I have Letsyncrypt running on my BBS, with several subdomains off of realitycheckbbs.org. I've got other systems using Lets Encrypt.

I used to have to change my router NAT entries to point 80 to each system that I manually renewed the certificate on.

I set up Nginx Proxy Manager and have it proxying for my internal hosts. It can register certs for my internal hosts.

Instead of running SSL natively on Synchronet, would anything break by just running http internally and using NPM to manage certificates and then pass on HTTPS traffic to HTTP internally?
---
þ Synchronet þ .: realitycheckbbs.org :: scientia potentia est :.

On 16 May 2024, poindexter FORTRAN said the following...

Instead of running SSL natively on Synchronet, would anything break by just running http internally and using NPM to manage certificates and
then pass on HTTPS traffic to HTTP internally?

i have mine set up like this.. perhaps it will be useful:

server {
listen 443 ssl;

ssl_certificate /etc/ssl/certificate_for_allofthem.crt
ssl_certificate_key <yadda>

# boilerplate stuff
root /var/www/example;
index index.html index.htm;

server_name example.cfbbs.net;

# magic
location /.well-known/ {
alias /var/www/steal/verification/example/.well-known/;
}

# pass everything else
location / {
proxy_pass http://local_machine:3000; # or whatever
<other stuff for proxy_pass>
}
}

then i do all the certificate updates from the one machine that runs the nginx proxy with a crontab entry

--- Mystic BBS v1.12 A47 2021/12/25 (Windows/32)
* Origin: cold fusion - cfbbs.net - grand rapids, mi

Re: Lets Encrypt and NPM
By: poindexter FORTRAN to All on Thu May 16 2024 12:30 am

I have Letsyncrypt running on my BBS, with several subdomains off of realitycheckbbs.org. I've got other systems using Lets Encrypt.

I used to have to change my router NAT entries to point 80 to each system that I manually renewed the certificate on.

I set up Nginx Proxy Manager and have it proxying for my internal hosts. It can register certs for my internal hosts.

Instead of running SSL natively on Synchronet, would anything break by just running http internally and using NPM to manage certificates and then pass on HTTPS traffic to HTTP internally?

Yeah, it's been done before (e.g. using nginx as a reverse proxy from https->http).
--
digital man (rob)

Steven Wright quote #12:
OK, so what's the speed of dark?
Norco, CA WX: 68.6øF, 66.0% humidity, 7 mph WNW wind, 0.00 inches rain/24hrs ---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Re: Lets Encrypt and NPM
By: poindexter FORTRAN to All on Thu May 16 2024 00:30:49

I set up Nginx Proxy Manager and have it proxying for my internal hosts. It can register certs for my internal hosts.

Instead of running SSL natively on Synchronet, would anything break by just running http internally and using NPM to manage certificates and then pass on HTTPS traffic to HTTP internally?

I don't use Nginx Proxy Manager, but I do use nginx in this configuration and have done on and off for 10+ years. As long as you're not paranoid about someone capturing the traffic between proxy and upstream, it's fine.

Websockets (ie. for ftelnet) will break, but that's fixable. My current solution is a separate upstream that points at my plain websocket server (port 1123), and a server{} block that listens on eg. port 1124 and does SSL reverse proxying to that upstream. webv4 has a 'wssp' setting that forces the WSS port (eg. to 1124) for this exact scenario.

This is where NPM might get in your way. I chatted with someone who was using NPM and couldn't make it do the needful re: websockets. I suspect it was sacrificing this level of configurability in favour of user-friendliness. I didn't dig deep into that because I don't use NPM and don't want to.

IMHO nginx configs are quite easy to manage by hand on a small scale like you'd typically find in BBS-land. I suspect you'd be doing yourself a favour by just taking NPM out of the mix and using nginx on its own. I can share my settings with you if you like.

echicken
electronic chicken bbs - bbs.electronicchicken.com
---
þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com

echicken wrote to poindexter FORTRAN <=-

IMHO nginx configs are quite easy to manage by hand on a small scale
like you'd typically find in BBS-land. I suspect you'd be doing
yourself a favour by just taking NPM out of the mix and using nginx on
its own. I can share my settings with you if you like.

Thanks for the offer, I'd love to see your setup. I use nginx at work
both as a web server and proxy, so I know my way around nginx pretty
well. I'm mostly using NPM because I liked the front-end and it came in
a container :)



--- MultiMail/Win v0.52
þ Synchronet þ .: realitycheckbbs.org :: scientia potentia est :.

Re: Re: Lets Encrypt and NPM
By: poindexter FORTRAN to echicken on Tue May 21 2024 06:47:00

Thanks for the offer, I'd love to see your setup. I use nginx at work both as a web server and proxy, so I know my way around nginx pretty well. I'm

Pretty straightforward, covering the BBS webserver and websocket service:

https://gist.github.com/echicken/1458e692913f0b549f215a7cc78c3785

mostly using NPM because I liked the front-end and it came in a container :)

I'm running nginx and certbot (among others) in docker containers:

https://gist.github.com/echicken/5e7484c7220da6889ed2287c94dceb5c

mostly to make things easier when migrating my BBS to a new host, which happens every so often.

echicken
electronic chicken bbs - bbs.electronicchicken.com
---
þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com