers with this configuration. But on some other servers, I also have this error. I will take a look on this


#86

exactly, I have another server of mine with your script and it works perfect. Hard to tell what’s the difference between 2 servers.

thanks a lot, very good work, we were about to abondon ee.


#87

Thanks, almost all my servers setup steps are listed on


#88

Hi Virtubox,

I think the rules in your fail2ban script block ip’s in case of several password failures, where does it keep the blocked ips so that I can clear / check them out?

is it possible to say “safe ips” to jail settings?

Mine was blocked accidentally !


#89

Yes, you can list active jails with the command

fail2ban-client status

and you can whitelist an IP with the command :

fail2ban-client set <jail-name> addignoreip YOUR-IP

Example :

fail2ban-client set sshd addignoreip 192.168.1.1

#90

thanks for quick repsonse, much appreciated.

is it possible see and then clear out all blocked ips?


#91

Yes you can see all banned IPs by running :

iptables -L

I do not see another way than iptables -F to flush all banned IP, but it will also flush your firewall configuration. And Fail2ban ban IPs only for 600 seconds, and after 3 bans it ban them definitively with the recidive jail.


#92

thanks a lot for the detailed explanations Virtubox.


#94

I’ve managed to use the script and upgrading openssl I’ve managed to enable TLS 1.3. The point is that I get a lot of errors like this:​

Failed to load Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

How could I fix it keeping things safe?

Thanks.


#95

Just add something like :

location ~* \.(eot|ttf|woff|woff2)$ {
    add_header Access-Control-Allow-Origin *;
}

In your vhost for the location of files you are trying to load


#96

It works perfectly. I’ve added jpg, png and gif too.

Thank you very much!


#97

Been a while - is there an easy way to upgrade to 3.8.1? I’m on 3.7.4 or something like that. Keep getting the oops something went wrong.


#98

Hello,

just remove ee, with :

rm /usr/local/bin/ee

Then launch again ee install ;

wget -qO ee rt.cx/ee && sudo bash ee

#99

Hi VirtuBox, is it possible to update my existing sever setup with your bash script or I should be following this guide only with fresh install?

Thank you.


#100

Hello @nanowhiz, yes you can use it on your existing server setupn my bash script only compile Nginx from source and replace the previous Nginx installed with the latest release. It can be used on all servers setup with EasyEngine, and it also work with nginx package installed from Ubuntu APT repository. To update Nginx later, just launch the script again


#101

Thank you for the quick response. I am going to run your script for sure then. :slight_smile:

Few more things, Should I wait for EE V4.0 for my managed WordPress hosting project or EE 3.8 with your script will be as efficient as the newer one according to you?

Also, what do you use to install SSL certs on the mapped domains of sites on a wordpress multisite network? I noticed that with Wildcard let’s encrypt installation, we can get SSL for primary domain and all it’s subdomain but what about the mapped domains?

Also, I was reading this great tutorial here - https://kb.virtubox.net/knowledgebase/cloudflare-ssl-origin-certificates-nginx/

Does it mean that I can use Cloudflare SSL without any need of let’s encrypt SSL ? And by 15 years of validity mean, that I won’t need to renew it like Let’s encrypt SSL every 3 months till 15 years? does this cloudflare SSL work for Multisite domain and subdomains as well? What about the SSL for mapped domains if I have used Cloudflare SSL using the above-linked tutorial?

I am really sorry if these are too many questions but it would be really helpful if you can clear my doubt regarding these.

Thank you.


#102

Hello @nanowhiz,

I don’t know when EE v4 will be released, so at the moment I’m not planning to migrate to v4, I will have to run tests when it will be stable, and to make sure troubleshooting will not be harder with Docker.

I will publish in the next few days, the first release of my bash script to install EasyEngine with all my custom configurations and optimization ( currently only available as a list of instructions on https://virtubox.github.io/ubuntu-nginx-web-server/ )

About SSL certs, I’m using acme.sh to manage Let’s Encrypt certs, and I have published ee-acme-sh, which is a simple script to automate acme.sh with EasyEngine.

But yes, you can use Cloudflare Origin certs instead of Let’s Encrypt, and it work with multisite setup and subdomains, as well as a wildcard certificate from Let’s Encrypt.

For mapped domain (yoursite1.tld + yoursite2.tld), it require to use certificates with SAN support, but it’s something you can do with acme.sh :


#103

Thank you again for the quick reply.

I will wait for your bash script article that you are going to publish. By the way, isn’t there a way to subscribe to your site https://kb.virtubox.net/ so that I can get the published post notification?

For running the script written under https://virtubox.github.io/ee-acme-sh/ for SSL installation, do I first need to delete Let’s encrypt or certbot that I have previousely installed using --le command or I can simply run this on my server?

Also, since I need to install it on a multisite network, I think I should run this-

Install a Wildcard SSL certificate on a domain

ee-acme-wildcard

but while running this, do I need to write domain after the command.

So, the command should be something like

ee-acme-wildcard domain.com www.domain.com

?

Also, under limitation, it says “Wildcard certs are only available with Cloudflare DNS API” but where or how to integrate the Cloudflare DNS API with the domain or my easy engine server? Do I need to follow this - https://kb.virtubox.net/knowledgebase/cloudflare-ssl-origin-certificates-nginx/ for Cloudflare DNS API? I know your instruction tutorials are mainly aimed at the developers and hence it doesn’t discuss some obvious steps there but with a little help. I hope I will be able to run this. :slight_smile:

Thank you.